Journal of Advanced Navigation Technology (한국항행학회논문지)

The Korean Navigation Institute (한국항행학회)
권호 표지

Government Information Security System with ITS Product Pre-qualification

사전 검증을 통한 행정정보보호시스템 도입 방안

  • Yeo, Sang-Soo (Division of Computer Engineering, Mokwon University) ;
  • Lee, Dong-Bum (Department of Information Security Engineering, Soonchunhyang University) ;
  • Kwak, Jin (Department of Information Security Engineering, Soonchunhyang University)
  • 여상수 (목원대학교 컴퓨터공학부) ;
  • 이동범 (순천향대학교 정보보호학과) ;
  • 곽진 (순천향대학교 정보보호학과)
  • Received : 2009.07.22
  • Accepted : 2009.10.30
  • Published : 2009.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

According as information-oriented society is propelled, development of various information security systems is achieved, and introduction of information security system is increasing for service offer securing from nation and public institution. In particular, government information system is increasing interest about security assessment service of government information system because verification about security is weighed first of all. Accordingly, study about various security assessment services is preceded in domestic and overseas. In this paper, analyze security assessment service of Britain and Canada, and we proposed about pre-qualification introduction plan of government information system that can offer user of nation and public institution reliability.

정보화 사회가 추진됨에 따라 다양한 행정정보보호시스템의 개발이 이루어지고, 국가 및 공공기관에서도 안전한 서비스 제공을 위해 행정정보보호시스템의 도입이 증가하고 있다. 특히 행정정보보호시스템은 보안성에 대한 검증이 무엇보다 중요시 되므로 행정정보보호시스템의 보안성 평가 서비스에 대한 관심이 증가하고 있다. 이에 따라 국 내외적으로 다양한 보안성 평가 서비스에 대한 연구가 진행되고 있다. 이에 본 논문에서는 영국 및 캐나다의 보안성 평가 서비스를 분석하고, 이를 바탕으로 국내의 국가 및 공공기관의 사용자에게 신뢰성을 제공할 수 있는 행정정보보호시스템의 사전 검증 도입방안에 대해서 제안한다.

Keywords

References

  1. http://csrc.nist.gov/
  2. http://www.commoncriteriaportal.org/
  3. http://www.kisa.or.kr/
  4. http://www.cse-cst.gc.ca/
  5. http://www.cesg.gov.uk/
  6. 국가정보원IT보안인증사무국, "정보보호제품 평가인증 수행규정", 2008.
  7. http://www.kecs.go.kr
  8. http://www.stsc.hill.af.mil
  9. http://www.cesg.gov.uk
  10. CESG, "Government Quality Mark-Directory of CESG Claims Tested Mark(CCTM) Awards for Products and Services", March 2009.
  11. NIST, "FIPS Publication 140-3(Draft) : Security Requirements for Cryptographic Modules", July 2007.
  12. CSEC, "Canadian Common Criteria Evaluation and Certification Scheme(CCS) Scheme Description, May 2000.
  13. ISO/IEC 15408, "Common Criteria for Information Technology Security Evaluation", version 3.1, Parts 1, 2007.
  14. ISO/IEC 15408, "Common Criteria for Information Technology Security Evaluation", version 3.1, Parts 2, 2007.
  15. ISO/IEC 15408, "Common Criteria for Information Technology Security Evaluation", version 3.1, Parts 3. 2007.
  16. NIST, "Special Publication 800-70 : Security Configuration Checklists Program for IT products - Guidance for Checklists Users and Developers", May 2005.
  17. CESG, "CESG CLAIMS TESTED MARK SCHEME : VENDOR GUIDE", March 2009.
  18. CESG, "CESG CLAIMS TESTED MARK SCHEME : TEST LABORATORY GUIDE", March 2009.
  19. CESG, "CESG CLAIMS TESTED MARK SCHEME : DECISION AUTHORITY GUIDE", February 2009.