사물인터넷융복합논문지 (Journal of Internet of Things and Convergence)

한국사물인터넷학회 (The Korea Internet of Things Society)
권호 표지
DOI QR코드

DOI QR Code

사물인터넷 환경에서 보안 액세스 서비스 에지 교육과정 모델에 관한 연구

A Study on Curriculum Model for Secure Access Service Edge in IoT Environment

  • 이근호 (백석대학교 컴퓨터공학부)
  • Keun-Ho Lee (Div. of Computer Engineering, BaekSeok University)
  • 투고 : 2024.07.12
  • 심사 : 2024.08.14
  • 발행 : 2024.08.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

사물인터넷 환경에서 새로운 보안에 대한 요구사항은 빠르게 변화하고 있다. 이러한 빠른 변화에서 보안 위협을 통한 침해사고가 발생하면 큰 피해가 발생한다. SASE(Secure Access Service Edge) 환경은 보안 위협에 매우 취약하며, 침해가 발생하면 심각한 피해가 발생한다. SASE 환경의 보안을 강화하려면 SASE의 고유한 특성과 문제 해결을 다루는 전문 커리큘럼이 필요하다. 본 논문에서는 SASE 환경 내에서 보안 사고에 대응하기 위한 커리큘럼 모델을 제안한다. 제안된 커리큘럼 모델은 위협 유형, 위반 시나리오 및 대응 절차를 포함하여 SASE 보안의 다양한 측면을 다루는 교육과정으로 설계하였다. 이 모델의 목표는 보안 인식을 향상하고 전문가가 SASE 프레임워크 내에서 보안 사고를 효과적으로 처리할 수 있도록 준비하는 것에 목적을 두고 있다.

In the Internet of Things environment, new security requirements are changing rapidly. In this rapid change, if a breach occurs due to a security threat, great damage will occur. The SASE (Secure Access Service Edge) environment is highly vulnerable to security threats, and if a breach occurs, serious damage will occur. In order to strengthen the security of the SASE environment, a specialized curriculum that covers the unique characteristics and problem solving of SASE is required. In this paper, we propose a curriculum model for responding to security incidents in the SASE environment. The proposed curriculum model is designed to cover various aspects of SASE security, including threat types, breach scenarios, and response procedures. The goal of this model is to increase security awareness and prepare professionals to effectively handle security incidents within a SASE framework.

키워드

과제정보

이 논문은 2024학년도 백석대학교 학술연구비 지원을 받아 작성되었음

참고문헌

  1. John Kindervag, "No More Chewy Centers: TheZero Trust Model Of Information Security,"Forrester, 2016.
  2. Zero Trust Architecture, NIST SP 800-207, 2020 https://csrc.nist.gov/pubs/sp/800/207/final
  3. Y.J.Choi, Y.J.Jeong, M.H.Lee, "Zero Trust Standard Model Checklist Based on NIST 7 Tenets", Review of KIISC, Vol.34, Issue.3, pp.5-12
  4. Vasu Jakkal, "Zero Trust Adoption Report,"Microsoft Security, 2021.
  5. Delinea, "What is Zero Trust and Zero TrustExtended (ZTX)https://delinea.com/what-is/zero-trust-and-zero-trust-extended.
  6. https://www.trendmicro.com/ko_kr/what-is/what-is-zero-trust/secure-access-service-edge.html
  7. W.H.Yoon, H.J.Lee, "For the difficult and arduous journey of zero trust, "2023 Second Cybersecurity Coalition Report", pp.28-43, 2023.
  8. National Institute of Standards and Technology, "Implementing a Zero Trust Architecture," NISTSP 1800-35, 2022.
  9. K.H.Lee "IA Study on the Infringement Incident Response Curriculum Model in IoT Environmentt". Journal of Internet of Things and Convergence, Vol.9, No.3, pp.55-60, 2023. https://doi.org/10.20465/KIOTS.2023.9.3.055
  10. H.W.Kim. "Intrusion response methods in the Internet of Things (IoT) environment". Journal of the Korea Institute of Information Security and Cryptology, Vol.28, No.4, 739-749, 2018.
  11. J.H.Lee, "Security threats and response methods in the Internet of Things (IoT) environment". Journal of the Korea Institute of Information Security and Cryptology, Vol.27, No.4, 697-706. 2017.
  12. Y.M.Park, "Training program model for intrusion response in the Internet of Things (IoT) environment". Journal of the Korea Institute of Information Security and Cryptology, Vol.29, No.4, 795-804. 2019.
  13. "The Internet of Things (IoT): A Security Perspective", by Andrew S. Tanenbaum and Maarten van Steen, in "The New Internet", edited by Andrew S. Tanenbaum and Maarten van Steen, 2010.
  14. "Security in the Internet of Things", by Richard E. Smith, in "The Internet of Things: A Systems Perspective", edited by Richard E. Smith, 2015.
  15. K.H.Lee, "A Study on a Project-based Blockchain Web Developer Education Model Customized for Companies", Journal of Internet of Things and Convergence, Vol.8, No.4, pp.77-83, 2022. https://doi.org/10.20465/KIOTS.2022.8.4.077
  16. M.G.Lee, "A Development of Curriculum for Information Security Professional Manpower Training", Journal of the Institute of Electronics and Information Engineers, Vol.54, No.1, pp.46-52, 2017. https://doi.org/10.5573/IEIE.2017.54.1.046