• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.117-125
• /
• 2009

In this paper, we analyze the Contact Center's specific-security characteristics, including the threat model and weakness and study effective security measures focussing on protecting customer's personal information. Also, we establish the information security management system to reduce the possibility of information leakage from the internal employee in advance. As a result, we propose the "Security management model for protecting personal information for customer Contact Center" that complies with current ISO/IEC JTC 1 ISMS 27000 series standards.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.9
• /
• pp.5783-5789
• /
• 2014

Since 2002, many domestic companies have been certified for ISMS. On the other hand, certification, such as the need for ost-effectiveness evaluation, is not specifically enforced. Therefore, for more than 10 years, the ISMS implementation and certification system has been used for performance and cost effective business management. In this study, a model for analyzing the effect of certification organizations, ISMS development, and an analysis of the effect of a standardized system for the study was prepared. To this end, the existing maintenance organizations ISMS certification survey was conducted through an analysis of the economic effects. ISMS certification continues to expand or maintain the policy for improvement. The survey data collected by the analysis mechanism for the economic effects of CVM was analyzed.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.101-112
• /
• 2006

It will not be able to guarantee the secure operation for the information and communication systems with only technical security. So, ISMS(Information Security Management System) research and standardization are active going on. Korea published "The national cyber security management regulation" and "The national cyber security manual" in 2005. According to the regulation and manual, the government organ and public institution must accomplish the security management assessment to itself for systematic management of an information security. We studied related standards and security management systems of the Australia and the USA, and analyzed the security management evaluation system in "The national cyber security manual" in efficient security management focus. We presented the improvement direction of national security evaluation system through the research. We propose the additional control, selective control set and improvement of the evaluation process for efficient security management. Proposed system possible composition of suitable to each organ and flexible adaptation of rapidly changed information environment.

• Journal of Convergence Society for SMB
• /
• v.6 no.3
• /
• pp.13-19
• /
• 2016

In various ICBM (IoT, Bigdata, Cloud, Mobile) IT convergence environments, IT technologies have been evolved, new information security threats have been occurred. As information security incidents in major public agencies, financial institutions and companies occurred, it was emphasized that the importance of human security was disclosed. Thus, implementing of information security management system could protect hacks and security breaches and respond quickly to accidents so it minimized the sized of loss. In this paper, comparison of human security controls shown in ISO27001, COBIT, NIST 800-53, K-ISMS, Cyber Security Framework such as the main information security management systems was analyzed, and proposed of the security implications about effective controls of human resources security issues.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.133-145
• /
• 2014

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.873-883
• /
• 2017

As Ransomware spreads, the target of the attack shifted from a single personal to organizations which lead attackers to be more intelligent and systematic. Thus, Ransomware's threats to domestic infrastructure, including the financial industry, have grown to a level that cannot be ignored. As a measure against these security issues, organizations use ISMS, which is an information protection management system. However, it is difficult for management to make decisions on the loss done by the security issues since amount of the damage done can not be calculated with just ISMS. In this paper, through FAIR-based loss measurement model based on scenario's to identify the extent of damage and calculate the reasonable damages which has been considered to be the problem of the ISMS, we identified losses and risks of Ransomeware on the financial industry and method to reduce the loss by applying the current ISMS and ISO 27001 control items rather than modifying the ISMS.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.4
• /
• pp.769-774
• /
• 2013

In order to strengthen the protection of information, public institutions have introduced information security governance system. Public institutions recognizes the importance of information security governance system, and have striven to establish information security governance by establishing institutions and making policies. In this paper, in order to investigate ways that will be the basis for the establishment of information security governance in public institutions, we studied the necessity and model of information security governance. Also, by studying the government policies and cases, we proposed the direction of the policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.951-959
• /
• 2014

In the past few years, data leakage of information assets has become a prominent issue. According to the National Intelligence Service in South Korea, they found 375 cases of data leakage from 2003 to 2013, especially 49 of cases have been uncovered in 2013 alone. These criminals are increasing as time passes. Thus, it constitutes a reason for establishment and operation of ISMS (Information Security Management System) even for private enterprises. But to be ISMS certified, there are many exposed or unexposed barriers, moreover, sufficient amount of studies has not been conducted on the barriers of ISMS Certification. In this study, we analyse empirically through exploratory factor analysis (EFA) to find the obstacle factors of ISMS Certification. The result shows that there are six obstacle factors in ISMS Certification; Auditing difficulty and period, Consulting firm related, Certification precedence case and consulting qualification, Internal factor, CA reliability and auditing cost, Certification benefit.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.4
• /
• pp.307-317
• /
• 2010

The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.99-107
• /
• 2019

The "Risk management" and "Security monitoring" activities for cyber security are deeply correlated in that they prepare for future security threats and minimize security incidents. In addition, it is effective to apply a pattern model that visually demonstrates to an administrator the threat to that information asset in both the risk management and the security system areas. Validated pattern models have long-standing "control chart" models in the traditional quality control sector, but lack the use of information systems in cyber risk management and security systems. In this paper, a cyber Security Risk Monitoring (SRM) system that integrates risk management and a security system was designed. The SRM presents a strategy for applying 'security control' using the pattern of 'control charts'. The security measures were integrated with the existing set of standardized security measures, ISMS, NIST SP 800-53 and CC. Using this information, we analyzed the warning trends of the cyber crisis in Korea for four years from 2014 to 2018 and this enables us to establish more flexible security measures in the future.