• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.853-862
• /
• 2021

Today, disturbance and paralysis of information and communication infrastructure by electronic infringement of national infrastructure is emerging as a threat. Accordingly, the government regularly implements the vulnerability analysis and evaluation system of major information and communication infrastructure to protect the information system and control system of major infrastructure, and invests increased human and material resources every year to efficiently operate it. However, despite the government's efforts, as infringement accidents and attempts targeting national infrastructure continue to occur, the government's resource input to prepare the information protection foundation has little effect on the information protection activity result calculation, making the evaluation system not efficient. The question arises that it is not. Therefore, in this study, we use the DEA model to review the efficient operation of the vulnerability analysis and evaluation system for major information and communications infrastructure, and suggest improvement measures to enhance the level of information protection based on the analyzed results.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.599-603
• /
• 2006

Korea Information Security Agency has executed the certification system for the information security management since 2002 and examines the conformance of the IDCs'total management system including the technical and the physical protection measure. However, this certification system has the standard only for the IDC in the wire/wireless segregated and the evaluation method for the wire/wireless integrated has not been suggested yet. This paper is on the basis of "Accumulation Information Communication Facility Secure Principle", guidelines of Wireless LAN security operation, the existing principles and recommendations of the information security and the data on IDC environment. And the paper suggests the IDC network model in the wire/wireless integrated and the IDC evaluation method.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1779-1782
• /
• 2003

정보보호를 위한 보안 제품의 필요성과 그에 대한 평가가 요구되면서, 미국과 영국 등의 선진국을 중심으로 정보보호시스템의 보안성에 대한 평가가 시작되었다. 국내에서는 1990 년대 중반에 보안 제품에 대한 평가가 시작되었고, 공통평가기준을 도입하여 국내 평가제도와 체계를 정비하고 있으며, 관련 된 연구가 계속 진행되고 있다. 그러나, 평가 수행에 필요한 절차, 방법 및 문서가 정의된 평가 인증스킴에 대한 연구가 미흡한 실정이다. 따라서, 본 논문에서는 외국의 평가 인증스킴을 살펴보고, 현재 국내에 제정된 평가절차와 비교하여, 국내 평가 인증스킴의 제정에 바람직한 대안을 제시한다.

• Review of KIISC
• /
• v.10 no.3
• /
• pp.49-62
• /
• 2000

인터넷을 통한 기업간(B2B) 전자거래 시장규모가 올해 17조원대에 이르고 기업과 소비자간(B2C) 전자상거래 시장규모 또한 1조원을 넘어서는 등 전체 국내 전자상거래 시장 규모가 18조원을 넘어 설 전망이다. 이는 정보통신시스템에 대한 사회 전반의 의존도가 한층 증대하고 있음을 보여주는 단적인 예라 할 수 있다 오늘날 인터넷 사용이 보편화되고 전자상거래의 규모가 커져 갈수록 정보보호시스템에 대한 신뢰성 및 안전성에 대한 입증 노력 또한 더 강하게 요구되고 있는게 사실이다. 특히 안전성이 입증되진 않은 취약한 정보보호시스템을 사용한 시스템 구축은 오히려 그 위험성을 증가시킬 수 있음을 최근의 많은 해킹사례를 통해 경험한바 있다, 향후 예견되는 이러한 엄청난 사회적 손실을 막기 위한 제도적 노력의 일환으로 미국, 영국, 독일, 프랑스 등 선진국에서는 10여년 전부터 자국의 환경에 적합한 평가기준을 마련하여 정보보호시스템을 평가해오고 있다 본고에서는 정보보호시스템 평가제도와 관련하여 최근의 국제동향과 그에 따른 국내 대응방안을 모색해 보고자한다. 특히 정보보호시스템 평가를 위한 국제기준의 CC(Common Criteria)와 이를 기반으로 맺어진 MRA(Mutual Recognition Arrangement)의 전개과정을 살펴보고 유럽의 상호인정협정인 ITSEC-MRA의 출범배경과 올 5월에 새롭게 출범한 CC-RA체제와 특징적인 모습을 고찰해 보고자한다.

• Review of KIISC
• /
• v.8 no.4
• /
• pp.47-62
• /
• 1998

응용체계 보안성 평가. 승인 제도는 정보시스템의 보안성에 대한 품질보증을 위한 핵심적인 수단이다. 응용체계는 동일한 구성요소로 이루어져 있다고 할지라도 운영환경과 이용목적에 따라 보안 요구사항을 달이함으로 적절한 수준의 보안성을 확보하고 있는지를 확인하는 것은 매우 중요하다. 본 연구에서는 응용체계의 보안성을 평가하기 위한 몇 가지 방법론을 절차의 측면에서 살펴보고, 평가. 승인 절차에 있어서 핵심적인 고려사항을 기술하였다.

• Informatization Policy
• /
• v.22 no.1
• /
• pp.47-72
• /
• 2015

According to the progress of national informatization throughout the world, infringement and threaten of privacy are happening in a variety of fields, so government is providing information security policy. In particular, South Korea has enhanced personal impact assessment based on the law of personal information protection law(2011). But it is not enough to effect the necessary cost calculation standards and changeable factors to effect PIA. That is, the budgets for PIA was calculated lower than the basic budget suggested by Ministry of Government Administration Home affairs(2011). Therefore, this study reviewed the cost calculation basis based on the literature review, cost basis of similar systems, and reports of PIA and obtained to the standard with Delphi analysis. As a result, the standards of PIA is consisted to the primary labors and is utilized to how the weights by division of target system, construction and operating costs of target system, type of target systems, etc. Thus, the results of this study tried to contribute to ensure the reliability of PIA as well as the transparency of the budget for privacy in public sector.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.973-983
• /
• 2016

It's been almost 6 years since PIA was implemented based on legislation. So I analyzed problems of PIA from the perspective of ITSM 3 elements. I mainly took account of quality improvement of the report when I assessed systems processing personal informations. So, I propose in terms of logical validity improvement of assessment report. The improvements on 4 different outputs for each phase are many cases that I assessed systems processing personal informations. And I propose improvements on qualified assessors having capability of GRC and on process for managing the assessment system. To settle down PIA system as the reasonable and effective assessment system even after 2016, the statutory deadline for completion of PIA, assessors and appointed assessment firms and authorities should cooperate to complete the assessment system.

• 정보화사회
• /
• s.125
• /
• pp.14-19
• /
• 1998

PCS 상용화 1년을 맞아 이제는 보다 공정한 서비스 경쟁, 품질경쟁 쪽으로 방향전환이 시급한 때이다. 정보통신부에서도 국민들이 정보통신 서비스에 대한 합리적인 선택을 할 수 잇도록 통신사업자가 제공하는 통신서비스의 품질을 평가하여 결과를 공유하고 이용자보호를 강화하는 것을 주요 내용으로 하는 정보통신서비스 품질평가 제도를 도입키로 하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.61-76
• /
• 2002

To ensure PKI systems' reliability, the security for PKI systems evaluation is required. But, unfortunately, the systematic security evaluation and certification of PKI systems is insufficient. In Korea, Firewall and intrusion detection system's security evaluation and certification has been enforced, but research of PKI systems’ evaluation is insufficient. This paper provides a PKI system evaluation criteria. This paper specifies a 7 level of the functional and assurance security requirements for a PKI system. And this PKI system evaluation criteria provides a compatibility with CC(Common Criteria) and KISES(Korea Information Security Evaluation Systems).

• Journal of Advanced Navigation Technology
• /
• v.13 no.1
• /
• pp.113-119
• /
• 2009

In this study we analyzed and gauged the information security needs for the new IT service which will be proceeding. Then we designed Information Security Rank Authentication System to raise the level of information security. To achieve this study, we analyzed rank authentication system of the inside and outside of the country and developed the practical propulsive system and the evaluation model which reflects IT service's own feature differing from the general evaluation of IS information security. The result of this study can be utilized to assess the level of domestic IT service information security objectively, and it can be applied as the means of rational decisionmaking for establishing a policy to raise degree of information security of corporations providing IT service.