• Title/Summary/Keyword: 보안 평가 지표

Search Result 85, Processing Time 0.029 seconds

A Development of Evaluation Indicators for Information Security by means of the Coincidence Analysis (부합성 분석을 통한 정보보안 평가지표 도출)

  • Lee, Yeong-Kyu;Kim, Sang-Hoon
    • 한국IT서비스학회:학술대회논문집
    • /
    • 2008.05a
    • /
    • pp.185-190
    • /
    • 2008
  • 정보화의 진전과 더불어 삶의 편이성은 증대되고 있으나 개인과 조직은 물론이고 국가에 이르기까지 정보보안 사고로 피해와 고통 또한 증대되고 있는 실정이다. 이러한 사고로 인한 피해를 사전에 예방하거나 사후 손실을 최소화하기 위해서는 적절한 관리가 필요하며 이를 위해서는 무엇보다 실용적인 정보보안 평가지표의 개발이 필요하다. 본 연구에서는 정보보안을 대표하는 문헌을 참조하여 평가지표를 도출하고, 일련의 부합성 분석을 통해 보다 실용적인 정보보안 평가지표를 도출하여 제시하고자 한다.

  • PDF

A Study on an Architecture of Security Assessment Model for Security Diagnostics of a Public Institution (공공기관의 보안 진단을 위한 보안평가모델 설계에 관한 연구)

  • Eom, Jung-Ho;Park, Seon-Ho;Chung, Tai-Myoung
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2010.04a
    • /
    • pp.835-838
    • /
    • 2010
  • 본 논문에서는 공공기관의 효율적인 보안 진단을 위하여 금융 위험평가 시스템에 사용되는 통계적 CAEL 모델을 적용하여 보안평가 모델(SAM)을 설계하였다. SAM은 통계적 CAEL 모델을 기반으로 조직과 관련된 보안변수와 보안지표를 평가요소로 하여 요소별 평가등급 선정 방식과 최종 종합평점 산출 방법으로 보안평가 결과값을 도출한다. SAM은 조직의 보안수준 결과에 중요하게 영향을 미칠 수 있는 모든 요소들을 평가대상으로 하고 정량적인 방법인 보안평가 모델을 활용하여 결과를 산출한다. SAM은 조직의 규모, 특성 등에 따라 보안변수를 변경할 수 있으며, 각 보안 지표별 통계적 자료 값을 수집하여 요구되는 변수만 입력하면 되기 때문에 사용 용이성도 우수하다.

국내.외 정보보호 수준 팽가 체계 및 지표 동향

  • Lee, Dong-Hee;Yeo, Don-Gu;Youm, Heung-Youl
    • Review of KIISC
    • /
    • v.20 no.5
    • /
    • pp.74-85
    • /
    • 2010
  • 인터넷의 발달로 해킹과 같은 각종 보안위협이 증가하고 있으며 이는 국가, 기업 그리고 개인에게 심각한 위협이 되고 있다. 해킹으로 인해 유/무형적인 손실을 받을 수 있기 때문에 보안 위협에 대한 적절한 보안 대책의 수립이 필요하며, 또한 수립된 보안 대책 및 대상의 보안 수준을 확인하기 위한 다양한 정보보호 체계 및 평가 지표들이 존재하고 있다. 본 논문에서는 국내/외에서 개발된 정보보호 평가 체계와 지표, 그리고 국제 표준과 진행 동향을 살펴보고, 각 체계간의 차이점을 도출한다.

A Study on Developing Assessment indicators for Cyber Resilience (사이버 레질리언스 평가지표 개발에 관한 연구)

  • Kim, Sujin;Kim, Jungduk
    • Journal of Digital Convergence
    • /
    • v.15 no.8
    • /
    • pp.137-144
    • /
    • 2017
  • Recently, cyber resilience has emerged as an important concept, recognizing that there is no perfect security. However, domestic researches on cyber resilience are insufficient. In this study, the 22 indicators for cyber resilience assessment were initially developed by the literature survey and discussions with security experts. The developed indicators are reviewed using the Focus Group Interview method in terms of materiality and feasibility of the indicators. This study derived meaningful and useful indicators for the assessment of cyber resilience, and it is expected to be used as a foundation for the future cyber resilience studies. In order to generalize and apply the results of this study in practice, it is necessary to carry out quantitative researches in the future.

Research on a Valuation Standard and the Actual Condition About Security Management in PACS (PACS에서 보안관리 평가기준 연구와 실태조사)

  • Jeong, Jae-Ho;Dong, Kyung-Rae;Kweon, Dae-Cheol;Son, Gi-Gyeong;Kim, Hyun-Soo;Kang, Hee-Doo
    • Journal of radiological science and technology
    • /
    • v.31 no.4
    • /
    • pp.347-353
    • /
    • 2008
  • This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

  • PDF

The Study of Developing an Index for Evaluating the Security of the Network (네트워크 보안성평가 지표개발에 관한 연구)

  • 박동석;안성진;정진욱
    • Convergence Security Journal
    • /
    • v.2 no.1
    • /
    • pp.17-33
    • /
    • 2002
  • The major goal of this study is to develop an index that can evaluate the quality of the appropriate network in a series of projections that analyze, design, and then build a network. The existing software engineering and/or the methods of developing a system are limited. The process of defining the requirements in building a network, designing the system, and building the network focuses on arranging the methods of building a network. Based upon this, we tried to develop a necessary index to evaluate the security of a network.

  • PDF

Deriving Performance Evaluation Indicator of Program for Developing the Next Generation of Top Security Leaders (차세대 보안리더 양성프로그램의 성과평가 지표 개발)

  • Park, Sung-Kyu;Kim, Tae-Sung;Kim, Jin-Seog;Yu, Seong-Jae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.2
    • /
    • pp.501-511
    • /
    • 2018
  • The purpose of this study is to develop the performance evaluation indicator of information security training program for developing the next generation of top security leaders. Through literature review and focus group interview, we derived the performance areas and indicators based on the logic model. We conducted AHP(Analytic Hierarchy Process) questionnaire to calculate the weight of the derived indicators, and developed the performance indicator based on the survey results. Performance indicators were composed of 18 indicators in four main categories.

A Study on development of evaluation indicators on the Managed Security Service(MSS) (보안관제 업무에 대한 평가지표 개발 연구)

  • Lee, Hyundo;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1133-1143
    • /
    • 2012
  • Currently, Many Cyber Security Centers(CSC) are established and being operated in our country. But, in the absence of indicators to evaluate activities of the Managed Security Service(MSS), We can't identify the CSC's level of overall job performance. Therefore, we can't derive strengths and weaknesses from the CSC. From these reasons, The purpose of this research is to develop an objective indicator to evaluate activities of the MSS. I studied both international and domestic Information Security Management System(ISMS) as related standards(ISO/IEC 27001, G-ISMS). Moreover, I analysed the NIST Computer Security Incident Handing Guide and the Incident Management Capability Metrics(IMCM) of Carnegie Mellon Software Engineering Institute(SEI). The implications for this analysis and domestic hands-on experience are reflected in the research. So I developed 10 evaluation domains and 62 detail evaluation items. This research will contribute to our understanding the level of the CSC's job performance.

A Study on Developing of Performance Evaluation Index and Method of Measurement for Information Security Outcomes applying BSC (균형성과표(BSC) 기반의 정보보호 성과 지표 개발 및 측정 방법에 관한 연구)

  • Jang, Sang Soo
    • Convergence Security Journal
    • /
    • v.14 no.4
    • /
    • pp.41-53
    • /
    • 2014
  • In order to achieve efficient and effective organizational information security objectives, for the level of information security to accurately evaluation and direction for improving that performance evaluation index and method of measurement for information security outcomes are needed. For information security activities of domestic companies to measure the performance or effectiveness, that standard method of measuring and the available evaluation Index are insufficient. company is difficult to investment for information security budget. Therefore, the purpose of this study was developing of performance evaluation index and method of measurement for information security outcomes applying BSC available in the company. The results of this study that companies can determine the level of information security itself. Analysis of the information security status and the strategy establishment of the information security investment can be applied.

A Quantitative Security Metric Based on MITRE ATT&CK for Risk Management (위험 관리를 위한 MITRE ATT&CK 기반의 정량적 보안 지표)

  • Haerin Kim;Seungwoon Lee;Su-Youn Hong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.1
    • /
    • pp.53-60
    • /
    • 2024
  • Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.