Common defects in information security management system of Korean companies

To reduce the possible trials and errors while promoting the establishment and certification of the information security management system (ISMS) by enterprises is the purpose of this paper. To satisfy this purpose, this study presents the defects by item found during the certification process of the ISMS of a number of enterprises by government certification agency in Korea. As a result, by analyzing the derived defects, this paper has outlined the issues to be attended to among enterprises at each stage of the establishment of the ISMS. Furthermore, this study presents a reference model for conducting a self assessment, so that companies may be able to self verify the completeness of their establishment of the ISMS. The case study is also provided to prove the practical value of this study.