Enforcement Decree Amendment of the "Information Security Industry Act" Passed
Excluding Public Institutions and Small Enterprises
[Asia Economy Reporter Cha Min-young] Going forward, publicly listed companies that have appointed a Chief Information Security Officer (CISO) and whose previous fiscal year's business revenue is 300 billion KRW or more must disclose their information security status annually by June 30.
The Ministry of Science and ICT announced that the amendment to the Enforcement Decree of the "Information Security Industry Act," which includes this provision, passed the Cabinet meeting on the 7th. This amendment will take effect from the 9th of this month.
This amendment applies to companies such as telecommunications service providers with line facilities, integrated information communication facility operators, tertiary general hospitals, and cloud computing service providers.
The mandatory information security disclosure targets include publicly listed companies that have appointed a CISO and whose sales in the previous fiscal year were 300 billion KRW or more, as well as companies with an average daily user count of 1 million or more for information and communication services over the last three months of the previous year. However, public institutions, small businesses, financial companies, and electronic financial businesses whose main industries are not information and communication or wholesale and retail trade are excluded.
Companies subject to information security disclosure must enter their information security status into the electronic disclosure system by June 30 each year.
The Ministry of Science and ICT plans to revise guidelines within the year to help companies easily participate in information security disclosure, including methods for calculating information security investment, personnel, and criteria for activity targets.
Minister Lim Hye-sook of the Ministry of Science and ICT said, "As seen in the recent KT network outage incident, dependence on digital and network systems is higher than ever. Users need to know how much companies invest in information security through disclosure, and through this, we hope a virtuous cycle structure will be established where information security investment naturally occurs across all industries."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
