Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Proposal of ISMS-P-based outsourcing service management method through security control business relevance analysis

보안관제 업무 연관성 분석을 통한 ISMS-P 기반의 외주용역 관리 방법 제안

  • Ko, Dokyun (Graduate School of Information Security, Sejong Cyber University) ;
  • Park, Yongsuk (Graduate School of Information Security, Sejong Cyber University)
  • Received : 2022.02.07
  • Accepted : 2022.02.16
  • Published : 2022.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

As security threats caused by cyber attacks continue, security control is mainly operated in the form of a service business with expertise for rapid detection and response. Accordingly, a number of studies have been conducted on the operation of security control services. However, due to the research on the resulting management, indicators, and measurements, the work process has not been studied in detail, causing confusion in the field, making it difficult to respond to security accidents. This paper presents ISMS-P-based service management methods and proposes an easy outsourcing service management method for client by checklisting each item derived from the mapping of 64 items of ISMS-P protection requirements through business relevance analysis. In addition, it is expected to help implement periodic security compliance and acquire and renew ISMS-P in the mid- to long-term, and to contribute to enhancing security awareness of related personnel.

사이버공격으로 인한 보안위협이 지속되고 있어 보안관제는 신속한 탐지와 대응을 위해 전문성을 가진 용역사업 형태로 주로 운용된다. 이에 따라 보안관제 용역 운영에 대한 다수의 연구가 진행되었다. 그러나 결과적인 관리, 지표, 측정 등의 연구로 업무과정에 대해 세부적으로 연구되지 않아 현장에서 업무 혼선이 빚어져 보안사고 대응이 원활하지 않다. 본 논문에서는 이런 문제점을 ISMS-P 기반의 용역관리 방법을 제시하고 그 방법을 업무 연관성 분석을 통해 시나리오기법과 ISMS-P 보호대책 요구사항 64개 항목의 맵핑(Mapping)으로 도출된 각 항목을 체크리스트화 하여 사용업체의 용이한 외주용역 관리 방법을 제안한다. 또한 주기적 보안준수 이행과 중장기적으로는 ISMS-P의 취득 및 갱신에 도움이 되고 관련 인원들의 보안의식 제고에도 기여할 것으로 기대한다.

Keywords

References

  1. E. S. Lee, "A Study on Enhancing Security Management of Outsourcing for Information System Establishment and Operation," Ph. D. dissertation, Korea Polytechnic University, 2020.
  2. J. W. Moon, "An Empirical Study and Designing of Security Level Quantify Model for ICT Outsourcing," M. S. theses Sangmyung University, 2015.
  3. J. S. Park, "A Study on Detailed Work Items of Security Monitoring and Control Services," M. S. theses, Dongguk University, 2014.
  4. J. H. Kim, "A Study on Measurement Indicator of Outsourced Security Monitoring and Control Level in Public Organizations," Ph. D. dissertation, Soongsil University, 2014.
  5. J. M. Lee, "An Empirical Study on the Auditing Methods for Outsourcing of Security Monitoring & Control," M. S. theses, Konkuk University, 2013.
  6. S. K. Yeon, D. H. Sin, and N. R. Park, ISMS-P Certification Practice Guide Considering Cloud Environment, Seoul, Acorn Pub., 2020.
  7. T. J. Ko, (2017, june). Trade scam, Have you ever heard of scams?. joseplus. Available: https://www.joseplus.com/news/newsview.php?ncode=1065590650621360
  8. S. H. Kim, (2016, April). The internal assistant for civil service exam preparation students was the Ministry of Personnel Management and Innovation. hankookilbo. Available: https://www.hankookilbo.com/News/Read/201604080475235837
  9. K. H. Lee, (2021, octorber). [KT's Internet is messed up] A human-made disaster who destroyed common sense... The government was also perplexed. bloter. Available: https://www.bloter.net/newsView/blt202110290193newsview.php?ncode=1065590650621360
  10. KISA, "ISMS-P Certification Standard Guide", 2019.
  11. T. S. Yoon and Y. S. Park "Establishment and Effectiveness Analysis of Emergency Vehicle Priority Signal Control System in Smart City and Directions for ISMS-P Technical Control Item Improvement," Journal of the Korea Institute of Information and Communication Engineering, vol. 25, no. 9, pp. 1166-1175, Sep. 2021. https://doi.org/10.6109/JKIICE.2021.25.9.1166