취약성 평가에 의한 정보보호지표의 계량화: 정보자산가치가중치법

  • 발행 : 2000.03.01

초록

본 연구의 목적은 취약성을 보안대책의 결핍으로 정의해서 정보보호지표의 개념을 도출한 후에, 정보자산가치에 따라서 가중치를 부여하는 정보자산가치가중치법에 의해서 정보보호지표를 계량화하는 절차를 제시하는 것이다. 이와 같은 정보보호지표에 근거해서 정보보호를 위한 기본적인 보호 대책(관리적, 기술적, 물리적 대책을 포함하는 기본통제)을 구현하고 특정 응용시스템을 위한 특수한 보호 대책을 구현함으로써, 조직 내외의 위협으로부터 안정적이고 신뢰성 있는 정보서비스를 제공할 수 있다.

키워드

참고문헌

  1. 국가정보화백서 한국전산원
  2. 지방자치단체 정보화수준측정을 위한 지표개발 황병천;오정훈;박민구
  3. GSA Report Performance-Based Management : Eight Steps to Develop and Use Information Technology Performance Measure Effectively GSA(General Services Administration)
  4. the Performance Auditing and the Modernisation of Goverment Performance Auditing and the New Public Management : Changing Roles and Strategies of Central Audit Institutions Barzelay, M.
  5. Public Management Occasional Papers Performance Management in Government: Performance Measurement and Results-Oriented Management No. 3. Bouckaert, G.
  6. A Handbook of Techniques and Tools How to Measure Performance DOE(Department of Energy)
  7. Information Resources Management Journal v.10 no.1 A Comprehensive Model for Assessing the Quality and Productivity of the Information Systems Function : Toward a Theory for Information Systems Assessment Myers, B.L.;Kappelman, L.A.;Prybutok, V.R.
  8. Information Resources Management Journal v.10 no.1 A Comprehensive Model for Assessing the Quality and Productivity of the Information Systems Function: Toward a Theory for Information Systems Assessment Myers, B. L.;Kappelman, L. A.;Prybutok, V. R.
  9. Datapro Reports on Information Security, Risk Analysis CCTA Risk Analysis and Management Methodology (CRAMM)
  10. Datapro Reports on Infromation Security. Risk Analysis. CCTA Risk Analysis and Management Methodology (CRAMM) Moses, R.
  11. Guidelines for the Management of IT System Security: Part3- Techniques for the Management of IT Sucurity ISO/IEC JTC1/SC27 N689
  12. Guodelines for the Management of IT Security (GMITS): Part2-Managing and Planning IT Security ISO/IEC JTC1/SC27 N720
  13. Computer Security Journal v.Ⅵ no.1 The Role of Vulnerability in Risk Management Otwell, K.;Aldridge, B.
  14. Proceedings of the 1988 Computer Security Risk Management Model Builders Workshop A Goverment Perspective on Risk Management of Automated Information Systems Katzke, S.
  15. Proceedings of the 1988 Computer Security Risk Management Model Builers Workshop A Government Perspective on Risk Management of Automated Information Systems Katzke, S.
  16. Proceedings of the 1988 Computer Security Risk Management Model Builder Workshop Analytical and Decision Models of the Livermore Risk Analysis Methodology (LRAM) Guarro, S.
  17. Datapro Reports on Information Security, Risk Analysis Risk Analysis : Concepts and Tools Gilbert, I.A.
  18. Performance Management in Government: Performance Measurement and Result-Oriented Management No. 3 no.3 Bouckaert, G.