Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

A Building Method of Designing National Cyber Security Governance Model Through Diagnosis of Operational Experience

정보보안체계 운영경험 진단을 통한 국가 사이버보안 거버넌스 모델 연구 방법

  • 방기천 (남서울대학교 멀티미디어학과)
  • Received : 2018.04.25
  • Accepted : 2018.06.20
  • Published : 2018.06.28
Download PDF
⟨ Previous Next ⟩

Abstract

This Study aims to propose a new information security governance model design method for streamlining security governance at national strategic level. The research method of this study is to diagnose our operational experience and to derive a new model design method. In the meantime, national information security activities were perceived to be focused on knowledge transfer, and motivation of activities and securing of executive power were weak. As a result, security blind spots and frequent occurrence of large security incidents have become unresolved challenges. National cyber security governance should be grouped together as a whole systematically from the upper policy to the lower level of performance under the responsibility of the national leader. Based on this approach, this study presented the comprehensive framework of Korean security governance model and embodied it into four architectural designs such as vision, goal, process, and performance, thus deriving the foundation for future national governance model design. Further research is needed to diagnose problems in life cycle flow, security policies based on environmental changes, and new frameworks in which all subjects participate.

본 연구에서는 국가 전략적 차원에서 보안 거버넌스를 효율화시키기 위한 새로운 개념의 정보보안 거버넌스 모델 설계 방법을 제안한다. 이를 위해 우리의 운영 경험을 진단하고, 새로운 모델 설계 방법을 도출하였다. 그동안 국가 정보보안 활동은 지식 전달 위주로 인식되었고 활동의 동기 부여와 실행력 확보가 취약하였다. 결과적으로 보안 사각 지대가 늘어나고 대형 보안 사고가 빈발하여 해결이 필요한 과제로 대두되었다. 국가 사이버보안 거버넌스는 국가 리더의 책임하에 상단의 정책에서 하단의 실행까지 총체적으로 시스템화되어야 한다. 본 연구는 이같은 접근 방법에 기반하여 한국형 보안 거버넌스 모델의 종합 프레임워크를 제시하고 이를 비전, 목표, 과정, 수행 등 4개의 아키텍처 설계로 구체화시킴으로써 국가 거버넌스 모델 설계의 기반을 도출하였다. 라이프 사이클 흐름상의 문제점 진단, 환경변화에 기초한 보안 정책, 모든 주체의 참여가 반영되는 새로운 틀에 대하여는 계속적인 연구가 필요하다.

Keywords

References

  1. YSC Research and Business Foundation. (2015). A Comparative Law Study on the Cybersecurity Response System. Naju:KISA.
  2. E. H. Kim & J. I. Lee. (2011. 8). Net Focus - US Obama Government's Cyber Security Key Policies and Measure. Internet & Security Issue, Naju:KISA, 5-30.
  3. S. C. Kim. (2014). Cyber Security Law of Germany. The Journal of Cyber Security Law, 1, 1-22.
  4. J. Miller, L. Candler & H. Wald. (2009. 11). Information Security Government., Technology, 5.
  5. K. T. Hwang. (2005). Basic concept of IT governance. Local Informatization, 32, 106-109.
  6. D. H. Kim. (2017). The Study on Corporate Information Security Governance Model for CEO. Jouranl of Information and Security, 17(1), 39-44.
  7. S. K. Kang, H. S. Yoon, Y. W. Park, M. H. Kim, H. Y. Kwan, D. S. Kim & K. B .Kim. (2010). A Study on the Construction, Korean Institute of Criminology.
  8. Korea Communications & Commission. (2011. 8. 8). Government, Establishment of "National Cyber Security Master Plan" - Establishment of blueprints for the protection of national cyber space. Seoul:KCC.
  9. ISACA. (2012). COBIT 5, 14.
  10. Information Week. (2014. 6. 13). FCC Wants More Cybersecurity Collaboration. Less Regulation.
  11. Media & Future Institute. (2012). International cyber space forum strategy study, Seoul:KCC.
  12. TechCrunch. (2014. 6. 12). FCC Chairman Tom Wheeler Outlines New Cybersecurity Paradigm Led By Private Sector.
  13. National Intelligence Service, Ministry of Science, ICT and Future Planning, Korea Communications Commission &, Ministry of Government Administration and Home Affairs. (2015). 2015 National Informatization White Paper.
  14. National Information Society Agency. (2014. 7). ICT Issues Weekly, 463, 1-5.
  15. Wall Street Cheat Sheet. (2014. 6. 12). What the FCC's 'New Regulatory Paradigm' Means for Network Providers.
  16. Office for Government Policy Coordination. (2015. 3. 17). Strengthen National Cyber Security Stance Capacity.