PARTNERS

You can provide secure services that meet Korea's compliance requirements. 

PARTNERS

You can provide
secure services that
meet Korea's compliance
requirements. 

WE ARE

Independent Information Security
Compliance Advisor. 
Security Awareness Korea, or SAK is a consulting company in information security compliance. We understand cybersecurity and data security compliance in the private and public sectors and help organizations avoid threats, close gaps, and manage risks effectively. 


SAK also provides customized services throughout the information security lifecycle, including vulnerability analysis, risk management, integrated security management system, compliance and expert advice. We support customers to develop scalable programs that help improve their security posture, meet business goals, and promote continued success. 

CONSULTING SERVICES

Typical Consulting Services 

Click Services for more information. 

Scroll left and right to see the contents. 

Compliance Services 
Services 01
Classification 
Related Law 
Regulator 
Target 
Type 
K-ISMS Certification 
Information And Communications
Network LawArticle 47
(Certification of Information Security Management Systems)
E-commerce Providers, Cloud Service Providers, etc
Mandatory or
Recomme ndation
Cloud Security Assurance Program (CSAP) Certification 
Cloud Computing Law Article 20
(Facilitating Use of Cloud Computing Services by State Agency or Other Public Authority)
Cloud service providers serving
national institutions
Mandatory
CSP Security Assessment
Regulation on Supervision of Electronic
Finance Article 14-2
(Procedures, etc. for Use of
Cloud Computing Service)
CSPs contracted with Financial companies
Mandatory
Fact Finding for National Core Technology Protection 
Industrial Technology Protection LawArticle 17
(Fact-Finding Surveys for Protection of Industrial Technology)

Companies with National Core Technology
or CSPs contracted with the companies 

Mandatory
Protection Measures for Data centers 
Information And Communications
Network LawArticle 46
(Protection of Data Centers)

Data Center Operators, or Data center of CSP 

Mandatory
Formulation of Master Plans for Management of Disasters 
Framework Act On Broadcasting
Communications Development Article 35
(Formulation of Master Plans for Management
of Disasters in Broadcasting Communications)
Ministry of Science and ICT
A person who meets the standards prescribed by the Presidential Decree, such as the size of the facility and the amount of sales, as a data center operator
Mandatory
ISMS-Privacy (ISMS-P) Certification 
Personal Information Protection
Act Article 32-2
(Certification of Personal Information Protection)
Personal Information Controller
Recomme ndation
APEC Cross Boarder Privacy Rules (CBPR) Certification 
Personal Information Protection
Act Article 28- 8
(Overseas transfer of personal information)
Personal Information
Protection Commission
Korea Internet & Security Agency (KISA)
Personal Information Controller to transfer personal information abroad
Recomme ndation

Scroll left and right to see the contents. 


TVM Services 
Services 02
Classification 
Description 
Method 
Deliverables 
Common Configuration Enumerations (CCE) 
This is a service that checks whether the configurations of servers, network devices, firewalls, etc. included in the check target are vulnerable. For the definition of CCE items for each check target, refer to the Detailed Guide on Analysis and Assessment of Technical Vulnerabilities of Key Information and Communications Infrastructure published in Korean by the Korea Internet & Security Agency (KISA), but may vary depending on the client's infrastructure environment and needs.
Manual check such as interviews and
walk-through of system configurations,
or automatic check using a script developed for CCE check
CCE check plan, CCE check result,
and Corrective action guide
Common Vulnerabilities and Exposures (CVE) 
This is a service that checks whether there are CVE vulnerabilities for devices and applications included in the check target. The CVE is a disclosed list of cybersecurity vulnerabilities, and you can find more information on the MITER CVE website.
Manual check such as interviews and
walk-through of system configurations,
or automatic scan using a vulnerability scanner
 check plan, CVE check result,
and Corrective action guide
Source Code Security Analysis 
This is a service that checks the source code of applications included in the check target for vulnerabilities (this is called Static code analysis). For the check scope and items, refer to the Software Security Weakness Analysis Guide published in Korean by the Korea Internet & Security Agency (KISA), but may vary depending on the client's development environment and needs.
Manual check such as interviews and
walk-through of source codes,
or automatic scan using a Static code analysis tool
Code security analysis plan,
Code security analysis result,
and Corrective action guide
Penetration Tests 
This is a service that checks whether there are vulnerabilities in the application subject to check (this is called Dynamic code analysis). The check scope and items refer to the web application vulnerabilities disclosed by OWASP, but may vary depending on the client's service environment and needs.
Manual check of penetration testers,
and automatic scan using
vulnerability scanners
Penetration test plan,
Penetration test result,
and Corrective action guide

Scroll left and right to see the contents. 

Strategy, Privacy, and Risk Analysis 
Services 03
Classification 
Description 
Deliverables 
Security Master Plans 
An effective Security Master Plan enables an organization to identify, prioritize,
budget for and implement risk mitigation measures that can be adapted as the threat environment and organizational risk profile evolves. 
Security master plan establishment plan
and Security master plan
Data Privacy and Compliance Assessment 
Our data privacy and compliance experts translate the technical into practical and cut through less-than-specific legal requirements to navigate the complex compliance with the Korean Personal Information Protection Act (PIPA). 
Compliance assessment plan,
Compliance assessment result,
and Corrective action guide
Cyber Security Risk Assessments 
Our cyber security risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available. 
Security risk assessment plan,
Security risk assessment result,
and Corrective action guide  

© 2023 Security Awareness Korea, Inc. All Rights Reserved