웹기반 서비스 인증.평가제도 발전방향에 관한 연구

A Study on the Improvement of Web-based Services Evaluation and Certification Program

  • 서광규 (상명대학교 산업정보시스템공학부)
  • 발행 : 2004.06.01

초록

Web-based services have fundamentally confidential problems due to characteristics of internet environment such as anonymity. These problems are serious obstacles to grow the web-based services. The security and confidence of web-based services rely on both service provider and users' opinion. But the former has difficulty in trusting the service provider and the latter takes too long time to propagete all users after converging their opinion. Therefore it is necessary to establish the objective and confidential evaluation and certification program for web-based service. In this paper, the internal and external web-based services evaluation and certification programs are compared and analyzed. The critical factors and evaluation methodology for secure and confidential web-based service are identified. Finally, this paper provides the improvement and strategy for web-based services evaluation and certification program.

키워드

참고문헌

  1. 강행연, 남길현, ‘정보보호관리규격(BS7799)을 적용한 국방정보체계 정보보안관리모델에 관한 연구’, 2001년도 한국정보보호학회 학술대회논문집, 2001 : 459-460
  2. 김승렬, 김현수, 엄익천, ‘웹 서비스의 평가인증 제도에 관한 탐색적 연구’, 한국전산원 정보화정책,2003 : 99
  3. 이병욱, ‘정보보호관리체계 인증제도 추진현황’, 정보보호심포지움 자료집, 한국정보보호진흥원, 2002 : 341-342
  4. 이창길, 조영훈, 김석우, 서창호, '안전하고 신뢰할 수 있는 인터넷사이트 평가 가이드라인 도입에 대한 연구', 제13회 정보보호 및 암호에 관한 학술대회 논문집, 한국전자통신연구원 부설 국가보안기술연구소, 2002 : 494-504
  5. 이창길, 조영훈, 한태인, 정재연, ‘인터넷모범상점인증제도 도입방안에 관한 연구’, 정보통신부 연구보고서, 1999 : 37-68
  6. Common Criteria Editorial Board, 'Common Criteria for Information Technology Security Evaluation, Part 1-4 : Introduction and General Model, Version 2.1', 1999
  7. France, Germany, The Netherlands, and The United Kingdom, 'Information Technology Security Evaluation Criteria(ITSEC) V.3.0’, 1993
  8. ISO/IEC, 'ISO/IEC TR 13335-1:1996(E)-1998(E) : Information Technology - Guidelines for the Management of IT Security part 1', 2000
  9. National Computer Security Center, 'Trusted Network Interpretation of The TCSEC(TNI), NCSC-TG-005', 1987
  10. National Computer Security center, 'Trusted Database management System Interpretation of The TCSEC(TDI), NCSC-TG-02', 1992