The Korea Herald

소아쌤

Concerns for information security in South Korea

By Yu Kun-ha

Published : Nov. 24, 2011 - 19:47

    • Link copied

In today’s information society businesses are becoming globalized and interlinked with each other on the Internet. In addition, companies are handling larger amounts of data and managing confidential information. This obviously increases the potential risks of cyber security and privacy on the Internet for businesses.

According to a survey in 2010 from the Korea Internet & Security Agency, Korean businesses seem in grave danger of information security vulnerabilities because of hidden risks.

First, many Korean companies do not invest in information security.

Surprisingly, 81.4 percent of companies budget less than 1 percent for information security in IT budget.

Second, there are few influential positions in the security arena in businesses. For instance, a position of chief information security officer (CISO) exists only in 14.5 percent of Korean companies.

The Korean government also does not seem to be doing much in this regard. For example, governments in other countries have taken a lot of initiatives in cyber security. The government of the United States announced that they were going to issue Internet identification cards for individual security. This plan is especially for identifying one’s identity in cyberspace, where many kinds of transactions are being done.

In 2011, the U.S. Pentagon announced Defense Strategy for Operating in Cyberspace wherein they will partner with other U.S. government departments and agencies and the private sector as well as build robust relationships with U.S. allies and international partners to strengthen collective cyber security.

Since the 1990s the French government has an act that covers all aspects of information security certification. In the United Kingdom, the areas of physical security and information protection are areas which are gradually being integrated to result in a much stronger cyber infrastructure.

Such initiatives make sense because of the proliferation of information security threats throughout the world. In the U.S., security incidents reported by federal agencies have risen by more than 650 percent over the past five years, placing the confidentiality, integrity and availability of sensitive government and corporate information and information systems at risk.

While businesses may be complacent about the information security risks, it is clear that they need chief information security officers who can give training and awareness about security vulnerabilities to their employees, monitor security controls, remedy weaknesses and resolve all incidents in a timely manner.

The CISO has to give assurance that controls are in place and operating as intended to protect information resources, otherwise companies would be leaving themselves vulnerable to attack or compromise.

Without such initiatives by businesses as well as government, we believe the state of cyber security defense in Korea will continue to be disjointed, ineffective and uncoordinated.

By David Kim

David Kim is a master’s degree candidate of the Sogang Business School, Sogang University, in Seoul. This letter was jointly written with Kwang Hoon Lee, Lisi, Sean Lee, Shengdu Jin, Won Goo Heo, Woo Yeon Jung and H. Raghav Rao. ― Ed.