Skip to main content
SpringerLink
Log in

Development of Information Security Management Assessment Model for the Financial Sector

  • Conference paper
  • First Online:
Information Security Applications (WISA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10144))

Included in the following conference series:

  • 1269 Accesses

Abstract

This study integrates the representative information security certification systems such as ISMS, PIMS and PIPL in order to improve efficiency of information security management. It also suggests information security management assessment model for the financial sector by incorporating new control items derived from laws and regulations related to financial IT and information security into the integration model of information security certifications to reflect characteristics of financial industry. The findings have significance in that they solve problems related to duplication of previous information security certification systems and suggest the orientation of information security management system for financial industry enhancing the organizations’ ability to cope with security accidents. Moreover, the suggested methodology can be used in study on systematic and specific information security management standard for each industry.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Jung, C.Y.: Financial authority’s policy and financial institution’s response on the latest financial information security related incidents. Credit Union Research, no. 63, pp. 45–82 (2014)

    Google Scholar 

  2. Seo, D.J., Kim, T.S.: Influence of personal information security vulnerabilities and perceived usefulness on bank customers “willingness to stay”. J. Korean Inst. Commun. Sci. 40(8), 1577–1587 (2015)

    Google Scholar 

  3. Goodhue, D.L., Straub, D.W.: Security concerns of system users: a study of perceptions of the adequacy of security. Inf. Manage. 20(1), 13–27 (1991)

    Article  Google Scholar 

  4. Humphreys, E.: Information security management standards: Compliance, governance and risk management. Inf. Secur. Techn. Report 13(2), 247–255 (2008)

    Article  Google Scholar 

  5. Electronic Finance Transactions Act

    Google Scholar 

  6. Oh, E., Kim, T.S., Cho, T.H.: Improvement of the certification model for enhancing information security management efficiency for the financial sector. J. Korea Inst. Inf. Secur. Cryptology 26(2), 541–550 (2016)

    Article  Google Scholar 

  7. Enforcement Decree of the Electronic Financial Transactions Act

    Google Scholar 

  8. Enforcement Decree of Use and Protection of Credit Information Act

    Google Scholar 

  9. Kim, G.A.: Analysis on the status of ISMS certification acquisition in financial industry …last year, only 15 security companies. The Boannews, 22 January 2015

    Google Scholar 

  10. Mun, H.J., Kim, K.S., Um, N.K., Li, Y.Z., Lee, S.H.: Effective access control mechanism for protection of sensitive personal information. J. Korean Inst. Commun. Sci. 32(7), 667–673 (2007)

    Google Scholar 

  11. Kang, H.S.: An analysis of information security management system and certification standard for information security. J. Secur. Eng. 11(6), 455–468 (2014)

    Article  Google Scholar 

  12. ISO, ISO/IEC 27001 - Information security management. http://www.iso.org/iso/home/standards/management-standards/iso27001.html, Accessed 13 Nov 2015

  13. Park, J.E.: Financial security institute, start to issue ISMS certification. The Electronic Times, 13 December 2015

    Google Scholar 

  14. Lee, J.H., Park, M.H., Jung, S.W.: OTP-based transaction verification protocol using PUFs. J. Korean Inst. Commun. Sci. 38(6), 492–500 (2013)

    Google Scholar 

  15. Korea Internet & Security Agency, Information Security Management System (ISMS) certification guideline (2013)

    Google Scholar 

  16. Korea Internet & Security Agency, Status of ISMS certification acquisition in financial industry. http://isms.kisa.or.kr/kor/issue/issue01.jsp?certType=ISMS, Accessed 9 Dec 2015

  17. Korea Internet & Security Agency, Personal Information Management System (PIMS) certification guideline (2010)

    Google Scholar 

  18. Randazzo, M.R., Keeney, M., Kowalski, E.: Insider threat study: Illicit cyber activity in the banking and finance sector, U.S. Secret Service and CERT Coordination Center, Technical report (2004)

    Google Scholar 

  19. Yim, M.S., Jeong, T.S., Lee, J.M.: A suggestion for information security awareness of finance firms. J. Secur. Eng. 11(6), 479–498 (2014)

    Article  Google Scholar 

  20. National Information Society Agency, Personal Information Protection Level (PIPL) guideline (2015)

    Google Scholar 

  21. Yeh, Q.J., Chang, A.J.T.: Threats and countermeasures for information system security: a cross-industry study. Inf. Manage. 44(5), 480–491 (2007)

    Article  Google Scholar 

  22. Regulation on Supervision of Credit Information Business

    Google Scholar 

  23. Regulation on Supervision of Electronic Financial Activities

    Google Scholar 

  24. Park, S.Y.: Cards company still turns away ISMS certification. The Digital Times, 19 January 2015

    Google Scholar 

  25. Use and Protection of Credit Information Act

    Google Scholar 

  26. Wikipedia, Security accidents in Korea. https://ko.wikipedia.org/, Accessed 25 Oct 2015

Download references

Author information

Authors and Affiliations

  1. ArchiSec Consulting, Seoul, Republic of Korea

    Eun Oh & Tae-Hee Cho

  2. Chungbuk National University, Chungbuk, Republic of Korea

    Tae-Sung Kim

Authors
  1. Eun Oh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tae-Sung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tae-Hee Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tae-Sung Kim .

Editor information

Editors and Affiliations

  1. ETRI, Daejeon, Korea (Republic of)

    Dooho Choi

  2. Secure-IC, S.A.S., Paris, France

    Sylvain Guilley

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Oh, E., Kim, TS., Cho, TH. (2017). Development of Information Security Management Assessment Model for the Financial Sector. In: Choi, D., Guilley, S. (eds) Information Security Applications. WISA 2016. Lecture Notes in Computer Science(), vol 10144. Springer, Cham. https://doi.org/10.1007/978-3-319-56549-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-56549-1_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-56548-4

  • Online ISBN: 978-3-319-56549-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation