¥°. ¼Ò°³¿Í °³¿ä
Á¦ 1 Àå ¼Ò°³
1.1 ¸ñÀû
ÀÌ Ã¥Àº Á¤º¸º¸È£ÀÇ ÁÖ¿ä °³³ä°ú ºñ¿ë ¹®Á¦, ±×¸®°í º¸¾ÈÅëÁ¦¿ÍÀÇ °ü°è¸¦ ¼³¸íÇÔÀ¸·Î½á ÄÄÇ»Å͸¦ ±â¹ÝÀ¸·Î ÇÏ´Â ÀÚ¿øµé(Çϵå¿þ¾î, ¼ÒÇÁÆ®¿þ¾î ¹× Á¤º¸¸¦ Æ÷ÇÔ)À» º¸È£Çϴµ¥ µµ¿òÀ» ÁÖ°íÀÚ ÇÑ´Ù. º» Àå¿¡¼´Â º¸¾ÈÅëÁ¦ÀÇ ÀåÁ¡°ú °¢ ÅëÁ¦¿¡ ´ëÇÑ ÁÖ¿ä ±â¼ú, Á¢±Ù¹æ¹ý ¹× À̰͵é°ú ¿¬°üµÈ Áß¿äÇÑ °í·Á»çÇ×µéÀ» Á¦½ÃÇÏ°í ÀÖ´Ù.
ÀÌ Ã¥Àº µ¶ÀÚµéÀÌ ÄÄÇ»ÅÍ º¸¾È¿ä±¸¸¦ ÀÌÇØÇÔÀ¸·Î½á ÀûÀýÇÑ º¸¾ÈÅëÁ¦¸¦ ¼±ÅÃÇÒ ¼ö ÀÖ´Â, ¾ÈÀüÇÑ Á¢±Ù¹ýÀ» °³¹ßÇÒ ¼ö ÀÖµµ·Ï ÄÄÇ»ÅÍ º¸¾È¿¡ °üÇÑ Àü¹ÝÀûÀÎ °³¿ä¿¡ ´ëÇØ ¼³¸íÇÏ°í ÀÖ´Ù. µû¶ó¼ ÀÌ Ã¥¿¡¼´Â ÄÄÇ»ÅÍ º¸¾È ÇÁ·Î±×·¥À» ±¸ÇöÇϴµ¥ ÇÊ¿äÇÑ ´Ü°è¸¦ ¼³¸íÇϰųª º¸¾ÈÅëÁ¦ ±¸ÇöÀ» À§ÇÑ »ó¼¼ÇÑ ÀýÂ÷´Â Á¦°øÇÏÁö ¾ÊÀ¸¸ç ƯÁ¤ ½Ã½ºÅÛÀÇ º¸¾È°¨»ç¸¦ À§ÇÑ Áöħµµ Á¦°øÇÏÁö ¾Ê´Â´Ù. º» ÀåÀÇ ¸»¹Ì¿¡ ÀÏ¹Ý Âü°í¹®ÇåÀ» ¼ö·ÏÇÏ¿´°í, ¥±, ¥², ¥³ºÎ¿¡¼´Â °¢ ÀåÀÇ ¸»¹Ì¿¡ Âü°íÇÒ¸¸ÇÑ ¹æ¹ý·ÐÀûÀΠå°ú ±â»çµéÀ» ÷ºÎÇÏ¿´´Ù.
ÀÌ Ã¥ÀÇ ¸ñÀûÀº º¸¾È ¿ä±¸»çÇ×µéÀ» »ó¼úÇϱ⺸´Ù´Â ´Ù¾çÇÑ ÄÄÇ»ÅÍ º¸¾ÈÅëÁ¦ÀÇ ÀåÁ¡°ú ±× ¾îÇø®ÄÉÀ̼ǵéÀÌ Àû¿ëµÇ±â¿¡ Àû´çÇÑ »óȲµéÀ» ³íÀÇÇÏ´Â °ÍÀÌ´Ù. ¡¦(»ý·«)
1.2 Àû¿ë ´ë»ó
1.3 Ã¥ÀÇ ±¸¼º
|
±âÃʸ¦ ¼³¸íÇÑ´Ù. Áï, ÅëÁ¦ÀÇ ±¸Çö¹æ¹ý ¹× ÅëÁ¦¸¦ ¼±ÅÃÇÏ°í, ±¸ÇöÇÏ°í, »ç¿ëÇϴµ¥ ÀÖ¾î¼ °í·ÁµÇ¾î¾ßÇÒ ºñ¿ë¹®Á¦¸¦ ¼³¸íÇÑ´Ù. ±×¸®°í ´Ù¸¥ ÅëÁ¦µé°úÀÇ »óÈ£ÀÇÁ¸¼º ¹®Á¦¸¦ ´Ù·é´Ù. ÀÌ Ã¥ÀÇ °¢ Àå¿¡¼´Â ½ÇÁ¦ ±¸Çö¿¡ À¯¿ëÇÑ Âü°í¹®ÇåÀ» Á¦°øÇÑ´Ù.
• °ü¸® ÅëÁ¦(Management Controls) ºÎºÐÀº °ü¸® ÀûÀÎ °ÍÀ¸·Î Áö¿öÁú ¼ö ÀÖ´Â º¸¾È ÁÖÁ¦¸¦ ´Ù·é´Ù. ÀÌ°ÍÀº ±â¼úÀûÀÎ °ÍÀ̸ç, Á¶Á÷ÀÇ ÄÄÇ»ÅÍ º¸¾È ÇÁ·Î±×·¥ ³»¿¡¼ °ü¸®¿¡ ÀÇÇØ ´Ù·ç¾îÁö´Â °Í°ú ¿¬°üµÈ´Ù. ÀϹÝÀûÀ¸·Î, ÄÄÇ»ÅÍ º¸¾È ÇÁ·Î±×·¥ÀÇ °ü¸®¿Í Á¶Á÷³»ÀÇ À§Çè °ü¸®¿¡ ÃÊÁ¡À» µÐ´Ù.
Auerbach Publishers (a division of Warren Gorham & Lamont). Data Security Management. Boston, MA. 1995.
British Standards Institute. A Code of Practice for Information Security Management, 1993.
Caelli, William, Dennis Longley, and Michael Shain. Information Security Handbook. New York, NY: Stockton Press, 1991.
Fites, P., and M. Kratz. Information Systems Security: A Practitioner`s Reference. New York, NY: Van Nostrand Reinhold, 1993.
Garfinkel, S., and G. Spafford. Practical UNIX Security. Sebastopol, CA: O`Riley & Associates, Inc., 1991.
Institute of Internal Auditors Research Foundation. System Auditability and Control Report. Altamonte Springs, FL: The Institute of Internal Auditors, 1991.
National Research Council. Computers at Risk: Safe Computing in the Information Age. Washington, DC: National Academy Press, 1991.
Pfleeger, Charles P. Security in Computing. Englewood Cliffs, NJ: Prentice Hall, 1989.
Russell, Deborah, and G.T. Gangemi, Sr. Computer Security Basics. Sebastopol, CA: O`Reilly & Associates, Inc., 1991.
Ruthberg, Z., and Tipton, H., eds. Handbook of Information Security Management. Boston, MA: Auerbach Press, 1993.
|