KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Development of Evaluation Indicators for the Human Competency and Management In Managed Security Service (MSS)

보안관제 업무의 인적 역량 및 관리에 대한 평가지표 개발 연구

  • 양성호 (고려대학교 정보보호대학원 정보보호학과) ;
  • 이상진 (고려대학교 정보보호대학원)
  • Received : 2016.03.10
  • Accepted : 2016.04.20
  • Published : 2016.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Currently many central administrative agencies, municipalities and public and private institutions operate Managed security services to cope with cyber security incidents. These entities exert efforts in operating efficiencies rather than introduction of services as they used to. Accordingly, quite a few policies, directions and guidelines have been established for stable operation of Managed security services. Still, Managed security is operated by individuals, whose competencies influence the quality of Managed security services to a great extent. In this respect, the present article examines Managed security technology and methods and describes evaluation methods and examples relevant to human competencies, so as to seek for some potential courses for further development as well as more efficient approaches to human resource management in terms of institutional Managed security services.

현재 많은 중앙행정기관 및 지방자치단체, 공공 민간기관들이 사이버 침해사고 대응을 위해 보안관제서비스를 운영하고 있다. 과거와는 달리 서비스 도입보다는 효율적인 운영을 위해 노력하고 있다. 때문에 많은 정책과 방향, 지침들을 수립하고 안정적으로 운영되길 원한다. 하지만 보안관제는 사람이 운영하는 업무이기 때문에 개개인의 능력에 따라 많은 차이를 보이게 된다. 이에 따라 본 논문에서는 보안관제 기술과 방법에 대해 살펴본 후 인적역량에 대한 평가 방법과 예시를 통해 기관의 보안관제 업무 시 인적 관리에 효율적인 운영 방안 및 향후 발전 방향에 대해 모색해 보고자 한다.

Keywords

References

  1. Ministry of the Interior [Internet], http://www.moi.go.kr/, Oct., 2014.
  2. Young-jin Kim, Su-yeon Lee, Hun-young Kwon, and Jong-in Lim, "A Study on the Improvement of Effectiveness in National Cyber Security Monitoring and Control Services," Jonornal of The Korea Institute of Information Security & Cryptology, Vol.19, No.1, pp.103-111, Feb., 2009.
  3. Korea Internet & Security Agency, "INTERNET & SECURITY FOCUS," Aug., 2013.
  4. Hyun-do Lee and Sang-jin Lee, "A Study on development of evaluation indicators on the Managed Security," Jonornal of The Korea Institute of Information Security & Cryptology, Vol.22, No.5, pp.1133-1143, Oct., 2012.
  5. Ja-young Oh, "What's Managed Security Service," boannews, Dec., 2006.
  6. Woo-jong Suh, Dae-seok Kang, Yong-won Kang, and Jin-won Hong, "A Competency Analysis Methodology for Improving the Productivity of IT Human Resources," The Journal of Productivity, Vol.22, No.1, pp.69-91, Feb., 2008. https://doi.org/10.15843/kpapr.22.1.200802.69
  7. Wan-suk Yi, Woong Go, Dong-ho Won, and Jin Kwak, "Development of S-SLA's Grading Indicator based on the Analyses of IPS's Security Functions," Jonornal of The Korea Institute of Information Security & Cryptology, Vol.20, No.6, pp.221-235, Dec., 2010.
  8. Korea Software Industry Association [Internet], http://www.sw.or.kr/.
  9. Hyun-jeong Cho, "IPS, the future network security product," Journal of Computing Science and Engineering, Vol.23, No.1, pp.21-26, Jan., 2005.
  10. Young-su Jang, "Sofeware security vulnerability improvement using open static analysis tool," Korea Unviersity, Feb., 2011.
  11. Alberto Dainotti, Antonio Pescape, and Giorgio Ventre, "A Packet-level Characterization Of Network Traffic," CAMAD, pp.38-45, June, 2006.
  12. Joong-gil Park, "Methodology of Analyze the Risk Using Method of Determinated Quantity," The Journal of Information Processing System, Vol.13, No.7, pp.851-858, Dec., 2006.
  13. The Open Web Application Security Project(OWASP) Project Handbook 2013 [Internet], http://owasp.org/, Oct., 2012.
  14. Jin-kook Kim, Jung-heum Park, and Sang-jin Lee, "A Framework for Data Recovery and Analysis from Digital Forensics Point of View," Journal of Information Processing Systems, Vol.17, No.5, pp.391-398, Oct., 2010.
  15. Jae-Chan Moon and Seong-je Cho, "Vulnerability Analysis and Threat Mitigation for Secure Web Application Development," Jonornal of Korea Society of Computer, Vol.17, No.2, pp.127-137, Feb., 2012.
  16. Chae-tae Im, Joo-hyung Oh, and Hyun-cheol Jeong, "Study of Technical Trends and Analysis Method of Recent Malware," Journal of Computing Science and Engineering, Vol.28, No.11, pp.117-126, Nov., 2010.
  17. Noh Ung-rae congressman [Internet], http://blog.naver.com/with_wraenoh/220480698919, Sep., 2015.