<The second installment of “Leadership on a Safe and Secure Cyberspace” series >
The Korea IT Times will run the series “ Leadership on a Safe and Secure Cyberspace” from April to December. The second installment sets forth shortcuts to arming the SouthKorean cyber security industry with international competitiveness,and explores ways towards intentional cooperation.
The second issue is an interview with Shim Jong-heon, Chairman of the Korea Information Security Industry Association(KISIA).
The Korea Information Security Industry Association (KISIA) will place its 2014 focus on helping Korean information security companies advance into newly emerging markets, including Israel and the African continent.
"With the importance of overseas projects by domestic information security companies growing, KISIA strives to expand their overseas markets from existing Japan, the U.S. and Southeast Asia, in to Israel and Africa this year," said KISIA chairman Shim Jong-heon.
In an interview with Korea IT Times, Shim said, "In particular, domestic firms' entry into overseas markets is indispensible this year, considering the sluggish domestic market that resulted from the current economic slump.
"Related to this, KISIA plans to participate in such global information protection exhibitions as the Security Show 2014 (Japan), ISC West 2014 (U.S.), IST 2014 (Japan) and Security China this year, while dispatching market exploration teams to Vietnam, Malaysia, Singapore, and Israel," he said.
Noting that Korea's information security-related exports to Southeast Asia are steadily growing, Shim said, "I expect the domestic information security industry to achieve tangible results this year.
"Through expansion of exchange cooperation between Korea and Israel, two leaders in information security, we plan to seek joint business opportunities and find bilateral cooperation models in the global market this year."
Operation of a monitoring center to keep information protection
KISIA plans to operate a monitoring center this year to help domestic information security companies receive due payment for maintaining information protection by strengthening monitoring activities for bidding offered by government agencies and public institutions, Shim stressed.
"In line with this, KISIA will develop a guideline to calculate a proper ratio to maintain information protection and prepare a standard contract for information protection products and services," added Shim.
In a separate move, KISIA is moving to expand skill-enhancing education and mentor school programs this year.
"Last year, about 80% of graduates of the KISIA-operated mentor school succeeded in getting a job and over 400 incumbent workers in the information security sector finished the skill-enhancing education program, upgrading their skills and knowledge in the sector," he explained.
KISIA plans to start the 2014 skill-enhancing education and mentor school programs on June 1 after developing on-the-spot curricula that reflect current technology trends.
"Fostering talent in the information security field is very important as manpower shortage is serious for smaller, domestic, companies at present, despite the fact that information protection is emerging as a promising area," he noted.
Steps to prevent security accidents
As a measure to prevent security accidents, Shim said, "As we acknowledged from the 2013 Korea Credit Bureau (KCB) case, enterprises should strengthen their supervisory function on staff members and enhance employees' ethics, while preparing institutional tools such as the bolstering of punishment against those who steal data, and compensation for damages."
An employee from personal credit ratings firm KCB was arrested and accused of data theft from customers of three credit card firms while working for them as a temporary consultant last year.
"For prevention of important data leakage, users' rights and responsibilities should be defined exactly and such rights and obligations should be managed through documentation and systematization," he pointed out.
Mentioning that financial companies tend to excessively collect customers' information and manage them poorly, Shim said that they need to minimize the gathering of customers' information by removing unnecessary items and destroying information on personal affairs instantly, except those necessary for storage for a certain period.
"Actually, most general companies are poor at investment and management in information security. Accordingly, if they pay more attention to basic facility investment, including firewall and virus vaccines, the ratio to prevent hacking will go up," he said.
"The most important matter is the mind of all executives and staff, considering the fact that most information leakage has been made not on the outside but by in-house staff. As a result, a persistent education on information security is necessary," Shim said.
Measure for development of domestic security software industry
"For development of domestic information security technology and software industry, securing enough of a budget related to information protection is very important. For instance, the U.S. has invested over 9% of the budget for informatization into the security field since 2007. In particular, the U.S. has increased the cyber security budget by a factor of six in 2013, from a year earlier," said the KISIA chairman
"On the contrary, Korea's budget for information protection has so far witnessed no significant change from ₩270 billion in 2010. To develop information security technology, a drastic hike in the budget is essential," he said.
Meanwhile, domestic information security companies exported products and services worth ₩70 billion in 2013, according to a KISIA survey.
The breakdown is 70% or ₩49 billion to Japan; 7% or ₩4.9 billion to China; and 5% or ₩3.5 billion to the U.S.
KISIA's role for international cooperation
"To secure leadership in the information security sector of a global society, KISIA has concluded a memorandum of understanding with information protection public institutions of many countries since 2009 including Malaysia, Japan, Vietnam, Thailand, the Philippines, Indonesia, Taiwan, and Singapore" he said.
"Through close cooperation with such foreign institutions, KISIA plans to hold consultation meetings and help domestic information security companies expand business-to-business projects this year as part of its efforts to enhance their global competitiveness," he mentioned.
Commenting that a growing number of Korean companies are showing a strong will to exchange technology and products with their counterparts in Israel, Shim said, "They seem to advance into the European market through close cooperation with Israel, not simply aiming at the Israeli market. The association plans to dispatch a market exploration team for information protection to Israel for the first time this year."
Asked about his policy direction as a new KISIA leader, Shim said, "I plan to make KISIA an association covering not only member companies but also general information security firms. To this end, we will activate various section gatherings, including meetings of information protection-specialized companies, control specialists, export-oriented departments and common criteria certification councils."