x
Verified on Po.et Created with Sketch. Verified on Po.et

Korean Crypto Exchange Earns Key Government Cybersecurity Certification

by

        Korean Crypto Exchange Earns Key Government Cybersecurity Certification
Korean Crypto Exchange Earns Key Government Cybersecurity Certification

South Korean cryptocurrency exchange GOPAX has become the first blockchain company to attain K-ISMS certification, the official standard in Korea for information security management systems. This is an important sign of approval by the Korean government regarding GOPAX’s cybersecurity infrastructure.

K-ISMS certification is an official domestic standard regarding the establishment, management and operation of information security systems for selected industries including server hosts, portal services and internet service providers. Based on Article 47 of the Act on Promotion of Information and Communications Network Utilization and Information Protection (“the Network Act”), the certification carries significance for the blockchain sector as it signals that blockchain companies possess the capacity to manage and operate information security systems at a level on par with much more established corporations and businesses, specifically those in the technology and financial sectors.

In an interview with Bitcoin Magazine, Myeonghun Baek, the chief information security officer (CISO) at GOPAX, explained, “K-ISMS certification is mandatory for companies above a certain level in terms of either sales or user numbers that utilize information communication networks. GOPAX is currently not at that level, and thus didn’t need to obtain certification, but we voluntarily underwent the K-ISMS audit to become certified. As there is no official operating standard for blockchain companies currently in place, GOPAX receiving K-ISMS certification is a sign that it is willing to be ahead of legislation and set an operating standard for other blockchain companies.”

The K-ISMS certification process takes place through the Korea Internet and Security Agency (KISA), which operates a team of specially trained auditors to examine the applying companies, along with a committee that evaluates the audit results.

The audit itself covers two major areas: information security management processes and information security measures. The former consists of 5 individual categories that are examined, including management responsibilities and organizational structure, and risk management and post-incident management, while the second is composed of 13 categories, such as information security policy, information security organization, external security, the categorization of information assets and information security training.

This is not GOPAX’s first step toward government compliance. Last July, the company was ISO/IEC 27001–certified, and was ultimately the first cryptocurrency exchange in the world to become so. ISO/IEC 27001 is a global information security management standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It works as a standard used between companies on an international level, which according to Baek suggests that GOPAX meets certain standards around the globe and can thus operate on a level that ensures basic competence regarding information security management.

“For operating within the bounds of Korea, K-ISMS is still more significant because it offers tangible benefits when operating a relevant business within Korean jurisdiction, as well as discounts when applying for information security insurance and bonus points during KISA’s information security evaluations,” said Baek. “Companies looking to scale within the financial and tech sectors will eventually be required to obtain K-ISMS certification or face penalties.”

Baek mentions that under the Network Act, cryptocurrency exchanges are presently identified as “information and communications service providers” rather than financial institutions. Thus, they fall under the jurisdiction of the Korean Ministry of Science and ICT (MSIT) rather than Korea’s Financial Services Commission (FSC), but he believes this opens yet another door for GOPAX and its staff.

“It’s different from countries like Japan, where the overarching organization regarding crypto exchanges is the Financial Services Agency,” he stated. “However, the blockchain industry has been requesting the government to establish a set of rules so that the companies know what is out of bounds when it comes to operating a blockchain company.”

He continued, “While nothing official has come out in that regard, it is also up to the companies themselves to demonstrate that they can operate up to standards that are currently in place for other companies in the tech sector. By achieving K-ISMS certification, GOPAX has shown that it is capable and serious about legal compliance, and we feel this move can inspire other companies to follow suit. That would show that the companies in this sector are interested in compliance and in cooperating with the government to establish a set playing field and to operate in a transparent manner.”


Recommended

Op Ed: Defining Decentralization: How Ambiguity Continues to Divide Crypto

In the pursuit of mass adoption, decentralization shouldn’t be our goal, but instead a means to achieve the many different, and equally important, goals that exist for cryptocurrency users.

Paul Puey

Qtum Completes First Atomic Swap With Bitcoin on Mainnet

Atomic swaps allow for on-chain exchanges, or transactions, between cryptocurrencies on two separate blockchains — in this case, Bitcoin and Qtum — without the need to rely on a third party.

Michael Taiberg

Nydia Zhang of the Social Alpha Foundation: Using the Blockchain for Good

“Education is what I see in the future as a positive change within the blockchain space. "

Nick Marinoff

South Korea Is Trialing Blockchain Voting — Here’s What That Means

South Korea will test out a new blockchain voting system this month, sources close to the developments have confirmed to Bitcoin Magazine.

Nick Marinoff