DOI QR코드

DOI QR Code

클라우드 개인정보보호를 위한 SLA 지표 개발

A Study on development of privacy indicators in the context of cloud service level agreement

  • 김정덕 (중앙대학교 산업보안학과) ;
  • 박대하 (고려사이버대학교 정보관리보안학과) ;
  • 염흥열 (순천향대학교 정보보호학과)
  • Kim, Jungduk (Dept. of Industrial Security, The College of Business & Economics of Chung-Ang Univ.) ;
  • Park, Dae-Ha (Dept. of Information Management & Security, The Cyber Univ. of Korea) ;
  • Youm, Heung-Youl (Dept. of Information Security, The College of Engineering of Sunchunhyang Univ)
  • 투고 : 2014.12.06
  • 심사 : 2015.02.20
  • 발행 : 2015.02.28

초록

디지털융합 환경의 기반 기술인 클라우드 컴퓨팅이 확산되면서 개인정보보호가 중요한 이슈로 대두되고 있다. 국내 개인정보보호법에서도 개인정보처리자가 클라우드 컴퓨팅을 통해 개인정보를 처리하는 경우, 계약서 또는 서비스 수준 협약(SLA, Service Level Agreement) 작성을 명시하고 있으나 일반적인 클라우드 SLA에서는 주로 가용성 측면의 지표가 포함되어있으며 개인정보보호에 대한 지표는 찾아보기 어렵다. 본 논문에서는 클라우드 환경에서의 개인정보보호 대책 분석 및 SMART 모델 활용을 통해 SLA에 포함할 수 있는 총 7개의 개인정보보호 지표와 13개의 척도를 개발하였다. 도출 된 지표는 전문가 그룹을 대상으로 포커스 그룹 인터뷰를 실시하여 중요도 및 실현 가능성을 평가하였다. 본 논문은 클라우드 환경에서의 개인정보보호 대책 확립과 향후, 개인정보보호 수준 측정을 위한 자료로 활용될 것으로 기대된다.

As the cloud services, the underlying technology of the digital convergence environment, have been widely adopted in the business, personal information protection has been recognized as one of the major issues to resolve. When cloud services are used to process the personal information, the personal information protection law speculates the establishment of a contract or service level agreement(SLA). This research presents 7 privacy indicators and 13 metrics which can be included in cloud SLA, based on the analysis of related regulation and standards and the SMART(Specific, Measurable, Action-oriented, Relevant and Timely) model. The proposed indicators are examined using the Focus Group Interview method in terms of materiality and feasibility. The results show that all the proposed indicators are meaningful and useful.

키워드

참고문헌

  1. Deyan Chen and Hong Zhao, "Data Security and Privacy Protection Issues in Cloud Computing", Vol.1, No.1, pp.647-651, 2012
  2. Zhifeng Xiao and Yang Xiao, "Security and Privacy in Cloud Computing", Vol. 15, No. 2, pp.843-860, 2013 https://doi.org/10.1109/SURV.2012.060912.00182
  3. Ian Goldberg, David Wagner and Eric Brewer, "Privacy-enhancing technologies for the Internet", Vol., No., pp., IEEE, 1997
  4. Andrew Hiles, "The Complete Guide to IT Service Level Agreements: Aligning IT Service to Business Needs", Rothstein Associates Inc, 2008
  5. I. S. Hayes, "Metrics for IT Outsourcing Service Level Agreement,", Vol., No., pp., Clarity Consulting INC, White Paper, 2004
  6. Harbour, Jerry L., "The Basis of Performance Measurement", Quality Resource, 1997
  7. Kaseye, "SMART SLA", 2012
  8. ITU-T, "Privacy in Cloud Computing", 2012
  9. KPMG, "The cloud takes shape", 2013
  10. CSA "Privacy Level Agreement Outline" 2013
  11. ISO/IEC 27018, "Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors" 2014
  12. D H Park and T S Baek, "Recent Trends and Issues on personal information protection", KIISC REVIE, Vol. 21, No.5 pp.37-44, aug 2011
  13. J D Kim and S H Hwang, "A Study on Critical Success Factors for Implementing Governance of Personal Information Protection", KIISC REVIE, Vol.21, No.5, pp.197-203, aug 2011
  14. H J Suh, M G Choi and S Y Son, "Establishing IT Outsorcing Performance Measurement Framework through the IT BSC", The Korea Society of Information Technology Services, Vol., No.27, pp.301-308, 2003
  15. K C Nam and J H KIm, "A Study of SLA's Maturity Level on Performance", Journal of Information Technology Applications & Management, Vol.14, No.1, pp.1-20, mar 2007
  16. C H Park, "Selection Methodology for SLA Evaluation Factors with End-user Perspective", Korea Information Processing Society, 2007
  17. H J Suh and M L Choi, "Establishing SLA Metrics Selection Framework for Maximizing Operation Efficiency and Satisfaction of IT Outsourcing, Establishing SLA Metrics Selection Framework, Vol.3, No.2, pp.101-115, 2004
  18. KISA, "The study on Providing Personal Information Security",2014
  19. Korea Communication Commission, "SLA guide in Cloud computing", 2011
  20. Ministry of Government Administration and Home Affairs, "Providing Personal Information Security", 2014
  21. TTA KCS.KO-10.2001, "Personal Information Protection Guidelines of Cloud Service Providers", 2014