DOI QR코드

DOI QR Code

Developing a Framework for the Implementation of Evidence Collection System: Focusing on the Evaluation of Information Security Management in South Korea

  • Choi, Myeonggil (College of Business and Economics, Chung-Ang University) ;
  • Kang, Sungmin (College of Business Administration and Economics Chung-Ang University) ;
  • Park, Eunju (Department of Business Administration, Chung-Ang University)
  • 투고 : 2019.07.04
  • 심사 : 2019.10.31
  • 발행 : 2019.10.31

초록

Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

키워드

참고문헌

  1. Bahsi, H., "Analysis of National Cyber Situational Awareness Practices", Strategic Cyber Defense: A Multidisciplinary Perspective, Vol. 48, 2017, pp. 31-41.
  2. FIPS, PUB 199, 'Standards for Security Categorization of Federal Information and Information Systems', February 2004.
  3. FISMA, Section 3544.
  4. Gikas, C., A General Comparison of FISMA, HIPAA, ISO 27000 and PCI-DSS Standards", Information Security Journal: A Global Perspective, Vol. 19, No. 3, 2010, pp. 132-141. https://doi.org/10.1080/19393551003657019
  5. Hulitt, E. and Vaughn, R. B., "Information system security compliance to FISMA standard: a quantitative measure", Telecommunication Systems, Vol. 45, No. 2-3, 2010, pp. 139-152. https://doi.org/10.1007/s11235-009-9248-8
  6. Miller, D., Harris, S., Harper, A., VanDyke, S., and Blask, C., Security information and event management (SIEM) implementation, McGraw Hill Professional, 2010.
  7. NIST, Special Publication 800-37, 'Guide for the Security Certification and Accreditation of Federal Information Systems', Section 3.4. May 2004.
  8. NIST, Special Publication 800-53 'Guide for Assessing the Security Controls in Federal Information Systems' Ver. 4, February 2014.
  9. NIST, Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment', September 2008.
  10. National Intelligence Service, 2016 National and Public Sector, "Explanation of Indicators of Information Security Management Status Indicators", 2016.
  11. Rouillard, J. P., Real-time Log File Analysis Using the Simple Event Correlator (SEC), In LISA, 4, 2004, pp. 133-150.