The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

Security Knowledge Classification Framework for Future Intelligent Environment

미래 융합보안 인력양성을 위한 보안교육과정 분류체계 설계

  • Na, Onechul (Department of Security Convergence, Graduate School, Chung-Ang University) ;
  • Lee, Hyojik (Department of Security Convergence, Graduate School, Chung-Ang University) ;
  • Sung, Soyung (Department of Security Convergence, Graduate School, Chung-Ang University) ;
  • Chang, Hangbae (Department of Industrial Security, Chung-Ang University)
  • Received : 2015.06.25
  • Accepted : 2015.08.03
  • Published : 2015.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

근래에 들어 정보보안 환경이 ICT와 융합됨에 따라 새로운 취약성 지속적으로 증가하고 있다. 이에 따라 새로운 유형의 사이버범죄가 대두되고 있으며 사이버 공격, 내부자 유출 등 보안문제로 인하여 보안사고 사례가 급증하고 있다. 또한 기존의 기술적인 보안위협처럼 취약점을 악용한 외부의 해킹이 아닌 내부직원에 의한 정보유출 등의 신종 보안위협이 등장하고 있으며 산업과 기술이 융합되는 새로운 환경으로 발전함에 따라 그 위협은 더욱 증가하고 있는 실정이다. 따라서, 본 논문에서는 고도화된 정보위협에 능동적으로 대처하기 위한 전문보안관리 인재를 양성하기 위해 균형있는 정보보호 교과목을 설계하여 정보보호 교과목 분류체계를 도출하고자 하였다. 이를 위해 선행연구조사 분석과 전문가 자문위원회의 회의를 통해 기술적인 교육과 경영 관리적인 교육이 적절히 배분된 정보보호 교과목을 도출하고 국내실정에 적합한 형태로 분류된 정보보호 직업분류체계와의 연결을 통해 균형감있는 정보보호교과목 분류체계를 도출하였다. 본 연구결과는 미래 산업융합 환경의 신종 보안위협을 막아낼 수 있는 지능형 보안인재를 양성하는데 긍정적인 효과를 미칠 것으로 기대된다.

Keywords

References

  1. Amankwa, E., "A conceptual analysis of information security education, information security training and information security awareness definitions," IEEE, Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for, pp. 248-252, 2014.
  2. Brown, M., "Toward a taxonomy of communications security models," Journal of Cryptographic Engineering, Vol. 3, No. 3, pp. 181-195, 2013. https://doi.org/10.1007/s13389-013-0058-2
  3. Dayarathna, R., "Taxonomy for information privacy metrics," Journal of International Commercial Law and Technology, Vol. 6, No. 4, pp. 194-206, 2011.
  4. Lee, C. S. and Kim, Y. H., "An Analysis of Relationship between Industry Security Education and Capability: Case Centric on Insider Leakage," The Journal of Society for e-Business Studies, Vol. 20, No. 2, pp. 27-36, 2015. https://doi.org/10.7838/jsebs.2015.20.2.027
  5. Lee, Y. S., "A Design on Information Security Occupational Classification for Future Convergence Environment," The Journal of Society for e-Business Studies, Vol. 20, No. 1, pp. 201-215, 2015. https://doi.org/10.7838/jsebs.2015.20.1.201
  6. Long, J. and White, G., "On the global knowledge components in an information security curriculum-a multidisciplinary perspective," Education and Information Technologies, Vol. 15, No. 4, pp. 317-331, 2010. https://doi.org/10.1007/s10639-010-9121-0
  7. Ouedraogo, M., Savola, R. M., Mouratidis, H., Preston, D., Khadraoui, D., and Dubois, E., "Taxonomy of quality metrics for assessing assurance of security correctness," Software Quality Journal, Vol. 21, No. 1, pp. 67-97, 2013. https://doi.org/10.1007/s11219-011-9169-0
  8. Padayachee, K., "Taxonomy of compliant information security behavior," Computers & Security, Vol. 31, No. 5, pp. 673-680, 2012. https://doi.org/10.1016/j.cose.2012.04.004
  9. Savolainen, P., Niemela, E., and Savola, R., "A Taxonomy of Information Security for Service-Centric Systems," Software Engineering and Advanced Applications, pp. 5-12, 2007.
  10. Smith, K., "Designing flexible curricula to enhance critical infrastructure security and resilience," International Journal of Critical Infrastructure Protection, Vol. 7, No. 1, pp. 48-50, 2014. https://doi.org/10.1016/j.ijcip.2014.01.002
  11. Woodward, B., Imboden, T., and Martin, N. L., "An Undergraduate Information Security Program: More than a Curriculum," Journal of Information Systems Education, Vol. 24, No. 1, pp. 63-70, 2013.

Cited by

  1. 정보보안 전문인력 양성을 위한 교육과정 개발 vol.54, pp.1, 2015, https://doi.org/10.5573/ieie.2017.54.1.046
  2. 내부자 보안위협 분석을 통한 전자금융 이상거래 탐지 및 대응방안 연구 vol.23, pp.4, 2015, https://doi.org/10.7838/jsebs.2018.23.4.153