Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

A study of Effect of Information Security Management System [ISMS] Certification on Organization Performance

정보보호관리체계[ISMS] 인증이 조직성과에 미치는 영향에 관한 연구

  • Bae, Young-Sik (Department of law doctor course, Dongguk University)
  • Received : 2012.06.18
  • Accepted : 2012.09.06
  • Published : 2012.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

As Internet usage is rapidly spreading, tasks that were only possible offline are now available in cyber space but at the same time, new security threats such as hacking and viruses have also increased. For that reason, Comprehensive and methodical information security systems are therefore required in enterprises and organizations. Consequently, the Information Security Management System certification system has been in effect in Korea since July 2001. As of December 2012, 130 enterprises have been certified, and more than 120 ISO27001 certifications have been issued. As such, since the introduction of the ISMS certification system in Korea, the demand for the certification has been steadily increasing, and it is now recognized as an integral part of maintaining the competitiveness in an enterprise. However, the qualitative aspects of certification regarding the effectiveness of ISMS have been continuously questioned by actual customers. In order to clarify the situation and remove such doubts, this study will substantiate the fact that development and certification of ISMS positively affect the business performance of enterprises so that they will recognize the effect of obtaining ISMS certification and eventually prevent security accidents and improve their business performance by developing ISMS.

본 논문은 최근 기업이나 조직에서는 산발적인 보안 관리에서 종합적이고 체계적인 정보보호관리체계가 요구되고 있으며 국내에서도 2001년 7월부터 정보보호관리체계(ISMS) 인증제도가 시행되어, 2012년 7월 현재 130개 업체가 인증을 받았으며. 이와 같이 ISMS 인증제도가 국내에 도입된 이래 인증수요는 꾸준히 증가하여 기업경쟁력의 중요한 수단으로 인식되어 가고 있는 추세인 반면 ISMS 인증의 실수요자가 인식하는 인증의 효과성 등의 질적인 측면이 미흡하다는 문제는 끊임없이 제기되어 오고 있다. 이에 따라 본 연구는 국내 ISMS 인증 취득기업 정보보호 담당자에 대한 설문조사를 통해 ISMS 인증이 기업의 경영성과에 얼마나 긍정적으로 영향을 미친다는 사실을 실증적으로 분석하여, 조직성과에 영향이 있다는 것을 입증하였으며 기업들로 하여금 ISMS 인증 취득의 효과를 인식하여 궁극적으로 ISMS 구축을 통해 보안 사고를 사전에 예방하고 기업성과를 향상시키는데 도움을 주고자 하였다.

Keywords

References

  1. Shin Seung‐ho, "Study of Effect of BSC Operation to Public Agency Performance", PhD Dissertation, Dankuk University, pp.65‐89, 2007.
  2. Hong Gi‐hyang, "Study of Effect of Information Security Control and Activities to Information Security Performance", PhD Dissertation, Kukmin University, pp.68‐138 2003
  3. Kim Jeong‐deok and Park Jeong‐eun, "Study of Return on Investment of TCO Based Information Security (ROSI)", Korea Society of Digital Policy Foundation Conference Proceeding, pp.251‐261, 2003.
  4. Seon Han‐gil, "Effect of Koran Enterprises' Information Security Policy and Organization Factors on Information Security", Korea Society of Management Information Systems, Spring Conference Proceeding, pp.1087‐1095, 2005.
  5. Shin Il‐sun, "Exploratory Study of Economic Significance of Information Security", Information Security Review, Vo. 1, No. 1, pp.27‐40, 2005.
  6. Goh Hyeon‐u and Jeong Young‐bae, "The Effect of ISO 9001:2000 Quality Management System's Requirement on Business Performance" Journal of Society of Korea and Systems Engineering Vol, 30, No. 3, pp.135‐149, September 2007.
  7. Nah Jung‐su and Jeon Seong‐hyeon, "Study of Effect of Information System Auditor's Competency on Auditing Performance", Informatization Policy, Vol. 14, No. 2, Summer 2007, pp.3-8.
  8. Ekenberg, L., Subhash Oberol, & Istvan Orci, " A cost model for managing information security hazards", Computer Security, Vol. 14, pp.707-717, 1995. https://doi.org/10.1016/0167-4048(95)00021-6
  9. Frank, J., Boas Shamir, & Warren Briggs, "Security-related behavior of PC users in organizations", Information & Management Vol. 21, pp.127-135, 1991. https://doi.org/10.1016/0378-7206(91)90059-B
  10. Legal Knowledge Information System, Act for Information and Communication Network Usage Promotion, Information Security, etc., 2011.
  11. KISA, "2008 Information Security Status Survey - Enterprises", 2008.
  12. Kim In‐ho, Gu Tae‐yong and Choe Geol‐seong, "An Empirical Suudy on the Firm Performance of Quality", Management System (ISO9001/00)
  13. Kim Yu‐jin, "Study of Information Security Process Model Development", Joongang University, 2000.
  14. KISA, "Study of Information Security Governance Standardization for Information and Communication Enterprises", 2008.
  15. KISA, "Development of Enterprise Information Security Level Evaluation Methodology", 2008.
  16. KISA, "Study of Enhancement of Information Security Safety Diagnosis System Operation", 2009.
  17. KISA, "Study of Information Security Management System Development to Introduce Information Security Governance Concept", 2009.
  18. KISA, "Development of Information Security Level Evaluation Items and Methodology", 2002.
  19. KISA, "Calculation of National Information Security Level Evaluation Index and Study of Drive for Globalization", 2006.
  20. KISA, "2011 Information Security Status Survey - Enterprises", 2011.
  21. ISO/IEC27001: Information technology - Security techniques - Information security management systems - Requirements, 2005.
  22. ISO/IEC27002: Information technology - Security techniques - Code of practice for information security management, 2005.