정보통신시스템에 대한 기술적 보안만으로는 안전한 정보통신시스템 운영을 보장할 수 없다. 따라서, 안전한 정보통신시스템 운영을 위한 정보보안관리시스템(ISMS)에 대한 연구와 표준화가...
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
https://www.riss.kr/link?id=A60038342
2006
Korean
KCI등재후보
학술저널
101-112(12쪽)
1
0
상세조회0
다운로드국문 초록 (Abstract)
정보통신시스템에 대한 기술적 보안만으로는 안전한 정보통신시스템 운영을 보장할 수 없다. 따라서, 안전한 정보통신시스템 운영을 위한 정보보안관리시스템(ISMS)에 대한 연구와 표준화가...
정보통신시스템에 대한 기술적 보안만으로는 안전한 정보통신시스템 운영을 보장할 수 없다. 따라서, 안전한 정보통신시스템 운영을 위한 정보보안관리시스템(ISMS)에 대한 연구와 표준화가 활발히 전개되고 있다. 우리나라는 2005년 “국가사이버안전관리규정”을 제정하고, “국가사이버안전매뉴얼”의 “보안관리 기준”에 의하여 국가공공기관이 자체적으로 “보안관리수준 평가”를 수행토록 함으로써 체계적인 정보보안관리 활동이 이루어지도록 하고 있다. 본 논문은 관련 표준들과 호주, 미국의 보안관리 체계에 대하여 조사하고, “보안관리수준 평가” 체계를 효율적인 보안관리 측면에서 분석하고, 이를 통하여 “보안관리수준 평가”의 개선방향에 대하여 연구하였다. 기존의 체계에 추가항목(A/C ; Additional Control), 선택적 보안관리 기준(Selective Controls) 구성을 도입하고 평가 준비 절차의 개선을 통하여 각 기관에 최적화된 보안관리 기준을 작성할 수 있도록 함으로써, 기관에 적합한 효율적 보안관리의 수행이 가능하고, 급변하는 정보통신 환경에 유연하게 대응할 수 있도록 하였다.
다국어 초록 (Multilingual Abstract)
It will not be able to guarantee secure operation for the information and communication systems with only technical security. So, ISMS(Information Security Management System) research and standardization are active going on. Korea published “The nat...
It will not be able to guarantee secure operation for the information and communication systems with only technical security. So, ISMS(Information Security Management System) research and standardization are active going on. Korea published “The national cyber security management regulation” and “The national cyber security manual” in 2005. According to the regulation and manual, the government organ and public institution must accomplish the security management assesment to itself for systematic management of an information security. We studied related standards and security management systems of the Australia and the USA, and analyzed the security management evaluation system in “The national cyber security manual” in efficient management focus. We presented the improvement direction of national security evaluation system through the research. We propose the additional control, selective control set and improvement of the evaluation process for efficient management. Proposed system possible composition of suitable to each organ and flexible adaptation of rapidly changed information environment.
목차 (Table of Contents)
참고문헌 (Reference)
1 국가사이버안전센터, "국가사이버안전매뉴얼" 국가사이버안전센터 2005.
2 대통령훈령, "국가사이버안전관리규정(대통령훈령 제141호)" (141) : 2005.
3 International Standards Organization, "The Specification for Information Security Management Systems(ISO/IEC 27001 : 2005)" International Standards Organization 2005
4 International Standards Organization, "The Code of Practice for Information Se-curity Management(ISO/IEC 17799 : 2005)" International Standards Organization 2005
5 National Institute of Stan-dards and Technology, USA, "Standards for Security Categorization of Federal Information and Information Sys-tems(FIPS 199)" National Institute of Stan-dards and Technology, USA FIPS 199 : 2004.
6 National Institute of Stan-dards and Technology, USA, "Security Self-Assessment Guide for Infor-mation Technology Systems(NIST SP 800- 26, Rev. 1)" National Institute of Stan-dards and Technology, USA SP800 (SP800): 2005.
7 National Institute of Stan-dards and Technology, USA, "Recommended Security Controls for Fede-ral Information Systems(NIST SP 800-53, Rev. 1)" National Institute of Stan-dards and Technology, USA SP800 (SP800): 2006.
8 Attorney General’s Department, "Protective Security Manual(PSM 2005)" Attorney General’s Department Aus,2005.
9 http://ww.nist.gov, "National Institute of Standards and Tech-nology"
10 National Institute of Standards and Technology, USA, "Minimum Security Requirement for Federal Information and Information Systems(FIPS 200)" National Institute of Standards and Technology, USA FIPS 200 : 2006.
1 국가사이버안전센터, "국가사이버안전매뉴얼" 국가사이버안전센터 2005.
2 대통령훈령, "국가사이버안전관리규정(대통령훈령 제141호)" (141) : 2005.
3 International Standards Organization, "The Specification for Information Security Management Systems(ISO/IEC 27001 : 2005)" International Standards Organization 2005
4 International Standards Organization, "The Code of Practice for Information Se-curity Management(ISO/IEC 17799 : 2005)" International Standards Organization 2005
5 National Institute of Stan-dards and Technology, USA, "Standards for Security Categorization of Federal Information and Information Sys-tems(FIPS 199)" National Institute of Stan-dards and Technology, USA FIPS 199 : 2004.
6 National Institute of Stan-dards and Technology, USA, "Security Self-Assessment Guide for Infor-mation Technology Systems(NIST SP 800- 26, Rev. 1)" National Institute of Stan-dards and Technology, USA SP800 (SP800): 2005.
7 National Institute of Stan-dards and Technology, USA, "Recommended Security Controls for Fede-ral Information Systems(NIST SP 800-53, Rev. 1)" National Institute of Stan-dards and Technology, USA SP800 (SP800): 2006.
8 Attorney General’s Department, "Protective Security Manual(PSM 2005)" Attorney General’s Department Aus,2005.
9 http://ww.nist.gov, "National Institute of Standards and Tech-nology"
10 National Institute of Standards and Technology, USA, "Minimum Security Requirement for Federal Information and Information Systems(FIPS 200)" National Institute of Standards and Technology, USA FIPS 200 : 2006.
11 International Standards Organi-zation, "Information technology - Security techni-ques - GMITS Part 3 : Techniques for the management of IT Security(ISO/IEC TR 13335-3)" IEC TR 13335 (IEC TR 13335): 2006.12
12 International Stan-dards Organization, "Information technology - Guidelines for the management of IT Security Concepts and models for IT Security" International Stan-dards Organization IEC TR 13335 (IEC TR 13335): 1996.
13 International Stan-dards Organization, "Information technology - GMITS Part 2:Managing and planning IT Security(ISO/ IEC TR 13335-2)" International Stan-dards Organization IEC TR 13335 (IEC TR 13335): 1997.
14 International Stan-dards Organization, "Information technology - GMITS - Part 5:Management guidance on network se-curity(ISO/IEC TR 13335-5)" International Stan-dards Organization IEC TR 13335 (IEC TR 13335): 2000.
15 International Stan-dards Organization, "Information technology - GMITS - Part 4:Selection of safeguards(ISO/IEC TR 13335-4)" International Stan-dards Organization IEC TR 13335 (IEC TR 13335): 2000.
16 National Institute of Stan-dards and Technology, USA, "Guide for the Security Certification and Accreditation of Federal Information Sys-tems(NIST SP 800-37)" National Institute of Stan-dards and Technology, USA SP800 (SP800): 2004.
17 National Institute of Stan-dards and Technology, USA, "Guide for Developing Security Plans for Federal Information Systems(NIST SP 800- 18, Rev. 1)" National Institute of Stan-dards and Technology, USA SP800 (SP800): 2006.
18 National Institute of Stan-dards and Technology, USA, "Guide for Assessing the Security Controls in Federal Information Systems(NIST SP 800-53A)" National Institute of Stan-dards and Technology, USA SP800 (SP800): 2006.
19 US federal law : E-Govern-ment Act of 2002, "Federal Information Security Management Act of 2002 E-Govern-ment Act of 2002. USA" US federal law 2002.
20 British Standards Ins-titution, "BS 7799 Part 2:The Specification for In-formation Security Management Systems (BS 7799-2 : 2002)" British Standards Ins-titution BS 7799 (BS 7799): 2002
21 British Standards Institution, "BS 7799 Part 1:The Code of Practice for Information Security Management(BS 7799- 1 : 2005)" British Standards Ins-titution BS7799 (BS7799): 2005
22 Defence Signals Directorate, "Australian Government Information and Comunications Technology Security Man-ual" Defence Signals Directorate Aus,2005
휴대용 디지털 오디오 기기에서의 DRM 적용에 관한 연구
학술지 이력
연월일 | 이력구분 | 이력상세 | 등재구분 |
---|---|---|---|
2026 | 평가예정 | 재인증평가 신청대상 (재인증) | |
2020-01-01 | 평가 | 등재학술지 유지 (재인증) | |
2017-01-01 | 평가 | 등재학술지 유지 (계속평가) | |
2013-01-01 | 평가 | 등재학술지 선정 (등재후보2차) | |
2012-07-04 | 학회명변경 | 한글명 : 한국사이버테러정보전학회 -> 한국융합보안학회영문명 : Korea Information Assurance Society -> Korea Convergence Security Association | |
2012-07-04 | 학술지명변경 | 한글명 : 정보*보안논문지 -> 융합보안 논문지외국어명 : The Journal of The Information Assurance -> Journal of convergence security | |
2012-01-01 | 평가 | 등재후보 1차 PASS (등재후보1차) | |
2010-01-01 | 평가 | 등재후보학술지 선정 (신규평가) | |
2009-04-01 | 평가 | 등재후보 탈락 (기타) | |
2007-01-01 | 평가 | 등재후보 1차 FAIL (등재후보1차) | |
2006-11-20 | 학술지명변경 | 한글명 : 정보보증논문지 -> 정보*보안논문지 | |
2006-11-20 | 학술지명변경 | 한글명 : 정보보증논문지 -> 정보*보안논문지외국어명 : The Journal of The Information Assurance -> Journal of The Information and Security | |
2005-01-01 | 평가 | 등재후보학술지 선정 (신규평가) |
학술지 인용정보
기준연도 | WOS-KCI 통합IF(2년) | KCIF(2년) | KCIF(3년) |
---|---|---|---|
2016 | 0.38 | 0.38 | 0.34 |
KCIF(4년) | KCIF(5년) | 중심성지수(3년) | 즉시성지수 |
0.32 | 0.31 | 0.451 | 0.14 |