주요정보통신기반시설 2025버전 관리, 물리 Risk 평가

- Public and private sector top-tier information security and personal information protection management system certification audit training in Korea - Preparation for ISMS-P certification strengthening due to comprehensive information security measures establishment - Management system GAP assessment and improvement plan development training - Individual training for ISMS-P initial audit, follow-up audit, and renewal audit - Professional information security training for acquiring excellent information security level enterprise certification

Electronic Financial Infrastructure Vulnerability Analysis and Assessment based on 2025 standards, DBMS, WAS(PaaS), PC explained based on the Major Information and Communication Infrastructure standards revised in the second half of 2025 And penetration testing explained based on the standards revised in the second half of 2025 Additionally, mobile penetration testing as well Expected skill improvement through know-how transfer and fast and accurate inspection methods and remediation measures

This is the standard for vulnerability analysis and risk assessment according to the revision of major information and communication infrastructure standards in the second half of 2025. Additionally, this is analyzed information about kernel and various changes according to the latest versions of Unix OS and Windows OS. By applying default values for rapid risk assessment and reflecting various failure risks, you can use this for study purposes or as follow-up data acquisition to reach the highest domestic level through prompt measures.

- Establishment of incident response manual and training plans - Introduction of training cases including penetration testing, DDoS, and APT - Sharing of mid-to-long-term information security strategies (~2027 or ~2030) of leading domestic companies - Introduction of information security activities of leading domestic companies - Education on Risk Management Framework (RMF) and Zero Trust implementation cases for electronic financial companies

Most large corporations and financial institutions are conducting penetration testing in addition to simulated hacking, so recently there is a need to establish new positions and secure capabilities to perform penetration operations using the RED TEAM terminology as is. Therefore, in addition to simple WEB and APP simulated hacking, we are opening an educational course that can provide practical training on large-scale personal information leakage after discovering scenarios that can penetrate servers. +Providing server and website environments where penetration testing can be performed +Sharing hacking tools and hacking methods

This is a project where you install an actual app on your phone and practice penetration testing using hacking tools in accordance with the Electronic Financial Infrastructure Inspection Standards and Public Service Inspection Standards for mobile apps. This course helps you understand mobile app penetration testing, overcome any fears, and learn inspection know-how, result report writing, and communication methods.

- Provision of penetration testing environment and assessment tools - WEB penetration testing practice according to the 2025 revised edition of Critical Information and Communications Infrastructure - WEB penetration testing practice according to the 2025 revised edition of Electronic Financial Infrastructure - Review and sharing of vulnerabilities existing on websites - Education on penetration testing report writing methods and improvement measures

- Training on inspection methods aligned with cloud management system checkpoints in the Electronic Financial Infrastructure Vulnerability Analysis and Assessment Standards - Inspection of protective measures required by Electronic Financial Supervisory Regulations tailored to cloud and virtualization environments respectively - Organization of matters that must be included in establishing cloud security regulations and procedures - Securing evidence materials for evaluation and certification-related tasks in cloud environments

-Learn about the information security continuous assessment items conducted annually for financial companies, and strengthen preparation and response capabilities as a financial security officer -Learn based on the highest-grade information security continuous assessment cases, and receive education on know-how to achieve and maintain the highest grade in information security continuous assessment

-Understand best practices for each inspection item in the electronic financial infrastructure management system inspection that targets financial companies reviewed annually, and apply them to derive management system improvement tasks in preparation for appropriate breach incidents and leakage accidents -Present management system establishment cases for financial security personnel that can be established together with management system setup and ISMS-P/ISO27001 certification -Provide excellent materials for security personnel working at companies to utilize management system cases and prepare for electronic financial infrastructure management system inspection freelancers -Specialized education for consultants and R&D personnel in industry, academia, and legal sectors who need additional education on electronic financial infrastructure management systems according to the Financial Transaction Act and Electronic Financial Supervision Regulations

Voice phishing, URL, mobile, accounts, card usage, internet banking, ARS authentication, and other various financial fraud incidents are causing an increase in victims. Recently, hacking and fraud techniques utilizing various vulnerabilities such as open banking, simple payment (pay), strengthened fraud methods, hackers utilizing leaked personal information, and taking control of personal PCs and mobile devices are being reinforced. Financial authorities and various financial companies do not specifically disclose accident procedures and hacking methods related to financial consumers, which has led to growing misunderstandings among people who have never experienced hacking. We have recognized the seriousness of this issue through reports from our surroundings and have produced educational materials. Please, we hope you will recognize accurate hacking methods, and also understand related laws and policies to appropriately establish preventive systems and strengthen response measures in advance. (In case of incidents, it is your own responsibility under current law.)

- Based on the 2025 Personal Information Protection Level Assessment Manual standards - Proposing measures for applying best practices from top 1% public institutions in personal information protection - Analysis of deduction factors for each quantitative and qualitative indicator - Presenting application cases of synthetic data (PETs Personal Information Enhancement Technology) to secure scores for new technology (bonus points) indicators - Providing cases of securing safe zones for personal information utilization, manual production, disclosure records, CEO reporting cases, etc.

- Strengthening understanding of inspections based on Privacy Impact Assessment checklist items - Finding and improving errors in personal information flow charts - Identifying and improving personal information breach factors - Understanding Privacy Impact Assessments and finding errors - Understanding Personal Information Protection Act and finding errors

- Understanding the establishment and inspection of personal information management systems in accordance with the Personal Information Protection Act - Inspection and status assessment of personal information processing systems - Creation of personal information flow charts and flow diagrams - Identification of personal information breach factors - Publication of personal information impact assessment summaries

- Professional training for KISA ISMS-P certification audit preparation - Understanding and establishing improvement plans for information security workflow in fintech and electronic financial companies - ISMS-P certification audit application process following vulnerability analysis and assessment of electronic financial infrastructure according to Electronic Financial Supervision Regulations - Improvement of financial companies' incident response and breach response manuals - Know-how for creating personal information flow charts according to the Credit Information Act and submitting performance records for establishing and operating personal credit information management systems

- Policy revision for establishing cloud management systems (CSP/MSP contracts and SaaS contracts) - Vulnerability assessment for ISMS-P/ISO27001 certification or major information communication/electronic financial infrastructure response in cloud environments (public/private asset identification and vulnerability remediation) - Security operations and incident response in cloud environments - ISO27017&ISO27018 certification response

2025 Electronic Financial Infrastructure (OS Virtualization, Container Virtualization) Inspection Know-how Transfer and 2025 Second Half Revised Major Information and Communication Infrastructure (CA,HV) Inspection Know-how Transfer In particular, providing Risk assessment for core hypervisors (ESXi, Xenserver) with the latest versions Additionally providing Risk assessment for K8S(Kubernetes_master), Docker, etc. Finally, providing vulnerability analysis and assessment results that meet CSAP (Cloud Management System Certification) standards **Providing installation methods for ESXi, Kubernetes master, Docker, Xencenter

Risk assessment plans for network equipment, security equipment, and control systems based on the revised major information and communication infrastructure standards for the second half of 2025, and education for vulnerability elimination through the application of years of know-how and fast and accurate inspection and improvement measures In particular, expectations for efforts to secure inspection speed and improvement plans according to the designation of ISMS-P certification and ISO27001 certification scope Experience with network equipment, security equipment, and control systems that have relatively lower accessibility compared to servers, DB, WEB, WAS, PC, and Cloud (Public, Private), making environment setup difficult

Training for obtaining ISMS-P and ISO27001/ISO27701 certifications.

Work training to check compliance with personal information-related laws and proactively prevent personal information leaks by analyzing personal information flow, including ISMS-P, ISO27701, and Privacy Impact Assessment. Work education for establishing a personal information management system.

Risk assessment plans for network equipment, security equipment, and control systems based on the revised major information and communication infrastructure standards for the second half of 2025, and education for vulnerability elimination through the application of years of know-how and fast and accurate inspection and improvement measures In particular, expectations for efforts to secure inspection speed and improvement plans according to the designation of ISMS-P certification and ISO27001 certification scope Experience with network equipment, security equipment, and control systems that have relatively lower accessibility compared to servers, DB, WEB, WAS, PC, and Cloud (Public, Private), making environment setup difficult

Electronic Financial Infrastructure Vulnerability Analysis and Assessment based on 2025 standards, DBMS, WAS(PaaS), PC explained based on the Major Information and Communication Infrastructure standards revised in the second half of 2025 And penetration testing explained based on the standards revised in the second half of 2025 Additionally, mobile penetration testing as well Expected skill improvement through know-how transfer and fast and accurate inspection methods and remediation measures

This is a theoretical/practical training course to prepare for the certification exam for those who dream of becoming an ISMS-P certified auditor.

We provide 140 sounds in 5 areas that will help you with the CPPG certification exam. We also provide an introduction to how to use the 111 questions that are automatically generated each time, and a one-time lecture and explanation.

This course is a foundational learning program that covers Introduction to Information and Communication Technology, one of the core theories in computer engineering. Through this course, learners can understand the basic structure and operating principles of computers, and learn the principles and applications of information and communication technology based on this foundation. The course is structured to provide comprehensive learning from the processes of information generation, transmission, processing, and storage to data communication methods in network and internet environments. In addition to the basic concepts of information and communication technology, by understanding the trends and roles of information and communication technology utilized in real life and across industries, this course provides a solid theoretical foundation for learners who are first entering the fields of computer engineering and information and communication technology. 👉 By taking this course, learners can build a fundamental foundation in information and communication technology that encompasses computers and networks, and further utilize it for advanced learning or preparation for related certifications.

Through this course, you can study short answer and descriptive questions from past practical exams for the Information Security Engineer.

This course systematically teaches practical Docker skills (installation→operation→automation→security) and comprehensively covers the latest security threats and countermeasures in each section. It features a hands-on approach where you learn by following along with practical exercises. This curriculum is highly recommended for DevOps engineers, infrastructure engineers, and security practitioners who want to experience the latest container/cloud environments in real-world scenarios.

Cyber security threats are increasing every year, stealing personal information and abusing privacy. This course covers security issues and security activities that employees must know and follow in their work and personal lives.

This lecture provides a general guide on how to prepare while studying when you want to choose a career in IT security penetration testing, and what questions and answers to prepare for the interview. I will share my experience working as a penetration testing consultant, at large companies, and in the financial sector, and currently running a penetration testing consulting business.

This lecture is designed to make personal information protection education interesting and ‘social engineering-based.’ Rather than covering the revisions to the Personal Information Protection Act, it focuses on real-life information protection threat cases and responses.

IT services are rapidly transitioning to cloud environments. You will learn security practices from basic virtual infrastructure construction to security threat monitoring and vulnerability diagnosis for each area to secure the Amazon AWS cloud environment.

You can understand the concept and technology of blockchain and conduct ISMS-P certification audits specialized for virtual asset exchanges.

This is a course where you can learn the basics of web technology. You can learn the basics of web technology in a short period of time. If you are interested in studying or getting a job related to the web, you must take this course!