Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Structuring of Information Sharing Platforms Based on Risk Communication Theory

위험커뮤니케이션 이론에 기반을 둔 정보공유 플랫폼 구조화 연구

  • 유지연 (상명대학교 융합공과대학 휴먼지능정보공학과) ;
  • 박향미 (한국IT법연구원)
  • Received : 2019.06.03
  • Accepted : 2019.06.30
  • Published : 2019.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

In this day and age physical and cyber boundaries have converged due to the development of new technologies, such as the Internet of Things (IoT) and the Cyber Physical System (CPS). As the relationship between physical system and cyber technology strengthens, more diverse and complex forms of risk emerge. As a result, it is becoming difficult for single organization or government to fully handle this situation alone and cooperation based on information sharing and the strengthening of active defense systems are needed. Shifting to a system in which information suitable for various entities can be shared and automatically responded to is also necessary. Therefore, this study tries to find improvements for the current system of threat information collecting and sharing that can actively and practically maintain cyber defense posture, focusing particularly on the structuring of information sharing platforms. To achieve our objective, we use a risk communication theory from the safety field and propose a new platform by combining an action-oriented security process model.

오늘날 IoT(Internet of Things)와 CPS(Cyber-Physical System) 등의 기술 발전으로 사이버와 물리적 차원의 경계가 무너지는 융합 환경이 등장하였다. 물리-사이버 간의 영향관계가 강화되면서 보다 다양하고 복잡한 형태의 위험들이 나타나고 있으며 단일 조직 혹은 정부의 자체 대응만으로는 온전히 대응해내기 어려운 상황이 되고 있다. 이로 인해 정보 공유에 기반을 둔 협력적 대응 및 적극적 방어 체계 강화를 필요로 하고 있다. 그리고 다양한 주체에 적합한 정보가 공유되고 자동 대응 할 수 있는 체계로의 전환이 요구되고 있다. 이에 본 연구는 현재의 위협 정보 수집 및 공유 중심의 체계를 개선하고 적극적이고 실질적인 사이버 방어 태세가 유지될 수 있는 정보 공유 체계 구조화를 시도하고자 한다. 이를 위해 안전 분야에서 활용되는 위험 커뮤니케이션 이론을 차용하고 행동 중심의 보안 프로세스 모델을 결합하여 새로운 플랫폼을 제안한다.

Keywords

References

  1. Businesstopia, "Lasswell Model of Commication", Dec 29th 2015. https://www.slideshare.net/businesstopia/laswell-model-of-commication (Search: 2018.12.03.)
  2. Chee-Wooi Ten, Govindarasu Manimaran, and Chen-Ching Liu, "Cybersecurity for Critical Infrastructures: Attack and Defense Modeling", IEEE Transactions on Systems, Man, and Cybernetics - Part 1: Systems and Humans, Vol.40, No.4, Jul 2010.
  3. DTCC, "Cyber Risk - A Glbal Systemic Threat", Oct 2014.
  4. Earl Guzman, "Basic Linear Communication Models: Lasswell, Shannon and Weaver", Jul 15th 2015. https://www.slideshare.net/EarlGuzman/lasswell-shannon-weaver (Search: 2018.12.03.)
  5. Gomez, Jimmy A., "The Targeting Process: D3A and F3EAD", Small Wars Journal, Jul 16th 2011.
  6. Han Sang-Kook., "Improvement of National Information Sharing System by Security Environment Change: Focusing on US Information Society Case," Konkuk University Graduate School of Public Administration, Feb 2013.
  7. Ismael Valenzuela, "Intelligence-Driven Defense: Successfully Embedding Cyber Threat Intel in Security Operations", SANS Blue Team Summit, 2018.
  8. Kim Ae-Chan, and Lee Dong-Hoon, "A Study on the Priority of Requirements for Establishing Effective Cyber-threat Information Sharing System," Journal of the Korea Institute of Information Security and Cryptology, Vol.27, No.5 :61-67, 2016.
  9. Kim Dong-Hee, Park Sang-Don, Kim So-Jeong, and Yoon Oh-Jun, "A Study on Establishment of Cyber Threat Information Sharing System Focusing on U.S. Cases," Convergence Security Journal Vol.17, No.2 :53-68, 2017.
  10. Lim Won-Sick, Yoon Myung-Keun, and Cho Hark-Su, "KOSIGN: Cyber Threat Information Sharing System from Information Protection Products," Korea Institute of Information Security and Cryptology, Vol.28 No.2 :20-26, 2018.
  11. NSA CSS(National Security Agency Central Security Service), "Active Cyber Defense (ACD)", Aug 1st 2014. https://apps.nsa.gov/iaarchive/programs/iadinitiatives/active-cyber-defense.cfm
  12. Park Ji-Baek, Choi Byoung-Hwan, and Cho Hark-Su, "Promoting sharing of cyber threat information," Journal of The Korean Institute of Communication Sciences, Korea Institute Of Communication Sciences, Vol.35 No.7 :41-48, 2018.
  13. Song Hae-Ryong, Cho Hang-Min, Lee Yoon-Kyung, and Kim Won-Je, "A Study on the Conceptualization, Structural Analysis and Domain Establishment of Risk Communication," Dispute Resolution Studies Review, Dankook Center for Dispute Resolution, Vol.10, No.1 :65-100, 2012. https://doi.org/10.16958/drsr.2012.10.1.65
  14. SRC(Systemic Risk Center), "System Risk", http://www.systemicrisk.ac.uk/systemic-risk(Search: 2018.10.05.)
  15. START, "Understanding Risk Communication Theory: A Guide for Emergency Managers and Communicators", May 2012.
  16. WEF "Part 1: Global Risks 2014: Understanding Systemic Risks in a Changing Global Environment", Jan 2014.
  17. G. G. Kaufman and K. E. Scott, "What Is Systemic Risk, and Do Bank Regulators Retard or Contribute to It?" in Independent Review Vol.7, No.3 :371-391, 2003.
  18. WEF, "Understanding Systemic Cyber Risk", Oct 2016.
  19. Yoon Oh-Jun, Cho Chang-Seob, Park Jeong-Keun, Bae Sun-Ha, and Shin Yong-Tae, "A Study on the Domestic Model for Cyber Threat Information Sharing by Analyzing the Relevant Systems of Major Advanced Countries," Convergence Security Journal, Vol.16, No.7 :101-111, 2016.
  20. Yoon Oh-Jun, Cho Chang-Seob, Park Jeong-Keun, Seo Hyung-Jun, and Shin Yong-Tae, "A Study on the Improvement Model for Invigorating Cyber Threat Information Sharing" Convergence Security Journal, Vol.16, No.4 :25-34, 2016.