인프런 - 라이프타임 커리어 플랫폼

As personal information breach incidents expand, customer anxiety grows. During this time, companies have been operating management systems that cannot properly identify personal information and implement safety measures through ISMS-P/ISO27701-based business system operations (lawyers, etc.) and penetration testing (RED TEAM composition, e.g., Coupang) consisting of domestic and international hacking competition winners. Even companies that haven't experienced incidents yet are in a situation where breaches could occur at any time. -The reason is that personal information managers themselves create unmanaged blind spots, such as insufficient methods for obtaining customer consent and inadequate identification of personal information processing status. ->Therefore, there is a need to improve work processes by sharing fines/penalties for domestic companies' consent forms and processing policies (as of December 8, 2025) to transparently disclose to customers the expertise of personal information managers and proper personal information protection safety measures.

Risk assessment plans for network equipment, security equipment, and control systems based on the revised major information and communication infrastructure standards for the second half of 2025, and education for vulnerability elimination through the application of years of know-how and fast and accurate inspection and improvement measures In particular, expectations for efforts to secure inspection speed and improvement plans according to the designation of ISMS-P certification and ISO27001 certification scope Experience with network equipment, security equipment, and control systems that have relatively lower accessibility compared to servers, DB, WEB, WAS, PC, and Cloud (Public, Private), making environment setup difficult

Electronic Financial Infrastructure Vulnerability Analysis and Assessment based on 2025 standards, DBMS, WAS(PaaS), PC explained based on the Major Information and Communication Infrastructure standards revised in the second half of 2025 And penetration testing explained based on the standards revised in the second half of 2025 Additionally, mobile penetration testing as well Expected skill improvement through know-how transfer and fast and accurate inspection methods and remediation measures

Training on assessing the current status and inspecting personal (credit) information processing systems, pursuant to the Notification on Personal Information Security Measures and Appendix 3 of the Supervisory Regulations on Credit Information Act.

Work training to check compliance with personal information-related laws and proactively prevent personal information leaks by analyzing personal information flow, including ISMS-P, ISO27701, and Privacy Impact Assessment. Work education for establishing a personal information management system.

Training for obtaining ISMS-P and ISO27001/ISO27701 certifications.

KCA Information Security Risk Manager (ISRM) certification course! The cornerstone for acquiring the top 3 personal information protection certifications: CPPG, ISMS-P!

Most large corporations and financial institutions are conducting penetration testing in addition to simulated hacking, so recently there is a need to establish new positions and secure capabilities to perform penetration operations using the RED TEAM terminology as is. Therefore, in addition to simple WEB and APP simulated hacking, we are opening an educational course that can provide practical training on large-scale personal information leakage after discovering scenarios that can penetrate servers. +Providing server and website environments where penetration testing can be performed +Sharing hacking tools and hacking methods

This is a project where you install an actual app on your phone and practice penetration testing using hacking tools in accordance with the Electronic Financial Infrastructure Inspection Standards and Public Service Inspection Standards for mobile apps. This course helps you understand mobile app penetration testing, overcome any fears, and learn inspection know-how, result report writing, and communication methods.

- Provision of penetration testing environment and assessment tools - WEB penetration testing practice according to the 2025 revised edition of Critical Information and Communications Infrastructure - WEB penetration testing practice according to the 2025 revised edition of Electronic Financial Infrastructure - Review and sharing of vulnerabilities existing on websites - Education on penetration testing report writing methods and improvement measures

-Learn about the information security continuous assessment items conducted annually for financial companies, and strengthen preparation and response capabilities as a financial security officer -Learn based on the highest-grade information security continuous assessment cases, and receive education on know-how to achieve and maintain the highest grade in information security continuous assessment

Voice phishing, URL, mobile, accounts, card usage, internet banking, ARS authentication, and other various financial fraud incidents are causing an increase in victims. Recently, hacking and fraud techniques utilizing various vulnerabilities such as open banking, simple payment (pay), strengthened fraud methods, hackers utilizing leaked personal information, and taking control of personal PCs and mobile devices are being reinforced. Financial authorities and various financial companies do not specifically disclose accident procedures and hacking methods related to financial consumers, which has led to growing misunderstandings among people who have never experienced hacking. We have recognized the seriousness of this issue through reports from our surroundings and have produced educational materials. Please, we hope you will recognize accurate hacking methods, and also understand related laws and policies to appropriately establish preventive systems and strengthen response measures in advance. (In case of incidents, it is your own responsibility under current law.)

Develop a system to submit annual activity performance including establishment of information security regulations and preparation of various activity evidence by applying domestic and international certification standards related to information protection management systems and internal/external audit criteria for Risk assessment standards for management and physical sectors of major information and communication infrastructure facilities revised in the second half of 2025. Establish activity plans for enhancing information security levels compared to last year in response to external environmental changes (AI, etc.), internal environmental changes (new systems and employee changes including external staff), and prepare for legal amendments and new evaluation indicators. In particular, objectively and thoroughly inspect various activities to strengthen accident prevention systems such as personal information leakage due to hacking, establish plans for central (headquarters) management and supervision of all departments and safe management and supervision of service companies, operate DevSecOps systems following the establishment of AI systems, operate PbD adequacy review systems, etc. Based on performing expanded monitoring areas, regular inspection report areas, external disclosure areas, data integration system inspections (API, MyData, etc.), establishment of network separation improvement plans according to N2SF, advancement of Zero Trust application, etc. *Possessing over 150 references for establishing and applying world's first highest-level information security and personal information protection activity and system enhancement plans