Miyeon Yoon, Korea Internet & Security Agency Document No: GSC17-PLEN-83 Source: Korea Internet & Security Agency Contact: Miyeon Yoon GSC Session: PLEN Agenda Item: 10.3 Introduction to KISA Miyeon Yoon, Korea Internet & Security Agency
Contents 1. Foundation 2. History & Challenges 3. Key Facts Contents are as follows. Foundation History & Challenges Key Facts And What we do 4. What we do 5. What we have done on Standardization
1. Foundation Legislation Main Roles Internet Development Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. · Article 52 (Korea Internet and Security Agency) - to upgrade the information and communications network, encourage the safe use thereof, and promote the international cooperation and advancement into the overseas market in relation to broadcasting and communications. Main Roles Internet Development - Create a Better and Safer Internet Environment - Encourage New Internet Related Services - Policy Development and Law Information Security on Public and Private sector - Internet Incidents Prevention and Response - Protection of Personal Information - Management of Korea Network Information Center International Cooperation - International Cooperation on Broadcasting & Communication KISA was established with basis of the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. Our main roles are comprised of 3 parts. 1st is the internet development, which is to create a better and safer internet environment, and encourage new internet related services 2nd is the information security on pubic and private sector which is to prevent and response to the internet incidents, to protect personal information, etc 3rd is the international cooperation which is to cooperate in the areas of broadcasting and communications with other countries and international organizations like World Bank.
2. History & Challenge MISSION Building up sound and safe Internet environment and carrying international cooperation for broadcasting and communication VISION Becoming the world-wide professional agency for internet & information security 2009. 07 Korea Internet & Security Agency (merger of KISA, NIDA and KIICA, 23rd. July) Our organization, KISA was unified with 3 organizations, which are KIICA, NIDA and KISA in July 2009. Main role and job of information security has been carried out by Korea Information Security Agency since 1996. 2002. 01 Korea IT International Cooperation Agency (KIICA) 1999. 06 National Internet Development Agency of Korea (NIDA) 1996. 04 Korea Information Security Agency (KISA)
<Annual Budget> 3. Key Facts Staff : 568 Staffs Structure : 1 Center, 4 Groups, 10 Divisions, 46 Teams Budget : ₩ 132.6 billion ($122million) (Unit : billion in Korean Currency) 84.5 154 127.1 Currently, KISA comprised of over 500 staffs, comprised of 1 center, 4 groups, 10 division and 46 teams. Amount of budget is about 122 million dollars as of 2012. 132.6 <Annual Budget>
Management Support Division 3. Key Facts Organization Chart President Public Relations Division Internal Audit and Inspection Section Korea Internet Security Center Information Security Group 인터넷진흥본부 International Cooperation Center Management Planning Group Internet Development Group Internet Policy Research Center Industry Development Division Culture Management Support Division Korea Network Information Personal Protection Security Public Incidents Response Prevention This is current organization chart, and it’s getting bigger with the ICT development and growing importance of information security of Korea. Main function of information security has been carried out by Information security group and Korea Internet Security Center as you can see in this diagram. The two red box groups have mainly responsibility for standization of internet and security parts. 4 Teams 7 Teams 3 Teams 12 Teams 10 Teams KISA Academy, 6 Teams 3 Teams
Korea Internet Security Center 4. What we do (1/4) Information Security [Public Sector Information Security] Critical Information Infrastructure(CII) Protection measures & support for incident recovery Information Security Consulting for e-Government services, and G-ISMS SW assurance services for IT security product(smartcard, firewall, etc.) Operating Root CA for National PKI & Promoting PKI usages [Personal Information Protection] Operating the Privacy Incident Response System (PIRST) 24/7 Operating 118 CALL CENTER 24/7 Providing Consultation & Alternative Dispute Resolution(ADR) for personal information dispute Korea Internet Security Center [Reliable and Secure Internet Environment] Operating Korea Internet Security Center(KrCert/CC) Early detecting and responding to prevent damages from Internet incident Strengthening domestic and international cooperation for incident response Operating Spam Response Center Strengthening collaboration with specialized institution(agency) Supporting developing countries to establish CERT(Computer Emergency Response Team) In the area of information security, KISA is in charge of public sector information security and personal information protection in private sector. And KISA operates KISC, Korea Internet Security Center.
Internet & Security Research Better Internet Environment & Development 4. What we do (2/4) Internet & Security Research Providing the Issue Report on Global IT, ICT Policy Trends etc Studying legal system related with Internet and Supporting governments’ enactment Analyzing Internet & Security Policy and Statistical Research on Internet Businesses Making effort to improve legal system in compliance with ICT convergence environment [International Cooperation] Strengthening ICT SMEs’ capabilities for global market Hosting ICT training programs and creating human networks Promoting cooperation in ICT areas with International Organization such as OECD, ITU, World Bank Developing and sharing best practices for cyber security policy and implementations Better Internet Environment & Development [Better and healthier Internet environment] Raising awareness of youth about the importance of Internet Researching on global issues on Internet ethics Running national campaign to make beautiful Internet world [Industry Development] Testing and certifying service for domestic biometric system [K-NBTC] Developing new services for Near-Field Communication(NFC) Promoting domestic cloud services and cooperating with global partners Also KISA provides the issue reports on global ICT policy & technology trends and analysis of internet & security policy. To make better internet environment, KISA has been doing various tasks such as, raising the awareness of youth, research on internet ethics and national campaign. And also, KISA has developed new services of Near Field Communications and promotion of domestic cloud services and cooperation with global partners like MS, and google.
4. What we do (3/4) Standardization Activities - Security [Development of Standards for Infrastrucure Security Technologies in Smart Environment] Smart grid and Mobile phone technologies in ITU-T USN and sensor network technologies in ITU-T Cyber securities in ITU-T Multicast technologies in ITU-T and ISO/IEC Cryptography and Applied cryptography technologies in ISO/IEC, ITU-T and IETF [Development of Standards for New-convergence Technologies on Mobile Biometrics ] Mobile biometrics technologies in ISO/IEC and ITU-T Medical & mobile securuty for telebiometics in ITU-T Telebiometrics technologies in ITU-T Testing Techniques for biometrics in ISO/IEC Standardization Activities - Internet [Standardization of Internet Address Resources and OID-based application technology] Research and national standardization on internet addresses resources (domain, IP address, DNS) Standardization of OID resolution system and expanded application of OID in various areas
4. What we do (4/4) Current Works Current Works [Development of Standards for Infrastrucure Security Technologies in Smart Environment] ITU-T, (X.sgsec-1)Security functional architecture for smart grid services using telecommunication network ITU-T, (X.msec-8)Secure application distribution framework for communication devices [Development of Standards for New-convergence Technologies on Mobile Biometrics ] ITU-T, (X.1092)Integrated framework for telebiometric data protection in e-health and telemedicines ITU-T, (X.tam)guideline to technical and operational countermeasure for telebiometric applications using mobile devices ISO/IEC WD TR 30125, Biometrics - Use of mobile biometrics for personalization and authentication ISO/IEC WD 24709-1 Rev1, Conformance Test for BioAPI part 1 – Test methods and Procedure(Revision) ISO/IEC FDIS 19794-14, Biometric data interchange format part14- DNA data/AMD.1 : Conformance testing methodology Current Works [Standardization of Internet Address Resources and OID-based application technology] Researching on next identification system on IoT(Internet of Things) Developing OID resolution system and its test-bed
5. What we have done
Thank you! Thank you very much.