정보보호학회지 (Review of KIISC)

한국정보보호학회 (Korea Institute of Information Security and Cryptology)
권호 표지

보호공학방법론에 관한연구

  • 발행 : 1999.06.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

최근발생한 많은 정보시스템 침해 사고로 인해 특정 목적 ·환경에 맞게 개발된 사 용보호 제품의 추가만으로는 시스템을 효과적으로 보호할수 없다는 것이 실증되었다, 따라 서 조직의 정보시스템 환경에 보다 뛰어난 보호를 제공하기 위한 보호 관련 활동을 시스템 개발 과정과 통합하여 초기 단계부터 중요하게 고려해야 한다는 주장이 널리 제기 되었다, 이를 위해 시스템 개발 초기단계부터 운용유지에 이르는 전단계에 걸쳐 안전한 시스템 구축 을 위한 체계적인 보호공학 방법론이 필요하게 되었다. 본논문에서는 획득자를 대상으로시 스템 수명 주기 전반에 걸쳐 단계별로 고려해야할 보호 고려사항과 수행활동을 체계화한 시 스템 개발 기반 보호공학 방법론을 소개한다.

키워드

참고문헌

  1. Computer & Security v.5 Integrating Security Activities into the Software Development Lifecycle and the Software Quality Assurance Process F.G. Tompkins;R. Rice
  2. In Information Security-The Next Decade : Proc. of IFIP Information Security Developing Policies, Procedures, and Information Security Systems Warman, A.R.
  3. In Information Security-The Next Decade : Proc. of IFIP Information Security A Methodology for the Development of Secure Application Systems H.A.S. Booysen;J.H.P. Eloff
  4. Computer & Security v.16 no.2 Information Security Embedded in the Design of Telematics Systems O. Tettero;D.J. Out;H.M. Franken;J. Schot
  5. ACM Comuting Surveys v.25 no.4 Information Systems Security Design Methods:Implications for Information Systems Development Baskerville R.
  6. Computer & Security v.13 no.4 A Methodology to Include Computer Security, Safety and Resilience Requirement as Part of the User Requirement D.N.J. Mostert;S.H. von Solms
  7. Computer & Security v.12 Principles of Secure Information Systems Design with Groupware Examples C.C. Wood
  8. Trusted Computer System Evaluation Criteria DoD
  9. Information Technology Security Evaluation Criteria(ITSEC), Ver.1.2 EC
  10. Common Criteria for Information Technology Security Evaluation CCEB
  11. Computer & Security v.5 Integrating Security Activities into the Software Development Lifecycle and the Software Quality Assurance Process F.G. Tompkins;R. Rice
  12. Information Security-Security Engineering Marshall D. Abrams;Sushil Jajodia;Harold J. Podell
  13. Computer & Security v.8 Framework of a Methodology for the LifeCycle of Computer Security in an Organization K.P. Badenhorst;Jan H.P. Eloff
  14. Proceedings of IFIP Information Security Achieving an Integrated Design : the Way Forward for Information Security Jean Hitching
  15. Computer & Security v.9 A Comprehensive Security System-the Concepts, Agents and Protocols S.J. Shepherd;P.W. Sanders;A. Patel
  16. Computer & Security v.9 Principles of Secure Information System Design C.C. Wood
  17. The Baseline Approach SRI
  18. Guidelines for the Management of IT Security
  19. A Code of Practice for Information Security Management BSI
  20. Computer & Security v.12 Organizational Issues in IT Security Peter Fagan
  21. Information Security-An Integrated Collection of Essays D. Bailey
  22. Computer Communications Security : Principles, Standard Protocols and Techniques Ford, W.
  23. Computer & Security v.7 Computer Security Policy : Important Issues Dr. Jan H.P. Eloff
  24. Computer & Security v.14 A New Model for Information Security Policies Kenneth R. Lindup
  25. Computer & Security v.11 Information Security Administration Model : A Management Model to Help Identify the Best Practices of the Administration Function Within the Security Group Jenus Associates
  26. Journal of MIS Risk Analysis for Information Technology Rex Kelly Rainer, JR.;Charles A. Snyder;H.H. Carr
  27. 정보화저널 v.5 no.1 Risk Analysis and Management in Public Project Selection 강동석
  28. WISC'98 국내환경에 적합한 IT 위험분석 표준에 관한 연구 윤정원;신순자;이병만
  29. WISC'95 확장능력매트릭스를 이용한 위험분석도구 선택 방법론 이영화
  30. 한국통신정보보호학회 종합학술발표회 논문집 v.4 no.1 해외의 보안위험분석 방법론 현황 및 분석 이성만;이필중
  31. Lifecycle Risk Analysis for Improved System Development ARC
  32. Computer & Security v.7 A Context for Information System Security Planning C.C. Wood
  33. Proceedings of '87 Symposium on Security and Privacy A Comparision of Commercial and Military Computer Security Policies Clark, D.D.;Wilson, D.R.
  34. Computer & Security v.10 A Framework for Security Requirement S.L. Pfleeger
  35. Computer & Security v.14 A Methodology for the Design of Security Plans W. Fred. de Koning
  36. Computer & Security v.10 Control is Fundamental to Successful Information Security Belden Menkus
  37. Information Processing Systems-open System Interconnection-basic Reference Model-security Architecture ISO
  38. Security in Open Systems, a Security Framework European Computer Manufactors Association(ECMA)
  39. Contingency Planning and Disaster Recovery Strategies Butler, J.
  40. Computer & Security v.8 A Methodology for Penetration Testing C.P. Pfleeger;S.L. Pfleeger;M.F. Theofanos
  41. Comm ACM v.19 no.5 A Lattice Model of Secure Information Flow Denning, D.
  42. ACM Trans Comp Sys. v.1 no.3 Shared Resource Matrix Methodology Kemmerer, R.
  43. Proc IEE Symp Security & Privacy Covert Channel Capacity Millen, J.
  44. Proc. AFIPS 1977 Natl. Computer Conf. v.46 Computer System Security Evaluation P. Neumann
  45. TPEP Procedures NCSC
  46. The Design and Evaluation of INFOSEC System : The Computer Security Contribution to the Composition Discussion Tinto, M.
  47. Guideline for Computer Security Certification and Accrediation NBS
  48. Defense System Software Development DoD
  49. Computer & Security v.9 Auditing the Change Management Process Dr. R. Paans;Prof. Dr. I.S. Herschberg