감사원

Board of Audit and Inspection of Korea (BAI)

Audit on the current management and supervision of information protection and cyber security in the financial sector Read full summary in English

2011 report

- Evaluation of management and supervision of information protection and cyber security in the financial sector - Evaluation of current state of security management system in the financial sector - Based on a sample of 10 public institutions and 9 financial institutions.

In the report: part Background (page 1)

- Financial Institutions are depending heavily on information systems for all aspects of their business – including online banking. At the same time there is a strong increase in cyber attacks against financial institutions and their client. Trust in the financial system is seriously declining.

In the report: part 1. Inadequate knowledge sharing among the institutions in charge of information protection in the financial sector (page 2-3)

- Currently, the Financial Services Commission (FSC) and the Financial Supervisory Service (FSS) are operating the “e-Finance Information Sharing and Analysis Center” and the “Electronic Financial Accident Response System”, respectively, for the purpose of responding to any incidents of information infringement in cyber space. Meanwhile, both of the institutions require financial companies to submit their reports on such incidents, redundantly, to each of the aforementioned systems and did not take any measures against the issues of scaled down or delayed reports.

The risk cases visible on this page are collected and described by the e-Government Subgroup of the EUROSAI IT Working Group in contact with author Supreme Audit Institutions (SAI). In the same way, analytical assumptions and headings are chosen by the Subgroup. We encourage you to read the original texts by SAIs - to be found in the linked files.