Top

Published in:

2017 | OriginalPaper | Chapter

Development of Information Security Management Assessment Model for the Financial Sector

Authors : Eun Oh, Tae-Sung Kim, Tae-Hee Cho

Published in: Information Security Applications

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This study integrates the representative information security certification systems such as ISMS, PIMS and PIPL in order to improve efficiency of information security management. It also suggests information security management assessment model for the financial sector by incorporating new control items derived from laws and regulations related to financial IT and information security into the integration model of information security certifications to reflect characteristics of financial industry. The findings have significance in that they solve problems related to duplication of previous information security certification systems and suggest the orientation of information security management system for financial industry enhancing the organizations’ ability to cope with security accidents. Moreover, the suggested methodology can be used in study on systematic and specific information security management standard for each industry.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Empirical Analysis of SSL/TLS Weaknesses in Real Websites: Who Cares?

next chapter A Practical Approach to Constructing Triple-Blind Review Process with Maximal Anonymity and Fairness

Jung, C.Y.: Financial authority’s policy and financial institution’s response on the latest financial information security related incidents. Credit Union Research, no. 63, pp. 45–82 (2014)

Seo, D.J., Kim, T.S.: Influence of personal information security vulnerabilities and perceived usefulness on bank customers “willingness to stay”. J. Korean Inst. Commun. Sci. 40(8), 1577–1587 (2015)

Goodhue, D.L., Straub, D.W.: Security concerns of system users: a study of perceptions of the adequacy of security. Inf. Manage. 20(1), 13–27 (1991)CrossRef

Humphreys, E.: Information security management standards: Compliance, governance and risk management. Inf. Secur. Techn. Report 13(2), 247–255 (2008)CrossRef

Electronic Finance Transactions Act

Oh, E., Kim, T.S., Cho, T.H.: Improvement of the certification model for enhancing information security management efficiency for the financial sector. J. Korea Inst. Inf. Secur. Cryptology 26(2), 541–550 (2016)CrossRef

Enforcement Decree of the Electronic Financial Transactions Act

Enforcement Decree of Use and Protection of Credit Information Act

Kim, G.A.: Analysis on the status of ISMS certification acquisition in financial industry …last year, only 15 security companies. The Boannews, 22 January 2015

10.

Mun, H.J., Kim, K.S., Um, N.K., Li, Y.Z., Lee, S.H.: Effective access control mechanism for protection of sensitive personal information. J. Korean Inst. Commun. Sci. 32(7), 667–673 (2007)

11.

Kang, H.S.: An analysis of information security management system and certification standard for information security. J. Secur. Eng. 11(6), 455–468 (2014)CrossRef

12.

ISO, ISO/IEC 27001 - Information security management. http://www.iso.org/iso/home/standards/management-standards/iso27001.html, Accessed 13 Nov 2015

13.

Park, J.E.: Financial security institute, start to issue ISMS certification. The Electronic Times, 13 December 2015

14.

Lee, J.H., Park, M.H., Jung, S.W.: OTP-based transaction verification protocol using PUFs. J. Korean Inst. Commun. Sci. 38(6), 492–500 (2013)

15.

Korea Internet & Security Agency, Information Security Management System (ISMS) certification guideline (2013)

16.

Korea Internet & Security Agency, Status of ISMS certification acquisition in financial industry. http://isms.kisa.or.kr/kor/issue/issue01.jsp?certType=ISMS, Accessed 9 Dec 2015

17.

Korea Internet & Security Agency, Personal Information Management System (PIMS) certification guideline (2010)

18.

Randazzo, M.R., Keeney, M., Kowalski, E.: Insider threat study: Illicit cyber activity in the banking and finance sector, U.S. Secret Service and CERT Coordination Center, Technical report (2004)

19.

Yim, M.S., Jeong, T.S., Lee, J.M.: A suggestion for information security awareness of finance firms. J. Secur. Eng. 11(6), 479–498 (2014)CrossRef

20.

National Information Society Agency, Personal Information Protection Level (PIPL) guideline (2015)

21.

Yeh, Q.J., Chang, A.J.T.: Threats and countermeasures for information system security: a cross-industry study. Inf. Manage. 44(5), 480–491 (2007)CrossRef

22.

Regulation on Supervision of Credit Information Business

23.

Regulation on Supervision of Electronic Financial Activities

24.

Park, S.Y.: Cards company still turns away ISMS certification. The Digital Times, 19 January 2015

25.

Use and Protection of Credit Information Act

26.

Wikipedia, Security accidents in Korea. https://ko.wikipedia.org/, Accessed 25 Oct 2015

Title: Development of Information Security Management Assessment Model for the Financial Sector
Authors: Eun Oh
Tae-Sung Kim
Tae-Hee Cho
Publisher: Springer International Publishing
Book: Information Security Applications
Print ISBN: 978-3-319-56548-4

Electronic ISBN: 978-3-319-56549-1

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-56549-1_16

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner