The world's leading countries, including the United States, defined cyber warfare as the fifth battleground and are putting together organizations, human resources, and technological research in preparation for the cyber warfare. North Korea, a countr...
The world's leading countries, including the United States, defined cyber warfare as the fifth battleground and are putting together organizations, human resources, and technological research in preparation for the cyber warfare. North Korea, a country that is still continuing a military confrontation with South Korea, especially have been preparing for the cyber war on the national scale. North Korea has already committed a number of cyber terrorism, including the Nong-hyup bank computer network disabling incident last year, and such provocations are continuing to threat South korea's security and its citizens' properties.
South Korea's anemic responses to cyber attacks in the past demonstrates that South Korea's preparation for the cyber warfare has been lacking. Thanks to the creation of the Cyber Command in January 2010, South Korea has fortifying organization and developing tactics for the cyber war. Government's such actions provided a sense of relief, but taking a closer look on such endeavor reveals the fact that research and development on various fields is still much needed.
This thesis is on the new Information Security Management System(ISMS) that provides timely response to cyber attacks and is appropriate for the defence information environment.
The main goal in developing the Defence-Information Security Management System(D-ISMS) was to create an infrastructure capable of information security management to prevent cyber attacks. The D-ISMS is designed to facilitate commanders of various levels of military unit to acknowledge their units' security levels, therefore enabling timely and active response to North Korea's cyber attack. In order to make this possible, the internationally recognized ISMS concept was adopted and befitted to military use by adjusting the restrictive categories and procedures. The overall D-ISMS process provides accurate and appropriate security countermeasures by testing the amount of risk involved through asset identification, asset value assessment, risk assessment, and vulnerability assessment according to the flow of risk management.
In order to test the feasibility and efficiency of the D-ISMS in a field unit, the system was tested in 00 division located on the front lines, and the test indicated that using the D-ISMS shortened the time of the measure the security level of the unit, and provided more accurate measure of the security level, therefore enabled a balanced information security management at all times.
Therefore, D-ISMS in an infrastructure that can accurately monitor unit's security level at all times and provide appropriate security countermeasures for the commander in the
era of incessant cyber warfare.