Purpose: Most of cybersecurity breaches occur in SMEs. As the existing cybersecurity framework and certification system are mainly focused on financial and large companies, it is difficult for SMEs to utilize it due to lack of cybersecurity budget and manpower. So it is necessary to come up with measures to allow SMEs to voluntarily manage cyber risks. Method: After reviewing Cybersecurity market, cybersecurity items of financial institutions, cybersecurity framework comparison and cybersecurity incidents reported in the media, the criticality of cybersecurity items was analyzed through AHP analysis. And cybersecurity items of non-life insurers were also investigated and made a comparison between them. Result: Cyber risk management methods for SMEs were proposed for 20 major causes of cyber accidents. Conclusion: We hope that the cybersecurity risk assessment measures of SMEs in Korea will help them assess their risks when they sign up for cyber insurance, and that cyber risk assessment also needs to be linked to ERM standardization.

1 장남수, "삼항 기약다항식 기반의 저면적 Shifted Polynomial Basis 비트-병렬 곱셈기" 한국정보보호학회 20 (20): 11-22, 2010

2 김정곤, "사회재난 대응을 위한 ICT기술 활용 인식조사" 한국재난정보학회 12 (12): 249-260, 2016

3 김수진, "사이버 레질리언스 평가지표 개발에 관한 연구" 한국디지털정책학회 15 (15): 137-144, 2017

4 민병길, "보안관리수준 평가 체계에 대한 분석 및 개선안 연구" 한국융합보안학회 6 (6): 101-112, 2006

5 이기형, "기업 리스크관리 활성화를 위한 ERM규격화 및보험연계 방안" 한국리스크관리학회 28 (28): 43-79, 2017

6 조병주, "금융회사 망분리 정책의 효과성 연구" 한국정보보호학회 25 (25): 181-195, 2015

7 정영철, "금융산업과 사이버보안정책" 금융감독원 5 (5): 89-122, 2018

8 오한길, "국내 소프트 타깃 대상 드론테러의 법제도 개선방안 연구" 한국재난정보학회 15 (15): 49-66, 2019

9 김도철, "국내 금융 사이버보안 규제의 국제경쟁력 제고를 위한 연구: 美 뉴욕 주 금융 사이버보안 규정(23 NYCRR 500)을 중심으로" 한국전자거래학회 23 (23): 87-107, 2018

10 조성규, "개인정보보호를 위한 개인정보 유출 모니터링 시스템의 설계" 한국정보보호학회 22 (22): 99-106, 2012

11 "Wikipedia"

12 Kim, H. -W., "Website security evaluation for electronic commerce" Chungbuk University 340-347, 2005

13 Lee, K. -S., "The problem and policy alternatives for cyber security in the networking age" 9 (9): 109-128, 2006

14 Kinosita, E., "Strategic Decision Making Techniques, AHP" Cheongram Press 2012

15 Korea Internet & Security Agency, "Small and Medium Business Information Protection Practice Guide(1/2, 2/2)"

16 Kim, K. -Y., "Risk management and crisis management: Disaster recovery for information system" 5 : 291-315, 1997

17 Financial Services Commission, "Regulation of Supervision on Electronic Financial"

18 "Namu.Wiki"

19 NIST, "NISTIR 7621, Small Business Information Security: The Fundamentals"

20 Kim, S. -Y., "Korea Financial Telecommunications & Clearings Institute" 38 : 34-62, 2009

21 김기철, "K-ISMS 기반의 한국형 스마트 그리드 정보보호 관리체계 평가 기준 제안" 한국정보보호학회 22 (22): 1375-1391, 2012

22 Yang, D. -I., "Introduction to Information Security" Hanbit Academy 2019

23 Korea Internet & Security Agency, "Information Security Guide for Small and Medium IT Service Companies(III)" 2012

24 손승식, "ISO 27001을 이용한 정보보호 수준평가 방법론 개선 연구" 성균관대학교 정보통신대학원 2014

25 Korea Communications Commission, "Guide for Information Security Management System"

26 NIST CSF, "Framework for Improving Critical Infrastructure Cybersecurity"

27 International Security Exhibition & Conference, "Exhibition items for participation in the International Security Exhibition(Cybersecurity Field)"

28 Park, J. -H., "Development of Security System on Personal Information in custody internally in Corporates" 18 (18): 28-34, 2008

29 Ministry of Knowledge Economy, "Detailed Security Control Implementation Guidelines for Technology Protection for SMEs"

30 Australian Small Business and Family Enterprise Ombudsman, "Cybersecurity: The Small Business Best Practice Guide"

31 Symantec, "Cybersecurity for SMEs, a lightweight cybersecurity framework for thorough protection"

32 Deloitte, "Cybersecurity and the Role of Internal Audit"

33 Spinello, R., "Cyberethics: Morality and law in cyberspace" Jones and Bartlett Publishers, Inc 2003

34 AON, "Cyber, the Fast Moving Target"

35 NASSTAR, "Cyber Security for SMEs: A Practical Guide to Protection Your Business"

36 Radanliev, P., "Cyber Security Framework for the Internet-of-Things in Industry 4.0" University of Oxford 2019

37 Yoon, J. -G., "Application of AHP and its limitation" 7 : 75-92, 1990

38 Radanliev, P., "Analysing IoT cyber risk for estimating IoT cyber insurance" 2018

39 Lee, K. -H., "A study on the measurement methods and cases of personal information leakage risk in private enterprises" 18 (18): 92-100, 2008

40 Song, E. -J., "A comparative analysis on the calculation method of domestic and foreign information security market" Institute for Information & Communications Technology Promotion 17-26, 2018

41 Kim, S. -H., "A Study on the Improvement of Vulnerability Checklist for Enhanced PC Security" Konkuk University 2019

42 Park, J. -T., "A Study on the Establishment of IT-based Joint Disaster Recovery Center for Business Continuity Management System of Small and Medium Business" Hansei University 2020

43 Korea Information Security Agency, "A Study on the Development of Certification System for Information Protection Management System" 2003

44 Kim, K. -R., "A Study on the Cyber Risk Item Disclosure for Cyber Insurance Subsidiary" Sangmyung University 2019

45 Jung, H. -C., "A Study on Security Technology for Enhancing Security of Small and Medium Enterprises by using Open Source" Soongsil University 2017

46 Korea Insurance Development Institute, "A Study on Introduction of Government Reinsurance System in Environment Impairment liability Insurance" Minister of Environment 2015