DOI QR코드

DOI QR Code

A study on Development of Certification Schemes for Cloud Security

국내 클라우드 보안 인증스킴 개발에 관한 연구

  • Jung, Jin-Woo (Dept. of Convergence Security, The Graduate School of Chung-Ang Univ.) ;
  • Kim, Jungduk (Dept. of Industrial Security, The College of Business & Economics of Chung-Ang Univ.) ;
  • Song, Myeong-Gyun (Dept. of Convergence Security, The Graduate School of Chung-Ang Univ.) ;
  • Jin, Chul-Gu (Dept. of Convergence Security, The Graduate School of Chung-Ang Univ.)
  • 정진우 (중앙대학교 융합보안학과) ;
  • 김정덕 (중앙대학교 산업보안학과) ;
  • 송명균 (중앙대학교 융합보안학과) ;
  • 진철구 (중앙대학교 융합보안학과)
  • Received : 2015.06.07
  • Accepted : 2015.08.20
  • Published : 2015.08.28

Abstract

As the cloud computing law was passed in March, 2015, many private companies and public organizations give consideration to introduce cloud computing services. However, most of them are still concerned about the security issues in cloud computing services. To solve the problem, a certification system of cloud security is necessary as an enabler for adoption of the trusted cloud services. There have been a number of studies about certification systems for cloud security, but only few studies exist about certification scheme of cloud security. Therefore, in this study, foreign certification systems for cloud security are analyzed to draw requirements for developing a domestic certification scheme for cloud security. Based on the result of analysis, this study proposes the three certification schemes of cloud security, which have been reviewed by the focus group interview method to draw advantages and disadvantages of each scheme.

대표적인 융복합 ICT 서비스라고 할 수 있는 클라우드 컴퓨팅 서비스에 대한 법안이 2015년 3월에 통과되면서 많은 업체나 기관에서 다시금 클라우드 서비스 도입을 고려하고 있으나 보안에 대한 염려 때문에 서비스 도입을 주저하고 있다. 이러한 문제를 해결하기 위해서는 클라우드 서비스 보안에 대한 객관적이고 공정한 평가와 인증을 수행할 수 있는 클라우드 보안 인증체계의 도입이 요구된다. 현재 클라우드 보안 인증체계에 관한 연구가 활발히 진행되고 있지만 인증스킴에 대한 연구는 미흡하다. 따라서 본 연구는 국외 클라우드 보안 인증체계와 클라우드 서비스 제공자에 대한 평가 제도를 분석하여 국내 클라우드 보안 인증 도입시 고려되어야 할 요소들을 분석하였다. 이를 기반으로 국내 실정에 맞는 3가지 인증스킴을 제시하였고, 포커스 그룹 인터뷰를 통하여 인증스킴별 장단점을 도출하여 상황에 적절한 인증스킴을 제시하였다.

Keywords

References

  1. DOI: http://blog.lgcns.com/770, April 28.
  2. M. S. Jung, Study on the main content of cloud computing Development Act, Korea Entertainment Industry Association, Vol. 5, pp. 163-167, 2015.
  3. K. C. Kim, O. Heo, S. J. Kim, A Security Evaluation Criteria for Korean Cloud Computing Service, Journal of The Korea Institute of Information Security & Cryptology, Vol. 23, No. 2, pp 251-265, 2013. https://doi.org/10.13089/JKIISC.2013.23.2.251
  4. C. V. Brown, S. L. Magill, Alignment of the IS functions with the enterprise: toward a model of antecedents, Journal of MIS Quarterly, Vol. 18, No. 4, pp 371-403, 1994. https://doi.org/10.2307/249521
  5. NIST SP 800-37: Guide for Applying the Risk Management Framework to Federal Information System, 2010.
  6. S. J. Jang, The Analysis of FedRAMP, Weekly Technology Trend, 2013.
  7. Y. H. Park, Korean cloud certification system through foreign case of analysis and suggestions, Master's dissertation in Sejong Cyber University, 2015.
  8. J. Y. Choi, E. J. Choi, M. J. Kim, A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013, Journal of Digital Convergence, Vol. 12, No. 1, pp 405-414, 2013. https://doi.org/10.14400/JDPM.2014.12.1.405
  9. Korean Standards Association, R&D Road map based on Standard, 2014.
  10. CSA: Open Certification Framework rev1, 2013.
  11. ISO/IEC 17000 : 2004: Conformity assessment - vocabulary and general principles, 2004.
  12. R. A. Krueger, M. A. Casey, Focus Groups: A practical guide for applied research 4th edition, sega publication(CA), London, 2008.
  13. ENISA: Cloud computing information assurance framework, 2010.
  14. ISACA: IT control objectives for could computing, 2011.
  15. KISA: Public data system restructuring in the UK government, 2014
  16. G. S. Lee, Strengthening Security on the Internal Cloud Service Certification, Journal of The Korea Institute of Information Security & Cryptology, Vol. 23, No. 6, pp,1231-1238, 2013 https://doi.org/10.13089/JKIISC.2013.23.6.1231

Cited by

  1. A Study on Ubiquitous Environments Based on the Animal and Plant Management System in Green House vol.93, pp.1, 2017, https://doi.org/10.1007/s11277-016-3924-2