한국정보통신학회논문지 (Journal of the Korea Institute of Information and Communication Engineering)

  • 제18권3호
  • /
  • Pages.761-769
  • /
  • 2014
  • /
  • 2234-4772(pISSN)
  • /
  • 2288-4165(eISSN)
한국정보통신학회 (The Korea Institute of Information and Commucation Engineering)
권호 표지
DOI QR코드

DOI QR Code

M-ISMS 모델 기반의 군(軍) 보안감사 설계에 관한 연구

The Design of Military Security Audit based on the M-ISMS Model

  • Kim, Dae Gyu (Department of IT Convergence and Application Engineering, Pukyung National University) ;
  • Cho, Hee Joon (Department of Digital Management, Korea University) ;
  • Kim, Chang Soo (Department of IT Convergence and Application Engineering, Pukyung National University)
  • 투고 : 2013.12.18
  • 심사 : 2014.02.10
  • 발행 : 2014.03.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문에서는 군 특수성을 고려한 정보보호 관리체계를 기존 ISMS를 기반으로 개선된 M(Military)-ISMS 모델을 제시한다. 이는 ISMS에서 논의 되지 않은 군 특수성을 고려한 '내부 보안감사'와 '대외활동 관리'부분이 주요 연구대상이다. 내부 보안감사 부분은 민간에서 중요하게 다루는 가용성보다 기밀성이 중요하기 때문에 기밀성과 관련된 보안감사의 6가지 통제항목을 추가하였다. 또한 대외활동 관리부분은 해당 군사자료가 비밀로서 가치가 사라졌을 경우 보안관리 기준 수립과 수준유지에 관한 통제항목 등을 추가하였다. 본 논문에서 제안된 M-ISMS는 기존의 ISMS에서 제공하는 다양한 장점들과 민간 침해사고 사례를 활용하여 군의 특수성을 고려한 신속하고 미래지향적인 보안 침해사고를 사전에 예방할 수 있는 효과가 있다.

We propose an improved M-ISMS(Military-ISMS) model which is based on common ISMS model for regarding military's unique characteristics. Our model focuses on 'Internal Security Audit' and 'Management of external activity' as military circumstances. So, we added the six control new items as internal security audits. Because the confidentiality is more important than availability in military service as compared with private sectors. In addition, we propose some control suggestions for establishing security management standards and keeping level maintenance when it will becomes to lose a value as confidential. The M-ISMS model in this paper has effectiveness which prevents security incidents in advance rapidly throughout a variety of common ISMS's advantages and security incidents of private sectors in consideration of military characteristics.

키워드

참고문헌

  1. KISA, 2013 National Information Security Whitepaper, 2013.
  2. Ministry of National Defense, 2012 Military Whitepaper, ch. 6, pp. 136-140, 2013.
  3. Telecommunications Technology Association. [Internet]. Available: http://word.tta.or.kr.
  4. Kyoung-yun Ahn, "Design of Digital Forensics Control System based on ISMS Control Item," M.S. dissertation, Dongguk University, Seoul, 2011.
  5. KISA, ISMS certification system guidebook v0.8, ch. 1, pp. 5, 2013.
  6. Sang-soo Jang, "The effects of the operation of an information security management system on the performance of information security," Ph.D. dissertation, Chonnam University, Gwangju, 2011.
  7. Dong-hee Park, "Probems of the Security Regulation and Improvement Measures," M.S. dissertation, Kyonggi University, Suwon, 2011.
  8. S. S. Jang, B. N. Noh, and S. J. Lee, "The Effects of the Operation of an Information Security Management System on the Performance of Information Security," Journal of Korean Institue of Information Scientists and Engineers, vol. 40, no. 1, pp. 58-69, Feb. 2013.
  9. Hee-joon Cho, IT Governance Framework COBIT, ch. 2, pp. 41-46, 2010.
  10. Seung-Han Ryu and Dae-Ryeong Jeong and Hoe-Kyung Jun, "Ways to establish public authorities information security governance utilizing E-government information security management system(G-ISMS)," Journal of KIICE, vol.17, no.4, pp.769-774, April 2013.
  11. Jang-gyun Lee, "Let's build a system for monitoring of cyber terrorism" Hyundai Research Institute, Pending issue Reference, 2009.