An Analysis of InfoSec Implementation Status in the Public Information System Projects for the Institutionalization of InfoSec Pre-Assessment

정보보호 사전평가 제도 개발을 위한 국내외 관련 제도검토 및 정보화사업에서의 정보보호 현황분석

The purpose of this paper is to provide several considerations to be taken into account when institutionalizing the information security(Infosec) pre-assessment. Infosec pre-assessment is a necessary process to embed the security requirements into the information systems at the early stages in their development, resulting in more cost-effective infosec. In order to provide some institutional issues, domestic infosec assessment schemes and U.S. Infosec certification and accreditation schemes are reviewed. Also, the current status of infosec implementation in the public information systems projects is analyzed. Based on the analyses, the seven suggestions are proposed in developing and performing the infosec pre-assessment scheme.