수탁사 개인정보 보호 관리 수준 점검 활동과 정보보안 성과간의 실증 연구

Personal information leakage related to the consignee’s company is increasing more andmore due to various threats such as APT, Ransomware and the latest intelligent threats, and theexpansion of the personal information processing business to differentiate the business. It is necessaryto analyze the related laws and security standard system and to check the integrated levelof personal information protection management based on them. This study analyzed the currentstatus of consignee’s personal information processing consignment such as comparison of commissionand third party provision, related domestic and foreign laws, and information security standardcertification system. We derive the measurement items for the security audit activities of theconsignee and check the influential factors of the information security performance. The effect wasverified empirically. And as a result of applying the AHP analysis technique, the influence of the sub factors on the information security performance was more influenced by the establishment ofinternal administration system, privacy cryptography, life cycle, and access authority management. This study is meaningful that the relationship between management level diagnosis factorsof consignee’s personal information protection and information security performance was provedempirically.