Youn-chul Kang, Jong-chang Ahn, Journal of Internet Computing and Services, Vol. 19, No. 6, pp. 9-20, Dec. 2018
10.7472/jksii.2018.19.6.9, Full Text:
Keywords: Personal information security management system; Non-conformity trends; Business continuity management system; Certification audit; Information security management system; Control area

Abstract

Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have

Statistics
Cite this article