SERVICES
Introducing SAK's services.
PARTNERS
PARTNERS
WE ARE
CONSULTING SERVICES
Click Services for more information.
Scroll left and right to see the contents.
Classification | Related Law | Regulator | Target | Type |
K-ISMS Certification | Information And Communications Network LawArticle 47 (Certification of Information Security Management Systems) | E-commerce Providers, Cloud Service Providers, etc | Mandatory or Recomme ndation | |
Cloud Security Assurance Program (CSAP) Certification | Cloud Computing Law Article 20 (Facilitating Use of Cloud Computing Services by State Agency or Other Public Authority) | Cloud service providers serving national institutions | Mandatory | |
CSP Security Assessment | Regulation on Supervision of Electronic Finance Article 14-2 (Procedures, etc. for Use of Cloud Computing Service) | CSPs contracted with Financial companies | Mandatory | |
Fact Finding for National Core Technology Protection | Industrial Technology Protection LawArticle 17 (Fact-Finding Surveys for Protection of Industrial Technology) | Companies with National Core Technology | Mandatory | |
Protection Measures for Data centers | Information And Communications Network LawArticle 46 (Protection of Data Centers) | Data Center Operators, or Data center of CSP | ||
Formulation of Master Plans for Management of Disasters | Framework Act On Broadcasting Communications Development Article 35 (Formulation of Master Plans for Management of Disasters in Broadcasting Communications) | Ministry of Science and ICT | A person who meets the standards prescribed by the Presidential Decree, such as the size of the facility and the amount of sales, as a data center operator | Mandatory |
ISMS-Privacy (ISMS-P) Certification | Personal Information Protection Act Article 32-2 (Certification of Personal Information Protection) | Personal Information Controller | Recomme ndation | |
APEC Cross Boarder Privacy Rules (CBPR) Certification | Personal Information Protection Act Article 28- 8 (Overseas transfer of personal information) | Personal Information Controller to transfer personal information abroad | Recomme ndation |
Scroll left and right to see the contents.
Classification | Description | Method | Deliverables |
Common Configuration Enumerations (CCE) | This is a service that checks whether the configurations of servers, network devices, firewalls, etc. included in the check target are vulnerable. For the definition of CCE items for each check target, refer to the Detailed Guide on Analysis and Assessment of Technical Vulnerabilities of Key Information and Communications Infrastructure published in Korean by the Korea Internet & Security Agency (KISA), but may vary depending on the client's infrastructure environment and needs. | Manual check such as interviews and walk-through of system configurations, or automatic check using a script developed for CCE check | CCE check plan, CCE check result, and Corrective action guide |
Common Vulnerabilities and Exposures (CVE) | This is a service that checks whether there are CVE vulnerabilities for devices and applications included in the check target. The CVE is a disclosed list of cybersecurity vulnerabilities, and you can find more information on the MITER CVE website. | check plan, CVE check result, and Corrective action guide | |
Source Code Security Analysis | This is a service that checks the source code of applications included in the check target for vulnerabilities (this is called Static code analysis). For the check scope and items, refer to the Software Security Weakness Analysis Guide published in Korean by the Korea Internet & Security Agency (KISA), but may vary depending on the client's development environment and needs. | Code security analysis plan, Code security analysis result, and Corrective action guide | |
Penetration Tests | This is a service that checks whether there are vulnerabilities in the application subject to check (this is called Dynamic code analysis). The check scope and items refer to the web application vulnerabilities disclosed by OWASP, but may vary depending on the client's service environment and needs. | Manual check of penetration testers, and automatic scan using vulnerability scanners | Penetration test plan, Penetration test result, and Corrective action guide |
Scroll left and right to see the contents.
Classification | Description | Deliverables |
Security Master Plans | An effective Security Master Plan enables an organization to identify, prioritize, budget for and implement risk mitigation measures that can be adapted as the threat environment and organizational risk profile evolves. | Security master plan establishment plan and Security master plan |
Data Privacy and Compliance Assessment | Our data privacy and compliance experts translate the technical into practical and cut through less-than-specific legal requirements to navigate the complex compliance with the Korean Personal Information Protection Act (PIPA). | Compliance assessment plan, Compliance assessment result, and Corrective action guide |
Cyber Security Risk Assessments | Our cyber security risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available. | Security risk assessment plan, Security risk assessment result, and Corrective action guide |
© 2023 Security Awareness Korea, Inc. All Rights Reserved