2026.6 Establishment of a Proactive Personal Information Protection System (Summary of changes and training on self-review methods)

- Policy revision for establishing cloud management systems (CSP/MSP contracts and SaaS contracts) - Vulnerability assessment for ISMS-P/ISO27001 certification or major information communication/electronic financial infrastructure response in cloud environments (public/private asset identification and vulnerability remediation) - Security operations and incident response in cloud environments - ISO27017&ISO27018 certification response

- Understanding the establishment and inspection of personal information management systems in accordance with the Personal Information Protection Act - Inspection and status assessment of personal information processing systems - Creation of personal information flow charts and flow diagrams - Identification of personal information breach factors - Publication of personal information impact assessment summaries

Training on inspection know-how for privacy officers, business department managers, and trustees subject to consulting Providing improvement plans for negligent trustee management and supervision, and detailed explanations of inspection methods

In Financial AI Security (PART 1. Basics), I provided an overview of AI security. Please note that this is a practitioner's training session on the AI inspections required during actual security reviews for penetration testers (Red TEAM). This lecture contains practical content and explains how to perform penetration testing on technical aspects (including checklists). When studying, you may find AI difficult, or you might find that many companies have failed to apply AI guidelines because they are focused on modeling, making reviews challenging. I expect many companies have received various feedback during audits regarding the establishment of AI security governance. This is naturally because there is no clear evidence of AI security within internal operations. Now is the time to establish it. I hope you study AI security and pursue a path as an AI security professional.

Finally, I feel that the AI security review (NIS/FSI) checklists, which have been vaguely positioned over the past 7–8 years, are now accurate from a practitioner's perspective, and I have established a clear framework for how to change, establish, and operate the management system. I will explain what AI security is and how it should be improved after June 2026, based on the standards of South Korea's top-tier companies (those with the highest level of information security). (This is not a basic or conceptual explanation*) I have developed this training divided into PART 1 (Basics & Overview) and PART 2 (Advanced & Security Review), so please refer to it.

The shortage of PMs in security consulting firms is a persistent issue. Consequently, there are many cases where individuals in their 40s and 50s from completely different fields have been entering the industry to handle PM duties and client communications. Since these PMs in their 40s and 50s lack experience in technical areas, consulting, and security, they find the work very challenging. They often join with the mindset of learning through handovers from other PMs. I have also been providing training and handovers to these PMs based on the following content, and the satisfaction levels have been high.

Achieved the highest rating for all clients over 6 years of performing Personal Information Protection Level Evaluation consulting for public institutions (covering various types from central administrative agencies to public enterprises, small-scale public institutions, and local governments), maintained the highest rating for all (continuous consulting experience with the same institutions), and holds a track record of achieving a perfect score of 100 (ranked 1st nationwide). Based on the 2026 manual, it is possible to effectively allocate the necessary tasks and performance records for writing quantitative/qualitative reports considering the strengthened penalties and changed indicators following the Coupang incident. Depending on the company's situation, it is fully possible to be designated as a best practice through either over-investment or strategic passive response.

Insufficient capability to audit new technologies (cloud management systems) due to a lack of theory and knowledge among management system inspection personnel. Training to strengthen the expertise of personnel who proactively prevent incidents by identifying management system deficiencies to protect companies from hacking. Training for existing infrastructure and penetration testing personnel to transition into management system roles. Securing definitive capabilities and materials through the provision of back data!

In cases where there is a lack of experience with electronic financial infrastructure due to only having experience in critical information and communications infrastructure, or where there is a lack of overall understanding of infrastructure projects due to insufficient experience as an Infrastructure PL or PM despite having experience with servers, DBs, networks, and security equipment, it is necessary to secure assessment capabilities for network infrastructure check items and provide assessment back-data.

As PaaS (previously categorized as WEB/WAS) in public and private cloud environments is integrated into in-house PaaS operations, this training is designed for Infrastructure Project Leaders (PLs) overseeing approximately 10 infrastructure inspection personnel, as well as vulnerability assessment specialists. The curriculum covers certification requirements such as ISMS-P, including cloud asset identification, asset classification, importance rating, and risk assessment reflection. It also addresses the 2026 Financial Company Security Standards (for Electronic Financial Infrastructure Vulnerability Analysis and Evaluation), which include the establishment and strengthening of container inspection and private cloud management system inspection items, as well as the addition and modification of virtualization and cloud items within Critical Information and Communication Infrastructure.

Lack of back data for private cloud inspections!! A severe shortage of experienced personnel for IaaS inspections!! Improve practical skills by providing back data and utilize it for various certifications such as Major Information and Communication Infrastructure, Financial Security Institute (FSI) assessments, ISMS-P, ISO27001, etc. Professional training for Infrastructure Project Leaders (PLs) who manage around 10 infrastructure inspection personnel. Providing inspection data and understanding of the technical areas within the cloud management framework!

Providing insights and materials for overall management of penetration testers (WEB, Mobile, HTS) targeted at Project Leaders who oversee financial company mock hacking/penetration testing. Situations have occurred where "blank" reports are repeatedly submitted when no vulnerabilities are found in each part (the same applies to the public sector). Therefore, controls are implemented to ensure that inspection results for each item are produced in the same format as educational materials. Perform inspections tailored to each theme and utilize them for security reviews and internal security deliberations to verify results.

Conducting Windows server competency training to break the trend of new and career-transitioning security consultants focusing solely on Linux servers. Understanding the Windows OS and its relationship with servers and programs installed on the OS, such as PC, WEB, WAS, and DBMS. Understanding vulnerabilities and continuing vulnerability assessment and improvement activities.

Education on the most basic Linux server inspection methods and items due to the continuous assignment of new security consultants for vulnerability assessment and the continuous placement of experienced professionals from other fields into management roles. Risk assessment for risk evaluation (remediation planning) and implementation review. Understanding and application of third-party security solutions. Establishment of the ISMS-P management system through appropriate analysis of technical and administrative domains.

Classification of inspection items and establishment of an inspection plan (strategy) during network inspection Establishment of inspection criteria considering the risk and difficulty of actions Inspection of network service items and strategies for utilizing server access control solutions Command-based inspection after remote network access and preparation of risk assessment reports Interviews with network personnel and application of manual inspection items

A lecture for security consultants who have experience only in Linux, DB, WEB, networks, and security equipment, but lack experience with PCs. Securing response capabilities for cases where PC inspections are replaced by security solutions or conducted via scripts. Categorizing inspection items to prepare inspection strategies and establish response strategies based on inspection experience. One of the business improvements (KPIs) to shorten inspection time and increase accuracy.

Security equipment cannot be inspected using scripts or solutions like databases. Experienced personnel must be assigned. Difficulty in recruiting, including experienced individuals, diligent diagnosticians, or freelancers. Numerous defects found during ISMS-P certification of security equipment; skill levels vary significantly depending on the inspector. Sharing inspection methods and management strategies (methodologies, etc.) for security equipment with those who need them.

Database vulnerability assessment training for the protection of critical information and communication infrastructure in the public sector. Demand for vulnerability assessments arises as a legal requirement. Characterized by the need to secure sufficient assessment time and budget, particularly in the public sector. Lack of specialized personnel for vulnerability assessments in the public sector. Lectures for establishing protection measures in response to revisions of critical information and communication infrastructure and annual changes.

This content is composed of insights from experienced professionals—ranging from newcomers to those with 35 years of experience—performing vulnerability analysis and evaluation for Financial Security Standards and Major Information and Communication Infrastructure. It is designed to provide valuable information for new employees or experienced professionals transitioning from other fields. Among the various types, Database was selected, and the evaluation criteria are based on the Financial Security Standards. While basic training or handovers are typically based on the previous year's standards, I believe it would be helpful to familiarize yourself with various analysis techniques as well. Since diverse strategies are required for accurate and rapid diagnosis within a limited timeframe, this may also be beneficial for PMs who plan from the perspective of methodology and approach.

Career concerns in security consulting: 5 hours of audio explanations covering career solutions from entry-level to 30-year veterans. Includes mental stability and salary negotiation strategies for new security consultants or those struggling to adapt. Includes methods for upgrading job skills and improving internal/external reputation. A lecture designed to resolve concerns for those considering a job change or career path shift.

- Public and private sector top-tier information security and personal information protection management system certification audit training in Korea - Preparation for ISMS-P certification strengthening due to comprehensive information security measures establishment - Management system GAP assessment and improvement plan development training - Individual training for ISMS-P initial audit, follow-up audit, and renewal audit - Professional information security training for acquiring excellent information security level enterprise certification

- Specialized training in preparation for Financial Security Institute ISMS-P certification audits - Identifying information security workflows and establishing improvement plans for fintech and electronic financial companies - ISMS-P certification application process following vulnerability analysis and evaluation of electronic financial infrastructure in accordance with the Electronic Financial Supervisory Regulations - Improving incident response and data breach response manuals for financial institutions - Know-how on creating personal information flowcharts and establishing personal credit information management systems, as well as submitting operational performance reports in accordance with the Credit Information Act

- Establishment of incident response manuals and training plans - Introduction of training cases such as penetration testing, DDoS, and APT - Sharing long-term information security strategies (~2027 or ~2030) of leading domestic companies - Introduction of information security activities of leading domestic companies - Education on Risk Management Framework (RMF) and Zero Trust implementation cases for electronic financial companies

"Understanding Manufacturing Security in the AI Era through Field Cases" is a course designed to provide an easy understanding of OT security, which is growing in importance within smart factories and AI-based manufacturing environments, focusing on real-world field cases. This lecture explains core concepts frequently encountered in manufacturing sites, such as OT, ICS, PLC, SCADA, HMI, and MES, and compares the differences between IT security and OT security. Furthermore, it examines security threats that can occur on the manufacturing floor—such as ransomware, remote access exploitation, partner account hijacking, production line shutdowns, equipment malfunctions, and data forgery—through case studies. Through this course, students will understand the basic structure of OT security in manufacturing and identify the security perspectives necessary to protect production facilities and industrial control systems. Additionally, it provides a common foundation for further learning in industry-specific manufacturing security courses.

This course carefully selects the core systems that beginners must know in the vast field of information security. Instead of rigid theory, it's structured to help you intuitively understand system principles through clear analogies and practical examples. With this single course, you can grasp the big picture of information security systems as a whole and develop practical skills.

[Introduction to Security Incident Response: Learning through Scenarios of Web Server Hacking, Ransomware, and Account Takeover] This course examines why various information security incidents—such as web server hacking, ransomware, account takeover, and internal penetration—occur and how they spread, categorized by incident type. Students will follow each incident scenario to understand the attack flow, analyze the core causes of the incident, and learn how to resolve issues and prevent recurrence through security architectures such as firewalls, DMZ, access control, privilege management, backup, and log monitoring. Rather than a simple explanation of security concepts, this is a scenario-based introduction to information security that provides a comprehensive understanding from root cause analysis to resolution strategies.

CPPG WIN is the shortcut to obtaining your CPPG certification. This is a theoretical course designed for passing the 2026 CPPG exam, reflecting the trends of the last 13 sittings.

**"Digital Forensic Techniques by Byte Detective: Evidence Collection and Securing"** is a course focused on how to collect and preserve digital evidence required in cases of cybercrime, internal information leakage, and security incidents. From the basic concepts of digital forensics to the principles of evidence collection, maintaining integrity, and legal procedures for securing evidence, this course explains everything through case studies and procedural steps so that even beginners can understand. You can systematically learn the forensic mindset and core concepts of securing evidence that are essential to know before using professional analysis tools.

This is a lecture [Certification and Practice (Security · Network), Security] prepared for beginners.

Through this course, you can study short answer and descriptive questions from past practical exams for the Information Security Engineer.

"Nationally Certified Industrial Security Manager" New Renewal Version Final Update Completed!! This course is designed to help you obtain the Nationally Certified Industrial Security Manager certification by providing a systematic understanding of industrial security from a management perspective. Rather than focusing on rote memorization, the content is structured so that even non-security majors can understand the concepts, structure, and flow of industrial security. It is designed not only for exam preparation but also for practical application and career expansion.

In an era of explosive data growth and crucial real-time processing, edge computing has established itself as an essential technology, no longer an option. This course is designed to systematically teach everything, from the core concepts of edge computing to deployment strategies for its application in real business environments. Through this course, students will firmly solidify the fundamental principles of edge computing and acquire practical knowledge and know-how applicable to real-world tasks and projects. Take the most certain first step towards becoming an edge computing expert, a core technology in the future IT environment!

This course does not simply list concepts. 👉 It explains the entire flow of IT systems based on "how a service actually operates." User Request → Server Processing → Data Storage → Result Return Web/App → API → DB → Cloud 👉 Centered around this flow, it connects where, why, and how each technology is used.

This course puts an end to operational vulnerabilities in Linux servers caused by incorrect permissions. Completely master file and directory permission control based on real-world practical standards.

This course explains IT terminology and system structures frequently used in the workplace in a way that even non-majors can understand at once. It is designed to help you understand the flow of corporate IT structures—from servers and databases to APIs, security, and the cloud—rather than just learning individual terms. We will help you build foundational IT skills that are immediately applicable to your work, so you will no longer be stuck due to technical jargon in IT meetings and tasks.

As the adoption of generative AI accelerates, new security threats such as corporate confidential information leaks and prompt injections are surging. This course covers strategies for embedding security throughout the entire AI lifecycle, based on the National Intelligence Service (NIS) guidelines' 30 core security measures and 15 practical threat cases. It also addresses security issues in the latest AI trends, such as Agentic AI and Physical AI, and presents methods for establishing governance frameworks that can be immediately applied in practice.

This course systematically teaches practical Docker skills (installation→operation→automation→security) and comprehensively covers the latest security threats and countermeasures in each section. It features a hands-on approach where you learn by following along with practical exercises. This curriculum is highly recommended for DevOps engineers, infrastructure engineers, and security practitioners who want to experience the latest container/cloud environments in real-world scenarios.

As AI systems become agentic and expand beyond text into image, audio, and multimodal capabilities, security threats are becoming significantly more complex. This lecture analyzes the latest security threats and attack techniques faced by AI Agents and Multimodal LLMs, as well as real-world cases, from an AI Red Teaming perspective.

You can understand the concept and technology of blockchain and conduct ISMS-P certification audits specialized for virtual asset exchanges.