SustainabilityReport Eng 2012

.
RUHD,QWHUQHW 6HFXULW\$JHQF\
.,6$6XVWDLQDELOLW\5HSRUW
Beautiful .,6$6XVWDLQDELOLW\5HSRUW
Internet world

7KLVUHSRUWZDVSULQWHGRQUHF\FOHGSDSHUZLWKVR\EHDQRLOLQN
KISA Sustainability Report 2012
This report is an annual sustainability report published to release economic,
social, and environmental accomplishments made by KOREA INTERNET
& SECURITY AGENCY to stakeholders. While containing major business
accomplishments made by KISA on 2011, this report also introduces its non-
financial accomplishments, including ethic, social contribution, community
culture, and shared growth. By informing what were lacking, which were
then later on pursued for improvement, in promoting the sustainable
management, this report reflects a promise made by KISA that it will
faithfully take on given social responsibilities as a public agency.
Beautiful KISA Sustainability Report
Internet world
KISA Sustainability Report 2012 Korea Internet & Security Agency
About this Report Contents
The meaning of publishing this report 02 Intro 56 Organizational Culture

This report is the second sustainability management report published by KISA, following the first 02 About this report 57 Realizing systematic organizational culture
publication in 2011. This report is designed to publish the sustainability management results of each 04 CEO Message 59 Strengthening ethical culture inside the agency
year to stakeholders. Taking one step forward from the first report published in September 2011, 62 Improving the expertise of employees
emphasis was put on improving neutrality of the report and strengthening communication with 06 Sustainability Management 64 Cooperative labor-management relations
stakeholders. 06 Introduction to KISA 66 Harmony of work and life
08 Management structure
Characteristics of the report 10 Sustainability management system 68 Environment Efforts
H
ighlighting key achievements For easier understanding of stakeholders, only key achieve- 12 Participation of stakeholders 69 Resource use reduction and recycling
ments were selected and included. Efforts were made to make the report as people-oriented, 14 Materiality assessment 70 Greenhouse gas reduction efforts
using theme pages focusing on achievements and visual effects.
Provisioning practical information Instead of compiling the information from the perspectives of 16 2011 Business Performances 72 Economic Efforts
KISA, practical information selected for stakeholders is provided so that readers can obtain only 16 Creating a safe Internet use environment Key 73 Reasonable budget and distribution
necessary information. 20 Strengthening personal information protection Key 76 Implementing government-recommended policies
Identity expression Specialty of KISA was emphasized to make the report different from the re- 24 Spreading healthy Internet culture Key
ports published by other organizations, while KISA's unique visual identity was also applied. 28 Fostering the information security industry Key 77 Appendix
32 Strengthening the Internet address Key 78 GRI G3.1/ ISO26000 Contents Index
Principles of creating the report management system 84 Independent verification report
The report was created according to GRI G3.1, the internationally accepted report publishing 35 Strengthening the information security base 86 Award History
guideline. In addition, some of the ISO26000 (guidelines for social responsibility) were applied to 38 Taking the lead in developing Internet policies 87 Current Status of KISAs Networks
make the report more substantial. 40 Diffusing new Internet services 89 UN Global Compact
42 Promoting international cooperation 90 Glossary
Covering period
Basically the reporting period is between January 1, 2011 and December 31, 2011. However, pro- 44 Social Responsibilities
vided they have special implications, some contents reflect data of up to June 2012. This report is 45 Enhancing competitiveness by shared growth
published every year. 50 Promoting customer satisfaction management
52 Promoting social contribution as a specialized
Internet agency
Reporting scope and boundary
The reporting scope is limited to KISA's sustainability management activities and its results. The
Key : 2011 Key Issue
quantitative results were described with time series analysis so that changes can be indicated.
The reporting boundary is limited to KISA only, but some contents include information about the
superior agency (Korea Communications Commission), related departments, associations, and
forum.
Report publishing process

The priority of reporting topics was determined by reflecting the opinion of various internal and
external stakeholders, and by evaluating an importance of the issue. In addition, the "Sustainability
Working Committee" consisting of persons in charge of each area in KISA performed report plan-
ning, report data collection, report compilation, and review.
Verifying the report

This report was verified by the third party (Marcspon, specialized sustainability management con-
sulting firm) to improve the reliability and accuracy of the report details. The report was verified by
the principle of importance, completeness, and responsiveness based on AA1000AS (2008). The
verification result is covered in page 84 and 85.
2 Beautiful Internet World Beautiful

BeautifulInternet World 3
InternetWorld
CEO Message
I'm delighted to announce the sustainability management achievements of KISA (Korea Internet & Security
Agency) by publishing the second Sustainability Management Report this year. KISA is the only agency specialized
in the Internet and information security established in 2009 by merging three agencies - KISA(Korea Information
& Security Agency), NIDA (National Internet Development Agency), and KIICA (Korea IT International Cooperation
Agency).
Internet became a part of our daily life and industries to such an extent that we feel uncomfortable if we
cannot access the Internet. As a result, various services derived from the Internet are making contributions to
improving our quality of life. Particularly, we can accommodate new information quickly and process most of our
business over the Internet owing to the recent wide spread of smart-phone and increased use of SNS (Social
Network Service). Unfortunately, the more benefits we get from the Internet, the more dysfunction arises. These
dysfunctions are damaging people, such as malignant comments, cyber violence, hacking, malicious code
infection, and privacy infringement. KISA is making efforts to minimize these Internet dysfunctions and let people
use the Internet more safely and wholesomely with a sense of social responsibility.
While publishing Sustainability Management Report 2012, the KISA came to understand the expectation of
stakeholders and direction that KISA should aim at, instead of only reporting agency achievements.
First, in order to lead the sound Internet culture, we will expand and develop the Internet culture movement so
that people can more practically participate the movement. We will endeavor to educate the growing generation
to have a correct Internet ethical belief, both online and offline, by diffusing the Making a beautiful Internet world
movement among people and implementing Internet ethics education for various social classes.
Second, we will do our best in developing the Internet incident response system and protecting people's privacy.
We will strengthen our capabilities to protect the country and people from the cyber-attacks and personal
information leakage that are getting increasingly diversified every day.
Third, we will nurture the Internet and information security industry systematically, and promote international
cooperation. As the Internet industry will play a pivotal role in our economy, we will foster the industry and
personnel related to the future Internet, and support domestic enterprises in entering overseas markets so that
they can be a core part of the national competitiveness.
Lastly, we will pursue constant internal innovation. In order to be reborn as a creative organization, we will change
the way of doing our works and strengthen employees expertise capabilities by shedding the old practice of public
organizations. In addition, smooth communication among employees will be encouraged to improve the business
efficiency and make workplaces more pleasant.
We hope that many stakeholders will also support and join our dreams and efforts to make the beautiful Internet
world. Thank you.
President of the Korea Internet and

Security Agency, Dr. Lee, Ki-joo
4 Beautiful Internet World Beautiful Internet World 5

Sustainability Management
. Introduction to KISA
KOREA INTERNET & SECURITY AGENCY, hereinforth 'KISA', is a quasi-government agency that integrated together 3 organizations, KISA, NIDA, General information
(As of September 2012)
KIICA, on July 2009. Following the Article 52, Act on promotion of information and communications network utilization and information protection, Item Contents
etc., KISA's major tasks are advancing and increasing safety use of the information network, signing international cooperation regarding Organization name Korea Internet and Security Agency
broadcasting communication, and supporting advancement into overseas markets. President Dr. Lee, Ki-joo
Foundation date July 23, 2009
Safe Internet Environment Establishment and International Cooperative Tasks regarding Broadcasting Communication Daedong Office : Dae Dong Building, Garak-dong 79-3, Songpa,
Seoul, Korea, 138-803
KISA mainly performs tasks such as countering Internet protection theft, personal information protection, fostering Internet knowledge industry,
Address 118 Office : IT Venture Tower, Garak-dong 78, Songpa,
exporting and internally cooperating upon broadcasting communication, 118 hotline service, and information communication infrastructure Seoul, Korea 138-950
protection. Seocho Office : Seocho-ro 398, Seocho-gu, Seoul, Korea 137-857
Number of employees 550
Asset 56.7 billion won (31 billion won liabilities, 25.7 billion won capital)
Providing Services
Annual budget 130.4 billion won (127.1 billion won in 2011)
Government contribution, government subsidy, entrusted project,
Income structure
118 Hotline Service Internet Policies Planning Internet Ethics internal project
Department 2 offices, 2 groups, 1 center, 10 divisions, 46 teams
Personal information infringement consulting Internet/information protection policy R&D KISA Academy
Illegal spam consulting Investigative analysis upon Internet/ Internet Ethics Class 118 Building
Hacking/virus consulting information protection Internet Ethics Self-Evaluation
Internet consulting Legal analysis upon Internet/information Cyber Internet History Museum
protection
History
2009. 7 2009. 11 2010. 1 2010. 3 2010. 12 2011. 10 2012. 5
Launched KISA Established Privacy Established Established KISA Established the Established Established i-PIN
(Integrated Korea Disclosure 118 Center Academy, integrated control Privacy Protection Clean Center
Internet and Security Response Center Knowledge room at the Korea Technology
Agency, National Internet Information Security Internet Security Assistance Center
Development Agency, Industry Support Center
and Korea IT International Center (KISIS)
Internet Address Management Internet Incident Response Personal Information Protection Cooperation Agency.)
National Domain ame System management Korean Internet Security Center ersonal information infringement call center
P
National domain management (.kr, .) Remote inspection service on web Personal Information Dispute Mediation Efficiently working organization
WHOIS search service (domain/IP address) vulnerability Committee
KISA comprises 2 offices, 2 groups, 1 center, 10 divisions, and 46 teams. Among them, Public Relations Division and 118 Center are operated as a
IP address/AS number assignment and Realtime spam IP block list(KISA RBL) Supplying replacements of resident
management Cyber Curing System registration number (i-PIN) team. Total number of employees is 550, including 264 permanent staffs (290 staffs prescribed), 256 contractors (including 124 indefinite contractors),
IPv6 conversion expansion DDoS Shelter System Searching and deleting exposed resident and 30 youth internships.
Internet address conflict mitigation committee registration number
Location information(LBS)
protection
Organizational chart
President
Information Communication Infrastructure Fostering Internet & Knowledge Exporting & International Cooperation Public Relations Division Internal Audit and Inspection Section
Protection Information Protection Industry regarding Broadcasting
Communication
Electronic signature certification management center Knowledge information security industry Cooperative partnership with global
Management International Internet Information Security Korea Internet
overnmental protection & management system (ISMS)
G support center organizations such as ITU, WB, OECD, etc.
Planning Group Cooperation Center Development Group Group Security Center
Information protection management system by BIO recognition information test center Supporting information protection technology
the e-government (G-ISMS), personal Security assessment on information policy consulting for developing countries
information protection protection products Global association establishment, including
management system (PIMS) RFID code registration/ international broadcasting communication Manage- Internet Industry Internet Korea Personal Personal Public In- Internet Internet
certification search service professionals invitation and workshops ment Policy Develop- Culture Network Infor- Infor- formation 118 Incidents Incidents
Information protection safe Global marketing support for the Support Research ment Develop- Infor- mation mation Security Center Prevention Response
diagnosis support ICT small-to-middle sized Division Center Division ment mation Protection Security Division Division Division
Promoting password usage companies Division Center Division Division

. Management structure
Good corporate governance is important pivot and foundation of sustainability management, which enables the organization to survive in the Performing independent audit activities
rapidly-changing management environment. In order to achieve the good corporate governance, KISA has been introducing various mechanisms KISA appoints a non-executive auditor in accordance with Article 20, Public Agency Operation Act, and operates the auditors office to promote
to secure specialty and transparency based on check and balance among organizations and independence of the board of directors. internal auditing. The role of the auditor is to audit KISAs operation/accounting and submit the comment to the board of directors. To secure
independence and expertise of the auditor, the non-executive auditor is recommended by the Director Recommendation Committee, deliberated
Securing transparency within operations by the board of directors and decided by the Public Agency Operation Committee, and then finally appointed by the minister of Ministry of Strategy and Finance.
KISA stipulates the board of directors as the highest decision-making organization in the articles of association. There are 14 directors in the
board, including one president (chairman) who is an inside director, 12 independent outside directors (4 official non-executive directors, 8 appointed Appraisal and remuneration regulations
non-executive directors), and 1 non-execute auditor. The number of outside directors (non-executive director) is greater than the number of The executive director (president) receives different incentive amounts depending on the governments management evaluation results.
inside directors to secure the operation transparency of the board of directors and improve the supervision function of the board of directors. The contract annual salary for 2012 is 117,369,000 won. In 2010, 48% of the annual salary was paid, and grade A was received as a result of
The president of KISA, the chairman of the board of directors, is appointed by the chairman of the Korea Communications Commission from 3 - 5 the management evaluation. 24% was paid because grade C was received in 2011. Remuneration for the non-executive director is paid as a
candidates recommended by the director recommendation committee. consultancy fee in accordance with the governments budget and fund operation planning and execution guidelines. For each occasion, 500,000
won consultancy fee was paid to the non-executive director, whereas 300,000 won consultancy fee was paid to the executive director and the
Securing the specialty of the board of directors auditor.
To secure the expertise of the board of directors, non-executive official directors are composed of experts working for the organizations related
to KISA businesses, including the director of Network Policy Department, Korea Communications Commission; information infrastructure policy Process of conflict prevention within the board of directors
official of the Ministry of Public Administration and Security; head of the National Cyber Security Center, National Intelligence Service; and director To prevent a conflict of interest inside the board of directors, director meetings and primary meetings have been held.
general of the social budget, Ministry of Strategy and Finance. The board meeting was held 7 times in 2011, and the participation rate of the non-
executive directors (appointed non-executive directors) was 86% (7% increase from the previous year), and total 28 management suggestions were
Board of directors operation result analysis and feedback
implemented in the policy. These achievements were possible because the participation by expert non-executive directors was encouraged and
their suggestions were accepted positively. In addition, the scope of non-executive directors activities is expanding to policy establishment by the Item 2009 2010 2011 Result analysis and feedback
areas of expertise, international activities, and consultancy on project implementation. For more frequent activities of the board of directors, an Number of board meetings
5 times 7 times 7 times The proper number of meetings was held based on the annual plan.
(including management
organization dedicated for the board of directors is operated, which is supervised by the director of Management Planning Group, and managed
In-depth deliberation was induced by keeping the proper number of items
by the manger of Planning & Coordination Team. The organization dedicated for the board of directors encourages directors to make management Voted items 13 items 24 items 18 items
to vote.
suggestions, assist directors in understanding the project better, and evaluate performance results of directors duties. Revised voted items (including 3 items The proportion of revised voting was reduced by intensifying preliminary
6 items (45%) 5 items (21%)
conditional adoption) (17%) review of the information on the item.
Composition of KISAs board of directors Reported items 7 items 14 items 12 items Maintaining a proper number of reporting items
(As of September 2012)
Board meeting participation rate 86% 79% 65% The participation rate of official director needs to be increased.
Position Name Term Current office Participation rate of non-executive
The participation rate of official director is improved compared to the pre-
President Dr. Lee, Ki-joo 2012.9.25 ~ 2015.9.24 President of the Korea Internet and Security Agency directors (appointed non-executive 87% 79% 86%
vious year. However, continuous improvement efforts are required.
director)
Park, Jae-mun Director of Network Policy Department, Korea Communications Commission (managing department)
Executive Proportion of non-executive Understanding on projects was improved and the statement proportion
Jeong, Yun-gi Information infrastructure policy official, the Ministry of Public Administration and Security 59% 60% 81%
director directors statement increased, owing to prior explanation on items, occasional data provision, etc.
(official) Not disclosed head of the National Cyber Security Center, National Intelligence Service
Cho, Gyeong-gyu Director-general of the social budget, Ministry of Strategy and Finance
Lee, Seong-hae 2009.7.23 ~ 2013.7.29 Management advisor, KT
Sustainability Management Committee and Working-level Committee
Shin, Yong-tae 2009.7.23 ~ 2013.7.29 Professor, department of Computer, Soongsil University; director of the Korea Information Processing Society
KISA has organizations to actually promote tasks that were identified by the sustainability management strategy system. The Sustainability
Lee, Yeong-eum 2009.7.23 ~ 2013.7.29 Professor, Media Arts & Sciences, Korea National Open University; director of Digital Media Center
Management Committee is a decision-making organization that supervises overall sustainability management, and comprises 10 members,
Jeong, Professor, College of Information & Communication Engineering, Sungkyunkwan University; president of
including the chairman (president), non-executive director, office manager/director of the division, and outside expert. Also, the Sustainability
2009.7.23 ~ 2013.7.29
Tae-myeong the Korea Information Processing Society, vice-chairman of OECD WPISPI Management Working-level Committee was organized, which performs inside/outside communication about sustainability management and acts
Non-
executive Professor, Graduate School of Business Administration, Hanyang University; dean of Hanyang Cyber as a business contact. The Working-level Committee comprises the teams corresponding to 7 key topics of ISO 26000, and plays a practical role
Jang, Seok-gwon 2011.7.25 ~ 2013.7.24
University; director of the Office of Planning & Coordination
director in firmly establishing the sustainability management system inside the organization as well as making sustainability management as corporate
(appointed) Professor, department of Mass Communication, School of Social Sciences, Sungkyunkwan University;
culture.
Han, Eun-gyeong 2011.7.25 ~ 2013.7.24 president of the Korea Association for Advertising and Public Relations; member of the Korea Advertising
Review Board
Hwang, Associate professor, College of Law, Hongik University; academic information director of the Korea
2011.7.25 ~ 2013.7.24
Chang-geun Internet Law Association
Park, Chun-sik 2012.7.30 ~ 2014.7.29 Professor, department of information security, Seoul Women's University
Non- Professor, Department of business administration, Myeongji University; member of the Accounting
executive Jeong, Da-mi 2011.8.18 ~ 2013.8.17 System Review Committee, Financial Services Commission; chairman of the sub-committee for women,
auditor Korea Accounting Association

. Sustainability management system
Mission and vision

KISA has the mission of creating healthy and safe Internet environment and promoting international cooperation in broadcasting and Those five objectives are establishing the world's best information security and incident response system, creating healthy Internet culture
communication along with the vision of becoming the worlds best security agency specializing in Internet and information. and use environment, laying the foundation of the advanced Internet infrastructure and leading the policy, establishing the practical global
cooperative system, and nurturing expert personnel and innovating the management infrastructure. These five strategic objectives are
Core values materialized into 13 strategic tasks and promoted, and represent the sustainability system that should be implemented by KISA as a public agency.
KISA selected professionalism and communication as core values to achieve our vision and mission, and set passion and future-oriented Besides those strategic objectives and tasks, separate promotion areas and detailed tasks are selected for sustainability management to manage
as criteria of employees behavior and value judgment which will act as emotional values and lead the organization by carrying out social the overall sustainability management comprehensively.
responsibilities.
Professionalism: When performing a task, we will develop ourselves and make efforts continuously with self-esteem and obligation to be the Making a
best in our expertise area. safe Internet
environment
Communication: We will endeavor to understand counterparts expectation and desire clearly, and express and transfer our intention in a variety
of ways.
Future-oriented: We will try to find a way that can be beneficial to the organization from a long-term view instead of settling for the present.
Passion: Each and every member will have passion for his/her job.
Social responsibility: We will exert ourselves to be an organization that serves people with a sense of responsibility as a public agency.
1 Improving
convenience
in Internet use
2 3
Creating healthy
5 strategic objectives and 13 strategic tasks Internet culture and creating a
KISA established strategic objectives and tasks to achieve our mission and vision. Five mid-to-long term strategic objectives were identified by shared growth
environment
considering both opportunities and threats of the external environment as well as strengths and weaknesses of the internal environment.
5 strategic objectives and 13 strategic tasks
Purpose of
foundation
Creating a healthy and safe Internet environment and promoting international cooperation in
broadcasting and communication
Supporting
entry into the
4 5 Fostering
Becoming the worlds best security agency specializing in Internet and information overseas market Internet/information
Vision
through international security experts
Core Business
cooperation
values policies
Worlds best specialized agency

Social Sustainability management promotion area and detailed tasks
Profes- Communi- Future-
Passion responsi- A friendly organization trusted by people
sionalism cation oriented Promotion area Detailed task Stakeholder Related department
bility
Happy organization that pursues creativeness and innovation Customer satisfaction Official business performance announcement,
Customer Creative Management Team, 118 Center
management information disclose, civil service
Establishing the world's best Human Resource Management Team, Internal Audit and
Creating sound Internet Laying the foundation of the Nurturing expert personnel Basic rights at work, and difficulties treatment Inside staff
5 strategic information security and Establishing the practical Inspection Section
culture and use advanced Internet infrastruc- and innovating the man-
infringement response global cooperative system
objectives environment ture and leading the policy agement infrastructure
system Labor-management cooperation, employee welfare Labor union Human Resource Management Team, Administration Team
Shared growth
Financial Accounting Team, Internal Audit and Inspection
Advancing the Internet Improving an awareness Identifying leading Internet Diversifying international Improving the expert
Fair society, shared growth (purchase, contract) Partner Section, Planning and Coordination Team, Creative
incident response system of Internet ethics policies cooperation nurturing system
13 strategic Management Team, business division
Strengthening the Strengthening the Laying the foundation Substantiating Improving the
tasks
information security information security of diffusing new Internet international cooperation organizational Social contribution Social service activities Local community Public Relations Division
infrastructure system services in broadcasting and culture and business Environmental management Energy saving Inside staff Administration Team, Financial Accounting Team
Fostering the information Advancing Internet address communication productivity
security industry management system Increasing the KISA Board of directors, governance including internal Planning and Coordination Team, Internal Audit and

Ethical management Board of directors
brand value audit Inspection Section
Creativeness & innovation Improving ways of working, quality management Customer, inside staff Creative Management Team

. Participation of stakeholders
Definition of a stakeholder Sustainability management issues and expectations by stakeholder

KISA defines a stakeholder as an employee who produces public services according to KISAs mission; customer who purchases our services Stakeholder Sustainability management issue Key expectations Related page
(governmental departments, IT companies, people); local community and international organization that affect KISA management; and partner that Improving the level of privacy protection Safe information distribution p. 20-23
transfers the management value produced by KISA. KISA implements sustainability management through continuous communication with these Customer Internet culture movement and ethical education Creating healthy Internet culture p. 24-27
Providing transparent management information Transparent management information announcement p. 73-75
stakeholders.
Establishing sustainability management/risk system Sustainable growth of KISA p. 10-11
Creating reasonable and smooth communication corporate culture Reasonable organizational culture p. 57
Communication with a stakeholder Employee
Improving employee capability Improving employee capability p. 62-63
KISA opened an open communication and free dialog window by establishing various types of communication channels with major stakeholders Reasonable HR/remuneration/welfare system Fair HR/remuneration system p. 66-67
such as customers, employees, local community, partners, and international community. In addition, KISA collects major concerns and opinions Cooperating Shared growth cooperation with partners Shared growth of KISA and partners
p. 47-51
companies Establishing a transparent procurement system Establishing a transparent procurement system
from stakeholders through active communication, and tries to improve the level of satisfaction by improving shortcomings. In addition, KISA will
Improving the level of privacy protection Safe Internet use environment p. 16-19
set a solid foundation for establishing trust about management activities and growing together by transferring our achievements to stakeholder Internet culture movement and ethical education Creating Internet culture p. 24-27
Government
effectively. Efficient execution of the government budget Implementing government policies p. 72-76
Advancement and efficient management of public agencies Efficient HR management, function adjustment p. 57-58
Nurturing information security industry and personnel Nurturing related industries p. 28-31
Advancing Internet incident response system Incident prevention and quick response p. 16-19
Internet policy research/governance establishment Smooth information sharing and cooperation p. 38-39
IT industry
Stakeholder communication channel Supporting SMB capability Fostering Internet expert p. 45-49
Supporting domestic companys entry into the overseas market Providing opportunity of overseas entry to private companies p. 42-43
Inducing fare competition Fair policy execution p. 59-61
Supporting developing countries Technology transfer to developing countries
Intl International cooperation in broadcasting and communication Playing a proper role in IT international organizations
p. 42-43
organization Strengthening international mutual cooperation Global information security response measures
Conforming to the international policy and standard Satisfying international standards
isit interview
V isit interview with related
V
Resolving digital divide of the alienated IT class Supporting vulnerable security classes p. 53

Local
Rectitude ombudsman agencies Solving the youth unemployment problem Preferential recruitment of the talented person living in provincial areas p. 57
community
Partner meeting Operating responsible team Leading healthy Internet culture Building equal digital society p. 24-27
and NGO
Establishing Internet-shared by governmental department Contributing to the local community Improving the quality of local community residents life p. 52-54
growth committee Meeting and seminar by
advisory committee
pen management meeting

O Expert interview
and CEO meeting
Participating in intl meeting
and seminar
Official business performance
announcement policy
Holding a joint intl workshop
Clean Reporting Center
Sustainability management strategy suitable for the

Providing inviting training for
developing countries
KISA magazine, Intranet suggestion box
Periodical labor-management meeting
Difficulties treatment system
characteristics of the organization is needed.
I would like to give high scores to the publication of the sustainability management report for two years in
reakfast meeting for
B a row, even though KISA is a relatively small-sized public agency. I can recognize their efforts to express
Business Strategy 2010 isit interview
V
Seminar, meeting social the sustainability management results out of the whole organization based on international standards
Seminar, forum, and meeting
service activities, homepage by advisory committee such as GRI G3.1 and ISO 26000 Guidelines. However, it still leaves an impression that the sustainability
Visit interview Founded Internet Shared
Korea Internet Dream Star management strategy is not so much as clearly described. The report needs to describe how the unique

Growth Consultative Group
Public hearing projects of KISA, which have characteristics of public interest, affect the growth and development of the
KISA visit program
Homepage and KISA SNS Internet industry socially and economically in Korea. Also, the report needs to describe how innovation
Surveying customer
affects sustainable growth inside the organization as well as the characteristics of the social/environmental
satisfaction
Customer advisory group contribution in more details. In addition, the sustainability management report should present both
118 Center
Ra, Young-jae

remarkable achievements and shortcomings in a balanced way from the perspective of stakeholders, unlike
Publishing KISA magazine
the business performance evaluation report. The report seems to need improvement in that sense. It would Manager, Public Center
Management Evaluation Team,
be more effective if KISA establishes the sustainability management strategy that fits into its objectives and
Korea Institute of Public Finance
business characteristics, and publishes the report based on the strategy. I wish that KISA keeps playing a
positive and leading role in the Internet industry area through its sustainability management.

. Materiality assessment
It is an important part in sustainability management to understand what is important in managing the enterprise, and to solve the issue. KISA Identifying 5 key issues among 41 issues
introduced an internal materiality assessment process, and now opens to public all processes of identifying and selecting issues transparently. According to the materiality assessment results, outside stakeholders pointed out KISAs major business areas (securing new technology and
policy development, advancement of the response system against the Internet incident, etc.) as important issues, whereas inside stakeholders
placed more importance on the matters related to operations such as reasonable organization operation, organizational culture, working
Materiality assessment process conditions, and practices. Finally, five core issues of KISAs sustainability management were identified, namely: 1) advancing the response system
KISA has conducted materiality assessment to identify major concerns of stakeholders and preferentially reflect them in management activities. against the Internet incident; 2) improving the level of privacy protection; 3) fostering industry and personnel regarding information security;
First, KISA carried out analyses upon the present management condition and capability, sustainability management trend at home and abroad, 4) advancing the Internet address management system; and 5) international cooperation in broadcasting and communication.
and media in order to select important issues in sustainability management. Priority of major issues collected by the analyses was determined
based on analyses upon the level of stakeholders interest and business impact. Five core issues were extracted and confirmed as the final issues
Results of materiality assessment
through deliberation by internal staffs and outside experts.
Outside (0~100%)
100
A Advancing the response system against the Internet incident
Materiality assessment process A
B Improving the level of privacy protection
C B
STEP 1 STEP 2 STEP 3 STEP 4 D C Internet culture movement and ethical education
Identifying issues Reviewing social interest Reviewing business impact CSM materiality matrix 80 E
F D Fostering industry and personnel regarding information security
G
Identified 41 issues in total in the H E Securing new technologies and policy development
I
areas of general sustainability Conducted business impact
Analyzed the level of interest in Created KISAs materiality matrix 60
J K F Advancing the Internet address management system
management, business area, analysis upon 22 KISA working-
major issues among internal staffs level TFT members and considering social interest and
society, economy, and environment G Identifying and supporting new Internet business
and customers sustainability management experts business impact
based on the analyses upon
sustainability management trend, H Building up reasonable and smooth communication organizational culture
management environment, and 40
media. I International cooperation in broadcasting and communication
J Balance between work and life
K Supporting the strengthening of capabilities of SMB

20
Major analysis methods for evaluation
Various analysis methods were attempted during the phase of issue identification and review upon social interest and business impact. In addition,
efforts were made to secure transparency during the evaluation and analysis based on arbitrary interpretation not to select issues that are only
wanted by KISA.
0 20 40 60 80 100 Inside (0~100%)
M
edia analysis: The media analysis solution SPCRM was used to identify the articles and major issues related to KISAs sustainability
management.
High priority Medium priority Low priority
S
ocial interest analysis: A survey was conducted for 317 persons inside and outside KISA. Emphasis was put on obtaining practical answers
rather than securing a satisfying number of respondents when selecting the respondents and designing the questionnaire. Total of 195 A
dvancing the response system against the Internet Providing transparent management information Systematic and effective movement to the outside of
incident Reasonable HR/remuneration/ welfare system metropolitan areas
employees participated in the employee survey, and questions were evaluated based on a scale of 0 to 7, considering the importance of each Improving the level of privacy protection. Increasing permanent staffs and reducing non-regular staff Observing laws and regulations
issue. For this years customer survey, 122 key stakeholders (business related agency, partner, etc.) participated the individual survey to evaluate Internet culture movement and ethical education Corruption prevention and integrity improvement Improving employees safety and health
F
ostering the information security industry and personnel Improving employee capability Human rights protection and consideration on the socially
actual interest, while not overlooking the shortcomings from the 2011 survey, in which realistic and effective answers could not be obtained from

Securing new technologies and policy development Inducing fair competition underprivilleged
the survey which targeted general customers due to the lack of faithful answers. Advancing the Internet address management system R
especting and protecting the intellectual property right Increasing PR activities for KISA
B
usiness impact analysis: 22 members of the internal sustainability management working-level committee and 11 specialized outside social Identifying and supporting new Internet business Strengthening the customer satisfaction management system Local social contribution activities
B
uilding up reasonable and smooth communication S
ocial contribution activities using the Internet capability Reducing wastes and using eco-friendly/recycled products
responsibility consultants participated individually in reviewing and analyzing the business impact of each issue. organizational culture Establishing a sustainability management system Improving employees awareness of environment
International cooperation in broadcasting and Establishing a risk management system
communication Promoting energy efficiency and saving
Balance between work and life Making public agencies advanced and efficient
Supporting the strengthening of capabilities of SMB Securing proper personnel and budget
Establishing Internet/IT governance Supporting overseas entry by domestic companies
Efficient execution of the government budget Improving the customer response service
Inducing promotion of social responsibility contribution by Policy research, survey, and analysis
partners and IT industry Resolving information deficit within IT-isolated classes
Leading and spreading the green IT industry

. Creating a safe Internet use environment
Weve created a safe Internet Operating a security monitoring room to cope with incidents
KISA is operating an integrated control room to quickly respond and prevent the Internet incidents that occur
use environment!
throughout the country. Using this facility, KISA is making efforts to minimize damages to enterprises and
people by analyzing vulnerabilities of the new malicious codes and viruses, and issuing security notices and
alarms. In addition, the monitoring and incident response system has been improved. For example, the screen
in the integrated control room is replaced with the one that allows the actual control operator to recognize and
Recently, Internet incidents are diversified and are becoming serious to the extent that national
respond to the incident intuitively.
security is threatened. To cope with these challenges, KISA is endeavoring to respond to various
Internet incidents based on the worlds best wired/wireless network infrastructure.
Over 1.8 million domestic web sites are monitored every day to detect hidden malicious codes, and preliminary
actions are taken so that Internet users can use the domestic web site without being concerned about
malicious code infection. In addition, experts are constantly scanning the domain and IP addresses which
are being misused for the cyber-attack (hacking, malicious code, etc.), and block them in advance through
cooperation with 8 ISPs (Internet Service Providers) to make the Internet use environment safer.
Status of incident response support
Category 2009 2010 2011
Number of web sites scanned

200,017 ea. 1,001,661 ea. 1,827,653 ea.
to detect a hidden malicious code
Number of detected/
7,352 ea. 6,674 ea. 11,805 ea.
corrected web sites
Supporting analysis upon

77 times 91times 160 times
hacking incident
Supporting remote check of user PCs 3,847 times 6,162 times 18,000 times
Worm virus 3,107 cases 3,417 cases 3,839 cases

New threat
Vulnerability 674 cases 743 cases 740 cases
assessment
Total 3,781 cases 4,160 cases 4,579 cases
Number of web sites scanned Number of detected/corrected Supporting hacking

to detect hidden malicious web sites (unit : 100) incident analysis (times)
codes (unit : 10,000)
182 118 160

Number of companies that used DDoS Shelter so as to block malicious traffic, while allowing an access by normal users.
Shelter in 2011 Incident detection and response system
101
In particular, recurrence of malicious code infection was prevented by taking follw-up measures such
Improving Security Developed Malicious code
monitoring system detection system as treating and blocking zombie IPs and C&C servers that were secured through defending DDoS
companies
attacks. DDoS Shelter detected 71,508 zombie PCs (61% of 116,299 infected PCs) during the 3.4 DDoS
Comprehensive incident analysis Quick malicious code analysis
attack, and provided more than 3,000 free web site vulnerability check service to small business.
Quick incident DDoS Shelter service provision status

detection and
response Category 2010 2011
Number of companies using the service 52 companies 101 companies

Protecting SMB from the DDoS attack Quick information distribution among people regarding zombie
PC treatment Number of cases preventing DDoS attack 25 60
Smart-phone security
Establishing Cyber Curring system self-diagnosis App.
Establishing
DDoS Shelter for infected PC
Response to mobile malicious code
As the smart-phone becomes popular, a number of malicious codes designed to attack the smart-
phones are increasing as well. KISA has been preparing the response system by running the Private
Advancing the incident response system
and Public Joint Response Team to Protect Smart-Phone Information since 2010. KISA released
Strengthening the monitoring of Phone Keeper in September 2011, which is the security self-diagnosis App that allows smart-phone
Stagnant monitoring method Improving the response system to
anomalies users to check security of their smart-phones by themselves occasionally. As of December 2011,
Aged response system cope with new threats
Establishing a quick analysis system
more than 200,000 downloads were recorded. In addition, a technology which detects the existence
of malicious codes in Apps that are being distributed among black markets was discovered, and
shared with domestic mobile operators and anti-virus software companies.
3.4 Successful response to the DDoS attack
KISA received a lot of praise at home and abroad by successfully defending against the 3.4 DDoS Providing public alarm/treatment service to remove zombie PCs
attack in 2011. The information was quickly shared with related organizations to activate a mutual- KISA has developed a cyber curing system for infected PCs open for public. It informs people
assistance system, and DDoS Shelter was actively utilized. As a result, the 3.4 DDoS attack could be connecting to the Internet about infection status of PCs in use from malicious codes using a
defended without serious damage, which was bigger in scale and more intelligent than the 7.7 DDoS popup window, and provides a computer vaccine program that can remove the malicious code
attack in 2009. The attack could be effectively responded because the problems discovered during conveniently and quickly. When the large-scale DDoS incident occurred in March 2011, the DDoS
the incident in 2009 were examined from diverse aspects and then significant improvements were attack information was distributed among Internet users, along with removal method and dedicated
made. vaccine software. Consequently, those activities played an important part in defending against the
DDoS attack without causing any serious damage. In addition, information security was advertised
effectively and continuously on TV and representative mass media in order to create an environment
Comparison of the response time between 7.7DDoS (2009) and 3.4DDoS (2011)
that enables Internet users to protect their own information.
Malicious code analysis Information on attacked agencies In 2009, it took 3 hours for 3 professional analysts
time and access record collection time to analyze the malicious code during the 7.7 DDoS
12 hours attack, whereas 10 analysts were assigned to reduce
the analysis time down to 1 hour during the 3.4 DDoS
3 hours
attack in 2011.
In addition, the process of collecting the information

on attack and connection record took only 1 hour in
1 hours 1 hours
2011, compared to 12 hours in 2009, because DDoS
Shelter detects zombie PCs directly instead of
receiving log files from the victims.
7.7DDoS 3.4DDoS 7.7DDoS 3.4DDoS
Operating DDoS Shelter for small businesses

DDoS Shelter was opened in September 2010 for the small businesses and organizations that could
not respond to the DDoS (Distributed Denial of Service) attack properly. Total of 101 companies used
the DDoS Shelter and 60 attacks were defended in 2011. KISA minimized damages to DDoS victims
business operation by quickly bypassing traffic to the victimized companies homepage to DDoS Internet Incidents Response Divisioin

. Strengthening personal information protection
Weve strongly protected the Resolving difficulties related to infringements of personal information
As the Personal Information Protection Act was put into force on September 30, 2011, targets for law
personal information.
enforcement were significantly expanded to public sectors, non-profit organization, and individuals (about 3.5
million), while infringement reports caused by infringement of personal information and relief requests have
also increased. A quick and simple infrigenment relief system is required for damages caused by personal
information infringement, since they spread fast, are difficult to restore into original state, and a large number
Damage due to the infringement of personal information such as the disclosure of Resident Registration Number
of victims can be affected. KISA is minimizing ingringement caused by infringement of personal information
on the Internet is emerging as a major social issue lately. KISA is making efforts to prepare countermeasures to
by running the Personal Information Infringement Report Center and Personal Information Dispute Mediation
protect personal information in order to minimize potential damages and prevent incidents from the source.
Committee.
Operating the Personal Information Infringement Report Center

The Personal Information Infringement Report Center, founded in April 2000, receives citizens infringement
of personal information claims raised against business/public agencies, and takes necessary follow-up
measures after investigating the relevant facts.
Number of reports received by the Personal Information Infringement Report Center
Category 2009 2010 2011
Report 2,139 cases 1,788 cases 2,556 cases
Consultation 33,028 cases 53,044 cases 119,659 cases
Total 35,167 cases 54,832 cases 122,215 cases
The number of reports and consultancy requests received by the Personal Information Infringement Report
Center is increasing every year (from 35,167 in 2009 to 54,832 in 2010). In 2011, total of 122,215 cases were
accepted, which is 123% increase (67,383 cases) over a year ago, because citizens complaints and private
enterprises consultation requests increased due to several cases of personal information leakage incident
and enforcement of the Personal Information Protection Act is making multifaceted efforts in coping with
the increasing trends, including the policy of handling incident reports by area, assigning experts with Ph.
D degree related to laws and technologies, and publication of FAQ information book regarding the Personal
Information Protection Act.
The Number of web sites that do Search for leaking Resident The Number of case of using the
not collect Resident Registration Registration Numbers Resident Registration Number
Numbers or web sites that (unit: 100 pages) Clean Center (unit: 10,000 cases)
introduced i-PIN (unit: 10 sites)
235 1,103 362

Internet. The revised Act on Protection of Information and Communications Network Utilization and
Follow-up measures
Information Protection, ETC. was enforced on August 18, 2012, and aims to create a clean Internet
environment by 2014, in which no resident registration numbers are required. In addition, KISA will
improve users awareness about the use of Resident Registration Numbers and monitor how the
Difficulty resolution Improving service Request for administra- Request for service providers collect resident registration numbers and use Resident Registration Numbers so
Damage relief providers execution tive measure (fine, investigation
correction order) that alternative methods can be used more widely. In order to achieve this, KISA opened the Internet
Resident Registration Number Clean Center on May 11, 2012 to support small businesses having no
Personal Information Dispute Mediation Opening ceremony of the
Committee
sufficient technical personnel and provide technology-related consultation service. Personal Informtion Security Technology
Cancel web site membership, Recommending Requesting administrative mea- Requesting an investigation
personal information deletion, conformity to the laws sures to the Ministry of Public to the prosecutors office and Support Center
and compensation for damages Administration and Security, police regarding violation of
through dispute mediation, etc. Korea Communications Com- the criminal laws Daily average decrease in the number of web pages that expose Resident Registration Numbers
mission, etc.
1,503cases
Personal Information Dispute Mediation Committee
The Personal Information Dispute Mediation Committee was founded in December 2001 in 93.35% decrease
The daily average number of pages that
accordance with Article 40, Personal Information Protection Act. The committee is a quasi-judicial expose Resident Registration Numbers among
organization that accepts disputes between parties related to personal information and solves them domestic web sites dropped from 1,503 cases
581cases
through reasonable and smooth mediation. Everyone can apply for the mediation if a dispute arises 5.7% decrease in 2007 to 100 in 2011 (93.35% decrease). This
due to personal information issues. Application contents can contain active exercises of rights, 192cases was possible due to the monitoring of the
105cases exposure of Resident Registration Numbers all
100cases
including stopping of law offenses, claim for damages, and right to request for retrieval/correction/
year around.
deletion of personal information, etc. As the group dispute mediation (if a number of victims of 2007 2008 2009 2010 2011
violated right are over 50) is introduced in the Personal Information Protection Act, several cases of
dispute can be solved collectively by only one-time mediation. Approximately 500 protection-related
disputes have been processed over the last 3 years, and the number of dispute resolution is likely to Promotion of i-PIN use
rise more in the future. KISA recommends the use of i-PIN (Personal Identification Number) as an alternative to Resident
Registration Numbers to minimize the use of Resident Registration Numbers on the Internet and
Application of dispute mediation prevent personal information infringement. KISA has been promoting the self-information protection
campaign since 2009 to increase the opportunity of using i-PIN and improve peoples recognition
Internet Phone/Fax/E-mail Visit about i-PIN, and improving users convenience by reducing the length of procedure necessary for
issuing/authentication of i-PIN as well as improving the user interface. As a result, the number of
issued i-PINs increased from 640,000 in 2008 to 4,530,000 in 2011. The number of sites that do not
Acceptance notice Application and receipt for dispute mediation
Case Screening
collect Resident Registration Numbers or ones that introduce i-PIN increased from 1,791 in 2010 to 2,345
Complaint resolution /
Transfer to other agency, etc.
in 2011 (31% increase).
Evidence collection, Fact investigation
expert data, etc.
Personal Information Security Technology Support Center for small businesses
Recommending agreement Yes Small businesses, which usually lack the level of recognition, budget, and specialty, have difficulties
Agreement
before mediation in protecting their personal information although targets of the Personal Information
Protection Act application were expanded. KISA provides a variety of support through
Mediation and decision-making
No
Civil suit or waiving the Personal Information Security Technology Support Center founded in October in
2011, including consultation about compulsory security measures in accordance
to the Personal Information Protection Act, provision of web vulnerability check
End
service, security solution distribution (e.g., vaccine), and online education on
compulsory security measures.
Policy of limiting the collection and use of the Resident Registration Number
A legal and systematic policy was prepared to limit the collection and use of the Resident
Registration Numbers on the Internet in order to fundamentally solve the problems of illegal use and
violation, which is caused by the leakage of Resident Registration Numbers information out on the Personal information protection division /
Personal information security division

. Spreading healthy Internet culture
Weve led the healthy Awareness-raising of Internet ethics

KISA created an Internet ethics logo (Todagi), character (Wellie), and jingle song (Click love! Click
Internet culture movement.

compliment!), and produced public service advertisements related to Internet ethics through collaboration with
Korea Broadcast Advertising Corporation (KOBACO). The produced advertisements were delivered to public
via various media such as movie theatres, convenience stores, outdoor billboards, and cable TV and Internet
broadcasting. The Internet Ethics Experience was operated in major cities like Seoul, Daejeon, Busan, and
Spreading of healthy Internet culture is urgently needed, as the social problems caused by Internet dysfunction
Gwangju, and about 235,000 visitors received experience-purposed Internet ethical education. Also, an Internet
such as malicious comments and spread of false information becomes more serious. KISA is making efforts to
Ethics Competition Award was held, in which total 1,674 UCCs, catchphrases, posters, and other materials
correct unethical behavior on the Internet by implementing continuous Internet cultural movement and ethical
were received and the award was given to winners. Through these activities, KISA is trying to improve peoples
education.
Internet ethics awareness. In addition, Internet ethics self-diagnosis program and education service are
provided online to improve peoples Internet ethics awareness. Total 36,770 persons used the service in 2011.
2nd term Korea Internet Dream Star

The Korea Internet Dream Star was established in 2010, which is an organization comprising primary and
middle school students, in order to foster next-generation Internet leaders and guide healthy Internet culture.
The Korea Internet Dream Star is contributing to the spread of sound Internet culture by taking part in various
Internet-related activities both online and offline, including posting positive comments, reporter group,
training, campaign, and social service activities. The 1st term Korea Internet Dream Star was participated
with 831 students, and the number of members for the 2nd term in 2011 increased to 2,853. Total 4,929 students
participated in 18 areas.
Korea Internet Dream Beautiful Internet Internet ethical

Star member students World Week participants education participants
(unit: 100 students) (unit: 100 persons) (unit: 100 persons)
29 392 668
Conducting Creating a Beautiful Internet World in 2011 Campaign Internet ethical education for school parents
The Creating a Beautiful Internet World Week in 2011 declaration ceremony and various campaign KISA implemented Internet ethical education for the school parents who raise children and teenagers.
activities were performed in association with National Alliance for Creating a Beautiful Internet The lectures for the school parents were delivered in association with local autonomous bodies such
World(AINSE). About 40,000 persons participated in 37 campaign activities, including online vow as Songpa-gu, Gangnam-gu, and Seongbuk-gu, and total 630 parents participated. In addition, the
campaign, Golden Bell ethics class, Beautiful Internet World street campaign, and Internet filial Internet ethics Golden Bell quiz contest was held for the school parents, together with the positive
duty Hyo album presentation ceremony. In particular, one campaign per one organization was comments politics group of the National Assembly, in order to improve school parents Internet
performed between Beautiful Internet World Pan-national Council and related organizations to ethics awareness.
2011 Making Beautiful Internet World
Week declaration ceremony
encourage the participation by every class of the society. Those campaigns were recognized
to contribute to propagate healthy Internet use culture and induce pan-national interest and Internet ethical education for teachers
Internet ethics Golden Bell quiz contest
participation. Internet ethical education was implemented for 2,622 teachers throughout the country, including participated by school parents
school inspectors, school vice-commissioners, principals, vice-principals, and teachers. The
Happy silver world together with IT training program received full marks in the level of satisfaction.
KISA helped the IT exhibition and experience events for the silver generation in October 2011 for the
first time in Korea, together with SilverNet News and Korea Communications Agency. Beginning with Satisfaction with Intention to recommend
Category
overall education the course to others
Clean Internet Resolution Rally to make the Internet world clean at all times, IT culture experience,
Education CEO Leadership 100% 96.6%
Happy silver world together with IT training, and job information were provided. KISA received favorable responses from the elderly
participants by exhibiting the Internet filial duty Hyo album system, which shows photos on a TV Teacher Training 97.3% 93.5%
monitor sent by their grandchildren using smart-phones. Also, Silver Internet Ethics Experience
pavilion and self-diagnosis experience booth were prepared for the participants to experience the
Internet ethical education for Internet neglected class
harmful Internet environment such as malicious comments and defamation, and diagnose the level
The Internet ethical education program was implemented for the vulnerable social classes such
of Internet ethics awareness by themselves.
as the handicapped youth, infants, and military servicemen. Internet ethical education teaching
materials for the handicapped youths were developed and pilot education programs were provided.
Internet ethics class after school for teenagers Also, short/long-term Internet ethical education programs for the infants were developed, and public
KISA is promoting the Internet ethical education to create healthy Internet use culture. The Internet
participation of kindergartens to receive the education was invited, educating 5,976 children at 100
ethics class after school, which allows students to create their own UCC to understand desirable
kindergartens. The Internet ethical education video for soldiers was produced in association with the
Internet use methods, was opened for 7,998 students at 291 schools. Also, the lecture tour on Internet
Defense Agency for Public Information Services, with the help of the Defense Security Command.
ethics, which includes lectures on Internet ethics practice methods, quiz contest, and campaign
The education is currently being implemented for 600,000 soldiers.
activities, was performed for 10,960 students at 60 schools. In addition, the Creative activities on
Internet literacy, which utilizes new Internet services like SNS and UCC, was delivered as regular
Designated as an education donation agency
class materials for 53 selected schools.
The superiority and creativity of KISAs Internet ethical education programs were recognized by
Internet ethics logo and character the Ministry of Education, Science and Technology, and thus designated as an education donation
agency and received an educational donation mark (DE). The education donation (DE) institution
Logo Jingle song Character
is designated by the government for certain companies or universities which implement exemplary
experience education for primary, middle, and high school students in order to reinforce the public
education with its competitiveness.
Click love, click compliment!
Beautiful Internet world
Embodying a hand trumpet that An expression that reminds us of Symbolizing a whale that defeats
spreads a complimentary remark. Internet ethics and beautiful Internet malicious comments and spreads
Cheering up the people suffering from world, which is funny, lovely, and positive comments by crisscrossing
malicious comments by tapping their friendly enough for all people to sing the information ocean Internet, and
shoulder. along comforts and encourages suffering
people with big ideas and generosity
Internet Culture Development Division

. Fostering the information security industry
KISA nurtured the information security Reinforcing technical skills of the industry through technology transfer and test lab provision
KISA is supporting technical skill reinforcement of the industry through technology transfer and test lab
industry and relevant personnel.

provision. KISA developed 3 new technologies and applied 29 patents to acquire the copyright, including
the VoIP firewall, in order to improve the competitiveness of the local security products. In particular, 6
technologies developed by KISA were transferred at a low price, and successfully commercialized. In addition,
international standardization is promoted to support the entry of domestic products into the world market. In
While the information security market in the world is growing rapidly, the information security market in Korea
2011, 16 international standard contributions were adopted with regards to smart service security, strengthening
occupies only 1.8% of the world market shares. In particular, dependence on foreign products in the new product market
the information security infrastructure, incident response, and biometrics technology, which exceeded (1,119
area is high, which requires reinforcement within the competitiveness of the information security technology. KISA
cases/100 million won) the target (1,063 cases/100 million won).
endeavors to foster the information security industry such as strengthening the
competitiveness of industry information security technology, supporting
for entering the overseas market, and nurturing the expert. Technology development support results in 2011
Item Technology transfer Intl standard contribution Intl standard establishment
Support results 6 cases 16 papers 5 standards
Efforts and achievements of the biometric test/certification service to promote entry into overseas markets
Efforts Achievements
Developed a new biometric (iris, vein) database. The number of provided services increased from 5 in 2010
Secured international public confidence by applying the KOLAS to 7 in 2011.
(Korea Laboratory Accreditation Scheme) methodology. Laid
the foundation of entering the global market in the
Improved the test database quality, and promoted automation iris and vein area
Test lab-using Increased supply of Nurturing information

companies security control personnel security personnel
(unit: a company) (unit: person) (unit: person)
126 81 780
KISA is reinforcing a nurturing system for the knowledge information security industry by providing Expanding home and overseas markets by supporting overseas market development
a test lab, which is equipped with an expensive test environment that cannot be prepared by small As the demand on security personnel is increasing due to the regulation (Article 10.2, National Cyber
venture enterprises due to high costs and can be shared by them. In particular, the mobile security Safety Management Regulations) which mandates the outsourced operation of the security control
test bed was built in 2011 and opened in 2012, which allows various tests in a mobile environment. center at public agencies, KISA improved the existing manpower training and develoment program
The test-bed supported the technology and product development of the SME by providing a 24x7 on the information security are into practical forms of programs such as security control practice
operation service and 24 technical documents in 7 areas, including the performance evaluation training by level and visit to the control center, as well as is currently operating the customized
index, test methodology, and simulation. As more wireless and mobile devices are becoming popular training course that fits into market demand. In addition, KISA supports overseas market entry by
in the government and public agencies like the smart works, KISA developed test scenarios and local companies based on the systematic overseas market development program. Besides, KISA
methodologies that fit into the government security specification, to enhance the competitiveness of supported overseas market development and marketing activities for 53 local information security
the mobile industry. KISA will expand the national information security market by developing security companies in 2011 by implementing a phased export support project: selecting strategic countries
technologies and supporting standardization and product development, which are specialized for the for market development by conducting an enterprise market survey, followed by providing the
new convergence services that are rapidly growing such as smart grid and cloud. corresponding market information, developing the overseas market, and finally localization.
Effects of using the test lab

Supported 66 information security companies overseas market development and marketing activities
Effects of reducing the product development duration (%) Effects of reducing the product development cost (1,000 won)
Number of supported com-
59.8 Item Results
60 60,000 panies
53.7 56,189
50 50,000 Customized support 8 companies Supported marketing, consulting, and product localization
40 40,000 42,094 Consultation meeting (4 times), Achieved 875% ROI from consultation and exhibition in 2011 (400
58 companies
36.9 35.8 Exhibition (3 times) million won investment vs. 3.5 billion won contracted amount)
30 30,000
25,881
20 20,000
17,550
10 10,000
Phased export support business
0 0
on on uri
ty All on on uri
ty All
nti nti ec tem nti nti ec tem
ve tem reve stem ve tem reve stem Export preparation phase Obtaining the overseas market information and supporting PR and marketing
pre sys p sy te d s sys pre sys p sy te d s sys
ion oS ra ion oS ra
rus DD eg rus DD eg
Int Int Int Int Supporting participation in famous overseas exhibition
(Source: Final report on the analysis of Knowledge Information Security Industry Holding a business consultation meeting for strategic countries
Market development phase
Support Center operation and development measures) Identifying strategic partners, and supporting domestic company networking
New convergence of the information security industry, and creating a leading technology development
Localization phase Package-typed, customized export support
infrastructure
Increasing test lab operation and supporting

Increased test lab operation and technologies for tests
In order to foster the knowledge information security expert, KISA selected 780 field engineers and
test technology support Developing and operating 10G class DDoS test bed implemented trainings to reinforce in-service capabilities by reflecting field demands. Among them,
Increased test lab use (103126 cases)
46 senior engineers were produced by running an employment contract-type Masters course, and
Providing the test environ-
eveloping and operating the mobile security test bed
D employed in the specialized information security company. As a result, the difference between

Providing a mobile App, mobile office, and wireless
New conver- ment in the mobile area, and manpower demand and supply was reduced by 31% in the information security industry.
traffic test environment
gence of the strengthening competitiveness
Developing the mobile security test scenarios and
information se- in the mobile security industry In addition, as the demand on security control experts increases, practical training
methodologies
curity industry, programs were provided and demand-oriented training courses were organized and
and creat- Providing expanded biometric tests and certifications
ing a leading

Providing fingerprint and face recognition performance

operated, such as security control practice training by level and visit to the control
Providing the test certificate for
technology knowledge information security
test and certification (7 cases) center. As a result, 37 and 81 security controllers were supplied to the information
Developing a new iris, vein, falsification and alteration
development products, and expanding the
(fingerprint) database (96.000 sheets)
security industry market in 2010 and 2011 respectively, which can satisfy the
infrastructure scope (biometrics area) Establishing new test and certification methodology demands by 29% assuming that one engineer works for 280 public agencies.
such as the product infrastructure and CCTV.
16 cases of information security technology development

Developing the source security and standardization, including M2M and biometrics.
technology for convergence 6 cases of developing and distributing (technology
services and standardization transfer) information security source technology, such as

the VoIP firewall.
Industry Development division

. Strengthening the Internet address management system
KISA has advanced the Internet Laying the foundation of the next-generation Internet address resources
As the demand on the Internet address system, IP is rapidly growing and IPv4 is being obsolete fast with the
address management system.

development of Internet and Internet-accessible devices like smart-phones, transition to the next-generation
Internet address resource IPv6 is required. KISA established a roadmap to transit to the IPv6 for ISPs (Internet
Service Provider) in early stages, and is carrying out the phased implementation strategy.
As the new allocation of IPv4, which is the current Internet infrastructure system, was terminated as of April
IP address/AS number allocation and member management
2011, distribution of the next-generation address resource IPv6 is urgently required. KISA encourages service
KISA allocates IP addresses and Autonomous System(AS) number, and manages members of IP addresses
providers to transit to the IPv6 system, and promotes the Internet address market.
management agency to provide the IP addresses and AS numbers to domestic ISPs. KISA received the IP
addresses and AS number from the APNIC (Asia Pacific Network Information Center), and is allocating them
to domestic ISPs. KISA is contributing to the stable supply of the domestic IP addresses by achieving 100% IP
addresses allocation ratio compared to the IP addresses application. In addition, 8 ISPs newly secured IPv6
addresses as a result of the KISAs activities that encourage the ISPs to switch to the IPv6. Consequently, total
57 domestic ISPs (47%) acquired IPv6.
IPv6 use diffusion roadmap

IANA IPv4 stopped 2013
new allocation
2012 IPv6-based smart
2011 Internet service
Applying virtuous development
2010 IPv6 circulation of IPv6
2009 support system Supporting commercial
IPv6 IPv6 service
development stablishing virtuous
E
IPv6 application service
Strengthening
development circulation system
backbone network IPv6 action plan competitiveness of the
Global IPv6 application
establishment Promoting phased future advanced service

pplying application
A
transition
service
Applying IPv6 to
Test bed establishment
backbone network

Applying expanded
research network
Mission Increased IPV6 application in Korea
IP/AS number-securing status in 2011
Number of Newly secured Accumulated Rank for secured

Type Secured Remark
application address address addresses
IPv4 address 68 68 8,753,664 112,201,216 5th in the world 100% compared with application
IPv6 address 10 10 10(/32) 5,219(/32) 9th in the world 100% compared with application
AS number 1 1 100 1,005 12th in the world KISA secures in advance and allocates later
Market Size of National ISPs IPV6 DNS configuration

domain names size Address error ratio (%)
(unit: 10,000 domains) securing ratio (%)
131 47 8.82
2011 Business Performances

Promoting ccTLD, and supporting the domestic domain industry . Strengthening the information security base
Introducing Korean ccTLD .
KISA, as the national registry of internet address resources, has introduced the Internationalized
Country-code Domain Names (IDN ccTLD) to the public,. and is pro-actively responding to the
policy changes at the national and international level by taking them as new opportunities. First,
KISA introduced . at the Country-code Top Level Domain (ccTLD) level. The . domain
service was launched on May 25, 2011, and 210,623 domain names have been registered. As a result,
the ccTLD market size expanded by 20%, from 1 million and 70 thousand domain names in 2010 to 1 KISA is trying to improve the information security capability in the public and private sector in addition to the development of the incident response
million and 310 thousand domain names in 2011. system. KISA is doing its best to reinforce the information security infrastructure, such as expanding the information security infrastructure,
reinforcing the stability of the public certification service, evaluating information security products, and strengthening the certification infrastructure.
Supporting the acquisition of new gTLD management right
KISA provided specialized information about the new generic top level domains (gTLDs) to domestic
Improving the level of infrastructure facility information security
enterprises, and prepared the service provider support plan. According to the results of Internet
The Information and Communication Infrastructure Protection Act was legislated in 2001 to protect
Corporation of Assigned Names and Numbers(ICANN) first round of new gTLD application, 4 domestic
important national facilities. The act mandates analysis and assessment upon vulnerabilities and
enterprises, including SamsungSDS and Doosan, applied for a new gTLD such as .samsung and
establishment of protective measures every year. The applicable infrastructure includes information
.doosan. KISA continuously provides the information on the application progress (e.g. evaluation,
and communication infrastructure facilities managed by the government and public agencies, as well
objection) and supports system operation for 3 new gTLDs based on the service provider support
as the facilities operated and managed by private companies. 12 central administrative agencies,
plan. KISA also obtains the list of new gTLDs applied by foreign organizations, provides the related
115 management agencies, and 186 infrastructures were designated as managing facilities in the
information, and informs how to raise a claim to the interested parties so that they can protect their
fields of national security, administration, national defense, public order, finance, broadcasting and
rights (e.g. trademark).
communication, transport, and energy. There will erupt a serious impact upon peoples daily lives Workshop about protecting major information
and economic stability once the cyber abusing activities is committed within any of those fields. communication infrastructure
Implementation of the new Root DNS Server to in Korea
KISA and ICANN have agreed to implement the top level Root DNS mirror server to Korea, which
Improving e-Governments civil service
connects the domain name to the IP address, during the ICANN meeting in March 2012. KISA has
To improve the security of the e-Governments civil service, KISA performs various duties such as
continuously raised the need of implementing the root DNS mirror server for the stability of the
supporting the development of e-Government information security management system (G-ISMS),
domestic Internet infrastructure, and has arranged interviews with the chairman of the ICANN board
checking security vulnerabilities of the e-Government web site, and researching on the actual
of directors and CEO of ICANN to discuss about the matter. As a result, the Root DNS mirror server
conditions of national cyber safety level.
was successfully implemented. 348 Root DNS mirror servers are operated in the world, including A
~ M 13 original servers and replication servers, and as a result of successful implementation on this
Supporting the development of e-Government information security management system (The G-ISMSC)
occasion, Korea now operates 4 Root DNS mirror servers. As Korea has additional Root DNS mirror Workshop about protecting
The G-ISMSC (Government Information Security Management System) was introduced to enhance
servers, Internet stability will be strengthened and overseas traffic will be reduced from a long-term e-government information
the security of the government agencies information system in 2009. The certification target was
view, and economic benefits can be obtained by reducing the international line costs of domestic
expanded to educational institutes and medical institutions in 2011, and certificates were issued to
network service provider.
total 22 organizations.
Removing security vulnerabilities of the e-Government web site

Internet Address Management Center KISA has been carrying out a simulated hacking-based vulnerability disclosure and supporting
improvement measures for the web site operated by the central government and local autonomous
bodies. In 2011, vulnerability removal support was provided to 1,504 web sites in total, and the security
guide was distributed and training was provided for web site administrators at the same time to
reinforce response capabilities.

2011 Business Performances 2011 Business Performances
Improving e-Government web sites safety vulnerabilities Creating a safe use environment for information security products
Since 2010, KISA has been supporting a trial hacking-based vulnerability diagnosis as well as
improvement measures for web sites managed by both central and local governments. In 2011, some Evaluation/certification policy for information security product
1,504 web sites were supported with vulnerability improvement, while the measure of distributing The evaluation/certification policy for information security product is designed to verify the safety
and educating security guidebook targeting web site operators in order to strengthen their response and reliability of the security function so that users can use with confidence the information security
capabilities was taken at the same time. products that were developed by the private companies in accordance with the international
standard ISO 15408 (Common Criteria). KISA evaluated 165 information security products by 2011.
Research on the actual condition of national cyber safety level
The actual condition of national cyber safety level was surveyed for 1,800 public agencies and 6,000 Supporting the small-sized development companies
individual Internet users in 2011. The statistical data will be accumulated for comparison on an annual KISA supported small-sized development companies by reducing the evaluation fee for their
basis so that the cyber safety level and effects of the related policies in Korea can be measured and information security product by half once every year. Total 36 companies have saved 1 billion won in
managed systematically. evaluation fee since the discount program was started in 2008. In addition, KISA held the Information
Security Product Evaluation and Certification Conference in May 2011 to inform the latest trend of the
Electronic signature certification management technologies and policies related to evaluation/certification, as well as to enable security managers
As the public certificate applicable area is expanding to new areas such as electronic civil service, of the product purchaser (governmental/public agencies) to see and check the products at a glance.
healthcare, education, and electronic contract, the number of public certificate issuance increased to
26.55 million in 2011. As the public certificate application area and issuance frequency increase, and
the risk of hacking (disclosure of a public certificate) is also rising, KISA is focusing on reinforcing the
security and reliability of electronic signature management.
Cl i ck k now l edge
Safe operation of the supreme certificate authority, and managing

/supervising public certification agency
KISA conducted 24x7 non-stop operation of the certification service and fault response exercise at
the supreme certificate authority for 8 times to prevent the malfunction of public certification service Forecasting of major 7cyber threats
01. 05.
and strengthen the security in 2011. KISA also conducted regular inspection on 5 public certification
Cyber-attacks against major national events will Vulnerabilities of the local software having many users
agencies with regard to the stable operation of the public certification system, and 62 new increase. will be attacked.
registration agents by public certification agency. Besides, the lost public certification report system Domestic: Nuclear Security Summit, Yeosu Expo, general Production and diffusion of the malicious code that exploits the
was developed in association with 118 Center, and 5,300 lost public certificate reports were handled. election, presidential election, etc. security vulnerabilities of Korean word processor and video/
Overseas: U.S. Presidential Election, London Olympic, etc. music player
Attack type: DDoS, phishing, spam e-mail, etc.
02. 06.
Improving the use environment of the public certification service
More malicious code will be diffused via web hard Security threats against the cloud service will increase.
The trial service was provided, which allows the development of the public certificate use technology and SNS. Dimension sharing, service concentration, vulnerability of
as a means of protecting the personal information and joining the membership of Civil Petition 24 alicious code distribution using the dedicated web hard
M the virtualization technology, etc.
Site with a public certificate without the need of using the resident registration numbers. In addition, program and contents DDoS against the cloud service, malicious code diffusion,

Malicious code distribution in association with popular etc.
implementation suitability evaluation was performed for 10 security token products to increase search words and URL shortcut
the use of security tokens having the public certificate disclosure prevention function. And, TV
commercial campaign regarding the safe use of a public certificate was also promoted. 03.
The APT attack that hijacks national, corporate, and
personal information will persist.
PT attack using the social engineering technique that
A
07. DDoS attack threats against the DNS server will increase.
DDoS attack against homepages: A particular site cannot
be accessed.
Expanding the basis of using a new electronic certification means deceives people DDoS attack against the DNS: Several sites cannot be
KISA performs supreme certificate authoritys encryption certification for governmental and public
Intelligent malicious code/C&C hiding to reduce a possibility accessed simultaneously.
of detection
agencies. KISA issued a ECDSA device certificate after reviewing the security status of the Korea
Electronic Certification Authority and Korea Information Certificate Authority in 2011. In addition, safety
criteria study was conducted for the safe introduction and operation of the electronic certification
04. Realization of security threats due to mobile malicious
code
Increased diffusion through the open private/Google
service (e.g. bio, etc.). Android App market
Few malicious codes that are sophisticatedly programmed
are more threatening than the frequency of appearance


. Taking the lead in developing Internet policies
Timely policy trend analysis and data provision are required to set up the efficient government policy and business strategy in the private sector in Also, KISA provides a variety of information comprehensively and systematically to the users by
response to the changes happening in the global Internet environment. KISA analyzes the policy trend and shares the information in the Internet publishing the whitepaper regarding the latest issues and statistics at home/abroad with regard to
area, and contributes to the establishment of the desirable policy direction and strategy. the Internet and information security, and by running the Internet Statistics Information System (ISIS).
Law/policy study to promote the Internet and information security

Internet policy study Many policy issues have been raised in the information and security area. The risk of incidents on
KISA is presenting a desirable policy direction and vision by analyzing the policy trend in the the information and communication network is increasing and the scale of damage has become
Internet area, and forecasting Internet development in future society. Recently, the IT area is facing enormous, since the Internet technology and service environment are becoming more intelligent and Smart work law/policy seminar
a revolution with the evolving environment, in which the explosively increasing data becomes an converged, as well as more people are recognizing the importance of privacy protection. As a result,
economic asset due to the popularization of the mobile Internet, social network service (SNS), the demand on preparing the efficient solution is also increasing to solve those issues.
machine to machine (M2M), and cloud service. That is, coming of the age of big data is now being
materialized. The rapid change among such Internet-related areas, as well as intensified competition KISA actively supported the revised bill Act on Promotion of Information & Communications Network
Internet & Security Issue among global Internet enterprises and entry into the Hyper Connectivity society, requires KISA to Utilization & Information Protection (abbreviated as Information and communication network
reinforce internal and external capabilities and respond to various social demands with agility. law), which stipulates the unification of the Information security and safety diagnosis and ISMS
(Information Security Management System) certification, prior information security check, prohibition
Accordingly, KISA provides various Internet policy raw data, including Weekly Internet Trend of resident registration number collection as a general rule, and obligatory notification of personal
that quickly delivers the new information of the Internet security area, (Monthly) Internet & information use details. KISA also participated in the preparation of the revised Enforcement
Security Issues designed to review the new IT trend and lead the policy issues, and Internet and Ordinance for Privacy Act to improve the effectiveness of national policies for personal information
Information Security (IIS) - Internet policy academic journal. Besides, KISA supports national policy protection. In addition, KISA provided practical supports during the revision of Electronic Signature
establishment such as the development of the mid-to-long term strategies and policies in the Act and Information and Communication Infrastructure Protection Law.
Internet field, and takes the lead in establishing the policies in the Internet area.
KISA supported legislative proceedings such as the Malicious Program Diffusion Prevention Act
Survey and analysis upon Internet issue and service that contains the efficient prior/follow-up measures against the DDoS attack by zombie PCs, as the
KISA produces and provides various statistics on the Internet and information security area. As of DDoS attack causes large-scale damage throughout the national information and communication
2012, KISA publishes 10 national statistics, which are widely used for the development of related infrastructure, and Smart Work Promotion Act for Broadcasting and Communication to introduce
policies, business strategy establishment, and academic research. In addition, KISA understands and propagate the smart work in Korea and protect smart workers. Besides, KISA conducted a
the trend of international indices and provides the raw data for international index evaluation items research on preparing the draft for Cloud Computing Development and User Protection Act to make
through the cooperation with international organizations, including the ITU and OECD. a law to promote domestic cloud services in 2012.
Status of national statistics preparation in the Internet and information security area In addition, KISA is making efforts to identify the problems of current legal systems and prepare
improvements to keep pace with the changes in technology/service in the Internet and information
Area Statistics name Statistics type
security area. KISA published Internet law trend every month, and conducted basic research on
Research on the actual condition
Designated statistics (No. 12005) improving the overall legal system by running the Internet law and policy forum, which contributed
of Internet use
to the improvement of the specialized capabilities of Internet-related laws and policies in Korea.
Research on the actual condition of Additional research on the condition of
Internet use by foreigners living in Korea Internet use
Internet
Research on the actual condition of wireless Internet use General statistics (No. 32902)
Additional research on the condition of
Research on the actual condition of smart-phone use
Internet use
Internet infrastructure statistics Report statistics (No. 32901)
Research on the actual condition of
General statistics (No. 34201)
information security (enterprise)
General statistics (No. 34205)
of information security (individuals)
Information
security General statistics (No. 11028)
of national cyber safety level
Research on the quantity of spams received by mobile
phones General statistics (No. 34204)
Research on the quantity of spams received by e-mails


. Diffusing new Internet services
As the future Internet is a global trend that will determine national competitiveness in the 21st century, many countries are now exerting multilateral Strengthening the ecosystem infrastructure for the future Internet
efforts, such as reinforcing the future Internet technical competence and securing core technologies. KISA, the representative Internet agency KISA tried to reinforce the industry promotion and ecosystem infrastructure in the future Internet area.
in Korea, is also preparing for the future by creating an industrial ecosystem and identifying and supporting a new business model to secure The Future Internet Promotion Committee was established in March 2011 to support the policies
competitiveness in the future Internet market. of the Korea Communications Commission, and it consolidated the Internet industry development
foundation suitable for the development/convergence-type ecosystem environment based on the
Internet development plan to prepare for the future, which was reported to the VIP in June. During
Nurturing Internet service ecosystem the Global Future Internet Week held at the end of 2011, 29 CEO-level attendants from the future
Laying the foundation of Internet PR distribution Internet field in 11 countries, including the U.S. and EU, were invited and delivered the lectures
KISA received comments about difficulties and suggestion from the industries related to the Internet related to the future Internet. In addition, KISA operated the Future internet Operation Committee
and mobile advertisement by holding Internet/Mobile advertisement business network and Smart and four working groups, published the future Internet trend (newsletter) and issue analysis report
Ad & App networking day, and reflected them in setting up the policy. In addition, the network among during the quarterly seminar, and distributed them to the industrial, academic, research experts
service providers was promoted to share the related information, trend, and continuous development and related institutions. KISA also led the internationalization at home and abroad by identifying the
of Internet mobile advertisement business. future Internet standardization task for each working group and announcing the task results for the
Inaugural assembly of Korea NFC standardization workshop during the Global Future Internet Week event.
Standardization Forum
Technology development and base establishment for future Internet convergence services
KISA implemented two pilot project items through the preliminary demand survey on future Nurturing newly-converged contents business
convergence services, and exhibited services that were successfully developed during the Global Supporting the production of interactive broadcasting contents
Future Internet Week event. In addition, KISA conducted PR and external cooperation activities to KISA has been improving the TV viewing pattern and supporting the production of interactive
improve the awareness about the future Internet, such as presenting of the future Internet policy and broadcasting contents, including new business models, by linking together the smart technology and
technology vision by holding specialized conference and small-scale seminars regarding the Future two-way broadcasting. In 2011, KISA produced and supported 196 creative interactive broadcasting
Internet. contents and broadcasted them using the interactive broadcasting media. In addition, KISA produced
1,810 subtitles for 665 programs using the interactive multilingual subtitle service (Korean, English,
Promoting Near Field Communication (NFC) payment and application service Chinese, Japanese, and Vietnamese), and provided two platform services.
In order to promote the domestic NFC industry, the Implementation plan to promote NFC-based
mobile smart life services was established by organizing and operating an expert task force team Supporting the promotion of Internet media services
related to NFC, which was joined by the Korea Communications Commission, KISA, ETRI, TTA, and The new type of Internet/mobile advertisement test panel was organized and operated in order
MOIBA, and by collecting opinions from NFC-related industries and academic circle. In addition, to achieve the growth of the online advertisement market and promotion of the advertisement
19 organizations, including the Korea Communications Commission, KISA, three mobile operators, application market. In addition, the foundation for market competitiveness reinforcement was laid for
credit card companies, and VAN providers, signed MOU to establish the cooperation foundation. the small and medium sized private companies that participated in the project, by providing the raw
Also, the Korea NFC Standardization Forum was founded to develop and diffuse NFC application data for test App evaluation and improvement.
services. The Myeongdong NFC Zone was developed, and the demonstration service was
provided for three months from November 2011 in the Myeongdong area where many natives and
foreigners are passing by. Also, the NFC payment service was applied to some 200 shops, including
Cl i ck k now l edge
the coffee shops, convenience stores, and fast food restaurants, and various application services
were created, including smart ordering, smart post, and access control.
Laying the policy foundation to promote the cloud service

NFC, a small revolution within a 10cm distance
The NFC is an acronym for Near Field Communication, which is the information technology that allows us to establish communication when we
KISA is trying to enhance the national competitiveness in the cloud area. In 2011, KISA reinforced the move the device to within the range of 10cm. You may easily understand this technology when you think about how to use a transportation card.
cloud cooperation system at home and abroad, by operating a consultative group for cooperation This technology uses a RFID, and supports both read and write. As a result, NFC is usually used for the payment system using the mobile device. In
among governmental departments, collecting opinions from the industrial circle, and holding an particular, NFC utilization with smart-phone is increasing in these days because the USIM chip in the smart-phone can contain unique information.
Unlike Bluetooth, NFC doesnt require setting for communication. What if you are concerned about security issues? As NFC is designed for the near
international forum among Korea, China, and Japan, as well as a Korea-Japan policy forum. In
distance only, it is evaluated that security is relatively strong. You can experience more NFC applications using the smart-phone. If you put your
addition, in order to reinforce the cloud service competitiveness, KISA secured the basic statistical
smart-phone close to the advertisement media, you can obtain the product information or coupon, or you can get the bust interval information at
data needed to establish the cloud service policy by conducting research on actual conditions of the
the bus stop. You will receive a customized coupon when you visit a place for date, or can place an order by moving your smart-phone close to the
cloud service industry, and supported the establishment of pan-governmental cloud diffusion and
menu.
competitiveness-strengthening strategy.


. Promoting international cooperation
Active international cooperation is required to achieve the 200 billion dollar ICT export, which is the governmental target for 2013. In particular, Providing information for exporting broadcasting/communication services
new market development is essential because of the small broadcasting market size and growth limitation of the countries where Korean Wave KISA has been operating the overseas broadcasting and communication information system ICT export in 2011
is popular. KISA has been securing multilateral broadcasting/communication cooperation channels among countries and supporting enterprise (CONEX) to support companies intending to cultivate overseas markets so that they can actively
business in order to develop the overseas market earlier than other competing countries. respond to the age of broadcasting/communication convergence that is rapidly changing, by
providing the information on related polices and market trends to broadcasting/communication
service providers. In particular, the number of information provisioning countries was extended
157 billion dollars
Diversification of international cooperation from 47 in 2010 to 54 in 2011 by implementing the results from survey regarding supporting strategies
Shared growth by supporting the broadcasting/communication policies of developing countries for overseas entry of broadcasting/communication industries as well as the demands from
KISA is implementing the Official Development Assistance (ODA) project for the departments enterprises. Besides, the online consultation window was opened to provide customized consulting
managing broadcasting and communication in the developing countries as well as decision-makers and information to the companies that want to venture the overseas markets in the broadcasting/
of the related department. In 2011, the scale of the project was expanded to those in cooperation communication area. KISA published 2011 Broadcasting and communication status by country
with ITU and World Bank to create synergy effect, and total 439 attendants from 85 countries were 2011, which compiled information on policy, present condition of the items, and trends of service
delivered to 21 courses in total for the invited training program. Each course was composed of the providers, collaborated for each of 54 countries.
Invited training_International technology, policy and latest trends/issues related to the broadcasting/communication technology, KISA will provide more information on new promising areas such as LTE, smart TV, and 3D TV, and
Telecommunication Union course and many opportunities were given to the attendants, including learning of advanced cases of support customized consultation for the demands of individual enterprise on overseas information
Road show in Brazil
broadcasting/communication services in Korea, visit to the broadcasting/communication service by promoting the online consultation window function of CONEX. Also, the mobile web for the
providers, and sharing of the broadcasting/communication status of each participants country. overseas broadcasting/communication information system will be developed to promote users
convenience and increase overseas advertisement, so that constant usage rate of CONEX can be
Enhancing national dignity through cooperation with international organizations increased. In 2012, the mobile web (http://m.conex.or.kr) will be developed in parallel with the age
To carry out responsibilities as an advanced broadcasting/communication country for the of smart-phone to support wired/wireless environment, so that the information can be obtained at
international society, KISA has been promoting cooperation with international organizations, anytime and anywhere regardless of the accessing environment.
including the International Telecommunication Union (ITU), Organization for Economic Cooperation
and Development (OECD), and Asian and Pacific Centre for Information Communication Technology CONEX information provisioning countries and items
Invited training_World Bank course
for Development (APCICT). Many cooperation projects were promoted with the ITU, including
Target country (54 countries)
preparation of the roadmap for digital switching in the developing countries, and holding workshops Target item (10)
Item Country name
to resolve the difference among the standardization levels. In particular, Korea Exhibit Hall was
installed at ITU Telecom World 2011 in 2011. KISA has been regularly participating in both the Board Countries of Malaysia, Mongolia, Vietnam, India, Indonesia, Japan, China, Cambodia, Smart 4G, Korean style
promising Thailand, Philippine, New Zealand, Mexico, U.S., Brazil, Peru, Australia, mobile TV, Internet-based
of Directors Meeting of the ITU and the information security working group meeting of the OECD to export Netherland, Norway, Italy, Turkey, France, Russia, Kazakhstan, Poland, TV, broadcasting service,
analyze the issues related to information security and Internet, and presenting the opinions of Korea (32 countries) Ghana, South Africa, Egypt, Myanmar, Ecuador, Columbia, Rwanda contents broadband,
mobile communication,
in international organizations. Experts were dispatched to the APCICT, an UN-affiliated international
Countries with wired communication,
organization, to support projects designed to develop and propagate information/communication Taiwan, Singapore, Venezuela, Uruguay, Chile, Canada, Paraguay, information security, radio
information
Germany, Bolivia, Spain, U.K., Finland, Rumania, Uzbekistan, Ukraine, management, Internet
technologies in the developing countries of the Asia Pacific region. demand
Hungary, Nigeria, Saudi Arabia, UAE, Argentina, Switzerland, Serbia.
(22 countries) service
Substantiation of international cooperation

Supporting overseas entry of Korean Wave contents and convergence services
Supporting customized consulting services for broadcasting and communication enterprises
KISA reinforced global marketing support activities for strategic commodities of Korea with strong
KISA is endeavoring to support the small and medium-sized broadcasting/communication
competitiveness including WiBro, DMB, IPTV, broadcasting contents, and broadband. The overseas
companies that are equipped with international competitiveness regarding technical skills and
road show was held 8 times in 2011 in new national markets with high potential such as Brazil,
sellable quality but have difficulties in entry into overseas markets due to the lack of experiences
Australia, Iran, and Columbia. The buyer consultancy meeting related to local broadcasting/
and experts workforce. KISA supported 76 consulting services in regards to the difficulty in entry into
communication services was held 2 times in Kazakhstan and Russia in the first half of 2012. As
overseas markets in 2011, and 50 services in 2012 (up to June), by operating the On/Off-line overseas
for the overseas consulting project, impacts of the market environment, technology status, and
entry consultation center. Also, KISA promoted the customized consulting support project through
cost-effectiveness on the introduction of technology/service was analyzed and distributed to the
one-to-one matching of small and medium-sized companies intending to enter into overseas
consulting countries, in order to support the entry of broadcasting/communication and new Internet
markets with consulting firms familiar with the overseas countries to enter. KISA designated 45
services into overseas markets. In addition, showcases were held in regions of Eastern Europe,
consulting companies in 23 countries in 2012, and supported overseas entry of 17 small and medium
Latin America, and Southeastern Asia to improve public recognition of the Korean broadcasting/
size companies in 2011, and 30 companies in 2012.
communication convergence service and technologies by diversifying the exporting countries and
genre of broadcasting contents that are heavily concentrated on the Korean dramas.

SOCIAL SOCIAL RESPONSIBILITIES

. Enhancing competitiveness by shared growth
RESPONSIBILITIES
. Enhancing competitiveness by shared growth KISA puts forth a multilateral effort into realizing fair society where KISA can prosper with partners. Linking with KISAs proprietary business
areas, KISA supported enhancing capability of small-to-medium-sized businesses, joint R&D, joint market development, and overseas market
. Promoting customer satisfaction management
development, as well as endeavored to bolster the Internet business ecosystem for co-prosperity.
. Promoting social contribution as a specialized Internet agency
Establishing the shared growth strategy system based on KISAs characteristics

KISA established the shared growth strategy system in 2011 to push forward shared growth based on
KISAs unique characteristics. With the shared growth vision of improving competitiveness of Internet
industry through shared cooperation with small-to-medium-sized partners for co-prosperity, the
shared growth task force identified and implemented shared growth tasks related to KISAs unique
businesses. In addition, communication activities were carried out 114 times, including the meeting
with partners and Networking Day, to reflect voices of the field in the policies. Besides, policies
were improved and supporting measures were prepared through continuous monitoring and check
in order to increase the effectiveness of shared growth policies. And, shared growth activities were
encouraged internally by linking with the performance appraisal system, including awarding of the
excellent department.
221
KISAs implementation system for the shared growth strategy
companies
Improving Internet industry competitiveness through shared cooperation
Vision
Supporting joint entry of small- with small-to-medium-sized partners for co-prosperity
to-medium-sized market in 2011
Identifying and pushing forward shared growth tasks in parallel with

Strategy KISAs unique businesses
1,250
Intl cooperation
Shared growth TF
(Supervision: Creative Management Team) Internet
hours
Shared Growth
Consultative
Employees total service hours in 2011 Shared growth committee Group
Implemen-
tation
system
Overseas export Policy im-
Capability rein- Joint R&D Joint market entry
(sales promotion) provement
forcement Supervised by Supervised by
Supervised by Supervised by
Supervised by Security R&D Internet Business
International Co- Financial Ac-
KISA Academy Team Team
operation Planning counting Team
Team
1 Step 2 Step 3 Step 4 Step
Promotion Consider the purpose Review the as- Review shared Confirm detailed task
task of agency establish- sociation between 5 growth programs by by 5 implementation
selection ment, major busi- strategic objectives area (entire depart- areas (Shared Growth
ness, and vision and and 13 core promo- ment) Task Force)
mission tion tasks

SOCIAL RESPONSIBILITIES SOCIAL RESPONSIBILITIES
Communication with partners Export and sales promotion support

Type Date Target Major Contents KISA promoted overseas road show and provided consulting on strategic broadcasting and
Meeting with the Directors of 22 Listened to difficulties and suggestions of the information security industry, and shared the communication items, held the knowledge/information security exhibition as well as business
MAY/2011
information security industry information security companies status of projects supported by KISA (9 opinions were collected and solutions were reviewed.)
meeting, and supported the export strategies suitable for global foreign investment and characteristics
Security industry Collected opinions from the industry by visiting the security company and holding a meeting of enterprises. Export consultation for total 30 billion won was provided to 88 companies in 2011 as a
JUN/2011 CEO of key security companies
CEO meeting regarding difficulties (7 opinions were collected and answered in the field.)
part of small-to-medium-sized business support in the broadcasting and communication area.
Meeting with the knowledge CEO of 20 related Discussed about the current issues in the knowledge information security industry (20 opinions
DEC/2011
information security industry companies, 2 scholars were listened and reflected in project implementation.)
Supporting small-to-medium-sized business in entering the overseas market
Smart Ad & App JAN/2011 Internet Ad company, related Discussed about cooperation with domestic Internet and mobile advertisement stakeholder for
Networking Day JUL, DEC/2011 agency and association co-prosperity (Shared the information on the industry trend and discussed about difficulties.) Business content Major performance
Had an interview with the CEO of contracting companies -> Reviewed contracts taking multiple Providing NFC payment and mobile xport consultation for 3.2 billion won export, such as overseas road show
E
Interview with partners Occasional Contracting company, etc.
years to support business continuity and small businesses (DEC/2011) application service (6 countries including Australia and Brazil, 16 member companies), overseas
Business detail consulting (3 countries including Mexico, 3 member companies)
Capability reinforcement support for small-to-medium-sized businesses Developing Internet business
Supported 45 companies, such as exhibitions (3 countries including Japan,
27 companies) and business meeting (3 countries including UAE)
KISA supported small-to-medium-sized businesses by implementing 24 specialized training courses services and foundation support
Export consultation for 26.8 billion won export
related to information security and address management in 4 areas. 5,068 persons completed the Internet win-win report
Supported the programs of 5 winning teams in TWiST Start-up Contest
specialized training in their specialized area. Supporting two-way broadcasting
Supported localization and overseas market development for 2 teams
program production
(8 companies, 300 million won)
Capability reinforcement training for small-to-medium-sized businesses
Type Training course Duration Attendees Promoting Internet win-win consultative group
Training to foster the personnel specialized 9 courses, including knowledge information The Korea Communications Commission, Internet companies, communication service providers and
370.4 hours 595 persons
in knowledge and information security security consulting and digital forensic. manufacturers, and related associations and organizations confirmed their determination for mutual
5 courses, including latest security cooperation on the occasion of Win-win cooperation declaration ceremony and officially launched
Information security training for
technology, response to DDoS attack, lecturing 293 hours 1,585 persons
small-to-medium-sized businesses
tour on information security course. the Internet win-win consultative group in September 2010. KISA now provides various supportive
5 courses, including general/advanced privacy measures (e.g. reinforcing the private-public cooperation network) to substantially operate the
Privacy training and consulting 78 hours 2,528 persons
protection, and lecturing tour program, including identifying of joint cooperation business technology sharing among enterprises,
Practical address management and operation 5 courses, including DNS operator training and
597 hours 360 persons
and nurturing experts. Also, KISA published and distributed Internet Win-Win Report 2011 for the
training for small-to-medium-sized businesses IPv6 introduction consulting.
shared growth and mutual cooperation environment of the domestic Internet business industry.
Joint R&D support

Internet Business Start-up (IBS) program
Joint research was conducted with 8 small-to-medium-sized companies for three R&D projects in the
Beginning with the pilot project Web Biz Startup Program with the Korea Communications
information security area in 2011. In addition, as a result of the four R&D projects that were caried forward
Commission in 2010, KISA promoted Internet Biz Startup Program (IBS) in 2011 to support the market
Capability reinforcement (training) area in 2010, core technologies were transferred to 6 small-to-medium-sized businesses to foster small-to-
entry of small-to-medium-sized venture companies that have creative ideas, such as the singular
medium-sized business of the technology innovation-type.
2011 5,068 persons entrepreneurial company. Among 131 new Internet service ideas, 20 teams were selected after
2010 3,817 persons
Joint market entry support passing reviews, and various support measures were taken, including granting of the development
KISA implemented NFC trial services, Internet business service development and foundation support, subsidy for 5 months (600 thousand won per months), one-to-one mentoring by experts in the
Joint research area and production of two-way broadcasting programs, to support the domestic market comprising small technology/business area, Developer Networking Day, and patent application. In addition, 10
and medium sized businesses. Owing to these efforts, the number of joint market entry companies has
2011 3 researches (8) 1.3 billion won Composition of Internet Shared Growth Consultative Group
3 researches (6)
increased significantly - from 27 companies only in 2010 to 221 companies in 2011 (about a tenfold increase).
2010 1 billion and
Internet
140 million won service
Joint market entry support projects for small-to-medium-sized businesses Communi- providers
Joint market entry cation service
Project detail Key achievements providers
Providing NFC payment and Secured 200 NFC payment service member stores by having a meeting with stakeholder for Composition of the
2011 221 companies 5.1 billion won Internet win-win
mobile application service 600 times. Provided an opportunity of entering new markets to small-to-medium-sized
2010 27companies 2.8 billion won
solution providers consultative group
Developing Internet business 2 0 projects were selected and development was supported through public subscription of
Related
Overseas entry area services and foundation the innovative Internet business idea (131 ideas) Provided the company foundation fund organiza- Manu-
support (175 million won) to 10 excellent projects tions facturers
30 billion and
2011 88 companies 20 million won Supporting two-way broad- Supported the production of two-way contents for 37 small and medium sized broadcasting
2010 51 companies 29 billion and casting program production service providers (3.4 billion won) The accumulated number of viewers in 9 projects (13
830 million won programs) exceeded 16 million 680 thousand viewers.

outstanding services were selected and total 175 million won foundation support fund was provided. administrative costs and human resource burden of the partner, which occurs throughout the contracting
As a result, 5 teams out of 10 excellent service idea teams started their business or are preparing for procedure such as participating in the tender, signing a contract, and making payment. In addition,
foundation (as of July 2012). Some supported teams have already achieved revenue increase and the electronic procurement system that processes the contract online is making a contribution to
employment expansion through service alliance with conglomerate companies. the increase of fairness and transparency throughout the business process, in that the possibility of
corruption which might happen during the face-to-face meeting with suppliers can be removed.
OpenAPI utilization training
Demand on capable developers is also rising, as the Internet technology is changing rapidly and Communication with partners
IBS 2011 Market Day demand on convergence-type new Internet services is rising. To keep pace with such trend, KISA KISA collects the information on difficulties and suggestions of partners through communication
implemented OpenAPI utilization training using the OpenAPI (Open Application Programmer with them, and shares our vision and value with partners. Partners can propose their opinions freely
Interface) of key portal sites for college students and ordinary people. Making the use of this project, on the Customer plaza bulletin board in the home page, and the accepted opinions are quickly
developers can receive technical training that can be applied to their business practice directly, while processed. In addition, integrity of KISA employees, compliance with the proper business procedure,
small-to-medium-sized businesses can secure their capable developers. In addition, large-sized and customers satisfaction with business processing are monitored using the Clean Call system.
Internet companies like major portals could spread their OpenAPI and increase the use of related
Comparison of major shared growth results
services. In 2011, training was implemented in 6 areas (Seoul, Busan, Gangwaon, Jeolla, Daejeon,
By item 2010 2011 Remark
and Gyeonggi) to solve the problem of excessively concentrated training area, and total 417 persons
Total SMB product purchase amount (A) 62.2 billion won 41.9 billion won
The purchase budget decreased
completed the training course. KISA plans to provide training on new technologies like HTML5, SMB product
Total purchase budget (B) 72.8 billion won 46.4 billion won due to the reduction of KISA budget,
OpenAPI utilization training besides the OpenAPI of key domestic portals. purchase
compared with the previous year.
A/B 85.44% 90.3%
IBS 2011 promotion process Capability reinforcement results (training, consulting, etc.) 3,817 5,068
Joint R&D Number of cases, participating companies 3 cases (6companies) 3 cases (8companies)
Public subscription of the service Agreement ceremony and signing a
Screening and selection support results Joint R&D budget 1 billion and 140 million won 1.3 billion won
idea contract
Number of projects 11 6
Total 131 ideas were accepted 1st (document): 40 ideas were selected. Agreement with 20 teams
2nd (interview): 20 support target ideas Number of cooperation private
were confirmed. Joint market entry 27 221
companies
Final evaluation Held Mentoring Day Supported service development Project scale 2.8 billion won 5.1 billion won
Overseas export (sales Number of support target companies 51 90

1 0 outstanding projects out of 20 develop- ne-to-one mentoring between developers
O upported 600 thousand won every month
S promotion) support Consulting amount for export 29 billion and 839 million won 38.8 billion won
ment projects were selected. and field experts and mentoring networking Supported mentor matching, patent
: Two times Mentoring Day events application, and equipment
Securing the opportunity of over- Expert interview

Held IBS Market Day Supported foreign investment
seas market entry
Awarded 10 excellent projects Supported social function of 20 teams Provided a privilege of participating in IT
Support is required for shared growth of the Internet ecosystem

Announced service achievements 5 teams participated in the global foreign Venture Launching Conference held in
investment event (TWISt) - 1 team won San Francisco
the prize
Fair trade with partners Shared growth and sustainability management are indivisible relation. If you go fast, you have to go alone.
KISA is strengthening ethical practice monitoring to improve business efficiency and prevent However, you have to go together if you want to go far. Even the large-sized company with the worlds best
corruption and faults in advance. For monitoring, the Customer plaza menu was newly opened on competitiveness cannot sustain a long and healthy status by themselves. As a matter of fact, shared growth
the home page so that visitors can report corruption and budget waste. Also, clean organizational is more suitable and important to public agencies than private enterprises. Essentially, the achievements of
management in private enterprises, which aims to make profits, are determined by individuals and short-term
culture was created using the clean contract policy and special terms policy. The report system is
results. On the other hand, the management results of public agencies in pursuit of public interest are evaluated
advertised mainly during the vulnerable period such as the end of the year and national holidays.
based on how the agency has been endeavoring and contributing to the growth of related enterprises. It was
An encouragement gift is given to the employee who accepted the prohibited goods but returned
found that KISA properly understands the purpose and importance of shared growth, and is making various
it, and a bonus point is given to the department where a reporter belongs to. Clean administration efforts by establishing the shared growth promotion system that fits into their unique business. It is very positive
pledge, which is performed throughout the year, is an effort to create fair and transparent relations that KISA laid the foundation of shared growth by listening to the opinions of partners, sharing the information,
with interested partners by conforming to the principle of fair competition as well as related laws Lim, Chae-wun
providing specialized training to reinforce capabilities, and supporting joint research and development. It can
President of the Korean
and regulations (e.g., national contract law), when performing procurement business, including good be highly regarded that KISA is attempting to enter the domestic and overseas markets together with small and
Association of Small
purchase, construction work, and outsourcing. medium-sized businesses based on these foundations. However, efforts for shared growth must produce the Business Studies
results of the growth of small and medium-sized businesses. I expect that small and medium-sized businesses, Professor, Sogang University
Electronic procurement system a member of the Internet ecosystem, can grow strongly and steadily, which enables the continuous growth of
KISA is running the electronic procurement system to improve fairness and transparency throughout KISA as well, as its existence largely depends on the prosperity of small and medium-sized businesses.
the tender and contract business. The system enhanced business efficiency and minimized the

SOCIAL RESPONSIBILITIES
. Promoting customer satisfaction management
KISA will be an agency that impresses customers and trusted by customers, while achieving organizations mission defined in laws and policies as Customer satisfaction mindset training was implemented for the entire employees. To improve the level of
a public agency. In 2011, KISA made efforts to establish the customer satisfaction culture within itself by resetting the vision of customer satisfaction implementation, the results of customer satisfaction activities were reflected in employees performance
management and strengthening the trainings on customer satisfaction. appraisal, and the customer satisfaction performance index was diversified as well. On the other hand,
customers of the project who had shown low Public-service Customer Satisfaction Index (PCSI) in 2011
were selected, and the Focus Group Interview (FGI) was conducted to understand directly the needs of key
Customer satisfaction with public agencies in 2011 Setting up the vision and strategic task for customer satisfaction management KISA customers. Then, problems and items to improve were identified and reflected in business operation.
KISA newly established customer satisfaction vision in 2011 based on the present condition diagnosis
94.0 points
on the operation of the customer satisfaction management system, which was conducted in 2010.
The will of KISAs internal employees for achieving customer satisfaction was clearly expressed to the
public by holding a ceremony for customer satisfaction declaration in July 2011, and implemented the
Removing inconvenience through the customer satisfaction survey
KISA conducts 118 Center Happy Call survey every year to remove inconvenience from the service
118 Center
processing procedure and results of 118 Center, and increase the level of customer satisfaction.
objective and practical feedbacks to business practices by appointing the customer advisory group. According to the Happy Call survey results in 2011, the Customer Satisfaction Index (CSI) was Employees COI diagnosis result
As for the first phase, the new customer satisfaction system was established and diffused, which 86.8, which is 0.2 point increase from the previous year. In particular, more than half of the survey
continues from the integration of three agencies in 2009. For this purpose, various surveys were respondents (60.4%) gave over 90 point CSI. Regarding service details, friendliness was evaluated 2012 68.5 points
2010 60.1 points
conducted, including the level of internal staffs customer orientation, interview with internal staffs, as very satisfactory (91.3 points), followed by accuracy (85.8 points) and promptness (85.1 points).
outside customer FGI analysis, level of stakeholders satisfaction by team, and 118 Center Happy Call. Regarding the complaints about consultation and items to be improved, insufficient improvement
In 2011, KISA declared customer satisfaction vision, organized the customer advisory group, collected activity for the reported item and lack of feedback regarding the follow-up processing results were Customer satisfaction evaluation results for
opinions, and identified customer satisfaction improvement tasks by team to establish the enterprise pointed out. Therefore, KISA is actively improving follow-up service management in 2012. public agencies in 2011
customer satisfaction culture.
2011 94.0 points
Road map to promote the customer satisfaction strategy 2010 88.5 points
2012
Strengthening customer satisfaction trainings and implementing feedbacks 2011 Phase 3: Leading the customer
Training courses were provided for persons in charge of customer satisfaction as well as other 2010 Phase 2: Establishing the customer satisfaction trend
employees, so that they can better understand the newly established vision and strategy, and Phase 1: Diffusing the customer satisfaction culture Spreading the customer satisfaction trends
satisfaction system of KISA over other agencies by performing
customer satisfaction programs implemented for each department can be conducted smoothly. The Expanding the base of enterprise customer the leading customer satisfaction activities for
satisfaction-oriented culture based on customer service and improving the image.
in-depth training courses were provided to the persons in charge of customer satisfaction 2 times, Reinforcing the enterprise system for customer
short-term achievements, and completing the
satisfaction and customer service provision, Quantitative target: PCSI 95.0 points
cultural/ institutional supports to fundamentally
and customer satisfaction practice steering committee was also held. and achieving tangible short-term results
innovate customer satisfaction Qualitative target: Establishing and
uantitative target: PCSI 88.2 points
Q spreading the best level of customer
(85.3 points in 2009 88.5 points in 2010)
uantitative target: PCSI 90.0 points
Q satisfaction management system among
Qualitative target: Establishing the customer (88.5 points in 2010 94.0 points in 2011) public agencies

Qualitative target: Securing customer
2011 CS Vision House satisfaction promotion system
satisfaction competitiveness at the level
excellent public agency
CS Vision
Self-diagnosis by employees
KISA that impresses customers and trusted by customers
KISA performs Customer Oriented Index (COI) self-diagnosis of the employees every other year,
and manages customer satisfaction activities throughout the agency or by department. According
CS Core Customer satisfaction culture establishment in 2011
to the diagnosis result in 2012, the KISAs COI was 68.5 points, which is 8.4 points increase from 2010.
Core The overall point of all elements has increased. Customer service quality management and leader-
Customer Innovation, Partnership, Success, Trust, Safety ship were evaluated high (71.8 and 69.4 points respectively), whereas the organization/personnel for
Value
customer satisfaction management and customer satisfaction management result evaluation were
Happiness
Win-Win KISA Innovation the Intra Trust you & me evaluated low (67.3 points). To accomplish continuous improvement in the level of quality, insufficient
through KISA
parts will be improved and excellent parts will be developed further.
U
nderstanding cus- VOC collection in an Reinforcing personnel Improving peoples
tomer requirements and integrated manner and capability to promote awareness and
management system strengthening manage- customer satisfaction organizations image
Strategy establishment ment Systemizing the custom- Setting up the civil High evaluation of customer satisfaction with the public agency

Strengthening customer er satisfaction promotion service standard
direction and
Establishing the VOC KISA obtained 94.0 points in Customer satisfaction survey with the public agency 2011 managed by
information provision utilization system organization Efficient 118 Center
strategic tasks
Reinforcing follow-up
Establishing the customer Creating an atmosphere operation the government, which was 5.5 points increase from the previous year. Reviewing the result by busi-
management services satisfaction evaluation to promote customer

Strengthening the system satisfaction ness area, the level of customer satisfaction in reinforcing the information security system evaluation
management of contact
Customer satisfaction Increasing vertical/hori-
service quality result compensation and zontal communication and certification base and policy and new business development was high, including Internet pro-

Customer-oriented establishing the stable
policy/Process renovation system motion, accelerating IPv6 switching, promoting country domain, reinforcing the information security
system evaluation and certification base, and policy and new business development; whereas the
CSM Intra Constant implementation status monitoring level of satisfaction was relatively low in international broadcasting and communication cooperation
projects and stable IP address supply and management.

SOCIAL RESPONSIBILITIES
. Promoting social contribution as a specialized Internet agency
KISA carries out its social responsibility to the fullest as a corporate citizen instead of performing public services that are only defined in laws and Promoting differentiated social contribution with TOP strategy
policies. KISA is taking the lead in social contribution activities by making use of the characteristics and themes as a specialized Internet agency,
and promoting business while keeping cooperative relations with outside professional agencies. T.O.P strategy for social contribution that reflects the organizational characteristics of KISA
Social contribution activities are Neighbor caring social activities are

Poor environment to use the Internet
required for the information alienation needed, such as looking after the
Promoting social contribution that fits into the business characteristics of KISA safely
class senior citizen who lives alone
KISA is contributing to the development of local communities and improving reliability as a public
agency by fulfilling its social responsibilities. To develop social contribution programs that can be
KISA social contribution welcoming ceremony
helpful in practical ways and make employees feel rewarded, rather than formal social contribution T.O.P strategy
activities, KISA has established promotion strategies that consider the foundation objectives and Social contribution based on the Social contribution that goes
Social contribution led by KISA
business characteristics of KISA. characteristics and subject with society
Theme Owership Partnership
Briquette carriage service KISA carries out social contribution programs based on four strategies - 1) social contribution that
Utilizing information security Utilizing Internet promotion/cultural Utilizing the capability of performing
considers the characteristics of the specialized Internet agency, 2) social contribution that goes capabilities capabilities public interest duties
together with local communities, 3) building up social trust as an agency that carries out businesses
Internet information security Onnuri Producing Internet filial piety album Visiting the senior citizen who lives
of public interest, and 4) sustainable social contributions that are participated voluntarily. The campaign, including PC security for the elderly alone in the community
Social Responsibility Management Committee that supervises sustainability management makes a check for free IT ethical education contribution Shopping at the traditional market in
Visit to major information security (creative experience room, etc.) the local community
decision and provides advices on activity direction by subject, and, while searching for proper social infrastructures like KISC and K-NBTC Rice contribution, Briquette carriage
service activities, strengthens effectiveness of the activities by identifying actual needs of external Lost public certificate reporting service
service via 118 Center
stakeholders, including local communities, civic groups, and information security college clubs.
Business development that considers external demand and organizations capabilities Theme : Differentiated social contribution using information security capabilities
KISA is developing various social contribution programs that can satisfy the needs of local The Internet information security Onnuri campaign is a program that provides the free PC security Information security Onnuri campaign
communities and civic groups by using internal capabilities. With the strategy of T.O.P (Theme - check service for social welfare organizations and IPTV Study Room, which social groups vulnerable
social contribution based on the characteristics and subject, Ownership - social contribution led by
KISA, and Partnership - social contribution that goes with society), KISA is promoting programs that
utilize information security capabilities, Internet promotion and cultural capabilities, and public interest
to Internet access often use. In particular, this program has been developed as a local community
collaboration-type program that combines various programs with Onnuri campaign, by signing a
business agreement with Gyeonggi-do Provincial Government and Anhlab. Besides, KISA conducted
44 times
duty performing capabilities. To share the purpose of these activities and create an atmosphere of service activities 44 times in 2011 by visiting the welfare facilities as well as college information Visit to the information security infrastructure
voluntary participation of the entire employee, the KISA social contribution welcoming ceremony security clubs throughout Korea, including Seoul, Busan, and Gyeonggi. KISA will enhance the level
was held in May 2011.
Social contribution promotion system and monitoring process

of Internet use environment and awareness of the alienated class in communities by continuously
carrying forward the program.
Besides, KISA arranged a field trip for college students (National Defense University, Hoseo
114 times
Technical College, etc.) to information security infrastructures such as KISC(Korea Internet Security
Considering organizations foundation objectives and business characteristics
Center) and K-NBTC(Korea National Biometric Test Center) 114 times in 2011.
Promoting ocial contribution that considers the characteris-
S uilding up social trust as an agency that carries out
B
strategy tics of the specialized Internet agency businesses of public interest

Social contribution that goes together with the
Sustainable social contributions that are participated Ownership : Social contribution that leads new Internet culture
local community voluntarily
KISA is producing and donating the Internet filial piety album to the elderly so that sympathy and
Sustainability Practice Sustainability Management
communication among different generations can be established via the Internet. This program
Committee Committee produces a digital album using old photos of the elderly, and received a positive response from the
Developing social contribution upervising sustainability
S elderly. As a part of this program, KISA visited 4 welfare organizations in Seoul and Gyeonggi in
programs to carry out social management and discussing
responsibilities and review the about the direction of social 2011, and donated 57 filial piety albums. In addition, KISA implemented Internet ethical education for
promotion status contribution activities to fulfill
Promotion social responsibilities
the infant, youth, and teachers (e.g. creative experience class), and total 60,000 attendants from 404
system schools completed the course.
and Department dedicated for
monitoring Unit department
social contribution
Demand
Dedicated department Social contribution leader by Demand Information
Local : Public Relations Division department check
Participation security
community Setting up social contribution Promoting and participating
and civic monitoring college
activities and implementation in social contribution
group Link Joint club
monitoring activities
promotion

Internet filial piety album production Partnership: Social contribution that goes with the local community
and donation Expert interview
KISA implemented social service activities joined by all employees at the organization level, and
57 albums
designated the Traditional market visit day following the Setting up organization-market sisterhood
relationship policy. KISA set up a sisterhood relationship with Seokchon (narrow path) market in
October 2011, and purchased 34 million worth Onnuri coupons and encouraged employees to buy
necessary items at the market every Saturday. In addition, separate department activities are
I hope the Beautiful Internet World campaign becomes
a pan-national movement.
IT training contribution activities
ongoing to promote social service activities that are closer to the local community. The fund for
404
service activities is voluntarily raised by employees through 1 person 1 account donation to practice
schools love and donating small change of the salary program. 7.2 million won was donated by the love Q. What made you participate the campaign as the representative of the National Council of Beautiful
practice donation program, and 3 million and 540 thousand won was donated by small change of Internet World?
the salary program in 2011. I joined the campaign because it has something similar to Digilog (harmony between digital and analog), which
is the book Ive published. If the practicality of analog is separated from the cognitive virtual world, the Internet
Status of service activities at the organization level
can be a disaster. Facebook is quite successful because it combines digital and analog. Its not a masquerade
with anonymity. Instead, the real face of analog appears on the digital plain. Two different faces can converge into
Time Contents Remark
one face! This is the key of the Beautiful Internet World campaign activities. Thats why I joined the campaign
Surroundings cleaning and food
Incheon Geomdan
September distribution service (for the alienated class such as because it has something in common with (my thought).
Rice of love donation the senior citizens who live alone)
Donation for North Korean refugee Q. What is the reason that the Beautiful Internet World campaign mainly targets the youth?
November Hanulggum School
students Lee, Eo-ryeong
Unlike the adult, youngsters accept digital as a routine and natural thing. However, aberrance and devastation
areas within Sinrim-dong, A chair-professor of Ehwa
December Briquette sharing for love of Internet languages occur due to insufficient development of egos caused by the lack of analog assets. More
Gwangak-gu, Seoul. Womens University
importantly, as one old saying goes, What is learned in the cradle is carried to the grave, if we dont correct the Representative of the
abnormal behavior now it can become a habit and cause serious problems. Establishing correct awareness of National Council of
Status of social contribution fund raising Internet ethics at an early age is most important. In addition, Korea became an IT country as strong as visited by Beautiful Internet World
many countries from the world for benchmarking. If we could promote the movement like the Beautiful Internet
Implementation of continuous social contribution activities World campaign successfully, other countries will also follow this cultural trend naturally.
Purchasing goods for social contribution activities (e.g., rice, briquette, etc.)
Q. You have been participating in the Beautiful Internet World campaign for 3 years since 2010. What do you
and contributing to the social welfare organizations
think we need to improve?
Most campaigns in our society used to be managed in a short-term view only. The campaigns make some
One person one account donation to practice love Donating small change of the salary (smaller than 1,000 won) progress while the government provides support but once the government policy is changed, those campaigns
are terminated soon. The campaign itself should have spontaneous power which will determine whether it will
succeed or fail. In that sense, Internet users should actively take part. If the Internet is polluted and devastated,
offline will also be affected. Therefore, the campaign should be developed as a pan-national movement based on
535 employees 3 million and
79 employees 7.2 million won the understanding that the problem is not just an issue between people but a legitimate social issue. In particular,
participated 540 thousand
participated raised
won raised parents and teachers in the field who directly affect children and youth groups should have interest in this
movement and come forward.
Q. What do you expect from KISA to promote the Internet ethics and culture movement?
Hands-on workers and leaders with long-term view should be well-balanced. Therefore, even though the
campaign doesnt produce tangible results, we should not judge the effects with simple numbers only. Instead, we
should concentrate on sowing seeds. To cultivate ginseng, we should sow seeds for at least 5 years. Likewise,
we need to carry forward the campaign with a long-term view. More frequent and continuous events are needed
because the promotion policy should be implemented steadily with a philosophical foundation. I expect small
events every month rather than a large-scale event once a year.

ORGANIZATIONAL Organizational Culture

. Realizing systematic organizational culture
CULTURE
. Realizing systematic organizational culture KISA has been endeavoring to become an entity unified as one organization and one culture through systematic integration of different
employees and organizational culture since the combination of 3 organizations in March 2009.
. Strengthening ethical culture inside the agency
. Improving the expertise of employees
Improving organizational culture
. Cooperative labor-management relations
KISA has been making consistent efforts to improve the heterogeneous organizational culture since
. Harmony of work and life the integration of 3 IT public agencies in 2009. The TFT to improve the way of performing tasks
was organized in 2011, and identified KISA Way to build up new organizational culture. Since then,
KISA has been increasing business efficiency by improving the organizational culture and way of
performing tasks. As for the detailed activities, a KISA Way manual was published and distributed
among the entire employees, improved awareness of the employees, and developed KISA Way,
which was designed to improve the ways of thinking with the newly established ways of performing
tasks throughout the organization. The newly developed KISA Way was shared and internalized
KISA Way Manual
through trainings and workshops. In particular, the TFT to improve the way of performing tasks
was organized by 10 team managers to collect opinions regarding related issues, and provided
Type 2009 2010 2011
advices on business efficiency activities. Based on these efforts, KISAs organizational culture index
Resignation 10 persons 10 persons 20 persons
increased by 3.4 points (59.5 points) from the previous year.
Study 4 persons 4 persons 2 persons
Others
Employee status (nursing
2 persons 3 persons 5 persons
family
KISA respects human rights and strictly prohibits discrimination on gender, academic background, member)
age, religion, native place, or physical disability in order to ensure equal and well-balanced harmony Total 16 persons 17 persons 27 persons
among employees. In particular, KISA is trying to secure various human resources by adopting
an open employment policy without discrimination. As of December 2011, KISA hired total 523
employees, including 255 permanent staffs, 133 general contract workers, 7 specialized contract
workers, and 128 appointed contract workers. Among them, 162 employees are female, which is 31%
100 times
of the entire employee (relatively high female employment ratio). An average age of the employees is
37.6 years old, and continuous service year is 7 years and 6 months, and employee turnover rate is 7%.
The proportion of non-regular employees is 51.2% (the number of contract workers is larger than that
Lectures by invited expert in 2011 of permanent staffs). KISA makes consistent efforts to increase the number of allocated positions
in order to increase the proportion of permanent staffs every year. In 2011, KISA newly hired 146
employees, including 23 young internships, appointed contract workers, general contract workers,
290
and specialized contract workers who amount to 100, and 23 permanent staffs, by actively taking part
in the governments job sharing initiative. In addition, jobs for the disabled increased for permanent
hours
as well as all types of contract workers (7 disabled employees were hired in 2011), which is in parallel
with the governments policy recommending support of socially disadvantaged groups.
Total employee training hours in 2011
Detailed activities to build up KISA Way
Direct activities to improve the way of

Development of the KISA Way manual Compilation of the KISA Way manual
performing tasks
istributed the manual to the entire

D Developing the system that realizes KISA Way training and internalization
employee working principle of the KISAs president, workshop (All employee workshop in
Awareness improvement through core values, and vision/mission, by November 2011)
monthly meeting/special lecture improving way of performing tasks TF to improve the way of performing
KISA Way is included in the new throughout the organization tasks and Management innovation TF
employee introduction package Building up the basic behaviors and activities
ways of thinking regarding business Business innovation reinforcement
performance, business innovation, activities
communication, customer response,
and organizational lifestyle

Organizational Culture
. Strengthening ethical culture inside the agency
Recruitment status in 2011 Annual salary system based on job performance KISA is actively participating in the governments anti-corruption and integrity safeguarding policy, besides the efforts to realize Internet ethics.
Occupational category New recruits
The annual salary system based on job performance was implemented for the entire employees KISA has developed an ethical management system based on the Ethics Charter and Code of Conduct, and proactively implements ethical
Permanent 23 persons so that performance of the employees can be evaluated and compensated in a fair manner. Due to management.
Appointed contract 95 persons the actual salary difference based on capabilities and achievements, proportion of the incentives
Specialized contract 5 persons can be different with more than 15% (more than 20% for management). The salary of the newly hired Developing the ethical management system
Specialized contract 23 persons employee is 239% of the legal minimum wage, and there are no base pay disparities between male KISA set an ethical management goal called Clean KISA that carries out social responsibilities to
Total 146 persons and female employees. the fullest and endeavors to settle the policy as an organizational culture in parallel with the ethical
management system arrangement. For this, KISA expressed strong intention to realize upright
Human right protection for employees management, such as the arrangement of internal regulations for ethical management, and revision
Grievance procedure of customer charter and ethics charter. In addition, a dedicated ethical management organization is
Increasing the proportion of the incentive KISA assigns two staffs (from labor and management each) for the grievance procedure to effectively currently under operation for effective implementation/improvement of anti-corruption and integrity
solve employees difficulties or suggestions, and improve human relations and increase employees safeguarding, while the Anti-corruption integrity safeguarding policy task force acts as a top
Annual salary based on achievements morale. One grievance was reported in 2011 due to a dispute over different opinions between decision-making organization.
employees but was settled through the arbitration between labor and management.
2011 12.6%
2010 12.2% Targets and mid-to-long term strategy of ethical management
Sexual harassment prevention in the office
Code of Conduct Article 32 prohibits sexual harassment in the office, and sexual harassment Clean KISA that carries out social responsibilities to the fullest
Management evaluation incentive
prevention guide was published in August 2009. Total 6 sexual harassment consultants are
2011 6.9% designated (one for each division), and specialized education was commissioned and provided to
2010 5.9%
carry out related consultancy and research on actual conditions. In addition, the sexual harassment
2010 2011 2012
grievance review committee was organized to deliberate upon the relevance to truth and whether to
Arranging the ethical manage- Establishing the ethical manage- Making ethical management as
confirm the validity regarding the reported sexual harassment cases. ment system ment system an organizational culture
Elimination of child labor and forced labor

KISA conforms to child labor and forced labor prohibition provisions in the Labor Standards Act and Internal ethical management regulations Will to practice integrity
the International Labor Organization (ILO), and abides by the regulations related to human rights and Employees code of conduct Pledge of KISA
labor conditions in accordance with the collective agreement and regulation of employment. Business-related crime reporting guideline Customer charter and ethics charter, etc.
Payment system operation status
Item Base pay Annual salary based on achievements Dedicated organization for ethical management
Proportion Management Non-management Management (grade Non-management
(grade 1) (grade 2, 3, 4) 1) (grade 2, 3, 4) Anti-corruption integrity safeguarding policy task force
80% 85% 20% 15% Deciding promotion strategies and major issues
Annual Determination Composition: President of KISA, director of offices and
salary Accumulated Accumulated Non-accumulated
method divisions
Differentials Difference by
Difference by job Two times different between the top and
performance
position bottom Internal Audit and Inspection Section Integrity ombudsman
appraisal grade
(dedicated organization)
Grade A B C Others Participation of private experts (lawyer,
Supervising ethical management and accountant)
Job Receiver Office/Division Head of division Team manager Staffs in charge of anti-corruption& integrity safeguarding Supporting the application of various
position director accounts policy (entire member of Internal Audit and regulations, evaluation of the impact of
pay Inspection Section) corruption, etc.
1.2 million won/ 900 thousand won/ 600 thousand won/ 75 thousand won/
Amount
month month month month
S A B C D
Manage-
ment 132% 116% 100% 83% 66%
evaluation Ethics commission Practice promotion team for the anti- Corruption impact evaluation team
incentive E
nacting/Revising code of corruption & integrity safeguarding policy Evaluating various regulation and
conduct, and developing ethical Identifying and monitoring the impact of corruption
Other extra Legal benefit, overtime pay, stipend for unused annual leave, sundry allowances, family allowances, pay type management programs improvement tasks
pay welfare package, welfare card, and financial aid for educational expenses

ORGANIZATIONAL CULTURE ORGANIZATIONAL CULTURE
Promoting preventive ethical activities to prevent corruption Ethical management monitoring and improvement activities
The standard for autonomous policy improvement and ethical conduct has been reinforced to KISA constantly monitors practices of ethical management. Any discovered violation case or
strengthen the preventive ethical activities to root out the causes of irregularities from the source. In exemplary case is reflected in the employee training and policy improvement. Also, internal integrity
addition, the cooperation system with the private sector has been promoted to eliminate corruption evaluation is performed for employees and outside customers, and results by individual are provided
by running the integrity ombudsman system that is participated by outside experts. Also, activities as feedback so that employees can reassess themselves with critical minds. According to the result
to improve internal integrity have been performed, such as the integrity panel discussion between of the integrity research conducted by the Anti-Corruption and Civil Rights Commission in 2011, the
the president of KISA and managers. level was downgraded to unsatisfactory from normal in 2010, and follow-up measures are being
Employee ethical management education Policy improvement and spreading of the standard of ethical conduct prepared for the items that were pointed out. Accordingly, KISA will supplement the anti-corruption &
Item Implementation detail

integrity safeguarding policy and reinforce activities that will improve the integrity culture awareness
Identified and improved 10 integrity reinforcement tasks - twofold increase

in 2012.
Autonomous policy improvement
from 2010 (5 tasks)
Implemented improvements to minimize corruption possibilities that are Action items monitoring and improvement activities
Implemented various recommended tasks recommended by the Anti-Corruption and Civil Rights Commission
for regulation improvement Item Monitoring items Feedback items
Implemented 46 recommended tasks for improvement (8 tasks in 2010)
Monitoring employees implementa- Internal training (13 times)
Operating corruption impact evaluation team Reviewed internal regulations that can cause corruption (6 times) Code of conduct violation (quarterly)
tion of the code of conduct Educates regarding the code of con-
Guiding and monitoring the implementation Auditing on corporate credit card Prohibited industry, holiday and midnight duct and proper corporate credit card use
Quarterly implementation status monitoring (4 times) Policy improvement (2 cases)
of the codes of conduct use use, and installment payment (quarterly)
Computerized of outside lecture report,
Operating Ethics Quiz Academy Explanation of the problem, such as the violation of the code of conduct (biweekly) Irregularities report center Employees irrational behaviors and revised/expanded guidelines about
Operating integrity & ethics contents Posted integrity & ethics-related Flash on the Internet (4 months) Budget waste report center Inappropriate budget use behaviors reporting business-related crimes
Integrity notice SMS Sent key contents of the code of conduct to the employees (biweekly)
Resolution to practice ethics Anti-corruption & integrity pledge, upright conduct practice pledge (September 2011)
Improved items pointed out during anti-corruption evaluation by the Anti-Corruption and Civil
Increasing ethical management training and improving the audit system Rights Commission
KISA is implementing ethical management training for the entire employees by job position in order
Improved anti-corruption evaluation results pointed out by the Anti-Corruption and Civil
to establish the ethical organizational culture. In particular, 20 hours were allocated to train managers Rights Commission (3 areas): Unsatisfactory (2010) Excellent (2011)
(43% increase from the previous year) to strengthen ethical management leadership. Also, in the
aspects of reinforcing specialty, securing independence, and post-audit management, an ethical
Level of efforts by the head of organi-
management foundation was laid by preparing comprehensive measures to improve the internal Implementation of the code of conduct Anti-corruption training and PR
zation
audit system.
Self-evaluation of integrity for senior Introduced 2 excellent cases Increased integrity training (1.5 times)
Training to practice ethical management officials Spread to 5 other agencies Integrity role play, workshop
One strike-out system
Training Training target Training method Frequency Remark
Code of conduct New recruits Collective training 9 raining hours for managers
T
training increased by 43%
All employees Video (10 types) 2
Managers Workshop, skits about integrity 2 20hours Cl i ck k now l edge
Anti-corruption & 14hours
All employees Cyber training 1
integrity training
All employees Collective training 1
Sexual harassment
prevention training
All employees Collective training 1
F
2010 2011
ourfold of mandatory training
hours set by the Anti-Corruption
Welly - Guardian of the Internet world
An Internet ethics character was born to safeguard the beautiful Internet world and take the lead in bringing
Total 16 times and Civil Rights Commission
in the healthy Internet culture. KISA named the Internet ethics character as Welly, which was selected
from participants of a public award through Internet. The Internet ethics character Welly is a guardian
Integrity investigation results by the Anti-Corruption and Civil Rights Commission (December 2011) that protects the information ocean Internet. It implies that Welly preys on malicious comments in the
Overall integrity External integrity Internal integrity According to the integrity inves- Internet world, and spreads out positive words, including love comments, praise comments, and cheer-
tigation results conducted by the
8.72(normal) 8.58( grade) 8.91(normal) 8.94( grade) Anti-Corruption and Civil Rights up comments. This character is an affable and adorable character that dances when it hears compliments or
8.21(normal) Commission in 2011, external integrity cheer-up comments. Welly is a compound word for well and whale, and added by y which is widely used for nicknames. It
7.60( grade) has risen from 2010 to a certain level,
but internal integrity scored low. As has the implication of expanding and reproducing good comments through well-reply, well-reTweet, well-react, well-remember,
a result, the level of overall integrity
dropped from normal to unsatisfac- and well-reminded. KISA will develop Welly as the pan-national brand and lead a healthy Internet culture movement.
tory.
2010 2011 2010 2011 2010 2011

. Improving the expertise of employees
KISA cultivates employees specialty as an agency specialized in the Internet and information security. Based on core values of the organization Training attendants in 2011
and human resources development (HRD), KISA nurtures specialists in each occupational category by providing specialized trainings and running KISAs employee model and employee nurturing strategy in 2011 (As of December 2011, excluding leave of
absence and dispatched employee)
educational organizations, so that all employees can show their competence to the maximum extent.
KISAs 144 persons
employee Expert in his/her field with upright character and loyalty
CoP activity results in 2011 Educational system nurturing talented personnel model
Item Contents
KISA establishes and operates capability-based HRD implementation strategy to nurture the best 238 persons
Core Future-orienta- Social responsi-
Internet/information security experts who have enthusiasm and specialty. For this purpose, the self- Specialty Communication Enthusiasm
Total 10 departments values tion bility
(including one department by
Organization
office and division, and specialized
driven learning organization (CoP, Community of Practice) policy was adopted, and training programs
member office) are divided into the common programs, which foster specialized consultants for each occupational HRD Strategic partner inside the organization to secure the best organizational/personnel
136 persons
vision competitiveness
About 7 months
Activity period
(June ~ December 2011, biweekly)
category, and specialized job training.
Training hours in 2011
Total 100 times (total 3,708
Activity results
employees have participated) Promoting specializa- Improving way of
Result-orientation Constant learning 83 hours
Level of KISA education system diagram for 2011 tion performing tasks
76.7 points HRD
satisfaction
Required Optional Appointed
strategy Matching business Fostering as an expert Encouraging voluntary Enhancing business
Activity
3 excellent CoP were selected and with training in the corresponding learning from the job performance capability
improvement 106 hours
awarded at the year end Grade 1 Grade 2 Grade 3 Grade 4
efforts field through changes and
innovation
Senior research Chief research Manager Assistant Researcher
(over 19 years of (over 13 years of researcher manager (under 3 years of
101 hours
experience) experience) (over 7 years of researcher experience)
experience) (under 7 years of All KISA employees should take 15 courses in 4 areas, including leadership and business planning. Permanent employees
experience)
The specialized courses for each occupational category are composed of 15 courses in 5 areas, General and specialized contract workers
Management capability enhancement course for managers including management support and policy development. Customized learning programs are provided Appointed contract workers
Leadership with all courses. In particular, the latest learning support service like real time, self-driven e-learning
Leadership improvement course for promoted employees
development is provided for employees, so that they are not limited by time and space. As a result, the average
training CEO special lecture (improving way of performing tasks) completion hours for employees annual training (regular employees) in 2011 were 106 hours, whereas
Communication skill improvement course those of the general contract workers and specialized contract workers were 101 hours and 83 hours
respectively.
New recruit intro-
Expert course in major universities
duction course
Common training programs Specialized job training programs
Specialized job capability course (commissioned to the outside educational institute)
Job capability Area Course name Target Area Course name Target
development IT utilization capability improvement course (OA) Leadership for all employees All employees National assembly response process Person in charge/each team
training
Leadership Leadership for managers Managers Management Budget compilation process Person in charge/each team
KISA Expert Academy
planning Customer satisfaction improvement All employees
New recruits course New employees
CoP course for each division Ethical management All employees
Management
Problem solving technique All employees Tender and contract practice Person in charge/each team
planning
Common capability development course (KISA special lecture) Management Security rules All employees
International Formality All employees
support Sexual harassment/Prostitution prevention All employees
Integrity and ethical education cooperation
Common Foreign languages All employees
Labor management Managers
capability Investment techniques All employees
Online foreign language course Basic legal knowledge All employees
development
training Balance reading All employees Laws related to the Internet All employees
Education course at home and abroad
Policy devel-
Health management (first aid) All employees Internet promotion laws Person in charge/each team
opment
KISA humane studies academy General Internet system security laws Person in charge/each team
Event photo shooting All employees
education Privacy protection laws Person in charge/each team
Arts (music) All employees
R&D Patent management strategy All employees
Communication All employees
Information
Movie screening on information security All employees
Arts (painting) All employees security
KISA implements training about protective measures for each personal information phase,
according to the internal personal information management plan.

. Cooperative labor-management relations
KISA has been developing mutual trust among members which is based on win-win labor-management culture, and endeavoring to build up 3 labor-management negotiation directions and 4 negotiation rules Union member status
a reasonable labor-management relation through information sharing and diversification of the communication channel. KISA newly set up the
Creating a rational and realistic collec-
strategy system for an advanced labor-management relation. Realizing 5 core values of KISA Abiding by laws and principles
tive bargaining atmosphere
226 employees
58%
Specialty capability, communication, Labor-management-related guidelines Sufficient dialog between labor and
future orientation, passion, social issued by the Ministry of Strategy and management before negotiation
Establishing advanced strategic labor-management system responsibility Finance and Ministry of Labor, Presenting negotiation alternatives
KISA is improving labor-management relations and establishing upright internal culture by Labor-related laws and Labor that fit into the KISAs conditions
Standards
establishing 3 labor-management advancement implementation strategies and 10 detailed Union member
implementation tasks that reflect the management strategy of KISA. 3 implementation strategies Non-union member
include an increased opportunity of communication between labor and management for information
sharing and disclosure, presenting preemptive alternatives by strengthening labor-management
management capabilities, and inducing labor-management practices based on laws and principles. Refraining from forced
Establishing trust between Promoting field-oriented Service order establishment
compromise caused by
1st labor-management negotiation meeting Also, detailed implementation tasks by strategy were identified and put into practice. In addition, labor-management labor-management relations
pressing strife
and a sense of responsibility
3 labor-management negotiation directions were established to realize the labor-management

Establishing mutual trust Promoting labor-management Response to strife pressure Establishing service order within
advancement strategy and core values of KISA, and 4 related negotiation rules were newly Sufficient information sharing relations focusing on the field of from the labor union regarding the business space
and communication each department current labor-management issues Increasing the sense of labor
established. The management result evaluation result in 2011 pointed out that key performance Strengthening capabilities of basing on the principle management responsibility of the
administrator and organization Finding middle ground through person in charge of labor
indicators (KPI) for labor-management are not clearly specified due to the lack of mid-to-long term sufficient dialog and discussion
roadmap for future development in the labor-management advancement strategy. Accordingly,
KISA established mid-to-long term roadmap to improve labor-management relations, and is now
systemizing labor-management KPI.
Union member status
KISA respects employees freedom of association, guarantees formation of the labor unit and
representative organization, and respects employees right of joining the membership. Also, Article
Advancement of 28 of the collective agreement stipulates that major business changes (e.g., dispersion, break-up, or
labor-manage-
merger of the place of business; change of the managing ministry; privatization) should be notified
ment relations
immediately and mutual discussion should be made. KISA has been holding a labor-management
practice meeting more than once a month to espouse the interests of both labor and management
and strengthen labor-management relations in the field since the establishment of the labor unit.
Strategy 1 Strategy 2 Strategy 3
There have been 30 labor-management practice meetings, 8 preliminary secretary meetings before
Increasing the opportunity of
Presenting the preemptive Inducing labor-management
communication between labor and collective bargaining, and 4 joint labor-management operation meetings. Despite such efforts,
alternative by strengthening labor- practice based on laws and
management for information
management handling principles management result evaluation for 2011 pointed out that more practical communication between
sharing and disclosure
Strategy labor-management is needed. KISA joint labor-management conference will be held at least 4 times
Managing the relation in such way that Providing an opportunity of estab- Leading the desirable labor-man-
a year according to the related law. KISA will assign more times and efforts in labor-management
various labor-management channels can lishing trust by obeying governmen- agement relations (e.g., presenting
be linked hierarchically for management tal policies or laws, and minimizing preemptive alternatives) by cultivat- communication by holding a joint labor-management conference occasionally to discuss about
policy and vision sharing (occasional unnecessary disputes between labor ing the labor-management capability various policies of KISA.
meeting) and management through continuous education and
learning.
Major topics of labor-management negotiation in 2011
Realization of transparent man-
Promoting specialized training Labor-management joint efforts to
agement like labor-management
related to labor-management improve specialty
information sharing Held a round-table conference between labor and management regarding measures
2011. 11. 4
countering digression into rural areas
Corporate culture improvement
Diverse communication
Promotion efforts
Advance explanation and discus-
task 2011. 11. 5 Discussion about organizational and personal performance management system
sion before introducing
channel the policy
Communication between head of Legal and rational wage and
the organization and employees signing collective agreement
2011. 11. 8 Discussion between labor and management regarding HR and wage regulations
Communication among Labor-management joint

employees committee operation
2011. 11. 12 Explanation and discussion about the introduction of the retirement pension system

. Harmony of work and life
KISA supports various benefit packages and harmony of work and life, so that employees can lead a happy life in the office and at home. As a Efforts to harmonize work with family
result of all these efforts, KISA was selected as an exemplary public agency implementing the flexible workplace system in the first half of 2011, and Program Program details
selected as an excellent agency that supports female scientists and engineers.
Family invitation Invited employee families to introduce the organization and have a meeting with the president of
events KISA (August 24, 2011)
Set up Family Days every Wednesday to encourage employees to go home earlier (broadcasting
Family Days
Childcare center use status Running various welfare systems to the entire employees)
KISA provides various benefit packages that are actually helpful for employees daily life, so that Operating Kisarang childcare center first among public agencies to support stable childrearing of
2012 64persons the employee
employees can comfortably settle at both the workplace and home. In particular, the level of Operating workplace
2011 56persons O btained a childcare center evaluation certification from the Ministry for Health, Welfare and
2010 35persons employees satisfaction is improved by running the selective benefit package systems that allow childcare facilities
Family Affairs on October 18, 2011
Number of caring children (number of nursery school children): 2010 (27) 2011 (39) 2012 (53)
employees to select the welfare items and details of benefits according to their preference and
needs. Encouraging
Maternity leave use status Two male employees and 12 female employees (100% childbirth employee applied for a maternity
leave of absence
leave)
for childbearing
KISAs benefit package
2011 26 persons Operating flexible workplace that enables employees to adjust office hours autonomously to al-

2010 24 persons leviate the burden of childrearing

Basis of payment Contents Basis of payment Operating flexible

Operating short work hours for 16 employees, which enables to adjust the work type (half day work
workplace
The welfare card can be only used for employees capability for 5 days a week, or full day work for 3 days)
Identified works available for mobile and home-office to support remote working (30 employees)
development and quality of life improvement (scope of use: medical Selective benefit
Welfare card
expenses, self-development, leisure activities, health promotion, programs Operating female rest
and cultural life expenses) Operated female-only rest room, lactation room, and nap room (14th floor)
room and lactation
Providing a community space for female employees
Physical examination for health checkup and stabilization of room
Selective benefit
Physical examination livelihood (once a year). Applicable employees can select a type and
programs
institution of physical examination.
Financial aid for Admission fee for middle and high school, tuition, school support
Increasing the proportion of female employee recruitment
Wage regulation
schooling expenses fees (within 300 thousand won per month) KISA meets the government policy of gender equality by increasing the proportion of female
Supporting examination fee for employees who apply for an employee recruitment. KISA hired 85 female recruits out of 163 new recruits in 2011 (more than half),
Certificate acquisi-
information security-related certificates, such as SIS, CISSP, CISA, Wage agreement which results in increasing the total proportion of female workers from 29.3% to 32.8%. The proportion
tion support
professional engineer, PMP, etc.
exceeds the female recruitment ratio recommended by the government, and KISA is making
Annual leave, maternity leave, and congratulations and condolence
Various leaves Rules of employment contribution to the establishment of the gender equality organizational culture.
leave
Four National Insurance
4 national insurances Insurance, and Industrial Accident Compensation Insurance
Law
Rules of employment Case study
Physical training room, female rest room (lactation room), cafeteria,
Welfare facilities (Chapter 11. Safety,
condominium, Kisarang childcare center
health, and welfare)
Supporting up to 200,000 won actual expenses for club activities, Rules of employment
Corporate club
activity support
such as culture, general education, and physical strength
enhancement
(Chapter 11. Safety,
health, and welfare) Training for female leadership improvement
KISA has been developing the gender equality organizational culture as the quickly as speed
of the Internet industry development. By providing an opportunity of education to improve
Family friendly management
female employees leadership capability and promote the female scientists network as well
KISA endeavors to create a culture where work and family can be harmonized. Particular attention
as the institutional support to solve the childrearing issue, KISA is creating an environment
is paid to female workers so that they can concentrate on their work. Employees could improve
that both male and female employees can grow and prosper together, instead of simply
their quality of life continuously along with the growth of the organization in 2011, by hosting family
overcoming sexual differences. As a part of such efforts, training programs for job competence
invitation events, setting up Family Days every Thursday to encourage employees to go home and leadership improvement have been implemented to find and support the next-generation
earlier and spend more time with their families, and by providing flexible workplace system. Every IT female leaders since 2012. In particular, female leaders were invited as a lecturer and their
childbirth employees took the maternity leave and two male employees took the paternity leave, successful self-achievement stories were delivered during the first training program held in
as they were encouraged to do so. Kisarang childcare center, which is a workplace childcare June 2012, so that female employees in KISA could gain confidence and willingness that are
facility that could accommodate 56 children in 2011, was opened to employees as well as employees needed to overcome individual/organizational problems in the workplace. KISA will continue
of neighboring public agencies and local community residents. This childcare center obtained a to provide the technical training that can be applied in the field, so that female employees can
childcare center evaluation certification from the Ministry for Health, Welfare and Family Affairs demonstrate their leadership effectively by overcoming sexual discrimination that is deeply
(October) to support stable childrearing of the employee. rooted in our society.

ENVIRONMENT Environment Efforts

. Resource use reduction and recycling
EFFORTS
. Resource use reduction and recycling KISA actively copes with global issues such as climate change and energy crisis. KISA is minimizing energy consumption and environmental
damage which occurred while operating the organization, by implementing the energy saving campaign and running the process that measures
. Greenhouse gas reduction efforts
environmental achievements that are related to business. In particular, KISA is sincerely putting into practice various policies, such as energy
saving promotion plan, eco-friendly product purchase recommendation policy, etc.
Promoting energy saving programs

KISA has set up an energy saving promotion plan to reduce energy consumption and greenhouse Use of electricity
gas emission, while currently running an energy saving campaign at an organizational level.
2011 2,328,962kWh
KISA has adopted and now implements practical energy saving policies, such as limited elevator
2010 2,740,983kWh
operation, compulsory implementation of the no driving on weekdays policy, assigning of light-
weight vehicles as a priority for business purposes, and maintaining right room temperature for
offices to save energy. In addition, KISA regularly carries out PR and education to make energy Compulsory purchase of eco-friendly products
15
conservation as a way of life. In association with other agencies under the management of the Korea
2011 96points
Communications Commission, the Energy Saving Promotion Committee has been established and 2010 91points
%
is now under operation. In addition, KISA designated an internal energy saving guard who analyzes
Power use reduction status and evaluates energy saving implementation results of KISA, in order to conserve energy throughout
Details of electrical bills
the organization.
2011 378,773,481 won
Energy saving implementation plan 2010 415,749,577 won
56.4
Program Program details
Reducing greenhouse gas by 20% until 2015
tCO2eq
Building Set proper office cooling/heating temperature (cooling: 28, heating: under 18)
Lights-out during lunchtime (12:00 ~ 13:00)
Greenhouse gas emission
Reasonable operation of building elevators (stopping on every other floor and no
quantity in 2011
Efficient energy saving operation on low floors)
Installing heat insulation film on the window outside of the building
Vehicle Inducing active operation of car pool system
Running No-driving on weekdays policy (3 strike-out policy for the violator)
No car idling, refraining from over-speed and quick braking, and keeping economical speed
Equipment Purchasing with priority of the products having the first grade energy efficiency rat-
ing (computing devices)
Implementation of the
green IT environment Reasonable use of electric devices (automatic light sensor and energy-saving bidet)
Purchasing with priority of the eco-friendly office supplies
Energy saving PR Culture Notice and PR on the bulletin board within the building premise
Reducing environmental load

All the household wastes from KISA is collected by leased building service companies, and unused
communication equipment and PC are recycled using various methods, such as disposal, transfer,
and donation, through the governmental goods recycling center managed by the Public Procurement
Service.
KISA consumed 15% less power compared to the previous year (2,328,962kWh), and purchased
green products with E-mark and Good Recycled Product (GR) preferably, following the government-
recommended policy of Article 6, Law regarding eco-friendly product purchase promotion. By
increasing the proportion of eco-friendly products among the entire office supplies purchased by the
organization, KISA achieved 96% of the eco-friendly product purchase target, which is recommended
by the government.

Environment Efforts
. Greenhouse gas reduction efforts
KISA is making efforts to reduce greenhouse gas by actively taking part in the governments greenhouse gas/energy target management system
for the public sector. The quantity of greenhouse gas is measured every year according to the governments guidelines, and the reduction target
quantity has been set and managed since 2011. KISA will be a public agency that practices greenhouse gas and energy reduction starting from the Cl i ck k now l edge
smallest.
Legal ground of greenhouse gas/energy tar- Managing the quantity of greenhouse gas
get management system
- Article 42, Basic law for low carbon green growth
and Article 28 of its enforcement ordinance Act
KISA is measuring the quantity of greenhouse gas by participating in the greenhouse gas/energy
target management system for the public sector that requires public agencies to set the greenhouse
Puzzling Internet coined words
- Guidelines for the greenhouse gas/energy target
management system for the public sector (Public
notice No. 2012-22, Ministry of Environment, revised on
reduction target every year and manage implementation results.
In case of the premises among management targets, the target value is calculated by estimating
Newbe Pekchi
February 6, 2012) A word Newbe is shortened from a new beginner, which usually refers A word Pekchi means the skirt that is molding to the body. Or, it is
the emission quantity based on power/fuel use quantity (MWh/m2) per buildings total floor area,
to a person who just began his/her activity in the online bulletin board
given the building is leased and individual measurement device cannot be installed. (The leased used in association with a word Jjalchi, which is a shortened form of
or community. Or, it indicates a person with insufficient knowledge in
a short skirt. If a skirt is shorter than a short skirt, it is called ddongchi.
building is excluded from the calculation of emission goal) As KISA leases the building, only direct a particular area compared to the others. Sometimes kae prefix is
These words become popular among middle and high school students,
emission (gasoline, kerosene, and LPG) by vehicles fuel consumption is managed as a greenhouse attached to emphasize.
as the student human rights ordinance has been enforced in Seoul
gas emission source.
and Gyeonggi area recently.
Dont you know that? Even a Newbe like me
The fuel use quantity can be checked using the receipt issued by the gas station, which contains the already knows about it.
refueling quantity record as well as the vehicle operation journal. The base emission quantity can
Hair style and accessories are important. But
Pekchi is the most important of all.
be estimated and calculated using the past fuel consumption quantity by vehicle type, vehicles fuel
efficiency and mileage, average oil price of the area in the year, and oil expense amount.
Jonggyeolja
KISA emitted total 56.36 tCO2eq greenhouse gas in 2011, and aims to reduce the emission quantity
by 20% until 2015. After setting the reduction target every year, KISA enters it into the system and
A Jonggyeolja is a person who has absolutely superior capabilities.
This word originates from the item called Mulgogi jonggyeolja of
Simnam
Simnam refers to a man who is quite attractive to draw attention
Net Pagle from the World of Warcraft, a computer game created by
submits it to the Korea Communications Commission, in order to take the lead in greenhouse from others. Or, it can be used to mean a boy who draws attention.
Blizzard. In China, the movie titled Terminator was translated into this
emission reduction efforts. word. Sometimes, the Jonggyeolja means the person who finishes
In this sense, Simnam is the previous status of Somenam (man
with something special). Somenam means a man with personal
clean off a work.
Implementation plan to achieve greenhouse gas and energy reduction targets acquaintance before having an actual date.
No matter what movie star XXX is a fashion I found a Simnam but I dont know whom to
1. No idling for more than 3 minutes with business vehicles, keeping the economical
speed, refueling less than 70% of the tank.
Jonggyeolja! express it.
Reducing 2. Vehicle fuel saving by promoting car pools
greenhouse gas 3. Keeping regulation speed
emission by 20% 4. Keeping the no-driving weekday policy
5. Recommending light-weight vehicle allocation
Yongja Daichida
Even though a word Yongja is used as what it literally means,
A different expression of fight, or refers to fighting for ones life.
sometimes it is used to describe a person who audaciously stands up
It can imply the action that causes pain to others for the interests or
for trivial things without putting much thought. For example, if nobody
due to a conflict without any protective gears or rules. Daidai is an
dares to buy a product that shows low performance compared to its
analogous term, which is a dialect of Gangwondo meaning fight.
price, and somebody buys it and informs the product information to
Trend of greenhouse gas emission quantity Quarterly trend of energy use amounts in 2011 (TJ)
others, we say he is a Yongja indeed! My mobile phone LCD is broken to pieces while
in 2011 (tCO2eq)
14.69 0.22 Are you watching the music TV program before I Daichida with my friend.
14.26
the examination day? Youre a Yongja!
0.21 0.21
13.82
13.59 0.20
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4

Economic Efforts
ECONOMIC . Reasonable budget and distribution
EFFORTS
. Reasonable budget and distribution KISA is a commissioned execution-type, quasi-governmental agency. 80 ~ 90% of its income comes from the government contribution and fund.
Most of the income is spent for the projects managed by governmental departments, such as the Korea Communications Commission, Ministry of
. Implementing government-recommended policies
Public Administration and Security, and Ministry of Knowledge and Economy. KISA operates a budget waste report center for transparent budget
execution.
Budget and distribution

Budget monitoring and management programs were established and are currently under operation to Budget in 2011
execute the budget in a reasonable way. Based on these programs, KISA endeavors to maintain the
soundness of its financial structure, such as management of projects based on a quarterly budget
execution plan, and management of execution results. In 2011, the budget execution ratio was 91%
and the total asset was 56.7 billion won, whereas the operating income and net profit were 3.2 billion
127.1 billion won
and 3.6 billion won respectively. Major expenditure items include the project implementation cost (81%),
personnel cost (13%), ordinary operating expenses (5%), and others (1%).
Governments budget compilation process

To set up the national financial operation plan, the Budget Office of the Ministry of Strategy and
Finance reviews the mid-term business plan of the entire department, and sets the expenditure limit
and mid-term financial plan for each department. KISA also submits the mid-term financial plan
after project review, adjustment, and deliberation by the Korea Communications Commission. The
submitted budget request for each business is discussed with the managing department and the
91 %
Ministry of Strategy and Finance. Then, the budget plan is submitted to the National Assembly, and
reviewed and confirmed by the National Assembly Standing Committee and the National Assembly
Budget Settlement Committee.
Budget execution rate
Deliberation by
Mid-term financial plan Government budget plan review
the National Assembly
JAN FEB MAR APR~MAY JUN JUL~SEP OCT NOV DEC
Decision-
New Determine Budget Submit Review Review by
Project Write budget Project making
by the the Budget
90.7
project expenditure plan govern- by the
review request form review Standing Settlement
proposal limit review ment plan National
Committee Committee
Assembly
%
New
Submit project
project
request form
SMB product buying rate proposal
KISA
Project presentation to Project presentation
Project
the Ministry of Strategy to the National
presentation
and Finance Assembly
Project Budget
review, adjustment
adjustment, internal
deliberation review
Depart-
ment
Submit the mid- Confirm Submit the
Respond to the
term financial department government
budget plan
plan plan budget (plan)
Budget (plan)
Review the
review
Ministry mid-term
(first - third
financial plan
of Strat- review)
egy and
Submit the government budget and
Finance Determine the fund (plan) plan, Cabinet meeting on
expenditure limit September 30, Submit to the National
by department Assembly (October 2)

Economic Efforts Economic Efforts
Major budget in 2011 2011 budget (Unit: million won, as of December 31, 2011) Summarized
income statement (Unit: million won) Operating the budget waste report center
Item Budget Ratio KISA has opened and is now operating the budget waste
General accounting contribution 2009 2010 2011
General accounting contribution 84,169 66% Account report center to collect the opinions of stakeholders
former) KISA former) NIDA former) KIICA Integrated KISA KISA KISA
84.2
regarding budget waste. KISA investigates the reported
Broadcasting development fund project 11,758 9%
Operating revenue 32,160 20,577 9,312 55,016 118,500 110,271 detail and takes corrective measures against any unde-
billion won ICT development fund project 2,165 2% sirable practices in order to secure budget transparency.
Operating expenses 31,556 20,753 9,330 57,175 113,623 107,065
Income Outside commissioned project 7,426 6%
Operating income 604 -176 -18 -2,159 4,877 3,206
Internal project revenue 15,329 12%
Broadcasting development fund project Non-operating
Miscellaneous income and carry-over 6,205 5% 274 740 43 551 1,268 1,067
income
11.8
Total 127,052 100% Non-operating
9 6 817 1 - -
Project expenses 102,863 81% expenses
billion won
1. General accounting project 61,248 48% Corporate tax - 502 - 267 698 717
2. Broadcasting development fund project 11,758 9% Gross income 32,434 21,317 9,355 55,567 119,768 111,338
ICT development fund project 3. ICT development fund project 2,165 2% Gross cost 351,565 21,261 10,147 57,443 114,321 107,782
2.2
4. Outside commissioned project 7,426 6% Net income 869 56 -792 -1,876 5,447 3,556
Expenses
5. Internal project revenue 20,266 16%
billion won Personnel expenses 16,342 13% 2009 integrated KISA: As of December 31, 2009.12.31
Ordinary operating expenses 6,947 5% 2009 former) KISA, former) NIDA, former) KIICA: As of July 22, 2009
2010~2012 budget comparison
Reserve fund 900 1%
(Unit: million won)
Total 127,052 100%
Financial status (Unit: million won)
(Unit: million won)
2012 128,726
Total asset Settlement of accounts in 2011 (Unit: million won, as of December 31, 2011) Average annual 2011 127,052
5 strategic objectives 13 strategic tasks 2011 2012 2013 2014
increase 2010 154,011
2011 56,703 Revenue Expenditure 1-1. A
dvancing the Internet
17,300 19,832 29,000 30,000 20.1%
2010 55,447 Govt support Investment - Personnel expenses 16,342 Establishing the worlds incident response system Reason for budget reduction in 2010: The 2011 budget
Contribution 89,069 Project expenses 101,863 best information 1-2. S
trengthening the information was reduced from 2010 because the budget was
11,190 12,403 12,753 13,129 5.5% increased temporarily due to July 7th DDoS incident in
security and incident security infrastructure
Total liabilities Assistance - 1. Jurisdiction of the Korea 45,116 2009. (Unit: million won)
response system 1-3. F
ostering the information
2. Jurisdiction of the Ministry of Public 15,606 16,045 16,673 17,105 3.1%
Trust - 11,532 security industry
2011 31,007 Administration and Security
2010 33,307 3. Jurisdiction of the Ministry of 2-1. Improving the sense of
Others 16,449 4,600 Creating healthy 4,368 3,414 4,664 4,664 2.2%
Knowledge and Economy Internet ethics
Internet culture and use
Internal revenue Domain commission, etc. 15,329 4. IT Development Fund 2,165 2-2. S trengthening the information
Total capital environment 12,303 12,666 13,289 13,944 4.3%
security system
5. B
roadcasting development fund project 11,758
3-1. Identifying leading Internet
2011 25,696 6. Outside commissioned project 7,426 2,979 2,637 2,637 2,637 -4.0%
Laying the foundation of policies
2010 22,140 7. Internal project
Incentive reserve fund, 19,266 the advanced Internet 3-2. Laying foundation for diffus-
Carry-over 6,205 8,353 8,675 9,735 9,801 5.5%
etc. Ordinary operating expenses 6,947 infrastructure and leading ing new Internet services
the policy 3-3. Advancing Internet address
Corporate tax 1,000 10,518 10,865 11,203 11,559 3.2%
management system
Reserve fund 900
Establishing the
Total 127,052 Total 127,052 4. D
iversifying international
practical global 9,653 10,017 10,201 10,310 2.3%
cooperation
cooperative system
Integrated KISA in 2009: As of December 31, 2009
Nurturing expert
2009 former) KISA, former) NIDA, former) KIICA: As of July 22, 2009 5. Improving organizational
personnel and innovat-
culture and business 1,895 1,895 1,895 1,895 0.0%
Summarized financial statements (Unit: million won) ing the management
productivity
infrastructure
2009 2010 2011 Total 94,165 98,449 112,050 115,044 6.9%
classification
former) KISA former) NIDA former) KIICA Integrated KISA KISA KISA
Current asset 20,461 21,765 5,394 40,921 41,677 42,730 labor cost, current expenses,
Non-current asset 2,151 8,785 - 14,039 13,770 13,973 Management Field move to local area, reserved 32,867 31,575 32,315 33,078 0.2%
funds, etc.
Total assets 22,612 30,550 5,394 54,960 55,447 56,703
Total 127,032 130,024 144,366 148,121 5.3%
Current liabilities 14,760 10,517 4,432 32,095 26,372 24,731
Non-current liabilities 5,550 415 242 6,172 6,935 6,276
Total liabilities 20,310 10,932 4,674 38,267 33,307 31,007
Capital 2,150 18,468 1 13,067 10,318 13,067
Others 152 1,150 719 3,626 11,822 12,629
Total caital 2,302 19,618 720 16,693 22,140 25,696

Economic Efforts
. Implementing government-recommended policies
KISA is trying to achieve the governments recommended policy objectives, which is the legal compulsory measures, to contribute to the realization
of a fair society. The governments recommended policies are the measurement index used to evaluate the level of implementation, which is
designed to promote the purchase of products manufactured by the small-to-medium sized business, female-owned business, and social
enterprise.
After establishing the management plan for the governments recommended policy in January 2011, SMB product purchase ratio
KISA is performing proactive activities to implement government-recommended policies, including:
hiring the unemployed youths, handicapped (by law), men of national merit (preferred); purchase with
priority of the products manufactured by the small-to-medium sized business and severely disabled
person; and purchase of Onnuri gift voucher that can be used in traditional markets.
90.37 %
(About 5% increase from the previous year)
APPENDIX
GRI G3.1/ ISO26000 Contents Index
Implementation result (purchase) (Unit: million won)
Independent verification report
2010 2011 Award History
Item
Purchase Purchase Purchase Purchase Current Status of KISAs Networks
SMB products 85.4% 62,197 90.37% 41,950 UN Global Compact
Technology development 315 Glossary
1.1% 268 3.95%
products
Female owned-company 2,293
4.6% 3,348 4.94%
products
Social enterprise product 0.15% 103 1.25% 582
Eco-friendly product 90.1% 1,119 90.6% 700
Products of severely dis- 622
0.38% 275 1.34%
abled persons
Products of self-support
0.04% 0.5 0.6% 2.6
war veteran
Onnuri gift voucher for
0.18% 12 0.5% 35
traditional markets
Implementation result (employment)
2010 2011
Type
Recruitment ratio Persons Recruitment ratio Persons
Men of national merit 5.6% 28 5.7% 30
Handicapped 2.7% 12 3% 16
Key achievements in 2011
SMB product Technical development Hiring men of Hiring

purchase products purchase national merit the handicapped
(Unit: million won) (Unit: million won) (Unit: persons) (Unit: persons)
62,197 315 16
30
268 28 12
41,950
2010 2011 2010 2011 2010 2011 2010 2011

GRI G3.1 / ISO26000 Contents Index
Full report Partial report No report Not applicable Full report Partial report No report Not applicable
Item Report Item Report

GRI index Description ISO 26000 Clauses Page GRI index Description ISO 26000 Clauses Page
code Rate code Rate
Profile For organizations that have a unitary board structure, the number of members of the highest
4.3
governance body that are independent and/or non-executive members shall be stated.
6.2 8-9
Statement from the most senior decision makers of the organization (e.g., CEO, chair, or
Vision and
1.1 members of equivalent senior position) about the relevance of sustainability to the organi- 6.2 4-5 Mechanisms for shareholders and employees to provide recommendations or direction to
zation and its strategy. 4.4
the highest governance body.
6.2 64-65
Strategy
1.2 Description of major impacts, risks, and opportunities. 4-5, 10-11, 12-13 Linkage between compensation for members of the highest governance body,
4.5 senior managers, executives (including departure arrangements) and the organization's 6.2 8-9
2.1 Name of the organization. 6-7 performance (including social/environmental performance).
2.2 Representative brands, products, and/or services. 6-7 4.6 Processes in place for the highest governance body to prevent conflicts of interest 6.2 8-9
Operational structure of the organization, including main divisions, operating companies, Process for determining the composition, qualifications, and expertise of the members of
2.3
subsidiaries, and joint ventures.
6.2 6-7 4.7
committee in order to support economical/environmental/social strategies
6.2 8-9
2.4 Location of organization's headquarters. 6-7 Internally developed statements of mission or values, codes of conduct, and principles
Number of countries where the organization operates, and names of countries with either major
4.8 relevant to economic/environmental/social performance and the status of their implementa- 6.2 10-11
Organizational
2.5
operations or specifically relevant to the sustainability issues covered in the report.
No office abroad tion.
Profile Procedures of the highest governance body for overseeing the organization's identification
2.6 Nature of ownership and legal form. 8-9 and management of economic, environmental, and social performance, including relevant
Governing struc-
4.9
risks and opportunities, and adherence to or compliance with internationally agreed stan-
6.2 8-9, 10-11
Target markets (including geographical breakdown, project field, and types of customers/
2.7
beneficiaries).
6-7 ture, responsibil- dards, codes of conduct, and principles.
ity, engagement
Processes for evaluating the highest governance body's own performance, particularly with
2.8 Scale of the reporting organization. 6-7, 73-75 4.10 6.2 8-9,
respect to economic, environmental, and social performance.
None
2.9 Significant changes during the reporting period regarding size, structure, or ownership occurred
16-19,
Explanation of whether and how the precautionary approach or principle is addressed by the 20-23,
2.10 Awards received in the reporting period 86
4.11
organization.
6.2 35-37,
59-61, 69, 73-75
3.1 Reporting period (e.g., fiscal/calendar year) for information provided. 2
Economic/environmental/social charters, principles, or other initiatives developed from
4.12
outside, to which the organization subscribes or endorses.
6.2 87-88, 89
3.2 Date of the most recent previous report. 2
Memberships in associations as the following (e.g., industry association) and/or national/
3.3 Reporting cycle (annual, biennial, etc.) 2 4.13
international advocacy organizations.
6.2 87-88, 89
3.4 Contacts for questions regarding the report or its contents. Folding paper 4.14 List of stakeholder groups engaged by the organization. 6.2 12-13
3.5
Process of defining report content. (Determining level of importance/priority, estimating

12-13, 4.15 Basis for identification and selection of stakeholders with whom to engage. 6.2 12-13
possible stakeholders) 14-15
Approaches to stakeholder engagement, including frequency of engagement by type and 12-13,
Report boundary (e.g., countries, divisions, subsidiaries, leased facilities, joint ventures, 4.16 6.2
3.6
suppliers).
2 stakeholder group. 14-15
Major topics and concerns that have been raised through stakeholder engagement, and how 12-13,
3.7 Specific limitations on the scope or boundary of the report. 2 4.17
the organization has responded to those Major topics and concerns.
6.2 14-15
Variables of
Basis for reporting on joint ventures, subsidiaries, leased facilities, outsourced operations,
Report
Economic Performance Indicators
methods
3.8 and other entities that can significantly affect comparability from period to period and/or 2
between organizations.
Direct economic value generated and distributed, including revenues, operating costs,
52-54,
Data measurement techniques and the bases of calculations, including assumptions and EC1 employee compensation, donations and other community investments, retained earnings, 6.8/6.8.3/6.8.7/6.8.9 73-75, 76
3.9 techniques which underlie estimations applied to the compilation of the Indicators and other By report theme payments to capital providers and governments.
information in the report.
Economic Perfor- Financial implications and other risks and opportunities for the organization's activities in
Explanation of the effect of any re- statements of information provided in earlier reports,
mance
EC2
relation to climate change.
6.5.5 69, 70
3.10 and the reasons for such re-statement (e.g., mergers/acquisitions, change of base years/ No change
periods, nature of business, measurement methods). EC3 Coverage of the organization's defined benefit plan obligations. 6.4.4/6.8 66-67
Significant changes from previous reporting periods in the scope, boundary, or measure-
3.11
ment methods applied in the report.
2 EC4 Significant financial assistance received from government. 73-75
Range of ratios of standard entry level wage compared to local minimum wage at significant
3.12 Table identifying the location of the Standard Disclosures in the report. 78-83 EC5
locations of operation.
6.4.4/6.8 58
Policies regarding verification from outside, current activities, verifying scope and standard, Market Policy, practices, and proportion of spending on locally-based suppliers at significant loca-
3.13
relation between reporting organization and verifying organization
7.5.3 2, 84-85
Presence
EC6
tions of operation.
6.6.6/6.8/6.8.5/6.8.7 76
Governance structure of the organization, including committees under the highest gover- Procedures for local hiring and proportion of senior management hired from the local Single business
Governing 4.1
nance body responsible for specific tasks such as setting strategy or organizational oversight
6.2 8-9 EC7
community at locations of significant operation.
6.8/6.8.5/6.8.7 place
structure,
responsibility, 6.3.9/6.8/6.8.3/6.8.
Whether the Chair of the highest governance body is also an executive officer (If so, their function Indirect Supporting activities for and impact of infrastructure investments and services that are 16-43,
engagement 4.2
within the organization's management and reasons for this appointment shall be indicated)
6.2 8-9
Economic Impacts
EC8
provided primarily for public benefit (including support-type division).
4/6.8.5/6.8.6/6.8.7/ 52-54
6.8.9


code Rate code Rate
6.3.9/6.6.6/6.6.7/ Processed as the
Indirect Understanding and describing significant indirect economic impacts (including the extent of 16-43,
Economic Impacts
EC9
impacts).
6.7.8/6.8/6.8.5/ 44-49 EN22 Total weight of wastes by type and disposal method. 6.5/6.5.3
maintenance
6.8.6/6.8.7/6.8.9 cost of the leased
building
Environment Performance Indicators
Not applicable
EN23 Total number and volume of significant toxic chemical leakage. No leak incident
EN1 Materials used by weight or volume. due to business

characteristics Weight of transported, imported, exported, or treated waste considered hazardous under Collective
Materials
Not applicable Emissions, Efflu- EN24 the terms of the Basel Convention Annex , , , and , and percentage of transported sewage treat-
EN2 Percentage of use of recycled materials. due to business ents, and Waste waste shipped internationally. ment plant
characteristics
EN3 Direct energy consumption by primary energy source. 68-70 Identity, size, protected status, and biodiversity value of water bodies and related habitats
EN25
significantly affected by the reporting organization's discharges of waste water.
6.5/6.5.4/6.5.6 Not applicable
EN4 Indirect energy consumption by primary source. 68-70
Initiatives to mitigate environmental impacts of products and services, and achieved perfor-
EN5 Energy saved due to conservation and efficiency improvements. 68-70
EN26
mance.
6.5/6.5.4/6.6.6/6.7.5 68-70
Energy
Products and
Initiatives to provide energy-efficient or renewable energy-based products/services, and Services Not applicable
EN6
reduction in energy requirements as a result of such initiatives.
6.5/6.5.4 68-70
EN27 Percentage of sold products and rate of recycling of the packaging materials 6.5/6.5.4/6.7.5 due to business
characteristics
EN7 Initiatives to reduce indirect energy consumption and achieved reduction amount. 68-70
Monetary values of significant fines and total number of non-monetary sanctions for No violation
Processed as the Compliance EN28
noncompliance with environmental laws and regulations.
6.5 case reported
EN8 Total water withdrawal by source. maintenance cost of
the leased building Significant environmental impacts of transporting products, other goods, materials used for
Transport EN29
the organization's operations, and members of the workforce.
6.5/6.5.4/6.6.6 68-70
Not applicable
Water EN9 Water sources significantly affected by withdrawal of water. due to business Overall EN30 Total environmental protection expenditures and investments by type. 6.5 69
characteristics
Social Performance Indicators
Not applicable
EN10 Percentage and total volume of water recycled and reused. due to business LA1 Total workforce by employment type, employment contract, and region 6.4/6.4.3 7, 57
characteristics
Not applicable LA2 Total number and rate of hires and employee turnover (by age group, gender, and region). 6.4/6.4.3 57
Location and size of land owned, leased, managed in, or adjacent to protected areas and Employ-
EN11
areas of a high biodiversity value outside protected areas.
due to business ment Benefits provided to full-time employees which are not provided to temporary or part - time
characteristics LA3
employees (by major operation location).
6.4/6.4.3/6.4.4 66-67
Not applicable
EN12
Description of significant impacts of activities, products, and services on biodiversity in
due to business
LA15 Rates of return to work and retention of the position after parental leave (by gender). 66-67
protected areas and areas of a high biodiversity value outside protected areas.
characteristics 6.4/6.4.3/6.4.4/
Labor/ LA4 Percentage of employees covered by collective bargaining agreements.
6.4.5/6.3.10
65
Not applicable Manage-
ment
Biodiversity EN13 Habitats protected or restored. 6.5/6.5.6 due to business
Relations LA5
Minimum notice period(s) regarding changes in operation, including whether it is specified in
6.4/6.4.3/6.4.4/6.4.5 65
characteristics collective agreements.
Not applicable Percentage of total workforce represented by the joint management-worker health and
EN14 Strategies, current actions, and future plans for managing impacts on biodiversity. due to business
LA6
safety committees
6.4/6.4.6
Labor
characteristics
ondi- Rates of injury, occupational diseases, lost days, and absenteeism, and total number of
Not applicable
Occu-
pational
LA7
work-related fatalities (by region).

Number and extinction risk level of species from both IUCN Red List and national preserva- tions
EN15
tion list with habitats in areas affected by business operations
due to business and its
Health
characteristics and Education, training, counseling, prevention, and risk-control programs in place to assist 6.4/6.4.6/6.8/6.8.3/
current Safety LA8
workforce members, their families, or community members regarding serious diseases. 6.8.4/6.8.8
EN16 Total direct / indirect greenhouse gas emissions by weight. 70 status
Not applicable LA9 Health and safety topics covered in formal agreements with trade unions. 6.4/6.4.6
EN17 Other relevant indirect greenhouse gas emissions by weight. 6.5/6.5.5 due to business
characteristics LA10 Average hours of annual training by employee category. 6.4/6.4.7 62-63
Training Programs for skills management and lifelong learning that support continuous employment
EN18 Initiatives to reduce greenhouse gas emissions and achieved performance. 70 and LA11 6.4/6.4.7/6.8.5 62-63
Education and assist them in managing career endings.
Emissions, Not applicable
Effluents, and EN19 Emissions of ozone-depleting substances by weight. due to business LA12 Percentage of employees receiving regular performance and career development reviews. 6.4/6.4.7
Waste characteristics
Composition of governance bodies and breakdown of employees according to gender, age
Not applicable Diversity
LA13
group, minority group membership, and other indicators of diversity.
6.3.7/6.3.10/6.4/6.4.3 7-8, 67, 76
EN20 NO, SO, and other significant air emissions by type and weight. due to business and Equal
characteristics Opportu-
6.3.7/6.3.10/6.4/
Processed as the
nity LA14 Ratio of basic salary of men to women by employee category.
6.4.3/6.4.4
58
EN21 Total water discharge by quality and destination. maintenance cost of

the leased building


code Rate code Rate
Percentage and total number of significant investment agreements and contracts that either Customer Total number of incidents of noncompliance with regulations and voluntary codes Not applicable
6.3/6.3.3/ Observed related 6.3.9/6.6.6/
HR1 include clauses incorporating human rights concerns or have undergone human rights screen-
6.3.5/6.6.6
laws
Health and PR2 concerning health and safety impacts of products and services during their life cycle (by
6.7/6.7.4/6.7.5
due to business
ing. Safety type of outcomes). characteristics
Investment
and
Percentage of significant suppliers, contractors, and other business partners that have 6.3/6.3.3/6.3.5/ Observed related Not applicable
Procurement HR2
undergone human rights screening. 6.4.3/6.6.6
laws Type of product and service information required by procedure, and percentage of 6.7/6.7.3/6.7.4/6.7.
Practices PR3
significant products and services subject to such information requirements. 5/6.7.6/6.7.9
due to business
characteristics
Total hours of employee training on policies and procedures concerning aspects of human
HR3
rights that are relevant to operations (including the percentage of employees trained).
6.3/6.3.5 60 Product
and Service Total number of incidents of noncompliance with regulations and voluntary codes 6.7/6.7.3/6.7.4/6.7.
Labeling PR4
concerning product and service information and labeling (by type of outcomes). 5/6.7.6/6.7.9
Not occurred
Non- 6.3/6.3.6/6.3.7/
Discrimination
HR4 Total number of incidents of discrimination and corrective actions taken.
6.3.10/6.4.3
Not occurred
Practices related to customer satisfaction, including results of surveys measuring customer 6.7/6.7.4/6.7.5/6.7.
PR5
satisfaction. 6/6.7.8/6.7.9
50-51
Freedom of
Association 6.3/6.3.3/6.3.4/6.3.5 Product
Operations identified in that the right to exercise freedom of association and collective Complied with
and HR5
bargaining may be violated or at significant risk, and actions taken to support such rights.
/6.3.8/6.3.10/6.4.3/ 64-65 Respon-
Collective 6.4.5 sibility the government
Bargaining Programs for adherence to laws, standards, and voluntary codes related to marketing
Human PR6
communications, including advertising, promotion, and sponsorship.
s advertisement
Rights Marketing implementation
Operations identified as having significant risk for incidents of child labor, and measures 6.3/6.3.3/6.3.4/6.3.
Child Labor HR6
taken to contribute to the effective abolition of child labor. 5/6.3.7/6.3.10
58 Communi-
cations
regulations
Total number of incidents of noncompliance with regulations and voluntary codes
Forced and Operations identified as having significant risk for incidents of forced or compulsory labor, and
Compulsory HR7 58 PR7 concerning marketing communications, including advertising, promotion, and sponsorship Not occurred
Labor measures to contribute to the elimination of all forms of forced or compulsory labor. by type of outcomes.
Security Percentage of security personnel trained in the organization's policies or procedures 6.3/6.3.5/6.4.3/ Customer Total number of substantiated complaints regarding breaches of customer protection and
Practices
HR8
concerning aspects of human rights that are relevant to operations. 6.6.6
Privacy
PR8
losses of customer data.
6.7/6.7.7 Not occurred
Indigenous Total number of incidents of violations involving rights of indigenous people and actions 6.3/6.3.6/6.3.7/ Monetary value of significant fines for non-compliance with laws and regulations
Rights
HR9
taken. 6.3.8/6.6.7
Not occurred Compliance PR9
concerning the provision and use of products and services.
6.7/6.7.6 Not occurred
Percentage and total number of operations that have been subject to human rights reviews
Assessment HR10
and/or impact assessments.
Not occurred
GRI Sector Supplement for Public Agencies
Number of grievances related to human rights field that are addressed/treated/resolved
Remediation HR11
through formal grievance mechanisms.
58 Item
Description
Report
Page
code Rate
Characteristics, scope and effectiveness of the programs that evaluate/manage the level Describe the relationship to other governments or public authorities and the position of the agency within its immediate
6.3.9/6.8/6.8.5/ PA1 6-7
SO1 of impact upon local communities at the beginning/operation/finishing stage of operational
6.8.7/6.6.7
52-54 governmental structures.
activities.
Define the sustainable development used by the public agency, and identify any statements or principles adapted
Local PA2
to guide sustainable development polices.

Communities SO9 Operations with significant potential or actual negative impacts on local communities. Not occurred
10-11,
Preventive/mitigating measures actually taken to operation sites which were either potentially
PA3 Identify the aspects for which the organization has established sustainable development policies. 45-49,
S10
or actually causing significantly negative impacts on local communities.
Not occurred 50-51,
PA4 Identify specific goals of the organization for each aspect listed in PA3, and identify short, mid, and long-term goals 52-54,
59-61,
SO2 Percentage and total number of business units analyzed for risks related to corruption. 6.6/6.6.3 59-61
PA5 Describe the process by which the aspects and goals in both PA3 and PA4 were set. 62-63,
68-70
Corruption SO3 Percentage of employees trained in organization's anti-corruption policies and procedures. 59-61 Implementation measures, results of assessments before implementation, key indicators, measures for improvement, results of
PA6
assessments after implementation, future goals.

Society
SO4 Actions taken in response to incidents of corruption. 61
PA7 Roles and participation of stakeholders (in respect to PA3~PA6 aforementioned). 12-13
SO5 Position on public policy and participation in public policy development and lobbying. 6.6/6.6.4/6.8.3 38-39, 76
PA8 Gross expenditures broken down by type of payment. 72-76
Public
Policy Total value of financial/commodity contributions to political parties, politicians, and related
SO6
institutions by country.
Not occurred PA9 Gross expenditures broken down by financial classification. 73-75
Illegitimate Not applicable PA10 Capital expenditures by financial classification. 73-76

Total number of legal actions for illegitimate competitive behavior and monopoly practices,
Competitive SO7
and their outcomes.
6.6/6.6.5/6.6.7 due to business
Behavior characteristics PA11 Describe procurement policy of the public agency related to sustainable development. 54, 76
Monetary value of significant fines and total number of non-monetary sanctions for non- PA12 Economic, environmental and social criteria that apply to expenditures and financial commitments. 76
Compliance SO8
compliance with laws and regulations.
6.6/6.6.7/6.8.7 Not occurred
PA13 Relations between the public agencys procurement practices and its public policy priorities. 76
Product Customer Life cycle stages in which health and safety impacts of products and services are assessed Not applicable
6.3.9/6.6.6/6.7/ Not applicable
Respon- Health and PR1 for improvement, and percentage of significant products and services categories subject to
6.7.4/6.7.5
due to business
PA14
Percentage of the total value of purchased goods that were registered with voluntary environmental or social labels and/
due to business
sibility Safety such procedures. characteristics or certification programs, broken down by type.
characteristics

Independent Verification Report
Verification scope and objectives

Korea Internet & Security Agency (hereafter KISA) has requested third party verification of their 2011 Sustainability Management Report to marcspon Museong, professor of Soongsil University, and Lee Mungyu, professor of Yonsei University) and reflecting them in the report seem to contribute to the
(hereafter verifier). marcspon is a verification agency officially certified by the standard establishment organization Accountability in the U.K. The period reinforcement of the reports both objectivity and specialty.
of verification was set from January 1, 2011 to December 31, 2011, which is same as the KISA Accountability Management Report period. The report
mainly describes efforts about environmental achievements, including social responsibility achievements and financial responsibility achievements. Inclusiveness: Principle of guaranteeing stakeholders participation using responsible responsive measures for sustainability
However, the financial information and greenhouse gas-related data presented in the report were not included in this verification scope. Verification The verifier made certain that KISA clearly defined different types of stakeholders, such as customers, government, IT industry, employees, local
was performed according to the global standard AA1000AS, while conformity to the GRI G3.1 Guidelines and ISO26000 Standards was ascertained. The community, NGO, international organization, and partner, and systematically manage them. KISA established various online/offline channels to open up
verifier observed the basic principles of the AA1000AS - Inclusiveness, Materiality, and Responsiveness - and utilized the information quality principle of the management information transparently, and actively reflects stakeholders opinions in setting up the business strategy and implementation tasks.
the GRI as the criteria of performance evaluation. In particular, KISA developed and provides SNS and mobile application service to collect comments from customers and enable active communication,
and developed the customer relationship management (CRM) system that integrated the comprehensive customer information management
Verification responsibility system, campaign management system, and VOC system. It was also verified that KISA reflects opinions gleaned from the field in improvement and
KISA takes full responsibility for information collection, analysis, compilation for report writing, and all assertions in the report. The verifiers sole establishment of policies through diverse channels like a joint labor-management conference and blue board (youth board of directors), and actively
responsibility is to present report verification to the KISA management team. The verifier has not in any way engaged in the report writing process, and collects opinions from the government, related experts, and partners through a conference, meetings and T/F.
does not have any interest for profits except providing the third party verification service on the report. The verifier checked whether any critical error or
prejudice exists in the report, checked for normal operation of the information collection system, and presented opinions for report quality improvement Materiality: Major issues by which stakeholders can judge KISAs present conditions as well as its social, economical, and environmental influence
by identifying sustainability management issues and reviewing the process. The verifier confirms that, as a result of performing verification activities, there were no important issues that were not covered by KISA in the report. For
this years materiality assessment, more stakeholders have participated and the data of analysis targets was increased compared to the previous year.
Verification procedure However, KISA needs to officially establish the materiality assessment methodologies, criteria for determining the level of importance, and procedures
The verifier has evaluated facts in report contents, reported data, and the internal process for report writing, as described below. of reporting to the management team and review. It is recommended to reflect as many opinions of stakeholders as possible by increasing the number
Reviewed the methodology and processes used to extract the data. of outside participants (e.g., questionnaire). In addition, efforts to understand important environment-related issues (e.g., energy saving) is insufficient
Reviewed the reference document and data that are related to key assertions in the report compared to economical and social achievements. If more attention is paid to the environmental issues, a more balanced materiality analysis process
Activities during the report period and interview with performance-related stakeholders may be established.
Evaluated the process to select issues that can affect overall KISA management and are deemed important by stakeholders.
Responsiveness: Principle about the scope in which the organization responds to stakeholders issues
Contents and quality compliance in accordance with the GRI G3.1 Guidelines
The verifier could not find any case in which activities for issues of stakeholders in relation to KISA were described in an inappropriate manner in the
report. In 2011 report, KISA described background of major issues, strategic system, mid-to-long term road map, and key achievements. Compared to
Verification results
the previous year, key achievements of KISA were described easier and more understandable, which is expected to produce positive effect on better
The verifier reviewed the report draft and presented opinions, and the report was modified, if necessary. The verifier could not find any incorrect
understanding of stakeholders.
information or inappropriate description of achievements in the 2011 Sustainability Management Report of KISA during the verification process. In
addition, with regard to data accuracy, no item was found that may lead us to judge the data collection through an inappropriate process, and no data
KISA has completed the process of self-checking their management system and understanding the expectation level of stakeholders by publishing the
error was found that may significantly affect the report significantly. The verifier confirms that the level of GRI G3.1 application with respect to the internal
second Sustainability Management Report. Even though there were some improvements in the aspect of balance, it is recommended to guarantee well-
declaration corresponds to A+ regarding sustainability management achievements.
balanced report on both positive and negative results in order to obtain trust and empathy from employees and stakeholders regarding KISAs efforts. In
addition, as many enterprises are considering online publication of the report in these days to solve the environmental problems associated with printing
Verification opinions
out the paper reports, and improve practical utilization of the reports, it is recommended that KISA, which endeavors to act as a specialized Internet
The verifier presents the following opinions, providing that the opinions do not affect verification results. The verifier has evaluated the sustainability
agency and so diffuse the sound Internet culture, publish Sustainability Management Report online (paperless) and take the lead among IT enterprises.
management achievements of KISA for 2 consecutive years since 2010 report verification, and had various interviews with management team, hands-
It is recommended to establish a communication path with stakeholders using the improved report methods, basing on current changes among todays
on workers in the concerned business area, and stakeholders. The result shows that internal/external awareness of KISA regarding sustainability issues
society.
has been improved from the previous year. It is a positive sign that a working-level organization which writes the report and discusses about concrete
future direction was promoted from the last years Sustainability Management T/F to Sustainability Management Practice Committee this year.
Participants were more active than last year, and acknowledged more deeply the necessity of sustainability management. However, most participants
from the last years report were replaced with new personnel. As a result, in-depth consideration upon changes in achievements or problematic September 2012
Representative consultant,
issues and offering suggestions were not carried out. The verifier expects that 2012 Sustainability Management Report will be improved if the term
marcspon
of participation in the Practice Committee is extended to 2 years for the purpose of fostering the internal experts as an early phase of sustainability
management. In addition, there remain few things in need of improvement: an integrated management system, which can systemize the sustainability
management implementation plan and mid-to-long term objectives, and understand the achievement trend of each area, has not been established yet
since the previous year; and the Sustainability Management Committee that was scheduled to be held during the verification process was eventually
not held, as substituted by the review opinions reported by each member. However, collecting review opinions from outside members (e.g., Jeong

Award History Current Status of KISAs Networks
Awarded Organization
Agency Name Award Title Details Managing Agency Purpose of Foundation (Major Activities) Roles of KISA Managing Agency
Date Name
Selected as an integrity agency as for creating the clean public service Ministry of Information Academic Association
2006.12.28 Integrity Agency Certificate
atmosphere and executing fair duties. and Communication
Korea Institute of I
Online stock exchange and electronic civil service document system were Promoting academic researches related to information Promoting academic researches related to informa- Korea Communications
2007.3.12 Asia PKI Best Practice Award Asia PKI Forum nformation Security
selected as an excellent PKI case in Asia. security, technology promotion, and R&D project tion security, technology promotion, and R&D project Commission
and Cryptology
Selected as an integrity agency as for creating the clean public service Ministry of Information IT technology research and standardization, IT expert IT technology research and standardization, IT expert Korea Communications
2007.4.21 Integrity Agency Certificate Open
atmosphere and executing fair duties. and Communication nurturing, and cooperation with related association nurturing, and cooperation with related association Commission
2007.9.14 Peter Drucker Innovation Award Leading innovation by creative management Peter Drucker Society Standards and Internet Contribution to the development of the communication field by mak- Contribution to the development of the communication Korea Communications
Association ing communication science theoretically systemized and universal field by making communication science theoretically Commission
Selected as an excellent integrity agency among affiliated agencies by the
Korea Communications Korean Institute of
2007.12.7 Integrity Agency Certification Korea Communications Commission in 2007 (Ministry of Information and Sharing knowledge and technologies regarding information Sharing knowledge and technologies regarding Ministry of Knowledge
Commission Communications and
((Former) Communication) processing information processing and Economy
Information Sciences
Korea Excellent Trust Management Trust management - improving organizational culture and expanding Kyeonghyang
2008.5.15 Korea Information Academic research on the development of theories and Academic research on the development of theories Ministry of Knowledge
Information Agency in Korea management disclosure Newspaper
Security Processing Society practices that are related to IT services and practices that are related to IT services and Economy
Future Pioneer Innovative CEO leadership (introduction of 6 Sigma and employee capability
Agency 2008.5.29 Herald Economy Korea Society of Contribution to academic/technical promotion with regard to Contribution to academic/technical promotion with Ministry of Knowledge
Enterprise enhancement, etc.)
IT Services electronic information communication regard to electronic information communication and Economy
Korea Contents Promotion Korea Contents
2008.5.30 Academic promotion and technical advancement in the digital contents area Institute of Electronics Contribution to the development and promotion of Contribution to the development and promotion of Ministry of Knowledge
Award Association
Engineers of Korea technologies regarding information science technologies regarding information science and Economy
2009.5.21 New Quality Award (Global System) Linked with ISO9001 Certification New Quality Forum
Korean Institute of Contribution to the development of Internet broad-
International certification for the quality management system in the Korean Foundation for Contribution to the development of Internet broadcasting, Korea Communications
2007~2009 ISO9001 Certificate Information Scientists casting, Internet TV, and broadcasting/communica-
information security area Quality Internet TV, and broadcasting/communication network Commission
and Engineers tion network
Contribution to security enhancement in the private sector, and international National Intelligence
2009.1 Agency Award Institute of Webcasting,
cooperation Service Contribution to the development and policy setup regarding Contribution to the development and policy setup Korea Communications
Internet and Telecom-
the information and communication area regarding the information and communication area Commission
Excellent Management Received the Minister Award from the Ministry of Strategy and Finance by Ministry of Strategy and munication
2009.6
Evaluation Agency obtaining grade A for management evaluation in 2008 Finance
Korea Information and
Contribution to the academic and technical development Contribution to the academic and technical devel- Korea Communications
Korea Management Communication Policy
Korea Efficiency Innovation Contribution to the society by creating a new management paradigm with regarding the Internet information system opment regarding the Internet information system Commission
2007.5.10 Association Registra- Association
Management Award management innovation and leadership
tions & Assessments
Korean Society for Systematic professional academic research on forensics, and Systematic professional academic research on Ministry of Knowledge
Ministry of Commerce, Internet Information expert nurturing forensics, and expert nurturing and Economy
Industry and Energy,
Korea Beautiful Enterprise Pursuing balance between economic achievements and social/ Forum/Conference
2007.8.23 Korea Chamber of
Award environmental responsibilities through strategic social contribution activities
(Former) Commerce Industry, Chairman of the secretariat's board of directors Ministry of Public
National etc. Korea PKI Forum PKI use promotion, business environment base establishment (president of KISA), secretary-general (Lim Jaemy- Administration and
Internet Korea Creative Management Contribution to the development of related industries with excellent eong, director) Security
Development 2008.5.1 NewsPeople
Award management capability and technical skills Diffusion of mobile RFID, market development, and leading Committee member (Ju Yonggwan, director), chairman Korea Communications
Agency of Mobile RFID Forum
Leading the Internet culture and contributing to the development of related domestic standard development of the sub-committee (Lee Seungjae, team manager) Commission
Korea (NIDA) Kyunghyang
2008.5.15 Korea Trust Management Award industries in consideration of changes and innovation made in the 21st Standardization of USN and monitoring of technology trend, Korea Communications
Newspaper USN Forum Committee member (Ju Yonggwan, director)
century and analysis on market/service Commission
Korea Cultural Management Contribution to the development of the cultural industry by representing the Korea Communications
2008.7.24 Hankook Newspaper
Award (Ethical Management Part) knowledge-based industries in the 21st century Creating a smart work environment, model identification, Vice chairman (president of KISA), operation mem- Commission, Ministry
Smart Work Forum
Conforming to international standards regarding the information security International Standard promotion, etc. ber (Won Yujae, director) of Public Administration
2006~2009 ISO27001 Certification
management system for Internet address resources Organization and Security
International certification for the quality management system in the Korean Foundation for Exchange of information and technology on Information secu- Korea Communications
2010~ ISO9001 Certificate CONsortium of CERTs Regular member
information security service provisioning area Quality rity, joint response to the incident, etc. Commission
Received the "Internet Promotion Award", as was acknowledged as a public Ministry of Public
Internet Grand Prize Presenting a role model for CSO (Chief Security Office), and
2010.6 Internet Grand Prize agency that contributed to Internet service promotion and copes with Korea CSO Forum Special member Administration and
Review Committee improving its position
hacking and virus Security
Minister's Award of Knowledge Ministry of Public

Received the Minister's Award of Knowledge and Economy, and selected as Strengthening autonomous regulation of private service pro-
and Economy, Family Friendli- Ministry of Knowledge Korea COP Forum KISA-related business Administration and
2010.9 an "Excellent Productivity Improvement Agency" by the minister of viders related to privacy protection
KISA ness Area, National Productivity and Economy Security
Knowledge and Economy.
Award Korean Council on the Strengthening autonomous regulation of privacy protection Ministry of Public
Received the grand prize, as was acknowledged for minimizing damages Protection of Personal and promoting policy cooperation regarding government/ KISA-related business Administration and
Hankyung Business
2011.3 e-Biz Brand Innovation Award from the DDoS attack and reducing the response time to one-third by taking Information private sector Security
Weekly
preemptive measures, such as Cyber Shelter and cyber treatment system. Future Internet Forum Providing the information and knowledge about future Internet Korea Communications
KISA-related business
(FIF) issues Commission
Contribution Award from Korea Contribution to the development of the Internet information technology, Korea Society for
2011.6.24 Future Network 2020 Presenting necessity of the future Internet, and proposing vi- Korea Communications
Society for Internet Information Internet industry, and convergence field like IPTV. Internet Information KISA-related business
Forum sion and policies Commission

UN Global Compact
Organization
Purpose of Foundation (Major Activities) Roles of KISA Managing Agency
Name
Association
Korea Cloud Service Information sharing between government, academic circle and Korea Communications
Association industry regarding cloud computing and application service
Vice-president
Commission Ten Principles for UN Global Compact
Korea Association of
Promoting RFID/USN introduction, preparing fitting environ- Ministry of Knowledge
RFID/USN Vice-president
ment, developing policies, etc. and Economy
Convergence
National Intelligence The Declaration of Human Rights

Promoting industries in relation to intelligent communication Vice-president of board of directors Korea Communications
Communication
service, H/W, S/W, and parts (president of KISA) Commission Declaration on Fundamental Principles and Rights at Work, International Labor
Enterprise Association
Organization (ILO)'
Korea Biotechnology Vitalizing biometrics industry and promoting cooperative Ministry of Knowledge
Secretariat
Industry Association exchanges between industry-academic-research areas and Economy The Rio Declaration on Environment and Development
UNCAC (United Nations Convention against Corruption)

Korea Association for User protection business for development of the broadcasting/ Korea Communications
Joint management agency
ICT Promotion communication industry, and personnel fostering. Commission
Korea Association of Technology development and cooperation in promoting the Korea Communications Global Compact requires enterprises to support, adopt, and enact core values in four areas
Joint management agency
Smart Home smart home industry Commission
- human rights, labor standards, environment, and anti-corruption.
Forming a cooperative system between mobile operators,
Korea Mobile Internet Sponsor agency Korea Communications
terminal manufacturers, contents providers, and solution
Business Association (Awarding by the president of KISA) Commission
providers.
Korea Information
R&D and marketing support for the development of the knowl- Ministry of Knowledge
Security Industry KISA-related business Businesses should:
edge information security industry and Economy
Association
Principle 1: Support and respect the protection of internationally proclaimed human rights; and
Korea Internet Human
Promoting of internet industry and enterprise, developing Korea Communications Rights Principle 2: Make sure that they are not complicit in human rights abuses.
Corporations KISA-related business
policies, etc. Commission
Association
Businesses should uphold:
National Intelligence
Communication
Promoting industries in relation to intelligent communication
KISA-related business
Korea Communications
Labor Principle 3: the freedom of association and the effective recognition of the right to collective bargaining;
service, H/W, S/W, and parts Commission Standards
Enterprise Association Principle 4: the elimination of all forms of forced and compulsory labor;
Press
Principle 5: the effective abolition of child labor; and
Principle 6: the elimination of discrimination in employment and occupation.
The most popular daily newspaper in the IT and Ministry of Knowledge
Electronic Times Sponsor agency
electronics industry and Economy
Businesses should:
Ministry of Public
Boan News Internet news related to information security Sponsor agency Administration and
Principle 7: support a precautionary approach to environmental challenges;
Security Environment Principle 8: undertake initiatives to promote environmental responsibility; and
Principle 9: encourage the development and diffusion of environmentally friendly technologies.
Principle 10: Businesses should work against corruption in all its forms, including extortion and bribery.
Anti-
Corruption
Korea Internet & Security Agency has joined the UN Global Compact (UNGC), which is an international
agreement stipulating the social responsibilities of the global enterprise, and declared that it will sincerely
implement ten principles in four areas - human rights, labor standards, environment, and anti-corruption.

Glossary
Term Description Term Description
A root certification authority in Korea which was established inside KIDA with the enforcement of the Electronic Signature Law An educational institute established by KISA to promote the nurturing of domestic Internet/information security expert through
in 1999. The function and role of the KCAC is to create an environment in which the electronic signature can be used safely and systematic training. KISA Academy opens training courses in the digital forensic/knowledge/information security consulting
reliably, and manage public certification agencies efficiently. Major duties include public certificate issuance/management for the areas by; conducting surveys on personnel and technical training demand of the knowledge/information security companies;
Korea Certification Authority Central (KCAC) KISA Academy
pubic certification agencies, practical review and regular inspection of public certification agencies, development and distribution improving information security awareness; supporting specialized technical training for the ordinary people/enterprise security
of the electronic signature-related technologies, study on the electronic signature-related policies, and international support manager; opening a general/advanced information security educational course; conducting invitation training of experts in the
(www.rootca.or.kr). broadcasting/communication area; and supporting internet international cooperation training like the IPv6 diffusion training.
A systematic and continuous process improvement activity based on risk management, which protects information assets from An invited training program for overseas broadcasting/communication experts (broadcasting/communication policy makers and
various threats so that businesses of organizations may secure continuity. KISA is running a business that evaluates and certifies KOALP(Korea Overseas Advanced Learning experts in developing countries), which was implemented as a part of the Korea Communications Commissions broadcasting/
the ISMS in both private and public sector. The Government Information Security Management System (G-ISMS) is applied to Program on Broadcasting & Communications) communication policy support project for developing countries. Total 261 invited training courses were opened between 1998 and
Information Security Management System
the public sector, which is designed in accordance with the certification of the e-Government information security management August 2011, and total 3,786 overseas broadcasting/communication experts from 129 countries have completed the course.
(ISMS)
system procedure published by the Ministry of Public Administration and Security. For the private sector, the Personal Information
Management System (PIMS) was developed, which presents the measure system and criteria, so that private enterprises can
perform privacy protection at the enterprise level. A service that provides various daily life information, such as navigation, personal location information, and lost terminal tracking,
LBS (Location Based Service,)
based on the customers location information obtained from the mobile communication network or Global Positioning System (GPS).
Cloud computing A method of using IT resources (H/W and S/W) over the Internet by lease and paying the usage fee for the used hours.
The next-generation recognition technology that can manage various object information, such as food, animal, and objects, via
the IC chip and wireless communication. KISA has developed the mobile RFID code and selected it as the standard in the Mobile
A youth group for primary and middle school students, which is organized to lead the proper Internet use culture and realize RFID code registration/search service
Korea Internet Dream Star RFID Forum. The mobile RFID service was attempted for the first time in the world, and requires various types of code systems to
public values through creative Internet utilization. satisfy various service models.
Asian and Pacific Training Centre for Information and Communications Technology for Development. The specialized ICT A domain that uses the code to indicate a country or a name of independent area in accordance with the ISO3166-1 Standard as
country code Top Level Domain (ccTLD)
education and training institute designed to remove digital division among UN ESCAP member countries and promote socio- an address. ccTLD of Korea is .kr (English) and . (Korean)
APCICT
economic development. The main duties include ICT education and training, and consulting on education and training. 66th UN
Economic & Social Commission for Asia Pacific in 2010 decides permanent establishment of the APCICT. A technology that keeps, acquires, or analyzes digital evidence based on the digital data saved in the information device, which
Digital forensic
enables to clarify the fact relevance.
A cyber-attack that disturbs normal services by generating overload within networks and systems. An attacker (hacker) sends a
DDoS (Distributed Denial Of Service) attack
large quantity of harmful traffic to a specific system using many PCs infected by malicious code. An environment that provides an optimal service without interruption, and fits into individuals characteristic and context at
anytime and anywhere, because communication, broadcasting, computing, and sensor networks are all converted. It is a
Future Internet
technology and service model that can accommodate new convergence services and other various services by resolving the
Internet key infrastructure that converts the IP address recognized by the computer (e.g., 203.254.110.20) into the domain name structural limitations of the current Internet.
DNS (Domain Name System)
(e.g., www.kcc.go.kr) that people can easily recognize, or vice versa.
A technology that identifies an individual using the physical characteristics (e.g., fingerprint or face) or individuals unique
An organization established by the CERES and UNEP in 1997 as a joint venture, GRI aims to lay the foundation of standardized Biometrics behavioral characteristics (e.g., signature action or gait), such as fingerprint, face, iris, vein, voice, signature, gait, DNA
GRI (Global Reporting Initiative) sustainability report through worldwide and autonomous participation of multiple stakeholders. Since the first guideline in 2000, recognition, etc.
the current GRI G3 Guidelines were released in 2006 after revision in 2002.
A shelter to support the sites attacked by DDoS, using DDoS Defense System. DDoS Cyber Shelter is a type of security that
Cyber Shelter
ICANN (Internet Corporation for Assigned A non-profit organization established in 1998 as a private world Internet address resource management organization that blocks an attack by changing the IP address of the attacked sites.
Names and Numbers) manages the Internet domain name (.com, .net, etc.), allocates the IP address, and manages the root DNS.
A future-oriented business environment, where people can work conveniently and efficiently at any time and any place on the
Smart Work
move, instead of the office or designated work space.
A technology that provides two-way service to viewers by sending multimedia over the Internet, such as the HD video, voice,
IPTV (Internet Protocol Television)
text, and data. It is also a type of digital convergence in that the Internet and television are converged.
A system that portals and enterprises block an e-mail sent from a particular IP in real time by referring to the spam e-mail sender
IP list.
Real-time Blocking List (RBL)
A new IP address system developed to improve the shortcomings of the IPv4, which is an IP address system currently in use. IPv6 KISA analyzes the spam information received from the domestic/overseas specialized institutes, and generates a spammer IP
IPv6 (Internet Protocol version 6) is a next-generation 128 bit address system (fourfold of the existing 32 bit IPv4) that provides almost indefinite address space and list and provides it to portals and enterprises.
various additional functions (encryption, authentication, quality control, etc.)
A generic name of the executable code designed for the malicious purpose. The malicious code is classified into a virus, worm,
Malicious code
or Trojan Horse, depending on the self-replication capability and infection target availability.
A method of ID/password-based individual identification, which can identify a user on the internet by replacing the resident
i-PIN (Internet Personal Identification Number)
registration number that can be easily used illegally on the Internet where face-to-face verification is difficult.
Open API (Open Application Programmer Inter- An API opened to Internet users, so that users can develop their own applications and services, instead of receiving web search
face) results and user interface unilaterally. As the open API is easy to access, it is used for various services like map service.
International standard that defines social responsibility of the enterprise which was established by the International
Standardization Organization (ISO) in November 2010. ISO26000 is composed of 7 key subjects and 36 issues, such as A cyber terror response organization that was established in KISA in 2003 in order to cope with the Internet incident at the national
ISO26000 governance, human rights, labor, environment, fair operation practice, consumer issue, community participation, and level. KrCERT detects the hacking or virus information in the private information communication network in advance, issues an
development. Even though ISO2006 doesnt have any legal binding, it is expected to be the important criteria of evaluation on Korea Internet Security Center (KrCERT) early forecasting/warning to prevent damage, and provides the recovery-related technologies. In addition, KrCERT acts as a
enterprise operation as one of the major standards of judgment in the international community. sole channel to respond to the international incidents by establishing the unified cooperation system for the network operation
agencies and others.

A variety of information is available at KISAs

homepage, including ringtone for your mobiles,
desktop wallpapers, and more.
Term Description
An independent dispute mediation committee established to arbitrate various types of disputes related to the Internet address
Internet Address Dispute Resolution Commit-
resource in accordance with Article 16, Law regarding Internet Address Resources enacted in 2004. Experts in the related field
tee (IDRC)
are appointed as arbitration members for quick resolution of dispute resolution using their specialized knowledge and experience.
A service that remotely checks information security vulnerabilities of web sites. Korea Internet Security Center provides this
Remote web vulnerability check service service with free of charge to small-to-medium-sized business or non-profit organization that lacks specialized information
security knowledge or server management personnel. (http://toolbox.krcert.or.kr)
gTLD is short for generic Top Level Domain. The top level domain indicates the organization category and country of the domain,
and is divided into gTLD (generic Top Level Domain) and ccTLD (country code Top Level Domain). There are 23 gTLD types, such
gTLD
as com, net, and org. The number of gTLD is expected to increase up to hundreds or thousands after 2013, according to the gTLD
creation open policy of the ICANN.
The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses elliptic
curve cryptography. As ECDSA provides fast processing speed with safety equal to the RSA (Rivest-Shamir-Adelmen) type,
ECDSA
ECDSA is widely used for mobile terminals. Together with DSA and RSA, ECDSA is included in the DSS (Digital Signature
Standard) and approved as the Federal Information Processing Standard (FIPS) 186-2.
A large-sized, formal/informal data set that exceeds the data collection, storage, management, and analysis capability of the
existing database management tool. It is also a technology that extracts values from data and analysis result. The characteristics
of the big data are generation, collection, analysis, and expression of various types of large-size data. The big data realizes
Big data the technology that was impossible in the past, operates the diversified modern society more efficiently by forecasting more
accurately, and allows provision, management, and analysis of the customized information for each individualized modern society
member. The development of the big data technologies provides the value information to the society and mankind throughout all
areas, including politics, society, economics, culture, science, and technology.
M2M implies an evolution to the future broadcasting and communication convergence ICT infrastructure that enables the
intelligent communication service between people and object as well as object and object safely and conveniently in real time
M2M (Machine-to-Machine) at anytime and anywhere. Strength of M2M is that a machine performs works that are dangerous, time-consuming, or related
to security for the convenience of people. (Application area: Telematics, sports, navigation, smart measurer, vending machine,
security service, etc.)
A term that describes the phenomenon of the connection between all objects and people as well as data generation, as the
IT technology has deeply integrated into our daily life. With the development of sensor technologies and data processing
Hyper connection technologies, the age of hyper-connectivity age is expected to develop into a state where connection among individuals
becomes denser, such as smart city and smart building, by going beyond the social network service (SNS) and augmented
reality.
A non-contact communication technology and one of the RFID technologies that use 13.56MHz frequency band. NFC is one of
the attractive next-generation LAN technologies, because security is relatively strong, thanks to a short communication distance, Report Feedback and Additional Information
NFC and the price is low. It is convenient to use the NFC because no dongle (reader) is required to use the RFID, and both read and
Feedbacks on the report can be registered through various methods,
write functions can be used. Even though NFC is similar to the existing LAN technologies like Bluetooth, NFC has a strength that
no settings between devices are required. including mail, email, website, etc. For additional information or any
inquiry, please contact below:
The worlds largest contents exhibition held in Cannes, a resort in France, every year. In 2011, 4,120 companies from 104 countries
participated in the event. The main purpose is to advertise broadcasting contents and related home appliances. Total 22 Korean Creative Management Team, Management Planning Department,
MIPCOM companies participated in 2011, including terrestrial broadcasting companies like KBS Media, MBC, SBS Contents Hub, and EBS,
as well as CJ E&M and Arirang TV, and made a great appeal confirming the Korean Wave again. (The export contract amount of
Korea Internet & Security Agency.
Korean broadcasting programs increased by 45%, compared to the previous year, reaching over 14 million dollars) Daedong Building, 109 Jungdae-ro (79-3 Garak-dong), Songpa-gu, Seoul
Postal code 138-803
It refers to a newly established company. This word was invented in the late 1990s when there was a company foundation boom
Startup at Silicon Valley in the U.S. due to Dot-com bubble. It generally implies a newly founded company with innovative technology and
Tel +82-2-405-6384
idea. It is different from a word venture company in that massive funds are still needed.
Fax +82-2-405-5119
Homepage http://www.kisa.or.kr
E-mail csr@kisa.or.kr
Publishing Date September 2012

Publisher Dr. Lee, Ki-joo

SustainabilityReport Eng 2012

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SustainabilityReport Eng 2012

Uploaded by

Copyright:

Available Formats

.

Beautiful KISA Sustainability Report

About this Report Contents

The meaning of publishing this report 02 Intro 56 Organizational Culture

Report publishing process

Verifying the report

2 Beautiful Internet World Beautiful

President of the Korea Internet and

4 Beautiful Internet World Beautiful Internet World 5

2009. 7 2009. 11 2010. 1 2010. 3 2010. 12 2011. 10 2012. 5

6 Beautiful Internet World Beautiful Internet World 7

8 Beautiful Internet World Beautiful Internet World 9

Mission and vision

5 strategic objectives and 13 strategic tasks

Worlds best specialized agency

10 Beautiful Internet World Beautiful Internet World 11

Definition of a stakeholder Sustainability management issues and expectations by stakeholder

 pen management meeting

Sustainability management strategy suitable for the

12 Beautiful Internet World Beautiful Internet World 13

J Balance between work and life

K Supporting the strengthening of capabilities of SMB

14 Beautiful Internet World Beautiful Internet World 15

. Creating a safe Internet use environment

Status of incident response support

Category 2009 2010 2011

Number of web sites scanned

Supporting analysis upon

Worm virus 3,107 cases 3,417 cases 3,839 cases

Number of web sites scanned Number of detected/corrected Supporting hacking

182 118 160

Quick incident DDoS Shelter service provision status

Number of companies using the service 52 companies 101 companies

In addition, the process of collecting the information

Operating DDoS Shelter for small businesses

18 Beautiful Internet World Beautiful Internet World 19

. Strengthening personal information protection

Operating the Personal Information Infringement Report Center

Number of reports received by the Personal Information Infringement Report Center

Category 2009 2010 2011

Report 2,139 cases 1,788 cases 2,556 cases

Consultation 33,028 cases 53,044 cases 119,659 cases

Total 35,167 cases 54,832 cases 122,215 cases

235 1,103 362

22 Beautiful Internet World Beautiful Internet World 23

. Spreading healthy Internet culture

Weve led the healthy Awareness-raising of Internet ethics

Internet culture movement.

2nd term Korea Internet Dream Star

Korea Internet Dream Beautiful Internet Internet ethical

Internet Culture Development Division

26 Beautiful Internet World Beautiful Internet World 27

. Fostering the information security industry

industry and relevant personnel.

Item Technology transfer Intl standard contribution Intl standard establishment

Support results 6 cases 16 papers 5 standards

Test lab-using Increased supply of Nurturing information

Effects of using the test lab

Increasing test lab operation and supporting

Providing fingerprint and face recognition performance

16 cases of information security technology development

services and standardization transfer) information security source technology, such as

Industry Development division

30 Beautiful Internet World Beautiful Internet World 31

pen management meeting

Increasing test lab operation and supporting

16 cases of information security technology development

establishment Promoting phased future advanced service

istributed the manual to the entire