Despite Holding Nationally Accredited ISMS and ISMS-P Certifications
"Doubts About Effectiveness... Need to Prepare Improvement Measures"
Lee Hunki, a member of the Democratic Party of Korea, pointed out that the recent SK Telecom cyber breach has exposed serious problems with the effectiveness of the current Information Security Management System (ISMS) and Personal Information & Information Security Management System (ISMS-P) certification systems.
On the 28th, customers visiting an official SK Telecom certified agency in Jung-gu, Seoul, are waiting to replace their SIM cards. SK Telecom plans to offer free SIM card replacement services to subscribers starting today. 2025.4.28. Photo by Kang Jinhyung
ISMS and ISMS-P are nationally accredited information security certification systems overseen by the Ministry of Science and ICT and the Personal Information Protection Commission. These certifications require companies to assess technical and managerial vulnerabilities in their servers and network equipment, and to encrypt critical data to defend against hacking attempts.
Lee, a member of the National Assembly's Science, ICT, Broadcasting and Communications Committee, criticized SK Telecom for failing to prevent a large-scale hacking incident despite holding both ISMS and ISMS-P certifications as a major domestic telecommunications service provider. He specifically highlighted problems in the initial response, noting that there was a nearly two-day gap between the time the hacking was first detected (April 18) and when it was officially reported to the Korea Internet & Security Agency (April 20).
This demonstrates that, despite obtaining ISMS and ISMS-P certifications, SK Telecom did not effectively implement the incident detection, analysis, reporting, and response procedures specified in the certification standards. Lee pointed out that the ISMS and ISMS-P certifications, which companies maintain at significant cost and effort, ultimately failed to prevent the hacking and to ensure an effective initial response.
He emphasized, "In light of the recent SKT hacking incident, the relevant ministries must thoroughly analyze the fundamental problems of the ISMS certification system," and added, "Prompt measures should be taken to reform the information security certification framework so that it is truly effective and can earn the public's trust."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
