DOI QR코드

DOI QR Code

A Study on the New Threat Level Decision Method for Information System

새로운 정보시스템 위협수준결정방법론에 대한 연구

  • Kim, Tai-Hoon (Dept. of Multimedia Engineering, Hannam University) ;
  • Yeo, Sang-Soo (Dept. of Information and Systems Engineering, Kyushu University) ;
  • Cho, Sung-Eon (Dept. of Information and Communication Engineering, Sunchon National University)
  • Published : 2007.12.31

Abstract

Information system contains various components, and these components can be categorized into some types. When preparing security level management activity, it is most important to define the target of management activity. And after deciding these targets, security level management activity can be started. This paper defines management targets by dividing information system into some parts, and shows these targets can be managed variously according to operation environments and characteristics.

정보시스템은 다양한 구성요소들을 포함하고 있으며, 이들 구성요소들은 몇 개의 유형으로 구분될 수 있다. 보안수준관리활동을 준비 할 때, 관리활동의 대상을 정의하는 것이 가장 중요하며, 이들 대상을 정의한 이후 보안수준 관리활동이 시작될 수 있다. 본 논문에서는 정보시스템을 몇 개의 부분으로 나눔으로써 관리대상을 정의하고, 이들 대상은 운영 환경과 특성에 따라 다양하게 관리될 수 있음을 보여준다.

Keywords

References

  1. ISO. ISO/IEC 21827 Information technology Systems Security Engineering Capability Maturity Model (SSE-CMM)
  2. ISO. ISO/IEC 15408-1:1999 Information tech nology-Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model
  3. Sangkyun Kim, Hong Joo Lee, Choon Seong Leem 'Applying the IS017799 Baseline Controls as a Security Engineering Principle under the Sarbanes-Oxley,' Act, ICCMSE 2004, 2004
  4. Tai-hoon Kim and Haeng-kon Kim 'The Reduction Method of Threat Phrases by Classifying Assets,' ICCSA2004, LNCS 3043, Part 1, 2004
  5. Tai-hoon Kim and Haeng-kon Kim 'A Relationship between Security Engineering and Security Evaluation,' ICCSA2004, LNCS 3046, Part 4, 2004
  6. Haeng-Kon Kim, Tai-Hoon Kim, Jae-sung Kim 'Reliability Assurance in Development Process for TOE on the Common Criteria,' 1st ACIS International Conference on SERA
  7. Tai-hoon Kim, Seok-soo Kim, Gil-cheol Park 'Analysis of Threat Agent for Important Information Systems,' The Journal of Korea Navigation Institute, Vol.11 No.2, 2007
  8. Sang-soo Yeo, Tai-hoon Kim, Sung-eon Cho, Kouich Sakurai 'A Study on the Development Site Security for Embedded Software,' The Journal of Korea Navigation Institute, Vol.11 No.3, 2007