• Title/Summary/Keyword: NIST SP 800-53

Search Result 2, Processing Time 0.013 seconds

The Integrated Cyber SRM(Security Risk Monitoring) System Based on the Patterns of Cyber Security Charts

  • Lee, Gang-Soo;Jung, Hyun Mi
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.11
    • /
    • pp.99-107
    • /
    • 2019
  • The "Risk management" and "Security monitoring" activities for cyber security are deeply correlated in that they prepare for future security threats and minimize security incidents. In addition, it is effective to apply a pattern model that visually demonstrates to an administrator the threat to that information asset in both the risk management and the security system areas. Validated pattern models have long-standing "control chart" models in the traditional quality control sector, but lack the use of information systems in cyber risk management and security systems. In this paper, a cyber Security Risk Monitoring (SRM) system that integrates risk management and a security system was designed. The SRM presents a strategy for applying 'security control' using the pattern of 'control charts'. The security measures were integrated with the existing set of standardized security measures, ISMS, NIST SP 800-53 and CC. Using this information, we analyzed the warning trends of the cyber crisis in Korea for four years from 2014 to 2018 and this enables us to establish more flexible security measures in the future.

A Comparative Study on Information Security Management Activity of Public Sector in USA & Korea (미국과 우리나라의 정보보안관리 활동 비교연구)

  • Kim So-Jeong
    • The KIPS Transactions:PartC
    • /
    • v.13C no.1 s.104
    • /
    • pp.69-74
    • /
    • 2006
  • USA is strengthening the information sanity by managing federal agency's information and information system systematically. For this purpose, US government put the Federal Information Security Management Act into the E-Government Act of 2002. According to the FISMA, it is required to have information security management plan for ail federal agencies. In addition that, Inspector Generals of these agencies should assess the status of their agency and report the result to the office of Management and Budget. Collecting all the reports from each agency, OMB should report to GAO on general status of information security of federal agency. It is helpful to provoke the information security as a necessary activity to realize the E-government. Comparing these efforts with our system will give us good implications to get more idea to secure our information system.