DOI QR코드

DOI QR Code

기록정보의 안전한 보호와 접근통제에 관한 인식과 과제

The Awareness and the Challenges about Protection and Access Control of Record

  • 임미현 (명지대학교 기록정보과학전문대학원 기록정보학) ;
  • 임진희 (명지대학교 기록정보과학전문대학원 기록관리전공)
  • 투고 : 2021.02.24
  • 심사 : 2021.03.19
  • 발행 : 2021.03.30

초록

4차산업 혁명으로 상징되는 IT 기술의 발달과 전자정부의 등장 및 환경의 변화 등에 따라 기록관리 영역에도 급격한 변화가 나타나고 있다. 대부분의 정부산하 공공기관은 전자문서시스템과 기록관리시스템, 온나라시스템 등 정보보호의 대상이 되는 정보시스템을 이용한다. 이용자중심의 기록관리 환경에서 물리적 환경과 전자시스템을 통한 기록정보의 접근통제는 기록정보의 보호를 위한 필수적인 요소라고 할 수 있다. 이에 본 연구는 공공기관 기록물관리 전문요원들의 기록정보의 안전한 보호와 접근통제에 대한 인식을 조사하여 개선해야 할 과제를 도출하고, 이를 개선하기 위한 논의와 제안점을 제시하였다. 먼저, 우리나라 정보보호 체계에 대한 법·제도 현황을 살펴보고, 접근통제에 대한 규정을 분석하여 기록관리 법·제도 및 접근통제 현황과 비교함으로써 시사점을 도출한다. 다음으로 질적연구 방법을 활용하여 정부산하 공공기관에서 근무하고 있는 전문요원들을 대상으로 심층인터뷰를 진행하였고, 그 결과를 분석하였다. 본 연구는 기록정보의 안전한 보호와 접근통제를 위하여 기록관리 영역의 체계 개편 등을 제안하여 정부산하 공공기관 기록관리의 개선과 전문요원들이 실질적인 권한과 통제권을 가지기 위한 제안을 통하여 기록관리 내실화를 꾀하였다는데 의의가 있다.

The development of IT technology that has come to symbolize the fourth industrial revolution, the introduction of online government, and the change in environment has caused radical changes in record management. Most public institutions under the government make use of information systems that are objects of information protection such as electronic document system, document management system, and Onnara system. Further, protection and access control of record information through physical environment and electronic system in a user-centered record management environment is an essential component. Hence, this study studies how professional records management professionals in public institutions recognize safe protection and access management of record information, deriving areas that require improvement and providing a discussion and suggestions to bring about such improvement. This study starts by examining laws and policies on information protection in Korea, analyzing items on access control to compare them with laws and policies, as well as the current situation on records management and derive implications. This study is meaningful in that it aims to substantialize records management by suggesting areas of improvement necessary for the protection and management of record information in public institutions and providing professionals with tangible authority and control.

키워드

참고문헌

  1. Cheon, Kwon-Ju (2008). A study on application plan of access control requirements in ERMS Standard, The Korean Journal of Archival Studies, 18, 179-220. https://doi.org/10.20923/kjas.2008.18.179
  2. Choi, Eun-Bok (2009). A lattice-based role graph security model ensuring confidentiality and integrity. Journal of the Korea Society of Computer and Information, 14(6), 91-98.
  3. Eom, Jung-ho, Park, Seon-ho, & Chung, Tai M. (2010). An architecture of access control model for preventing illegal information leakage by insider. Journal of the Korea Institute of Information Security and Cryptology, 20(5), 59-67. https://doi.org/10.13089/JKIISC.2010.20.5.59
  4. Han, Seok-sil (2010). The study on the issues about qualitative research method. The Journal for the Study of Humans and Culture, 16, 5-44.
  5. Im, To Bin (2009). Qualitative methodology: Approach and application. Journal of Governmental Studies, 15(1), 155-188.
  6. Jang, Sang soo (2019). Introduction to information security. Seoul: baeumteo.
  7. Kim, Eui-Tak, Choe, Yong-Rak, Kim, Gi-Hyeon, & Park, Jeong-Ho (1998). Access control technology trend. Review of KIISC, 8(4), 77-96.
  8. Kim, Hyung-Joo & Kim, Soo-Heon (2017). A case study on the application of requirements standard of systems for government-affiliated organizations. Journal of the Korean Biblia Society for Library and Information Science, 28(2), 35-56. https://doi.org/10.14699/kbiblia.2017.28.2.035
  9. Kim, Yong (2007). A study on functional design of electronic management system in records centers. Journal of Korean Society of Archives and Records Management, 7(1), 61-82. https://doi.org/10.14404/JKSARM.2007.7.1.061
  10. Korean Society of Archival Studies (2008). Archival terms dictionary.
  11. Lee, Jeong-eun & Youn, Eun-ha (2018). A study on the major characteristics of the revised ISO 15489 in 2016. The Korean Journal of Archival Studies, 57, 75-111. https://doi.org/10.20923/kjas.2018.57.075
  12. Lee, Ju Young, Lee, Goo Yeon, & Kwon, Ho Yeol (2020). Insider information leakage detection method using scenario technique. Journal of Digital Contents Society, 21(3), 617-626. https://doi.org/10.9728/dcs.2020.21.3.617
  13. Lee, So-Yeon & Kim, Ja-Kyoung (2004). An analysis of functional requirements for electronic records management systems: Based on the records management principles extracted from ISO 15489. Journal of the Korean Society for Information Management, 21(3), 227-250. https://doi.org/10.3743/KOSIM.2004.21.3.227
  14. Oh, Jin-Kwan (2019). A study on record management system design model and functional requirements. Doctoral dissertation, Major of Records and Archival Information Management, Graduate School of Records, Archives & Information Science, Myongji University.
  15. Park, Minyoung (2013). Evaluation of access control function of the standard records management system. The Korean Journal of Archival Studies, 38, 3-35. https://doi.org/10.20923/kjas.2013.38.003
  16. Sim, Jae-yoon & Lee, Kyung-ho (2015). A study on information access control policy based on risk level of security incidents about it human resources in financial institutions. Journal of the Korea Institute of Information Security and Cryptology, 25(2), 343-361. http://dx.doi.org/10.13089/JKIISC.2015.25.2.343
  17. Son, Sung-Keun (2008). Analysis the issues and the present situation of the Korea government standard Records Management System. Master's thesis, Archival Science The Graduate School Seoul National University.
  18. Yang, Seong-Hoon, Oh, Jung-Hyun, Lee, Kyoung Hyo, Im, Do-Yoen & Oh, Byeong-Kyun (2005). Role hierarchy access control model using permission inheritance. Proceedings of the Korean Information Science Society Conference, 32(2), 94-96.
  19. Yong, Maroo (2016). Research on the access control to improve records management system. Master's thesis, Major of Records and Archival Information Management, Graduate School of Records, Archives & Information Science, Myongji University.
  20. ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.. Act No.17358.
  21. ACT ON THE PROMOTION OF INFORMATION SECURITY INDUSTRY. Act No.17344.
  22. ENFORCEMENT DECREE OF THE PUBLIC RECORDS MANAGEMENT ACT. Presidential Decree No30584.
  23. FRAMEWORK ACT ON NATIONAL INFORMATIZATION. Act No.16749.
  24. Functional Requirements of Records Management Systems(v1.3). NAK 6:2020(v1.3).
  25. Functional Requirements of Systems with Records Management for Government-Affiliated Organizations, etc.(v1.1). NAK 20:2020(v1.1).
  26. Information and documentation - Records management - Part 1: Concepts and principles. KS X ISO 15489-1.
  27. Information and documentation - Records management - Part 2: Guidelines KS X ISO TR 15489-2.
  28. Information technology - Security techniques - Code of practice for information security management KS X ISOIEC27002.
  29. Information technology - Security techniques - Information security management systems - Requirements. KS X ISOIEC27001.
  30. Metadata Standard for Records and Archives Management(v 2.1). NAK 8:2016(v 2.1).
  31. NATIONAL CYBER SAFETY MANAGEMENT REGULATION. Presidential directive No. 316.
  32. PUBLIC RECORDS MANAGEMENT ACT. Act No16661.
  33. Vital Records Identification and Protection(v 1.0). NAK 2-2:2012(v 1.0).