민간분야 사이버보안 거버넌스 제도의 의무주체에 대한 비교분석 및 중점관리 대상에 관한 연구: 정보보호 최고책임자ㆍ정보보호 관리체계 인증ㆍ정보보호 공시 제도를 중심으로

In the current era of overwhelming data, the importance of cybersecurity for corporations and organizations is more critical than ever. In this context, various mandatory regulations and certification systems related to cybersecurity governance in the private sector are being implemented in Republic of Korea. However, despite the shared objective of emphasizing the importance of cybersecurity for private sector, including corporations and organizations, differences in the criteria for mandatory compliance and certification have resulted in inefficiencies in both the management and effectiveness of these policies. Additionally, there is a demand from the field for clearer criteria and direction in cybersecurity governance priority-managed individuals due to inconsistent application of these criteria. To address this, this paper statistically analyzes the status of entities subject to relevant cybersecurity regulations, focusing on the Chief Information Security Officer (CISO), who plays a key role in cybersecurity governance within private sector including corporations and organizations. The paper also proposes criteria and directions for setting effective cybersecurity priorities. The study discusses the following : itbegins with a review of theories and institutional frameworks related to cybersecurity governance. To derive objective implications based on data, a target database (DB) focusing on Chief Information Security Officers (CISO), the key decision-makers and responsible entities in cybersecurity governance, will be established. Then, to derive objective meaning and implications from the established DB, a comparative analysis of the target status across different cybersecurity governance systems, and an analysis of correlations and impacts using statistical methods will be conducted to propose criteria and directions for effective and consistent governance priority-managed individuals.