• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

A study on primary control area for information security management system (ISMS): focusing on the finance-related organizations


Youn-chul Kang, Jong-chang Ahn, Journal of Internet Computing and Services, Vol. 19, No. 6, pp. 9-20, Dec. 2018
10.7472/jksii.2018.19.6.9, Full Text:
Keywords: Personal information security management system; Non-conformity trends; Business continuity management system; Certification audit; Information security management system; Control area

Abstract

Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Youn-chul Kang and Jong-chang Ahn (2018). A study on primary control area for information security management system (ISMS): focusing on the finance-related organizations. Journal of Internet Computing and Services, 19(6), 9-20. DOI: 10.7472/jksii.2018.19.6.9.

[IEEE Style]
Y. Kang and J. Ahn, "A study on primary control area for information security management system (ISMS): focusing on the finance-related organizations," Journal of Internet Computing and Services, vol. 19, no. 6, pp. 9-20, 2018. DOI: 10.7472/jksii.2018.19.6.9.

[ACM Style]
Youn-chul Kang and Jong-chang Ahn. 2018. A study on primary control area for information security management system (ISMS): focusing on the finance-related organizations. Journal of Internet Computing and Services, 19, 6, (2018), 9-20. DOI: 10.7472/jksii.2018.19.6.9.