ISO/IEC JTC1/SC27 WG4(보안통제 및 서비스) 국제표준화 동향

  • 염흥열 (순천향대학교 정보보호학과)
  • Published : 2011.04.30

Abstract

ISO/IEC JTC 1에서 정보보안 기술에 대한 국제표준화를 추진하고 있는 서브위원회(SC, subcommittee)는 SC 27 서브위원회이다. 이 위원회는 1980년 창립되어 금년으로 21년째 되는 서브위원회로, 정보보호관리체계, 암호 및 보안 메커니즘, 보안성 평가 기준, 보안 통제 및 서비스, 아이덴티티 (identity) 관리 및 프라이버시 기술에 대한 국제표준화를 추진하고있다. 이중 작업반 4에서는 보안 통제(security control) 및 서비스에 대한 국제표준화를 추진하고 있으며, 2006년에 창립되어 주로 네트워크 보안, 정보보호 침해사고 관리, 사이버 보안, 디지털 증거자료(포렌직), 공급자 체인 보안, 스토리지 보안 등 서비스 및 응용보안에 초점을 맞추어 국제표준화를 추진하고 있다. 본 고에서는 작업반 4에서 최근에 수행되고있는 주요 국제표준화 내용을 살펴보고 주요 이슈를 제시한다.

Keywords

References

  1. ISO/IEC JTC 1 홈페이지, http://www.iso.org/iso/jtc1_home.html
  2. ISO/IEC JTC 1 SC 27 홈페이지, http://www.iso.org/iso/iso_technical_committee?commid=45306
  3. ISO/IEC JTC 1 SC27 N9084, Resolutions of the 9th SC 27 WG 4 Plenary Meeting held in Berlin, Germany from 4 - 8 Oct. 2010.
  4. ISO/IEC JTC 1/SC 27 N9085, ISO/IEC JTC 1/SC 27/WG 4 Meeting No. 9 Berlin, Germany October 4-8, 2010 Meeting Report
  5. Walter Fumy, "ISO/IEC JTC1/SC27-IT Security Technique", ITU-T Workshop, Geneva Swiss, 6-7 Dec. 2010.
  6. ISO/IEC 2nd CD 27032 -Information technology - Security techniques - Guidelines for Cybersecurity (N7917), Dec. 2010.
  7. ISO/IEC 27033-1 - Information technology - Security techniques -- Network security - Part 1: Part 1: Guidelines for network security
  8. ISO/IEC FCD 27033-2 - Information technology - Security techniques -- Network security - Part 2: Guidelines for the design and implementation of network security (N8626), Dec. 2010
  9. ISO/IEC 27033-3 - Information technology - Security techniques --Network security - Part 3: Part 3: Reference networking scenarios - Threats, design, technologies and control issues
  10. ISO/IEC 2nd WD 27033-4 - Information technology - Security techniques -- Network security -- Part 4: Securing Communications between networks using security gateways (N8634), Dec. 2010
  11. ISO/IEC WD 27033-5 - Information technology - Security techniques -- Network security -- Part 5: Securing communications across networks using Virtual Private Networks (VPNs) (N8647), Dec. 2010.
  12. ISO/IEC WD 27033-6 - Information technology - Security techniques - Network security - Part 6: Securing IP Network Access using Wireless (N8647), Dec. 2010
  13. ISO/IEC FCD 27034-1 - Information technology - Security techniques -- Application security - Part 1: Overview and concepts, Dec. 2010
  14. ISO/IEC 2nd WD 27034-2 - Information technology - Security techniques - Application security - Part 2: Organisation Normative Framework, Dec. 2010
  15. ISO/IEC FCD 27035 - Information technology - Security techniques - Information Security Incident Management, Dec. 2010
  16. ISO/IEC WD 27036-1 - Information technology - Security techniques - Information security for supplier relationships - Part 1: Overview and Concepts, Dec. 2010
  17. ISO/IEC WD 27036-2 - Information technology - Security techniques - Information security for supplier relationships - Part 2: Common Requirements, Dec. 2010
  18. ISO/IEC 27036-3 - Information technology - Security techniques - Information security for supplier relationships - Part 3: Guidelines for ICT Supply Chain, Dec. 2010.
  19. ISO/IEC 3rd WD 27037 - Information technology - Security techniques - Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence, Dec. 2010.
  20. ISO/IEC WD 27038 - Information technology - Security techniques - Specifications for Digital Redaction, Dec. 2010
  21. SO/IEC WD 27039 (18043) - Information technology - Security techniques - Selection, deployment, and operation of intrusion detection and prevention systems (IDPS), Dec. 2010
  22. 염흥열, "제9회 네트워크 및 응용보안(SC 27 WG 4) 회의," TTA 저널, No.132, TTA, 2010. 11월