The purpose of this study presents a 'Industrial security management system control framework' for the organization that are held to industrial secrets, and support the industrial security activities. The following methods are used for research. First...
The purpose of this study presents a 'Industrial security management system control framework' for the organization that are held to industrial secrets, and support the industrial security activities. The following methods are used for research. First, international information security certification standard ISO/IEC 27001 and national certification system KISA (Korea Internet Security Agency) ISMS (Information Security Management System), PIMS (Personal Information Management System) security control frameworks were compared with their controls each other. Additional analysis of existing research relating to industrial security management is implemented, and 'Industrial security management system control framework' was derived which is consists of multiple security domains. Derived after, two rounds of Delphi surveys is conducted by industrial security professionals' to verify its' validity. Completed 'Industrial security management system control framework' is composed of a total of 11 control domains and 54 control items. In the view point of national security, relating business processes for compliance were heavily covered, and specializes in critical industrial technology and the protection of trade secrets that have economic values. In that sense, it was differentiated with existing ISMS's security control framework. Research result could be used as practical guidelines to planning and implementing industrial security policy for organization holds industrial secrets. In addition, the proposed control framework could be extends its' practical usability by operated within the cyclic industrial security management process (industrial security policy building → policy operation → review and improvement) as an integrated industrial security management model.