• {{ market.title }}
    {{ market.ticker.yesterday_vs_sign }}{{ number_format(market.ticker.yesterday_vs_rate, 2) }}%

Information security incidents cause irreversible economic losses and image damage to businesses. In particular, new security threats through the Internet are steadily increasing and spreading, raising the need for systematic and comprehensive information protection management and authentication.

Many companies are spending huge amounts of capital to enhance information security. However, there is no way for customers to know how well information security works. In other words, it means that some standards that customers can trust are needed.

 

For this reason, information security authentication systems began to emerge. It is to ensure that the company is screening and certifying information protection by the state or a trusted institution. 

 

 

iso27001.png

Information Security Management System ISO 27001

 

Significance of ISO 27001 certification

International Organization for Standardization (ISO) provides a variety of certification services. Each certification service is classified by a specific number to that ISO attaches, such as ISO 9001 (Quality Management Systems) and ISO 37001 (Anti-bribery management systems).

ISO 27001 is an international standard for the The Institute for Standardization of Montenegro (ISME) certified by the International Organization for Standardization. In other words, it is an information protection certification system certified by internationally recognized institutions.

 

Actually, ISO 27001 is not mandatory for virtual asset operators.

 

 

iso27001_benefits.jpg

There are various benefits to obtaining ISO 27001 certification

 

Despite not being compulsory, virtual asset operators seek it because it is an international standard information protection certification and is the most prestigious certification in the field of information protection. In other words, companies that have this certification will be recognized for having a much higher level of information protection than those that do not.

The certification correctly identifies organizational risks and ensures that it is well managed. At the same time, stability and reliability are high because it requires the organization of information protection processes and documents. In addition it is an international standard that has advantages when expanding into overseas markets.

Financial firms that are already extremely sensitive to information security have obtained the certification. Korea Investment & Securities, Shinhan Bank, Mirae Asset Life Insurance, Samsung Life Insurance, Citibank Korea, Busan Bank, and Lotte Card have obtained it. Coco Entertainment Korea, which is preparing for the virtual asset exchange, is also preparing to obtain it.

 

 

ISO 27001’s core is PDCA

ISO 27001 selected PDCA model to manage security risk. PDCA is a work cycle: Plan, Do, Check, Act.

PDCA is the core of ISO 27001 as a cyclical process that must be repeated to respond to rapidly changing IT environments and the resulting risks.

 

The Plan phase improves information security to meet the policies and objectives of the entire organization. Also, policies, objectives, and processes are established to manage the crisis. 

 

 

pdca.png

PDCA is based on ISO 27001

 

In the Do phase, improvement plans are implemented. Starting with Small-Scale Study in controlled situations, it executes plans and implements and operates established processes.

In the Check stage, the execution results of the Do stage are analyzed to measure and evaluate improvements and performance.

In the Action phase, complementing the suitability of the entire cycle based on what was evaluated in the previous step is progressed. If there is a deficiency, a new plan will be established and the cycle will be turned again. Conversely, if it is satisfactory, range of cycle activities will be expanded to allow for further improvement.

 

 

ISO 27001 Certification Procedure

 

 

절차.jpg

ISO 27001 Certification Procedure

 

The first preparation for ISO 27001 certification is planning the project. The project environment shall be established, the promotion organization shall be organized, and education shall be conducted on the persons in charge and key personnel. In addition, detailed plans for the project should be formulated.

After completing the project plan, analyzing current status and risk should be done. Security vulnerabilities and risks present in the organization should be assessed, analyzed, and risk-measured.

An appropriate control item for managing identified risks should be established and detailed implementation plans should be established from a physical, technical and management perspective.

Various logs arising from the application of the established security management system should be collected and organized, and the Service Oriented Architecture (SOA) should be prepared.

SOA is the most important part of the screening. The report should record how it has dealt with control items and evidence of that.

Once the report is ready, main examination will be started after preliminary examination.

In the certification review, document review is conducted on SO, information protection policies, and implementation records related to guidelines. On-site inspections will be conducted to review whether the results are implemented or not. Certificates will be issued if both are passed.

Even after issuing a certificate, it must be inspected periodically (on a six-month basis) and renewed through a renewal review after three years of certification.

 

ISO 27001 certification for greater trust

ISO 27001 is not mandatory as mentioned earlier. For companies, it is also difficult to step up to the plate because they have to invest money and time separately.

 

However, it would not be too much to say that it is essential for virtual asset operators whose priority is information protection, as it is the most ideal way to protect assets.

 

TOTAL732
NO Subject 썸네일 Date Created
672 블록체인 기반 메타버스 디네이션즈, 현대미술가 전병삼 작가와 NFT 아트전 ‘루미네이션: 네이션즈 인 메타버스’ 전시 개최 2021.07.06
671 AML/CFT system is required of a virtual asset business 2021.07.02
670 소프트뱅크, 브라질 최대 암호화폐 거래소에 2억달러 투자 2021.07.02
669 서클, 트론에서 USDC 지원 발표 "아시아 전역으로 거점 확장 한다" 2021.07.02
668 캐나다 채굴업체 '헛8' 홍콩 채굴장비 제조사로부터 채굴기 1만여대 구입 2021.07.01
667 블록체인 기반 포인트 통합 플랫폼 '밀크', 진에어 항공권 할인 쿠폰 구매 서비스 오픈 2021.07.01
666 4대 암호화폐 거래소, '트래블룰' 공동대응 합작법인 설립 2021.06.30
665 블록체인 플랫폼 플레이댑, 메타버스 ‘플레이댑 타운’ 알파 버전 29일 로블록스에 출시 2021.06.30
664 브라이언 암스트롱 "코인베이스에 합법적인 모든 암호화폐 상장이 목표" 2021.06.30
» What is ISO 27001? 2021.06.25
662 a16z, 암호화폐 펀드 출시 "22억달러로 사상 최대 규모" 2021.06.25
661 아이템버스, 차세대 대표 아티스트 정우재 작가의 NFT 사업권 확보 2021.06.25
660 존 맥아피, 스페인 감옥에서 사망 2021.06.24
659 블록체인 게임 국내 서비스 가능해지나? 스카이피플, 게임물관리위원회 상대로 가처분 승소 2021.06.24
658 코핀홀딩스, 특금법 개정 AML 시스템 및 ISMS 인증 도입 박차 2021.06.23
657 아이템버스, 한국웹툰산업협회와 업무협약 체결 2021.06.23
656 중국, 비트코인 거래 암호화폐 관련 거래 엄격 금지 "채굴업체 엑소더스 시작됐다" 2021.06.22
655 아이템버스, 로보트 태권V 김청기 감독의 엉뚱산수화 NFT 사업권 확보 2021.06.22
654 월가 투자업계 전설 "비트코인, 150년만에 등장한 '새로운 자산 클래스'" 2021.06.18
653 "비트코인으로 후원하세요", 미 공화당 암호화폐로 선거후원금 받는다 2021.06.18