An Analysis Study on Security Activity Changes by Security Accident

Abstract

Recently security accidents caused by various reason from 2013 South Korea cyber attack to private information leakage have appeared in companies and government offices and the scale of damage is getting increasing. Accordingly, Companies have performed various security activity which could raise security awareness for preventing proactive security accidents. However, security activity performed in each company for raising security-awareness consist of the type of fragmentary information asset management, not general security activity for forming security culture which accepts general security management activity from security provision to security management and activity.Security management activity have to consist of the type considering general activity from security policy to administrative, technological and physical security. Especially, it's urgent to consist of connection between control item and security activity because K-ISMS and ISO 27001 consist of only control item for constructing security management system.Therefore, in this study, we constructed the concept of security and analyzed connection between control item and security activity by referring existing previous study and control item of K-ISMS, ISO 27001 and Evaluating SME's Technological Protection Capability Framework. Then we analyzed the change of security activity based on a survey on information security. Also, we analyzed gap of security activity between companies through comparing the frequency change of security activity. As a result, we drew the conclusion that there were difference of security activity between the companies where security accidents happened and the companies where not after security accident. In future study, we will recognize difference of security activity by firm size and study about countermeasure which performs effective security activity against security accidents.