Abstract
This study integrates the representative information security certification systems such as ISMS, PIMS and PIPL in order to improve efficiency of information security management. It also suggests information security management assessment model for the financial sector by incorporating new control items derived from laws and regulations related to financial IT and information security into the integration model of information security certifications to reflect characteristics of financial industry. The findings have significance in that they solve problems related to duplication of previous information security certification systems and suggest the orientation of information security management system for financial industry enhancing the organizations’ ability to cope with security accidents. Moreover, the suggested methodology can be used in study on systematic and specific information security management standard for each industry.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jung, C.Y.: Financial authority’s policy and financial institution’s response on the latest financial information security related incidents. Credit Union Research, no. 63, pp. 45–82 (2014)
Seo, D.J., Kim, T.S.: Influence of personal information security vulnerabilities and perceived usefulness on bank customers “willingness to stay”. J. Korean Inst. Commun. Sci. 40(8), 1577–1587 (2015)
Goodhue, D.L., Straub, D.W.: Security concerns of system users: a study of perceptions of the adequacy of security. Inf. Manage. 20(1), 13–27 (1991)
Humphreys, E.: Information security management standards: Compliance, governance and risk management. Inf. Secur. Techn. Report 13(2), 247–255 (2008)
Electronic Finance Transactions Act
Oh, E., Kim, T.S., Cho, T.H.: Improvement of the certification model for enhancing information security management efficiency for the financial sector. J. Korea Inst. Inf. Secur. Cryptology 26(2), 541–550 (2016)
Enforcement Decree of the Electronic Financial Transactions Act
Enforcement Decree of Use and Protection of Credit Information Act
Kim, G.A.: Analysis on the status of ISMS certification acquisition in financial industry …last year, only 15 security companies. The Boannews, 22 January 2015
Mun, H.J., Kim, K.S., Um, N.K., Li, Y.Z., Lee, S.H.: Effective access control mechanism for protection of sensitive personal information. J. Korean Inst. Commun. Sci. 32(7), 667–673 (2007)
Kang, H.S.: An analysis of information security management system and certification standard for information security. J. Secur. Eng. 11(6), 455–468 (2014)
ISO, ISO/IEC 27001 - Information security management. http://www.iso.org/iso/home/standards/management-standards/iso27001.html, Accessed 13 Nov 2015
Park, J.E.: Financial security institute, start to issue ISMS certification. The Electronic Times, 13 December 2015
Lee, J.H., Park, M.H., Jung, S.W.: OTP-based transaction verification protocol using PUFs. J. Korean Inst. Commun. Sci. 38(6), 492–500 (2013)
Korea Internet & Security Agency, Information Security Management System (ISMS) certification guideline (2013)
Korea Internet & Security Agency, Status of ISMS certification acquisition in financial industry. http://isms.kisa.or.kr/kor/issue/issue01.jsp?certType=ISMS, Accessed 9 Dec 2015
Korea Internet & Security Agency, Personal Information Management System (PIMS) certification guideline (2010)
Randazzo, M.R., Keeney, M., Kowalski, E.: Insider threat study: Illicit cyber activity in the banking and finance sector, U.S. Secret Service and CERT Coordination Center, Technical report (2004)
Yim, M.S., Jeong, T.S., Lee, J.M.: A suggestion for information security awareness of finance firms. J. Secur. Eng. 11(6), 479–498 (2014)
National Information Society Agency, Personal Information Protection Level (PIPL) guideline (2015)
Yeh, Q.J., Chang, A.J.T.: Threats and countermeasures for information system security: a cross-industry study. Inf. Manage. 44(5), 480–491 (2007)
Regulation on Supervision of Credit Information Business
Regulation on Supervision of Electronic Financial Activities
Park, S.Y.: Cards company still turns away ISMS certification. The Digital Times, 19 January 2015
Use and Protection of Credit Information Act
Wikipedia, Security accidents in Korea. https://ko.wikipedia.org/, Accessed 25 Oct 2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Oh, E., Kim, TS., Cho, TH. (2017). Development of Information Security Management Assessment Model for the Financial Sector. In: Choi, D., Guilley, S. (eds) Information Security Applications. WISA 2016. Lecture Notes in Computer Science(), vol 10144. Springer, Cham. https://doi.org/10.1007/978-3-319-56549-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-56549-1_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-56548-4
Online ISBN: 978-3-319-56549-1
eBook Packages: Computer ScienceComputer Science (R0)