DOI QR코드

DOI QR Code

사이버 레질리언스 평가지표 개발에 관한 연구

A Study on Developing Assessment indicators for Cyber Resilience

  • 김수진 (중앙대학교 융합보안학과) ;
  • 김정덕 (중앙대학교 산업보안학과)
  • Kim, Sujin (Dept. of Security Convergence, The Graduate School of Chung-Ang Univ.) ;
  • Kim, Jungduk (Dept. of Industrial Security, The College of Business & Economics of Chung-Ang Univ.)
  • 투고 : 2017.07.03
  • 심사 : 2017.08.20
  • 발행 : 2017.08.28

초록

사이버 위협이 고도화 및 지능화됨에 따라 사이버 보안 사고를 사전에 완벽하게 예방하는 것은 한계가 있다. 따라서 보안사고 발생을 가정하고 이를 신속하게 탐지하고, 복구할 수 있는 역량이 필요해지고 있다. 이러한 필요성으로 인해 최근 사이버 레질리언스는 중요한 개념으로 부각되고 있으며, 이에 대한 수준을 평가하는 것은 중요하다. 그럼에도 불구하고, 현재 사이버 레질리언스와 관련 평가에 관한 연구는 미흡한 실정이다. 따라서 본 연구에서는 사이버 레질리언스에 대한 이론적 고찰과 전문가 회의를 통해 사이버 레질리언스를 평가할 수 있는 총 22개의 지표를 개발하였다. 개발된 지표는 포커스 그룹 인터뷰를 통해 제안된 지표의 중요도와 실현가능성을 평가하였다. 본 연구는 사이버 레질리언스를 평가함에 있어 의미 있고 유용한 지표를 도출하였다. 이는 향후 사이버 레질리언스 연구의 기반 자료로 활용될 것으로 기대되며, 향후 연구로는 실무적 활용 및 객관화를 위한 정량적 연구를 제안한다.

Recently, cyber resilience has emerged as an important concept, recognizing that there is no perfect security. However, domestic researches on cyber resilience are insufficient. In this study, the 22 indicators for cyber resilience assessment were initially developed by the literature survey and discussions with security experts. The developed indicators are reviewed using the Focus Group Interview method in terms of materiality and feasibility of the indicators. This study derived meaningful and useful indicators for the assessment of cyber resilience, and it is expected to be used as a foundation for the future cyber resilience studies. In order to generalize and apply the results of this study in practice, it is necessary to carry out quantitative researches in the future.

키워드

참고문헌

  1. J. D. Kim and C. G. Jin, "International Standardization Trends and Issues of Cyber Resilience", Review of KIISC, Vol. 26, No. 4, pp. 11-15, 2016.
  2. Gartner, "Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014 as Organizations Become More Threat-Aware", 2014.
  3. World Economy Forum, "Collaboration with Deloitte, Risk and Responsibility in a Hyper connected World: Pathways to Global Cyber Resilience", Geneva: World Economic Forum, 2012.
  4. Gartner, "Prevention is Futile in 2020: Protect Information via Pervasive Monitoring and Collective Intelligence", 2013.
  5. Korea National Disaster Management Institute, "Development of Community Resilience Framework", 2013.
  6. H. S. Lyu, "A Study on Cyber Security Policy and Governance in the ICT Convergence Environment: Focused on "Authentication", Korea Institute of Public Administration, pp.58-89, 2015.
  7. Ernst&Young, "Achieving Resilience in the cyber ecosystem", 2014.
  8. S. A. Merrell, A. P. Moore and J. F. Stevens, "Goal-based assessment for the cyber security of critical infrastructure", IEEE International Conference on Technologies for Homeland Security, pp.84-88, 2010.
  9. Deborah B. and Graubart R. "Cyber Resiliency Engineering Framework", MITRE Report, 2011.
  10. Fredrik Bjorck, Martin Henkel, Janis Stirna and Jelena Zdravkovic, "Advances in Intelligent Systems and Computing", Springer, Vol.353, pp.311-317, 2015.
  11. Symantec, "The Cyber Resilience Blueprint-A New Perspective on Security", 2014.
  12. Carnegie Mellon University, "CERT(R) Resilience Management Model. 1.0", 2010.
  13. World Economic Forum, "Advancing Cyber Resilience principles tool", 2017.
  14. Bank for International Settlements and International Organization of Securities Commission, "2016 Guidance on cyber resilience for financial market infrastructures", 2016.
  15. H. S. Lyu, H. J. Cho and H. A. Lee, "A Study on Priorities of Cyber Security Policy and Governance", Crisisnomy, Vol. 12, No. 8, pp.86-103, 2016.
  16. S. K Hong, "Megatrend: Digital Future and Cyber Security Service of Accounting Corporation", Ernst&Young Eyesight, Vol. 13, pp.37-42, 2017.
  17. Gartner, "Use Six Principles of Resilience to Address Digital Business Risk and Security", 2015.
  18. The Scottish Government, "Consultation on proposal for a Cyber Resilience Strategy for Scotland. Glasgow: Cyber Resilience Policy Team", 2015.
  19. PricewaterhouseCoopers, "Insurance 2020 & beyond: Reaping the dividends of cyber resilience. New york: PricewaterhouseCoopers LLP", 2015.
  20. M. Choras, M. P. T. Bruna, A. Churchill, I. Eguinoa, R. Kozik, A. Yautsikhin, I. Maciejewska and A. Jomni, "Comprehensive Approach to Increase Cyber Security and Resilience: CAMINO Roadmap and Research Agenda", Availability, Reliability and Security 2015 10th International Conference on, pp. 686-692, 2015.
  21. I. H. Cha, "An Empirical Research on Developing Personnel Security Management Indicators in Information Security", Ph.D. dissertation, p.123, Quarterly Resource, Kwangwoon University, 2009.