The Journal of Korean Institute of Information Technology (한국정보기술학회논문지)

Korean Institute of Information Technology (한국정보기술학회)
권호 표지
DOI QR코드

DOI QR Code

The Improvement of Information Protection Service Cost Model in Public Institution

공공기관 정보보호서비스 대가 모델의 개선 방안

  • 오상익 (제주대학교 대학원 융합정보보안학과) ;
  • 박남제 (제주대학교 초등컴퓨터교육전공)
  • Received : 2019.07.14
  • Accepted : 2019.07.26
  • Published : 2019.07.31
⟨ Previous Next ⟩

Abstract

In this paper, related studies were investigated by dividing them into cost-benefit analysis, security continuity services, and SW-centric calculations. The case analysis was conducted on A institutions in the United States, Japan and South Korea. Based on this, an improvement model was prepared through comparison with the current system. The SCS(Security Continuity Service) performance evaluation system-based information protection service cost calculation model is proposed. This method applies a service level agreement(SLA) and NIST Cybersecurity framework that are highly effective through cost-effectiveness analysis and calculates consideration based on characteristics, performance criteria, and weights by information protection service. This model can be used as a tool to objectively calculate the cost of information protection services at public institutions. It is also expected that this system can be established by strengthening the current recommended statutory level to the enforceability level, improving the evaluation system of state agencies and public institutions, introducing a verification system of information protection services by national certification bodies, and expanding its scope to all systems.

본 논문에서는 기존의 관련 연구를 SW 중심의 대가 산정, 비용-편익분석, 보안성 지속서비스 대가 산정으로 구분하여 조사하였고, 사례 분석은 미국과 일본, 국내 A기관을 대상으로 하였다. 이를 바탕으로 현 제도와의 비교를 통해 개선모델을 마련하였다. 비용-효용분석 측면에서 효용성이 높은 서비스 수준 협약(SLA ; Service Level Agreement)과 NIST Cybersecurity Framework를 적용하여 정보보호서비스별 특성과 수행기준, 가중치를 기준으로 대가를 산정하는 방식인 SCS(Security Continuity Service) 성과평가체계 기반 정보보호서비스 대가 산정 모델을 제안한다. 이 모델은 공공기관에서 정보보호서비스 대가를 객관적으로 산정하는 도구로 활용할 수 있다. 또한, 현재 권고수준인 법률을 적용 강제성 수준으로 강화, 국가기관 및 공공기관의 평가제도 개선, 국가인증기관의 정보보호서비스 검증제도 도입, 모든 정보시스템 및 서비스로의 확대 등을 통해 본 제도의 정착될 수 있을 것으로 기대된다.

Keywords

References

  1. Ministry of Government Legistation, http:/www.law.go.kr/lsInfoP.do?lsiSeq=202280&efYd=20180522#0000.
  2. KISA, "Information Protection System Implementation Practical Guide", 2018.
  3. International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC).(2016). Information security management (ISO/IEC Standard No. 27001).
  4. KISA, "Information Protection Service Cost Estimating Guidelines", 2015.
  5. You-Jin Park, "A Study on an Estimation of Adjusted Coefficient for the Maintenance of Information Security Software in Korea Industry", 2011.
  6. Bohme, R., "Security Metrics and Security Investment Models", In IWSEC, pp. 10-24, 2010.
  7. Yeon-Ho Jo, "A Study on Policy for cost estimate of Security Sustainable Service in Information Security Solutions", 2015.
  8. Korea Software Industry Association, "Software Business Cost Reference Guide", 2018
  9. Seogwipo city, "2016-2018 Information Security System Maintenance Inspection Report", 2016-2018.
  10. NIST, https://www.researchgate.net/profile/Nicole_Radziwill/publication/318311904_Cybersecurity_Cost_of_Quality_Managing_the_Costs_of_Cybersecurity_Risk_Management/links/5962b402458515a35751ac26/Cybersecurity-Cost-of-Quality-Managing-the-Costs-of-Cybersecurity-Risk-Management.pdf?origin=publication_detail pp. 189-197, Sep. 2010.
  11. N. Park, H. Hu, and Q. Jin, "Security and Privacy Mechanisms for Sensor Middleware and Application in Internet of Things (IoT)", International Journal of Distributed Sensor Networks, Vol. 2016, No. 1, Jan. 2016. https://doi.org/10.1155/2016/2965438.
  12. D. Lee and N. Park, "Electronic identity information hiding methods using a secret sharing scheme in multimedia-centric internet of things environment", International Journal of Personal And Ubiquitous Computing, Vol. 22, No. 1, pp. 3-10, Feb. 2018. https://doi.org/10.1007/s00779-017-1017-1
  13. N. Park and M. Kim, "Implementation of load management application system using smart grid privacy policy in energy management service environment", International Journal of Cluster Computing, Vol. 17, No. 3, pp. 653-664, Sep. 2014. https://doi.org/10.1007/s10586-014-0367-y
  14. D. Lee and N. Park, "Geocasting- based synchronization of Almanac on the maritime cloud for distributed smart surveillance", International Journal of Supercomputing, Vol. 73, No. 3, pp. 1103-1118, Mar. 2016.
  15. N. Park, "Privacy-Enhanced Deduplication Technique in Closed Circuit Television Video Cloud Service Environment", International Journal of Engineering & Technology, Vol. 7, No. 24, pp. 65-66, May 2018.
  16. J. Kim, N. Park, G. Kim, and S. Jin, "CCTV Video Processing Metadata Security Scheme Using Character Order Preserving-Transformation in the Emerging Multimedia", International Journal of ELECTRONICS, Vol. 8, No. 4, pp. 412-426, Apr. 2019.
  17. N. Park and N. Kang, "Mutual Authentication Scheme in Secure Internet of Things Technology for Comfortable Lifestyle", International Journal of Sensors(Basel), Vol. 16, No. 1, pp. 1-16, Dec. 2015.
  18. N. Park, J. Kwak, S. Kim, D. Won, and H. Kim, "WIPI Mobile Platform with Secure Service for Mobile RFID Network Environment", Conference of Advanced Web and Network Technologies, and Applications, Harbin, China, pp. 741-748, Jan. 2006.
  19. N. Park and H. Bang, "Mobile middleware platform for secure vessel traffic system in IoT service environment", International Journal of Security And Communication Networks, Vol. 9, No. 6, pp. 500-512, Apr. 2016. https://doi.org/10.1002/sec.1108
  20. D. Lee, N. Park, Geonwoo Kim, and Seunghun Jin, "De-identification of metering data for smart grid personal security in intelligent CCTV-based P2P cloud computing environment", International Journal of Peer-to-Peer Networking and Applications, Vol. 11, No. 6, pp. 1299-1308, Nov. 2018.
  21. D. Lee and N. Park, "A Proposal of SH-Tree Based Data Synchronization Method for Secure Maritime Cloud", Journal of KIISC, Vol. 26, No. 4, pp. 929-940, Aug. 2016.