Advanced information security management evaluation system

Heasuk Jo, Seungjoo Kim, Dongho Won

Research output: Contribution to journalArticlepeer-review

13 Citations (Scopus)


Information security management systems (ISMSs) are used to manage information about their customers and themselves by governments or business organizations following advances in e-commerce, open networks, mobile networks, and Internet banking. This paper explains the existing ISMSs and presents a comparative analysis. The discussion deals with different types of ISMSs. We addressed issues within the existing ISMSs via analysis. Based on these analyses, then we proposes the development of an information security management evaluation system (ISMES). The method can be applied by a self-evaluation of the organization and an evaluation of the organization by the evaluation committee. The contribution of this study enables an organization to refer to and improve its information security levels. The case study can also provide a business organization with an easy method to build ISMS and the reduce cost of information security evaluation.

Original languageEnglish
Pages (from-to)1192-1213
Number of pages22
JournalKSII Transactions on Internet and Information Systems
Issue number6
Publication statusPublished - 2011 Jun


  • Information security check
  • Information security evaluation
  • Information security evaluation process
  • Information security management systems (ISMSs)

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Advanced information security management evaluation system'. Together they form a unique fingerprint.

Cite this