Analysis of Knowledge and Skill for Security Professionals

정보보호 전문가의 직무수행을 위한 지식 및 기술 분석

  • 최명길 (한국전자통신연구원, 국가보안기술연구소) ;
  • 김세헌 (한국과학기술원)
  • Published : 2004.12.31

Abstract

Due to exponentially growing threats of cyber attacks, many organizations have begun to recognize the importance of information security. There is an explosion in demand for experienced ISMs(Information Security Managers) and ISSDs(Information Security System Developers). To educate ISMs and ISSDs, identifying the specific knowledge and skill for information security professional is critical. This paper identifies 15 items of knowledge and skill for ISMs and ISSDs using a simplified Delphi technique and categories them. The results of this paper could be used in determining what kinds of knowledge and skill should be included in the curriculum of information security programs.

Keywords

References

  1. 김기윤, 나현미, '정보보호관리자의 직무분석,' 정보보호학회지, 제10권 제4호, 2000, pp. 69-74
  2. 김 철, '대학의 정보보호 교육과정 개발 연구,' 정보보호학회지, 제11권 제3호, 2001, pp.75-89
  3. 인터넷침해대응지원센타, http://www.krcert.or.kr/upload/statistics/2003_12.pdf
  4. 정보통신부, 정보보호 기술개발 5개년 계획, 정보통신부 보고서, 2001
  5. 한국정보보호진흥원, 정보보호 안력 수급 및 활용 방안 연구, 한국정보보호진흥원 연구보고서, 1999
  6. 한국정보보호진흥원, 주요 만간부분 정보보실태 조사, 보고서, 2001
  7. 김기현 외, 3인, '정보보호기술분류,' 정보보호학회지, 제8권 제1호, 1998
  8. Helen Armstrong, 'Internet Security Management: A Joint Postgraduate Curriculum Design,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 249-258
  9. Baskerville, R., 'Information System Security Design Methods: Implication for Information Systems Development,' ACM Computing Surveys, Vol. 5, No. 4, 1993, pp. 375-414
  10. Buckley, C., 'Delphi: Methodology for Preferences More than Predictions,' Library Management, Vol.16, No.7, 1995, pp.16-19 https://doi.org/10.1108/01435129510093737
  11. Cooper, J.A., Computer and Communication Security, McGraw-Hill, New York, 1989
  12. DoD, Department of Defense Directive S-3600.1 Inforrmation Operations(IO), US. Department of Defense, 1996
  13. Michael R.G. and Kim, I.K., 'An Undergraduate Business Information Security Course and Laboratory,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 189-196
  14. Carol, H. and Backhouse, J., 'Information Systems Security Education:Redressing the Balance of Theory and Practice,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 249-258
  15. ISO/IEC 74982-2, Information Processing Systems- OSI Basic Reference Model- Part2, Security Architecture, 1989
  16. Jung, B., et al., 'Security Threat to Internet: a Korean Multi-Industry Investigation,' Information & Management, Vol. 37, Issue 8, 2001, pp. 487-498
  17. Kim, K.Y. and Surendran, K., 'Information Security Management Curriculum Design: A Joint Industry and Academic Effort,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 227-236
  18. Kim, S.H. and Choi, M.G., 'Educational Requirement Analysis for Security Professionals in Korea,' Journal of Inforrmation Systems Education, Vol. 13, No. 3, 2002, pp. 237-248
  19. Patricia Y. Logan, 'Crafting an Undergraduate Information Security Emphasis within Information Technology,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 177-182
  20. Menezes, A.J., et aI., Handbook of Applied Cryptograpy, CRC Press, 1997
  21. Niederman, F., et aI., 'Information System Management Issues for the 1990s,' MIS Quarterly, Vol. 17, No. 4, 1991, pp. 475-500
  22. NIST, Security Requirement for cryptography Module, NIST Standard, FIPS PUB 140-1, 1994
  23. Palvis, P., et aI., 'An Expanded global Information Technology Issue Model: an Addition of Newly Industrialized Countries,' The Journal of Information Technology Management, Vol. 6, No. 2, 1995, pp. 29-39
  24. Schneier, B., Applied cryptography, John Wiley & Sons INC, New York, 1993
  25. Tryfonas, T., 'Embedding Security Practices in Contemporary Information Systems Development Approaches,' Information Management & Computer Security, Vol. 9, No. 4, 2001, pp. 183-197 https://doi.org/10.1108/09685220110401254
  26. Venter H.S. and Eloff, J.H.P., 'A Taxonomy for Information Security Technologies,' Computer & Security, Vol. 22, Issue 4, 2003, pp. 99-307 https://doi.org/10.1016/S0167-4048(03)00205-0
  27. Wetherbe, J.C., et aI., 'Key Issues in Information System Management: 1994-1995 SIM Delphi Results,' MIS Quarterly, Vol. 20, No. 2, 1996, pp. 225-242 https://doi.org/10.2307/249479
  28. Wilson, M., An Introduction to Computer Security: The NIST Handbook, NIST Special Publication 800-16, 1998
  29. Wood, C.C., 'Shifting IS Security Responsibility from User Organizations to Vendor/Publisher Organizations,' Computers & Security, Vol. 14, Issue 4, 1995, pp. 283-284 https://doi.org/10.1016/0167-4048(95)97068-L
  30. Wood, C.C., How to Achieve a Clear Definition of Responsibilities for Information Security, DATAPRO, Information Security Service, 1993