유영인, 김동희, 정세희,

Vol. 35, No. 3, pp. 681-697, 6월. 2025
10.13089/JKIISC.2025.35.3.681, Full Text:
Keywords: risk management, Cybersecurity Framework, Security Governance
Abstract

As the scope and target categories of cybersecurity management continue to expand beyond the organizational level, the need for efficiency-driven management is growing. Furthermore, most incidents and accidents occurring within organizations now involve cyber elements, elevating cybersecurity to the same level of importance as high-risk areas like finance. In response, major countries have adopted risk-based cybersecurity management frameworks to enhance decision-making and management efficiency using timely and objective information. This paper analyzes the management guidelines, risk management frameworks, and systems of nations that have adopted a risk-based cybersecurity approach. By identifying essential concepts to be considered in their operational structures and latest approaches, we propose an integrated framework that reflects these elements comprehensively. The findings of this study are expected to aid in incorporating the concept of risk into South Korea's cybersecurity management system, enabling the implementation of consistent procedures while simultaneously enhancing management efficiency and effectiveness. Additionally, the proposed framework provides a foundation for flexible responses to emerging threats and management factors, contributing to the establishment of a sustainable cybersecurity management system.

Statistics
Cite this article