정보보안 법제의 개선 방향에 관한 연구 ― 미국 연방정보보안관리법 문제점과 시사점 ―

Abstract

This article aims to provide future directions for improvement of Korean information security laws with the focus on the regulatory drawbacks of the Federal Information Security Management Act and their implications. This article attempts to analyze the regulatory drawbacks of the Federal Information Security Management Act which have been exposed in the process of its enforcement for the past five years since the Act was passed in 2002. The apparent problems in relation to the enforcement of the Act are involved with the sluggish response and inefficient response on the part of the federal agencies to the compliance requirements of the Act, and with the inaccurate representations by the evaluations for the Act of the actual information security of federal agencies. The regulatory drawbacks causing such problems in regard to compliance of the Act include but not limited to the lack of additional funding for the compliance of the Act, the lack of public interest in the Act, the lack of bureaucrats' unwillingness to perform their duty under the Act, and finally the inability for OMB to use the authority due to the political and practical difficulties they may face to control and oversee the agencies compliance with the Act. There is also inefficiency due to the lack of mechanism to resolve ambiguity under the Act, and the evaluation does not accurately reflect the agencies' actual ability, willingness, and readiness to protect the information and the information system. In Korean information security laws context, this article suggests that there be adequate funding for the compliance of the Act, provide financial incentives to those bureaucrat to motivate, to give more power to the overseeing government agencies, and promote the importance of information security in public and educate the general public to bring more attention and interest in the security laws.