Gov’t to give companies a system to aid securityThe government is constructing a self-monitoring system for private companies to regularly check their information security levels after a series of customer information leaks.
The Ministry of Science, ICT and Future Planning yesterday said it aims to implement the system by the year’s end to help raise awareness of the need for information security in business circles.
The idea of this system was first mentioned by Minister Choi Mun-kee at a February meeting of the National Assembly’s Science, ICT, Future Planning, Broadcasting and Communications Committee.
“When our ministry implements the policy this year, it will be the first of its kind in the world,” Choi said.
At the meeting, held after customers’ personal information was leaked by three credit card companies, Choi said his ministry was planning a system with five security scores from A to E that the government could request companies to disclose to the public.
The scores would be based on common criteria from the existing state-run information security management system. The Science Ministry will participate in the process of setting up the criteria.
The criteria include the amount and type of customer information each company collects, the numbers of information security workers at each company, annual budget allocated for security and availability of a company manual to deal with security accident cases.
Any private company can implement the self-evaluation system and disclose its score to the public.
However, an official at the Science Ministry’s information security department took a conservative attitude about self-disclosures by companies.
“The ministry will launch the self-assessment system by the year’s end, but we haven’t been able to finalize a deadline for a public disclosure system of the scores,” he said.
“Since the scoring system is voluntary, the ministry’s role is going to be limited, but we hope to push for developing it into a public disclosure system in the near future.”
Most recently, the Seoul police’s cyber unit is reportedly investigating Shinhan Card over a case in which 50 credit card purchases were made using a stolen identity. The damages from the identity theft case was reportedly 8 million won ($7,830).
More startling, a recent survey by the Korea Information Security Agency showed that less than 46 percent of the companies in Korea were investing in security protection.
BY kim ji-yoon [firstname.lastname@example.org]