PART 01 Information Security Overview
SECTION 01 Concept of Information Security Management
1.
Information Protection in the Information Society / 2.
Information Security Management / 3. OSI Security Architecture / 4.
Definition of basic security terms

PART 02 Cryptography
SECTION 02 Cryptography Overview
1.
Basic Concepts of Cryptography / 2.
Classification of cryptography / 3.
Overview of Major Cryptographic Technologies
4.
Cryptography (Cryptography) / 5.
Security Evaluation of Cryptographic Algorithms / 6.
Intellectual Property Rights Protection
SECTION 03 Symmetric Key Cryptography
1.
Modern symmetric key cryptography / 2. DES (Data Encryption Standard) / 3. AES
4.
Other symmetric key encryption algorithms / 5.
Encryption techniques using modern symmetric key cryptography
SECTION 04 Asymmetric Key Cryptography
1.
Asymmetric key cryptography / 2.
Hybrid cryptosystem
SECTION 05 Hash Functions and Applications
1.
One-way hash function / 2.
Examples of cryptographic hash functions / 3.
Message Authentication Code (MAC)
SECTION 06 Electronic Signatures and PKI
1.
Electronic Signature / 2. PKI (Public Key Infrastructure)
SECTION 07 Key, Random Number
1.
Key / 2.
random number

PART 03 Access Control
SECTION 08 Access Control Overview
1.
Access Control Overview
SECTION 09 USER AUTHORIZATION
1.
Authentication / 2.
User authentication technique / 3.
Single Sign On (SSO)
SECTION 10 ACCESS CONTROL SECURITY MODEL
1.
Model of access control / 2.
Security model
SECTION 11 Access Control Security Threats and Countermeasures
1.
Access Control Security Threats and Countermeasures

PART 04 SYSTEM SECURITY
SECTION 12 SECURITY OPERATING SYSTEM
1.
Secure operating system / 2.
Key features of the secure operating system
3.
Secure Operating System and Secure Kernel / 4.
Trusted Platform Module (TPM)
SECTION 13 CLIENT SECURITY
1.
Malicious software (malicious code) / 2.
Internet Utilization Security
SECTION 14 Windows Server Security
1.
Windows / 2.
Windows Security / 3.
Windows Server Security Settings
SECTION 15 UNIX/Linux Server Security
1.
UNIX / 2. UNIX Basics / 3. UNIX System Administration / 4. UNIX Server Security
5.
Linux / 6.
Unix/Linux Server Vulnerability Analysis and Assessment
SECTION 16 SERVER SECURITY MANAGEMENT
1.
Server Administrator's Duties / 2.
Log Settings and Management / 3.
Understanding and Responding to Public Hacking Tools
4.
Installation and operation of software for server security
SECTION 17 Various System Security Threats and Countermeasures
1.
Buffer Overflow Attack / 2.
Format String Attack / 3.
Race Condition Attack / 4.
Back door / 5.
System resource exhaustion attack (system denial of service attack) / 6.
Reverse Engineering / 7.
Other System Security Threats and Countermeasures
SECTION 18: Latest Security Topics
1.
Blockchain / 2.
Internet of Things (IoT) / 3.
Cloud Security
4.
Ransomware / 5. Advanced Persistent Threat (APT) / 6.
Other Latest Security Topics

PART 05 NETWORK SECURITY
SECTION 19 NETWORK OVERVIEW
1.
Overview / 2. OSI Model and TCP/IP Protocol
SECTION 20 TCP/IP
1.
Physical layer / 2.
Data link layer / 3.
Network Layer / 4.
Transport Layer / 5.
Application layer
SECTION 21 ROUTING
1.
Routing Overview / 2.
Unicast Routing / 3.
Router Security
SECTION 22 Understanding Network Equipment
1.
Understanding Network Equipment / 2. Configuring and Managing VLANs
SECTION 23 WIRELESS COMMUNICATIONS SECURITY
1.
Wireless Communication / 2.
Wireless LAN Security / 3. WAP (Wireless Application Protocol)
4.
Device authentication technology (device authentication) / 5. RFID (Radio-Frequency Identification) / 6.
Mobile Security
SECTION 24 NETWORK MANAGEMENT
1.
Network Management / 2. SNMP / 3.
remote access service
SECTION 25 Leveraging Network-Based Programs
1.
Leverage network-based programs
SECTION 26 Understanding Network-Based Attacks
1.
Network-based threats / 2.
Network-based security threats and countermeasures
SECTION 27 IDS/IPS
1.
Intrusion Detection System (IDS) / 2.
Intrusion Prevention System (IPS)
SECTION 28 Firewall
1.
Overview of Intrusion Prevention System (Firewall) / 2.
Classification of types of intrusion prevention systems
3.
Types of intrusion prevention systems (construction types) / 4.
iptables
SECTION 29 VPN
1. VPN (Virtual Private Network) / 2. IPSec (IP Security Protocol) / 3.
Internet Key Exchange
SECTION 30: Latest Network Security Technology
1.
Latest network security technology

PART 06 APPLICATION SECURITY
SECTION 31 FTP Security
1.
File-related protocols / 2. FTP security threats and countermeasures / 3. FTP service operation
SECTION 32 EMAIL SECURITY
1.
Email related protocols / 2.
Security technologies for email content security
3.
Spam Email Security Response Technology / 4.
sendmail
SECTION 33 Web Security
1.
Web Security Overview / 2. SSL/TLS / 3.
Web server security
4.
Web Security Threats and Countermeasures / 5.
Software Development Security
SECTION 34 DHCP and DNS Security
1.
Host Configuration and Host Configuration Protocol / 2. Domain Name System (DNS)
3. DNS Security / 4. DNS Server Security Settings
SECTION 35 DATABASE SECURITY
1.
Database Basic Concepts / 2.
Database Security Requirements
3.
Database Security Control / 4. DBMS Security Management
SECTION 36 E-Commerce Security
1.
Information Protection in E-Commerce / 2. SET (Secure Electronic Transaction) / 3.
E-commerce Application Security
SECTION 37: RESPONSE TO BREACH INCIDENTS (DIGITAL FORENSICS)
1.
Hacking / 2.
Incident Response and Forensics
SECTION 38 Various Application Security Threats and Countermeasures
1.
Various application security threats and countermeasures / 2.
Java Security

PART 07 Information Security Management and Regulations
SECTION 39 Establishing an Information Security Governance and Management System
1.
Information Security Governance / 2. IT Security Management / 3.
Information Security Policies, Procedures, Standards, Guidelines, and Baselines / 4.
Human Resource Security
SECTION 40 INFORMATION SECURITY RISK MANAGEMENT
1.
Risk Management / 2.
Risk Analysis
SECTION 41 BCP/DRP
1. BCP/DRP
SECTION 42 Information Security Certification System
1.
Security Product Evaluation Methods and Criteria / 2.
Information Security Management System Certification
3.
Information Security and Personal Information Protection Management System (ISMS-P Certification) / 4.
Other certification systems and information protection activities
SECTION 43 Information Protection-Related Laws
1.
Personal Information Protection Act (March 15, 2024) / 2.
Act on Promotion of Information and Communications Network Utilization and Information Protection (August 14, 2024)
3.
Information and Communications Network Protection Act (January 24, 2025)


1200 key questions
-STEP 01- (Difficulty: Medium to High)
PART 01 Information Security Overview
SECTION 01 Concept of Information Security Management

PART 02 Cryptography
SECTION 02 Cryptography Overview
SECTION 03 Symmetric Key Cryptography
SECTION 04 Asymmetric Key Cryptography
SECTION 05 Hash Functions and Applications
SECTION 06 Electronic Signatures and PKI
SECTION 07 Keys and Random Numbers

PART 03 Access Control
SECTION 08 Access Control Overview
SECTION 09 USER AUTHORIZATION
SECTION 10 ACCESS CONTROL SECURITY MODEL
SECTION 11 Access Control Security Threats and Countermeasures

PART 04 SYSTEM SECURITY
SECTION 12 SECURITY OPERATING SYSTEM
SECTION 13 CLIENT SECURITY
SECTION 14 Windows Server Security
SECTION 15 UNIX/Linux Server Security
SECTION 16 SERVER SECURITY MANAGEMENT
SECTION 17 Various System Security Threats and Countermeasures
SECTION 18: Latest Security Topics

PART 05 NETWORK SECURITY
SECTION 19 NETWORK OVERVIEW
SECTION 20 TCP/IP
SECTION 21 ROUTING
SECTION 22 Understanding Network Equipment
SECTION 23 WIRELESS COMMUNICATIONS SECURITY
SECTION 24 NETWORK MANAGEMENT
SECTION 25 Leveraging Network-Based Programs
SECTION 26 Understanding Network-Based Attacks
SECTION 27 IDS/IPS
SECTION 28 Firewall
SECTION 29 VPN
SECTION 30: Latest Network Security Trends

PART 06 APPLICATION SECURITY
SECTION 31 FTP Security
SECTION 32 EMAIL SECURITY
SECTION 33 Web Security
SECTION 34 DHCP and DNS Security
SECTION 35 DATABASE SECURITY
SECTION 36 E-Commerce Security
SECTION 37: Breach Incident Response (Digital Forensics)
SECTION 38 Various Application Security Threats and Countermeasures

PART 07 Information Security Management and Regulations
SECTION 39 Establishing an Information Security Governance and Management System
SECTION 40 INFORMATION SECURITY RISK MANAGEMENT
SECTION 41 BCP/DRP
SECTION 42 Information Security Certification System
SECTION 43 Information Protection-Related Laws

-STEP 02- (Difficulty: Intermediate to High)
PART 01 Information Security Overview
SECTION 01 Concept of Information Security Management

PART 02 Cryptography
SECTION 02 Cryptography
SECTION 03 Symmetric Key Cryptography
SECTION 04 Asymmetric Key Cryptography
SECTION 05 Hash Functions and Applications
SECTION 06 Electronic Signatures and PKI
SECTION 07 Keys and Random Numbers

PART 03 Access Control
SECTION 08 Access Control Overview
SECTION 09 USER AUTHORIZATION
SECTION 10 ACCESS CONTROL SECURITY MODEL
SECTION 11 Access Control Security Threats and Countermeasures

PART 04 SYSTEM SECURITY
SECTION 12 SECURITY OPERATING SYSTEM
SECTION 13 CLIENT SECURITY
SECTION 14 Windows Server Security
SECTION 15 UNIX/Linux Server Security
SECTION 16 SERVER SECURITY MANAGEMENT
SECTION 17 Various System Security Threats and Countermeasures
SECTION 18: Latest Security Topics

PART 05 NETWORK SECURITY
SECTION 19 NETWORK OVERVIEW
SECTION 20 TCP/IP
SECTION 21 ROUTING
SECTION 22 Understanding Network Equipment
SECTION 23 WIRELESS COMMUNICATIONS SECURITY
SECTION 24 NETWORK MANAGEMENT
SECTION 25 Leveraging Network-Based Programs
SECTION 26 Understanding Network-Based Attacks
SECTION 27 IDS/IPS
SECTION 28 Firewall
SECTION 29 VPN
SECTION 30: Latest Network Security Trends

PART 06 APPLICATION SECURITY
SECTION 31 FTP Security
SECTION 32 EMAIL SECURITY
SECTION 33 Web Security
SECTION 34 DHCP and DNS Security
SECTION 35 DATABASE SECURITY
SECTION 36 E-Commerce Security
SECTION 37: Breach Incident Response (Digital Forensics)
SECTION 38 Various Application Security Threats and Countermeasures

PART 07 Information Security Management and Regulations
SECTION 39 Establishing an Information Security Governance and Management System
SECTION 40 INFORMATION SECURITY RISK MANAGEMENT
SECTION 41 BCP/DRP
SECTION 42 Information Security Certification System
SECTION 43 Information Protection-Related Laws

Appendix Previous Questions
The latest questions from the 2025 first Information Security Engineer exam
The latest questions from the 2nd Information Security Engineer Exam (2025)
Latest questions from the 4th Information Security Engineer Exam (2025)
Answers and explanations for the latest 2025 first exam questions
Answers and Explanations for the 2nd Examination (2025)
Answers and Explanations for the 4th Examination (2025)

Key Summary Notes
PART 01 Information Security Overview
PART 02 Cryptography
PART 03 Access Control
PART 04 SYSTEM SECURITY
PART 05 NETWORK SECURITY
PART 06 APPLICATION SECURITY
PART 07 Information Security Management

Features of this book 1.
Textbook for non-computer/information security majors

I wrote this with the utmost emphasis on breaking the stereotype that “security is difficult.”
To make it as easy to understand as possible, we have diagrammed it with pictures, and organized the described content into tables here and there to help you organize it, thus increasing your understanding of the material.

Feature 2 of this book.
100% reflection of the information security (industry) engineer exam area

Although some of the order has been changed to help understanding, all five domains of the information security engineer exam (except for four domains for industrial engineers) are reflected.

Feature 3 of this book: Complete analysis of past questions for the KISA and KCA Information Security Engineer/Industrial Engineer exams.
Completely analyzed and included past questions for the Information Security Engineer/Industrial Engineer exam from 2013 to present.

Feature 4 of this book.
Online/Offline Author Direct Lecture Textbook

To help you pass the exam in the shortest possible time, paid academy/video lectures are also available along with this textbook (www.algisa.com).

Structure and Use of This Book
Basic theory book

The theory book of this textbook has been reorganized into 7 chapters and 43 sections in 5 domains, so that it can be studied by dividing it into sections.
At the beginning of the section, a security mentor was in charge of providing study guidance and analyzing the questions, and on the left and right wings next to the main text, various terms necessary for studying the main text and important checkpoints to organize were placed.

Structure and Use of This Book
1200 Key Past Exam Questions (Problem Set)

A total of 1,200 problems were carefully selected, divided into sections in the same order as the textbook's theory book.
We have tried to avoid duplication of questions as much as possible, and have strengthened the explanations so that they can be organized using only the workbook.

Structure and Use of This Book
Information Security (Industry) Engineer Key Summary Notes (Separate Appendix)

To facilitate efficient learning, key summary notes are provided in a separate volume, following the same order as the textbook's theory book.

I would like to express my deepest gratitude to the CEO of Top Spot and all of his staff who helped publish this textbook.
Additionally, I would like to express my gratitude to Seonmi Lee (currently working in public security and currently enrolled in the Graduate School of Information Security at Korea University), who helped me review the textbook despite her busy schedule.