Research Report
I. Background and Purpose of Research
▶ Modern hyper-connected society and the importance of information security
○ Today’s rapidly developing science and technology bring us both benefits and problems, like two sides of a coin. Information security issues resulting from hyper-connectivity of society are a representative example.
○ As almost all data in the world is connected through hyper-connected networks, we enjoy new utilities that we have never experienced before. However, as everything becomes connected through networks, the risk of information security being violated increases dramatically. In addition, the consequences of information security violations can easily spread throughout society.
○ For this reason, the normative value of information security is becoming increasingly higher in the modern hyper-connected society.
▶ Supply chain security and zero trust as recent information security issues.
○ In this situation, supply chain security and zero trust are the most controversial topics in the information security field today.
○ In particular, with the emergence of Advanced Persistent Threat (APT), which is motivated by conflicts between countries, supply chain security and zero trust have become very realistic tasks regarding information security.
○ Against this background, this research deals with supply chain security and zero trust issues in the context of building a new information security system. In particular, this research is focusing on analyzing how the UN, the United States, the European Union, Germany, the United Kingdom, and Japan are legally responding to this.
○ Based on this, this research seeks to build a new information security system that can respond to supply chain security and zero trust.
Ⅱ. Contents
▶ Concept of information security
○ At first, this research looks at what information security means.
○ In this regard, the concept of information security, cyber security, cyber defense, and information protection are used interchangeably, and this research examines how each concept compares.
○ Then, this research deals with the significance of information security in today’s hyper-connected society.
▶ Paradigm of information security
○ This research reviews what paradigm existing information security is based on and what its limitations are.
○ In this research, researchers define the paradigm on which existing information security was based as a boundary (perimeterisation)-centered paradigm and examine what limitations this paradigm faces today.
▶ Supply chain security and zero trust
○ This research reviews supply chain security and zero trust, which have recently become the focus of attention as new information security issues.
○ First, this research provides an overview of what supply chain security is, why supply chain security is emerging, how supply chain breaches occur, and how to deal with them.
○ Second, researchers briefly review what zero trust security is, why zero trust security is requested, and how to implement zero trust security.
▶ International regulations on supply chain security and zero trust
○ This research analyzes what regulation systems the international community has in place regarding supply chain security and zero trust. This is the most important part of this research.
○ This research identifies what regulation systems and governances the UN, US, EU, Germany, UK, and Japan are building to respond to supply chain security and zero trust security, and what implications can be drawn from this.
▶ Design legal response measures to establish a new information security system
○ This research briefly explores what new security paradigms and systems can implement supply chain security and zero trust security, and how these can be applied to our information security legislation.
○ The legal response measures necessary to establish a new information security system are presented in the form of a concept.
Ⅲ. Expected Effects
▶ Promoting understanding of information security
○ This research contributes to improving understanding of information security as it includes discussions on the concept, system, and background.
▶ Increase understanding of supply chain security and zero trust
○ This research specifically focuses on discussions on supply chain security and zero trust. This contributes to improving understanding of supply chain security and zero trust.
▶ Contributing to the establishment of legal response measures for supply chain security and zero trust
○ This research provides implications for exploring our legal response in that it shows what legal response measures the world’s major countries are preparing regarding supply chain security and zero trust.