Go to survey->

SURVEY ON INFORMATION SECURITY

Dear Sir/Madam:

Greetings!

I am a doctoral student in information policy at Sungkyunkwan University in Korea.

"A developing indicators and analysis of the standards for information security( in 50

countries)" is conducted as a part of PhD dissertation at Sungkyunkwan University,

South Korea.

The purpose of study is to identify the degree of information security compared with

50 countries and propose the efficient plan for information security.

I'm hoping many of you will help me by completing this survey and giving me your

thoughts about the significance of information security as representative in your

country.

It will be useful for the study of information security and as important data for the

information security policy.

If you have any questions, please feel free to contact me via e-mail as well.

I would be grateful if you would take the time to answer the following questions.

Sincerely,
Youngjin, Shin

Ph.D. Candidate in Graduate
of the Sungkyunkwan University.

(Academic Advisor: Prof. Seang-Tae, Kim)

*If you know the consistent indicators of following statements in detail, please see the foot of page.

* Method to Answer:
The questions are 4 sections(composition of information security, legal& institutional information security, physical & technical information security, administrative information security).
All statements are for comparing A indicators and B indicators of Information security standards, so you can check what is more important between A and B.

Ex) If you think that legal & institutional information security(A)is more important than physical & technical information security(B), please check the circle of left side according to the degree of imoprtance. Or if you think that both of them are equally important to compare with, please check the circle of 1.

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
legal & institutional information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	physical & technical information security

A. The following statements are consistent factors of information security.
Please describe what is more important information security compared A with B in your country.

significance of the standards

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
legal & institutional information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	physical & technical information security
legal & institutional information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	administrative information security
physical & technical information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	administrative information security

B. The following statement is legal & institutional information security. Please describe what is more important information security compared A with B in your country.

B-1) Main indicators of legal & institutional information security

significance of the standards

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
Information security for Privacy	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Information security for Intellectual property
Information security for Privacy	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Information security for IT usability
Information security for Intellectual property	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Information security for IT usability

B-2) Sub indicators of legal & institutional information security

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
Legal Information security for privacy	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Institutional Information security for privacy
Legal Information security for the patent and copyright	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Institutional Information security for Intellectual property
Legal Information security for IT use	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Institutional information security for IT development

C.The following statements are indicators of physical & technical information security.
Please describe what is more important information security compared A and B in your country.

C-1) Main indicators of physical & technical information security

significance of the standards

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
Information security for IT(Telecommunication) Infrastructure	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Information security for technology infrastructure
Information security for IT(Telecommunication) Infrastructure	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Information security for IT(Telecommunication) application
Information security for technology infrastructure	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	IT(Telecommunication) application for Information security

C-2) Sub indicators of physical & technical information security

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
System Infrastructure for Information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Internet Infrastructure for Information security
Technical development for Information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Technical human resource for Information security
Receipts of royalties and license fees	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Patents granted to residents
Availability of scientists & engineers	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Scientists & engineers in R&D

C-3) Sub indicators of physical & technical information security

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
Information security for e-Commerce	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Information security for Network
Information security for creditcard usability	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Safety of creditcard transaction
Information security for creditcard usability	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Confidentiality of financial transaction
Information security for creditcard usability	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Encryption investment
Safety of creditcard transaction	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Confidentiality of financial transaction
Safety of creditcard transaction	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Encryption investment
Confidentiality of financial transaction	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Encryption investment
Encryption of servers	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Encryption operation
Encryption of servers	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Data security
Encryption operation	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Data security

D. The following statements are indicators of administrative information security.
Please describe what is more important information security compared A with B in your country.

D-1) Main indicators of administrative information security

significance of the standards

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
Organization for Information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Budget for Information security
Organization for Information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Public service for Information Security
Budget for Information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Public service for Information Security

D-2) Sub indicators of administrative information security

A indicators	E x t r e m e l y		Very S t r o n g		S t r o n g		M o d e r a t e		E q u a l		M o d e r a t e		S t r o n g		Very S t r o n g		E x t r e m e l y	B indicators
Independent operating organization(& its members)	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Correlation with International organization for Information security
Investment budget for Information security	9	8	7	6	5	4	3	2	1	2	3	4	5	6	7	8	9	Development budget for Information security

E. Please write your human details.
All of your answers will be used for the academic purpose to write the thesis.

Name
E-mail
Major & Degree
Post & Position
Country

Thank you

Integrity without knowledge is weak and useless, and knowledge without integrity is dangerous and dreadful.
Signature of Youngjin, Shin citing Samuel Jonson
Phone: +82-19-432-6856 Fax: +82-2-2671-7793 E-mail:jinsyj@skku.edu

Ref. 1 Matrix for Information Security

Ref.2 Indicators and Operation definition of information security

Consistent
Indicators

Main Indicators

Sub indicators

Operation Definition of Existing indicators

Legal/institutional Information Security

Information Security for Privacy

Legal Information security for privacy

Protection of the private sphere by country (IMD)

Institutional Information Security for Privacy

Personal security and private property is adequetely protected (IMD)

Information Security for Intellectual Property

Legal Information security for the patent and copyright

Legal Protection for Patent and copyright(WEF)

Institutional Information security for Intellectual property

Intellectual property protection in your country(WEF)

Information Security for Technology Infrastructure

Legal Information security for IT use

Law relating to IT use(Relating to electronic e-commerce digital signature and consumer protection(WEF)

Institutional Information security for IT development

Legal framework for IT development (WEF)

Physical/Technical
Information Security

Technology Infrastructure for Information Security

System Infrastructure for Information Security

Secure Servers(SSL))(NET

Internet Infrastructure for Information Security

Secure Servers by domain (computerspace)

Technology Infrastructure for Information Security

Technical Development for Information Security

Information security by Technology protection by royalty and license

Receipts of royalties and license fees(US$ per person))(WORLDBANK)

security for technical development by patents

Patents granted to residents(Numbers of people)(IMD)

Technical Human Resource for Information Security

Availability of technical human Resource for Information Security

Availability of Scientists & engineers(IMD)

Members of Technical Human Resource

Scientists & engineers in R&D(No)(UNDP)

IT(Telecommunication) Application for Information Security

Information Security for e-Commerce

Information security for creditcard usability

Credit cards issued(No. of issue))(IMD)

Information security for creditcard usability

Credit card transactions(US$ per capita)(IMD)

Safety of creditcard transaction

Confidentiality of financial transaction (rate of guarantee)(WEF)

Confidentiality of financial transaction

Encryption Investment (Invest % of GDP in PKI Co)

Information Security for Network

Encryption of servers

Encryption of servers (Server is sufficiently encrypted)

Encryption operation

Encryption operation(No. of PKI corporations in nation)(Netcraft)

Data security

Data security(is sufficiently enforced)(IMD)

Administrative information security

Organization for Information Security

Independent Telecommunication Regulatory Organization

Independent system & It's members(ITU)

International Organization for Information Security

Corelationwith international organization(by membership)

Budget for Information Security

Investment budget for Information Security

Investment in telecommunications(% of GDP)

Development budget for Information Security

Research & development expenditures /Domestic investment in government(% of GDP)

Public service for Information Security

Public service for Information Security by website

Information security of public servicein website is adequately protected(GEPEGI)

Ref.2 Indicators and Operation definition of information security
Consistent Indicators	Main Indicators	Sub indicators		Operation Definition of Existing indicators
Legal/institutional Information Security	Information Security for Privacy	Legal Information security for privacy		Protection of the private sphere by country (IMD)
		Institutional Information Security for Privacy		Personal security and private property is adequetely protected (IMD)
	Information Security for Intellectual Property	Legal Information security for the patent and copyright		Legal Protection for Patent and copyright(WEF)
		Institutional Information security for Intellectual property		Intellectual property protection in your country(WEF)
	Information Security for Technology Infrastructure	Legal Information security for IT use		Law relating to IT use(Relating to electronic e-commerce digital signature and consumer protection(WEF)
		Institutional Information security for IT development		Legal framework for IT development (WEF)
Physical/Technical Information Security	Technology Infrastructure for Information Security	System Infrastructure for Information Security		Secure Servers(SSL))(NET
		Internet Infrastructure for Information Security		Secure Servers by domain (computerspace)
	Technology Infrastructure for Information Security	Technical Development for Information Security	Information security by Technology protection by royalty and license	Receipts of royalties and license fees(US$ per person))(WORLDBANK)
			security for technical development by patents	Patents granted to residents(Numbers of people)(IMD)
		Technical Human Resource for Information Security	Availability of technical human Resource for Information Security	Availability of Scientists & engineers(IMD)
			Members of Technical Human Resource	Scientists & engineers in R&D(No)(UNDP)
	IT(Telecommunication) Application for Information Security	Information Security for e-Commerce	Information security for creditcard usability	Credit cards issued(No. of issue))(IMD)
			Information security for creditcard usability	Credit card transactions(US$ per capita)(IMD)
			Safety of creditcard transaction	Confidentiality of financial transaction (rate of guarantee)(WEF)
			Confidentiality of financial transaction	Encryption Investment (Invest % of GDP in PKI Co)
		Information Security for Network	Encryption of servers	Encryption of servers (Server is sufficiently encrypted)
			Encryption operation	Encryption operation(No. of PKI corporations in nation)(Netcraft)
			Data security	Data security(is sufficiently enforced)(IMD)
Administrative information security	Organization for Information Security	Independent Telecommunication Regulatory Organization		Independent system & It's members(ITU)
		International Organization for Information Security		Corelationwith international organization(by membership)
	Budget for Information Security	Investment budget for Information Security		Investment in telecommunications(% of GDP)
		Development budget for Information Security		Research & development expenditures /Domestic investment in government(% of GDP)
	Public service for Information Security	Public service for Information Security by website		Information security of public servicein website is adequately protected(GEPEGI)