인프런 - 라이프타임 커리어 플랫폼

- Public and private sector top-tier information security and personal information protection management system certification audit training in Korea - Preparation for ISMS-P certification strengthening due to comprehensive information security measures establishment - Management system GAP assessment and improvement plan development training - Individual training for ISMS-P initial audit, follow-up audit, and renewal audit - Professional information security training for acquiring excellent information security level enterprise certification

Develop a system to submit annual activity performance including establishment of information security regulations and preparation of various activity evidence by applying domestic and international certification standards related to information protection management systems and internal/external audit criteria for Risk assessment standards for management and physical sectors of major information and communication infrastructure facilities revised in the second half of 2025. Establish activity plans for enhancing information security levels compared to last year in response to external environmental changes (AI, etc.), internal environmental changes (new systems and employee changes including external staff), and prepare for legal amendments and new evaluation indicators. In particular, objectively and thoroughly inspect various activities to strengthen accident prevention systems such as personal information leakage due to hacking, establish plans for central (headquarters) management and supervision of all departments and safe management and supervision of service companies, operate DevSecOps systems following the establishment of AI systems, operate PbD adequacy review systems, etc. Based on performing expanded monitoring areas, regular inspection report areas, external disclosure areas, data integration system inspections (API, MyData, etc.), establishment of network separation improvement plans according to N2SF, advancement of Zero Trust application, etc. *Possessing over 150 references for establishing and applying world's first highest-level information security and personal information protection activity and system enhancement plans

Training on assessing the current status and inspecting personal (credit) information processing systems, pursuant to the Notification on Personal Information Security Measures and Appendix 3 of the Supervisory Regulations on Credit Information Act.

Work training to check compliance with personal information-related laws and proactively prevent personal information leaks by analyzing personal information flow, including ISMS-P, ISO27701, and Privacy Impact Assessment. Work education for establishing a personal information management system.

You can easily understand the Credit Information Act, a personal information protection law for financial institutions, by examining it in its entirety, along with financial institutions, their operations, and related terminology.

This is a lecture [Certification and Practice (Security · Network), Security] prepared for beginners.

Most large corporations and financial institutions are conducting penetration testing in addition to simulated hacking, so recently there is a need to establish new positions and secure capabilities to perform penetration operations using the RED TEAM terminology as is. Therefore, in addition to simple WEB and APP simulated hacking, we are opening an educational course that can provide practical training on large-scale personal information leakage after discovering scenarios that can penetrate servers. +Providing server and website environments where penetration testing can be performed +Sharing hacking tools and hacking methods

This is a project where you install an actual app on your phone and practice penetration testing using hacking tools in accordance with the Electronic Financial Infrastructure Inspection Standards and Public Service Inspection Standards for mobile apps. This course helps you understand mobile app penetration testing, overcome any fears, and learn inspection know-how, result report writing, and communication methods.

-Learn about the information security continuous assessment items conducted annually for financial companies, and strengthen preparation and response capabilities as a financial security officer -Learn based on the highest-grade information security continuous assessment cases, and receive education on know-how to achieve and maintain the highest grade in information security continuous assessment

-Understand best practices for each inspection item in the electronic financial infrastructure management system inspection that targets financial companies reviewed annually, and apply them to derive management system improvement tasks in preparation for appropriate breach incidents and leakage accidents -Present management system establishment cases for financial security personnel that can be established together with management system setup and ISMS-P/ISO27001 certification -Provide excellent materials for security personnel working at companies to utilize management system cases and prepare for electronic financial infrastructure management system inspection freelancers -Specialized education for consultants and R&D personnel in industry, academia, and legal sectors who need additional education on electronic financial infrastructure management systems according to the Financial Transaction Act and Electronic Financial Supervision Regulations

Risk assessment plans for network equipment, security equipment, and control systems based on the revised major information and communication infrastructure standards for the second half of 2025, and education for vulnerability elimination through the application of years of know-how and fast and accurate inspection and improvement measures In particular, expectations for efforts to secure inspection speed and improvement plans according to the designation of ISMS-P certification and ISO27001 certification scope Experience with network equipment, security equipment, and control systems that have relatively lower accessibility compared to servers, DB, WEB, WAS, PC, and Cloud (Public, Private), making environment setup difficult

2025 Electronic Financial Infrastructure (OS Virtualization, Container Virtualization) Inspection Know-how Transfer and 2025 Second Half Revised Major Information and Communication Infrastructure (CA,HV) Inspection Know-how Transfer In particular, providing Risk assessment for core hypervisors (ESXi, Xenserver) with the latest versions Additionally providing Risk assessment for K8S(Kubernetes_master), Docker, etc. Finally, providing vulnerability analysis and assessment results that meet CSAP (Cloud Management System Certification) standards **Providing installation methods for ESXi, Kubernetes master, Docker, Xencenter

This is the standard for vulnerability analysis and risk assessment according to the revision of major information and communication infrastructure standards in the second half of 2025. Additionally, this is analyzed information about kernel and various changes according to the latest versions of Unix OS and Windows OS. By applying default values for rapid risk assessment and reflecting various failure risks, you can use this for study purposes or as follow-up data acquisition to reach the highest domestic level through prompt measures.

Training for obtaining ISMS-P and ISO27001/ISO27701 certifications.

This is the seventh series of integrated courses that cover everything from the introduction to practical application of ISMS-P certification auditor qualification examination, "ISMS-P certification auditor qualification examination basic/practical course T5. Cloud and network security". Based on actual information protection practice cases, you can also learn the detailed work of the certification system and information protection management system.

This is the fifth series of integrated courses that cover everything from the introduction to practical application of ISMS-P certification auditor qualification examination, "ISMS-P certification auditor qualification examination basic/practical course T3. Personal information protection laws (1/2)". Based on actual information protection practice cases, you can also learn the detailed work of the certification system and information protection management system.

This is the third series of integrated courses that cover everything from the introduction to practical application of ISMS-P certification auditor qualification examination, "ISMS-P certification auditor qualification examination basic/practical course T2. Certification criteria 2 (2/2)". Based on actual information protection practice cases, you can also learn the detailed work of the certification system and information protection management system.

- Provision of penetration testing environment and assessment tools - WEB penetration testing practice according to the 2025 revised edition of Critical Information and Communications Infrastructure - WEB penetration testing practice according to the 2025 revised edition of Electronic Financial Infrastructure - Review and sharing of vulnerabilities existing on websites - Education on penetration testing report writing methods and improvement measures

- Based on the 2025 Personal Information Protection Level Assessment Manual standards - Proposing measures for applying best practices from top 1% public institutions in personal information protection - Analysis of deduction factors for each quantitative and qualitative indicator - Presenting application cases of synthetic data (PETs Personal Information Enhancement Technology) to secure scores for new technology (bonus points) indicators - Providing cases of securing safe zones for personal information utilization, manual production, disclosure records, CEO reporting cases, etc.

- Policy revision for establishing cloud management systems (CSP/MSP contracts and SaaS contracts) - Vulnerability assessment for ISMS-P/ISO27001 certification or major information communication/electronic financial infrastructure response in cloud environments (public/private asset identification and vulnerability remediation) - Security operations and incident response in cloud environments - ISO27017&ISO27018 certification response