IT Leader / CEO & president Lee Hong-sub More investment needed to ensure Korea becomes a global IT leader Informatization projects to build u-Korea are currently a top priority. However, provided information security is not given precedence in the informatization business, informatization itself cannot be sufficiently advanced. Moreover, for users to enjoy various benefits of IT services with peace of mind, information security is very important. In particular, information security in a Ubiquitous society will act as the core element to facilitate usage of IT services. The CEO & president of the Korea Information Security Agency (KISA), Lee Hong-sub, who became the 5th CEO of this Agency in 2004, is a deserving leader of information security business circles. He cautioned in a recent interview with The Korea IT Times, "Providing means for ensuring information security are not devised, everything could just collapse suddenly one morning." He stresses that to that extent, information security must be included in the three infrastructures that Korea's Ministry of Information & Communication (MIC) is building and must accompany a crucial road alongside the advancement of the Ubiquitous society. "Security First, Global Leader!" On April 10, 2006, KISA commemorated the Agency's 10th Anniversary at the Intercontinental Seoul. To secure a bright and strong future for the nation's information society, the advent of KISA filled an essential need of the times, Lee reminisced about the agency's past 10 years. Over the past 10 years since its establishment, KISA has entered the spotlight on the stage of global information security with seamless Internet usage as well as Internet incident response within 30 minutes, building the most secure electronic signature use environment in the world as well as OECD level privacy protection environment, Lee pointed out. On the background of the past 10 years' performance, the president committed himself to beefing up its established mission such as response to Internet incidents, critical information infrastructure protection, illegal spam response, electronic signature management (Root CA), security evaluation, and information security policy support. KISA is drawing wide attention by establishing its vision as "Security First, Global Leader" so that the Agency may grow eventually to be a leader in the international arena of information security. This would boost its competitiveness as a global information security institution as well as transform it into an agency equipped with global leadership. Lee pledged that KISA would carry out a Think Tank role, which solves international information security issues and copes with such issues proactively. In order to realize KISA's vision to become a global information security leader, the Agency has established three practical strategies of customer satisfaction, strategy strengthening, and innovation acceleration. No national boundaries in Internet world There is not any national boundary in Internet world. Thus, KISA opened its door toward the world early, escaping domestic problems in the meanwhile. As part of such strategies, Lee explains that KISA has concluded an international cooperation agreement with MS as well as Cisco Systems and exchanged MOU (Memorandum of Understanding) with Australia's ACMA (Australian Communications & Media Authority) in the interests of reducing spam which is the first mutual cooperation in the world regarding spam response. In addition, KISA has propelled CCRA joining for the sake of information security product's international competitiveness strengthening. Accordingly, Lee notes that in the case of our country, CCRA joining which recognizes assessment certification results among member countries each other, is close at hand in the first half of the year. Especially, he underlines KISA has brisk international cooperation with global institutions under way, in the fields of vulnerability analysis, internet incident response, spam response, and policy development and so forth. Last year, the Agency has enforced education for around 40 people from 12 countries with its object in three courses such as IT Security Evaluation & Certification course, PKI management, and CERT (computer emergency response team) construction course as part of technology education for developing countries. As a result, developing country level like China and Taiwan is benchmarking our information security model, the information security veteran stresses. Rather prevention than incident response KISA is noteworthy in that the Agency excels in incident response ability. To cope with Internet incident of private sector plus constructing an united cooperation system with Internet service providers, KISA has established its 'Korea Internet Security Center' in Dec. 2003, which concentrates its efforts on infringement incident's early response, new-kind worm/virus's influence analysis with 365 days 24 hours monitering. Since the establishment of the Center, KISA has been in the meantime devoting its energies to incident response by establishing international joint response network such as APCERT (Asia Pacific Computer Emergency Response Teams) Committee activity, FIRST (Forum of Incident Response & Security Team) Steering Committee activity, and Internet incident-related affairs cooperation MOU with Cisco Systems (Oct. 2003) as well as Microsoft (Nov. 2003), but now the Agency concentrates its efforts rather on prevention, Lee said. Though Korea is the highest in terms of Internet incident swift response and illegal spam control, ceaseless investment is important for such spheres and at the same time for nurturing information security field, he underscores. As the awareness about the importance of information security diffuses, the government in every countries nurtures information security or security industry by intervening in them powerfully directly/indirectly. Therefore, Lee concluded his remarks by proposing that the government possess sufficiently suppliers to provide information security vehicles and needs to nurture them so that this industry may equip with features over certain level.