The Ministry of Science and ICT said on the 9th that it will give advance notice of legislation for a revision to the enforcement decree of the Act on the Promotion of the Information Security Industry to strengthen cyber security and user protection.
Information security disclosure is a system that requires corporations to make public key status such as information security investment, workforce, and organization. The revision expands the disclosure obligation from corporations with sales of at least 300 billion won to all companies listed on the Korea Exchange main board and the KOSDAQ market.
Corporations required to obtain Information Security Management System (ISMS) certification are also newly included as disclosure subjects. The exception clauses for public institutions, financial companies, small businesses, and electronic financial business operators were deleted. The Ministry of Science and ICT plans to collect opinions through Feb. 19, consult with related ministries, and apply the changes starting with next year's disclosure subjects.
To reduce the burden on newly included corporations and institutions, the ministry plans to distribute guidelines and support consulting and training in parallel to back the preparation period. With the expansion of the disclosure obligation, the security investment and management levels across listed companies will come under review.