Study on the General Defects in the Information Security Management System (ISMS)

In the wave of the progressive informatization process, Korean enterprises are making a vast amount and range of investments in the information security sector in order to counter the information dysfunction. In addition, to achieve an objective evaluation thereon, they have been increasingly exhibiting a preference for a certification system of information security management, as developed by the government This study aims to reduce the possible trials and errors while promoting the establishment and certification of the information security management system by enterprises. To satisfy this purpose, this study presents the defects by item found during the certification process of the information security management system of a number of enterprises. By analyzing the derived defects, we have outlined the issues to be attended to among enterprises at each stage of the establishment of an information security management system. The study also presents a reference model for conducting a self check, so that companies may be able to self-verify the completeness of their establishment of the information security management system. Through the results of this study, enterprises will be able to self-verify their completeness levels when promoting the establishment and certification of the information security management system, and improve the efficiency and effectiveness thereof so as to raise the general level and awareness among enterprises of the importance of information security.