Browse > Article
http://dx.doi.org/10.9708/jksci.2019.24.11.099

The Integrated Cyber SRM(Security Risk Monitoring) System Based on the Patterns of Cyber Security Charts  

Lee, Gang-Soo (Dept. of Computer Engineering, Hannam University)
Jung, Hyun Mi (Center for Development of Supercomputing System, KISTI)
Abstract
The "Risk management" and "Security monitoring" activities for cyber security are deeply correlated in that they prepare for future security threats and minimize security incidents. In addition, it is effective to apply a pattern model that visually demonstrates to an administrator the threat to that information asset in both the risk management and the security system areas. Validated pattern models have long-standing "control chart" models in the traditional quality control sector, but lack the use of information systems in cyber risk management and security systems. In this paper, a cyber Security Risk Monitoring (SRM) system that integrates risk management and a security system was designed. The SRM presents a strategy for applying 'security control' using the pattern of 'control charts'. The security measures were integrated with the existing set of standardized security measures, ISMS, NIST SP 800-53 and CC. Using this information, we analyzed the warning trends of the cyber crisis in Korea for four years from 2014 to 2018 and this enables us to establish more flexible security measures in the future.
Keywords
Security risk monitoring; Control chart; Security Control; Cyber security chart; Security measure;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 SMS-P_Certification Standards_Detail Check Items, https://isms.kisa.or.kr/main/ispims. 2018
2 Governmental Technology Reference Model (TRM) https://www.geap.go.kr/real/, 2014.
3 Stock Technical Analysis, file:///C:/Users/310/AppData/Local/Microsoft/Windows/INetCache/IE/42LWML2Z/techanalysis.pdf.
4 NIS Cyber Crisis Alert Trends: 2014-2018, https://www.nis.go.kr:4016/AF/1_7_1_1/list.do
5 Hyuck Moo Kwon, Sung Hoon Hong, Min Koo Lee, Sung Uk Lim, "Literature Review on the Statistical Quality Control," J. Korean Soc. Qual. Manag., Vol. 44, No. 1, March 2016. pp.1-16.   DOI
6 Basic Tools for Process Improvement, Module 10 CONTROL CHART. https://support.minitab.com/ko-kr/minitab/18/.
7 Process for statistical quality control, http://ebook.pldworld.com/_ebook/품질관리/hwcg.co.kr/.../통계적품질관리_교재.ppt.
8 Taewoong Kim, "Quality Management," Sin-yeong sa, July 2017.
9 Method for anomaly detection using statistical process control, https://patentimages.storage.googleapis.com/fe/4c/4e/f46728e1a00 7ef/KR101281460B1.pdf, 2013.
10 Jin-woo Park, Seok-hoon Yun, Jin-heum Kim, Hyeong-chul Jeong, "Developing the information security risk index using network gathering data," Korean Journal of Applied Statistics, vol7 no29, pp.1173-1183, 2016.
11 KISA Report, "A study on a Scheme of Detecting Abnormal Traffic in Internet-based Architecture," 2004.
12 NIST SP 800-30, Rev. 1, "Guide for Conducting Risk Assessments," Sep. 2012.
13 NIST SP 800-37, Rev. 1, "Guide for Applying the Risk Management Framework to Federal Information Systems-A Security Life Cycle Approach," Feb. 2010.
14 NIST SP 800-37, Rev. 2, "Risk Management Framework for Information Systems and Organizations-A System Life Cycle Approach for Security and Privacy," May 2018.
15 NIST SP 800-39, "Managing Information Security Risk," March 2011.
16 NIST SP 800-53, Rev. 5, "Security and Privacy Controls for Information Systems and Organizations, NIST," Aug. 2017.
17 Time series Forecasting in Machine Learning, https://medium.com/99xtechnology/time-series-forecasting-in-machine-learning-3972f7a7a467
18 NIST SP 800-137, "Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations," Sept. 2011.
19 Common Criteria ver 5.1, http://www.itscc.kr, 2017.
20 Notice regarding information protection and personal information protection management system certific-ation, https://isms.kisa.or.kr/main/ispims, 2018.