South Korea has experienced large-leveled hacking or DDos attack on information network systems or leakage of mass personal information since 2008. In spite of the successive information-security infringing activities, there have been rare, if any, researches on examining provisions criminalizing and penalizing the activities under Act on Promotion of Utilization of Information and Communication Network and Protection of Personal Information, and Act on the Protection of Information and Communications Infrastructure. This thesis analyzed the provisions under both legislations from the perspective of criminal law theory, and comparative research of American legislation and Convention on Cybercrime of European Union. On the basis of the analysis and the study, several legislative improvements are to be suggested. Firstly, the definition of‘mala-ware program’ should be extended to cover a device and date which support unauthorized access to the network system or collect personal information without permission. Secondly, provisions of attempt, conspiracy, and erfolgsqualifiziertes Delikt which aggravates penalty against the crimes causing deaths or serious injuries of human-beings, should be adopted. Thirdly, sentencing guidelines should be announced as regards cybercrime, including information-security-infringing ones. Fourthly, refusal to abide by administrative agency’s order should be dealt with administrative sanctions rather than criminal penalty. Finally, an integrated bill dealing with cybercrimes is to be designed in order to meet challenges of a rapid growth of cybercrimes from information-technology-based society.