ISMS-P & ISO27001/ISO27701 認証教育

Work training to check compliance with personal information-related laws and proactively prevent personal information leaks by analyzing personal information flow, including ISMS-P, ISO27701, and Privacy Impact Assessment. Work education for establishing a personal information management system.

Training on assessing the current status and inspecting personal (credit) information processing systems, pursuant to the Notification on Personal Information Security Measures and Appendix 3 of the Supervisory Regulations on Credit Information Act.

Develop a system to submit annual activity performance including establishment of information security regulations and preparation of various activity evidence by applying domestic and international certification standards related to information protection management systems and internal/external audit criteria for Risk assessment standards for management and physical sectors of major information and communication infrastructure facilities revised in the second half of 2025. Establish activity plans for enhancing information security levels compared to last year in response to external environmental changes (AI, etc.), internal environmental changes (new systems and employee changes including external staff), and prepare for legal amendments and new evaluation indicators. In particular, objectively and thoroughly inspect various activities to strengthen accident prevention systems such as personal information leakage due to hacking, establish plans for central (headquarters) management and supervision of all departments and safe management and supervision of service companies, operate DevSecOps systems following the establishment of AI systems, operate PbD adequacy review systems, etc. Based on performing expanded monitoring areas, regular inspection report areas, external disclosure areas, data integration system inspections (API, MyData, etc.), establishment of network separation improvement plans according to N2SF, advancement of Zero Trust application, etc. *Possessing over 150 references for establishing and applying world's first highest-level information security and personal information protection activity and system enhancement plans

Risk assessment plans for network equipment, security equipment, and control systems based on the revised major information and communication infrastructure standards for the second half of 2025, and education for vulnerability elimination through the application of years of know-how and fast and accurate inspection and improvement measures In particular, expectations for efforts to secure inspection speed and improvement plans according to the designation of ISMS-P certification and ISO27001 certification scope Experience with network equipment, security equipment, and control systems that have relatively lower accessibility compared to servers, DB, WEB, WAS, PC, and Cloud (Public, Private), making environment setup difficult

This is the standard for vulnerability analysis and risk assessment according to the revision of major information and communication infrastructure standards in the second half of 2025. Additionally, this is analyzed information about kernel and various changes according to the latest versions of Unix OS and Windows OS. By applying default values for rapid risk assessment and reflecting various failure risks, you can use this for study purposes or as follow-up data acquisition to reach the highest domestic level through prompt measures.

2025 Electronic Financial Infrastructure (OS Virtualization, Container Virtualization) Inspection Know-how Transfer and 2025 Second Half Revised Major Information and Communication Infrastructure (CA,HV) Inspection Know-how Transfer In particular, providing Risk assessment for core hypervisors (ESXi, Xenserver) with the latest versions Additionally providing Risk assessment for K8S(Kubernetes_master), Docker, etc. Finally, providing vulnerability analysis and assessment results that meet CSAP (Cloud Management System Certification) standards **Providing installation methods for ESXi, Kubernetes master, Docker, Xencenter

Electronic Financial Infrastructure Vulnerability Analysis and Assessment based on 2025 standards, DBMS, WAS(PaaS), PC explained based on the Major Information and Communication Infrastructure standards revised in the second half of 2025 And penetration testing explained based on the standards revised in the second half of 2025 Additionally, mobile penetration testing as well Expected skill improvement through know-how transfer and fast and accurate inspection methods and remediation measures

Training on Inspection Know-how for Data Privacy Officers, Operational Staff, and Entrusted Parties Subject to Consulting Providing Improvement Measures for Insufficient Oversight of Entrusted Parties and Detailed Explanations of Inspection Methods

Develop a system to submit annual activity performance including establishment of information security regulations and preparation of various activity evidence by applying domestic and international certification standards related to information protection management systems and internal/external audit criteria for Risk assessment standards for management and physical sectors of major information and communication infrastructure facilities revised in the second half of 2025. Establish activity plans for enhancing information security levels compared to last year in response to external environmental changes (AI, etc.), internal environmental changes (new systems and employee changes including external staff), and prepare for legal amendments and new evaluation indicators. In particular, objectively and thoroughly inspect various activities to strengthen accident prevention systems such as personal information leakage due to hacking, establish plans for central (headquarters) management and supervision of all departments and safe management and supervision of service companies, operate DevSecOps systems following the establishment of AI systems, operate PbD adequacy review systems, etc. Based on performing expanded monitoring areas, regular inspection report areas, external disclosure areas, data integration system inspections (API, MyData, etc.), establishment of network separation improvement plans according to N2SF, advancement of Zero Trust application, etc. *Possessing over 150 references for establishing and applying world's first highest-level information security and personal information protection activity and system enhancement plans

Training on Inspection Know-how for Data Privacy Officers, Operational Staff, and Entrusted Parties Subject to Consulting Providing Improvement Measures for Insufficient Oversight of Entrusted Parties and Detailed Explanations of Inspection Methods

This is a theoretical/practical training course to prepare for the certification exam for those who dream of becoming an ISMS-P certified auditor.

KCA Information Security Risk Manager (ISRM) certification course! The cornerstone for acquiring the top 3 personal information protection certifications: CPPG, ISMS-P!

This is a theoretical/practical training course to prepare for the certification exam for those who dream of becoming an ISMS-P certification auditor in 2025. It is an extended version that includes general ISMS-P and financial ISMS-P.

This course systematically teaches practical Docker skills (installation→operation→automation→security) and comprehensively covers the latest security threats and countermeasures in each section. It features a hands-on approach where you learn by following along with practical exercises. This curriculum is highly recommended for DevOps engineers, infrastructure engineers, and security practitioners who want to experience the latest container/cloud environments in real-world scenarios.

Cyber security threats are increasing every year, stealing personal information and abusing privacy. This course covers security issues and security activities that employees must know and follow in their work and personal lives.

This lecture is designed to make personal information protection education interesting and ‘social engineering-based.’ Rather than covering the revisions to the Personal Information Protection Act, it focuses on real-life information protection threat cases and responses.

This course is a foundational learning program that covers Introduction to Information and Communication Technology, one of the core theories in computer engineering. Through this course, learners can understand the basic structure and operating principles of computers, and learn the principles and applications of information and communication technology based on this foundation. The course is structured to provide comprehensive learning from the processes of information generation, transmission, processing, and storage to data communication methods in network and internet environments. In addition to the basic concepts of information and communication technology, by understanding the trends and roles of information and communication technology utilized in real life and across industries, this course provides a solid theoretical foundation for learners who are first entering the fields of computer engineering and information and communication technology. 👉 By taking this course, learners can build a fundamental foundation in information and communication technology that encompasses computers and networks, and further utilize it for advanced learning or preparation for related certifications.

You can understand the concept and technology of blockchain and conduct ISMS-P certification audits specialized for virtual asset exchanges.