A Study of Asset and Risk Assessment for Established of Industrial Security Management System

산업보안 경영시스템 구축을 위한 자산 및 위험평가에 관한 연구

  • Koh, Joon-Cheol (Department of Industrial Engineering, Graduate School, University of Myongji) ;
  • Kim, Tae-Soo (Department of Industrial Engineering, Graduate School, University of Myongji) ;
  • Joo, Yong-Ma (Department of Industrial Engineering, Graduate School, University of Myongji) ;
  • Kim, Woo-Hyun (Department of Industrial Engineering, Graduate School, University of Myongji) ;
  • Kang, Kyung-Sik (Department of Industrial Engineering, Graduate School, University of Myongji)
  • 고준철 (명지대학교 산업경영공학과) ;
  • 김태수 (명지대학교 산업경영공학과) ;
  • 주용마 (명지대학교 산업경영공학과) ;
  • 김우현 (명지대학교 산업경영공학과) ;
  • 강경식 (명지대학교 산업경영공학과)
  • Received : 2010.10.19
  • Accepted : 2010.12.06
  • Published : 2010.12.31

Abstract

The purpose of this study is, by recognizing that recently, as crimes using information and various adverse-effect phenomena such as hacking and virus occur frequently with rapid development of information network such as Internet in every field of industry, the range of security is widening to the field of industrial areas for preventing the leaking of industrial technology and protecting that technology as well as information security only limited to IT area, and by establishing common concept about industrial security through education on the industrial security at the point of increasing importance of industrial security, to prepare the base of comprehensive risk management system for protecting company's assets (physical factor, technical factor and managerial factor) safely from the random threats or attacks inside and outside the company through assessment of important assets of the company, evaluation of threats and weak points, and risk assessment by building industrial security management system in order to protect company's information assets and resources which are connected to the existence of the company safely from the threats or attacks from inside or outside the company and to spread stable business activities.

Keywords

References

  1. 지식경제부, "산업기술의 유출방지 및 보호에 관한 법률" 2009.1.30
  2. 한국산업기술보호협회 권태종, "산업보안 특강", 2009. 9
  3. 기술표준원, "중소기업을 위한 정보보안경영시스템 (ISO 27001) 가이드라인", 2007.12
  4. 한국정보보호센터, "정보보호 개론", 2000.2 교우사
  5. 홍승필, 고재욱 "정보보안 기술과 구현", 파워북
  6. 정보보호 21C, "기업정보보호 실천 가이드", 2001.8
  7. 국가정보원, "첨단 산업기술 보호동향", 2009.5
  8. 고준철, "산업보안관리체계 구축을 위한 위험평가 및 위험처리에 관한 연구", 대한안전경영과학회, 2009.11
  9. 신동훈, "정보보호 사전진단 방법론을 활용한 u-City 보안 모델 연구", 2010.02
  10. 이영규, "정보보안 평가지표의 부합성 및 중요도에 관한 실증연구", 2008. 02
  11. ISO/IEC, "ISO 27001:2005 국제표준 규격", 2005