Journal of KIISE:Computer Systems and Theory (한국정보과학회논문지:시스템및이론)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

The Evaluation-based CBR Model for Security Risk Analysis

보안위험분석을 위한 평가기반 CBR모델

  • 방영환 (한국과학기술정보연구원 바이오인포매틱스팀) ;
  • 이강수 (한남대학교 컴퓨터공학과)
  • Published : 2007.08.15
Download PDF
⟨ Previous Next ⟩

Abstract

Information society is dramatically developing in the various areas of finance, trade, medical service, energy, and education using information system. Evaluation for risk analysis should be done before security management for information system and security risk analysis is the best method to safely prevent it from occurrence, solving weaknesses of information security service. In this paper, Modeling it did the evaluation-base CBD function it will be able to establish the evaluation plan of optimum. Evaluation-based CBD(case-based reasoning) functions manages a security risk analysis evaluation at project unit. it evaluate the evaluation instance for beginning of history degree of existing. It seeks the evaluation instance which is similar and Result security risk analysis evaluation of optimum about under using planning.

정보시스템을 이용하는 금융, 무역, 의료, 에너지, 교육 등 사회 각 분야에서 정보화가 급속하게 진전되고 있다. 정보시스템에 대한 보안관리는 위험분석평가가 선행 되어야하며, 보안위험분석은 요구되는 정보보호서비스의 취약점을 해결하고 위협으로부터 시스템을 안전하게 관리할 수 있는 최선의 방법이다. 본 논문에서는 최적의 평가계획을 수립한 수 있는 평가사례기반추론 기능을 모델링하였다. 평가 사례기반추론(case-based reasoning) 기능은 보안위험분석평가를 프로젝트단위로 관리하며, 기존의 평가사례 간유사도를 평가하고, 유사한 평가 사례를 바탕으로 최적의 보안위험분석평가 계획을 수립할 수 있다.

Keywords

References

  1. Hoh Peter In, Young-Gab Kim, Taek Lee, Chang- Joo Moon, Yoonjung Jung, Injung Kim, 'Security Risk Analysis Model for Information Systems,' LNCS 3398, Systems Modeling and Simulation: Theory and Applications: Third Asian Simulation
  2. Young- Hwan Bang, YoonJung Jung, Injung Kim, Namhoon Lee, GangSoo Lee, 'The Design and Development for Risk Analysis Automatic Tool,' ICCSA2004, LNCS 3043, pp. 491-499, 2004
  3. OCTAVE, 'OCATVE Criteria, Version 2.0,' Carnegie Mellon Software Engineering Institute(2001. 12), OCATVE Method Implementation Guide Version 2.0, OCTAVE, 2001. 6, http://www.sei.cmu.edu/publications/pubweb.html
  4. CSE, 'A Guide to Security Risk Management for IT Systems,' Government of Canada, Communications Security Establishment(CSE),' 1996
  5. A. Finkelstein et al. (ed.), 'Software Process Modeling and Technology,' John Wiley&Sons, 1994
  6. Ellis Horowitz, Sartaj Sahni, Fundamentals of Computer Algorithms, Computer Science Press Inc. Computer Software Engineering Series, pp. 198-200
  7. SSE-CMM, 'Project, Systems Security Engineering Capability Maturity Model (SSE-CMM) - Model Description Document,' V.2, http://www.sse-crnm.org, 1999. 4. 1
  8. ISO/IEC 14598-1, 'IT-Software product evaluation, Part 1. General overview,' 1997. 3
  9. FIPS-191, 'Specifications for Guideline for The Analysis Local Area Network Security,' NIST, Nov. 1994
  10. OCTAVE, 'OCATVE Criteria, Version 2.0,' Carnegie Mellon Software Engineering Institute(2001. 12), OCATVE Method Implementation Guide Version 2.0, OCTAVE, 2001. 6, http://www.sei.cmu.edu/publications/ pubweb.html