Browse > Article

Analysis of Knowledge and Skill for Security Professionals  

Choi, Myeong-Gil (NSRI)
Kim, Se-Hun (KAIST)
Publication Information
Asia pacific journal of information systems / v.14, no.4, 2004 , pp. 71-85 More about this Journal
Abstract
Due to exponentially growing threats of cyber attacks, many organizations have begun to recognize the importance of information security. There is an explosion in demand for experienced ISMs(Information Security Managers) and ISSDs(Information Security System Developers). To educate ISMs and ISSDs, identifying the specific knowledge and skill for information security professional is critical. This paper identifies 15 items of knowledge and skill for ISMs and ISSDs using a simplified Delphi technique and categories them. The results of this paper could be used in determining what kinds of knowledge and skill should be included in the curriculum of information security programs.
Keywords
Knowledge and Skill; Information Security Manager; Information Security System Developer; Delphi Approach;
Citations & Related Records
연도 인용수 순위
  • Reference
1 김 철, '대학의 정보보호 교육과정 개발 연구,' 정보보호학회지, 제11권 제3호, 2001, pp.75-89   과학기술학회마을
2 한국정보보호진흥원, 정보보호 안력 수급 및 활용 방안 연구, 한국정보보호진흥원 연구보고서, 1999
3 Helen Armstrong, 'Internet Security Management: A Joint Postgraduate Curriculum Design,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 249-258
4 Buckley, C., 'Delphi: Methodology for Preferences More than Predictions,' Library Management, Vol.16, No.7, 1995, pp.16-19   DOI   ScienceOn
5 NIST, Security Requirement for cryptography Module, NIST Standard, FIPS PUB 140-1, 1994
6 Venter H.S. and Eloff, J.H.P., 'A Taxonomy for Information Security Technologies,' Computer & Security, Vol. 22, Issue 4, 2003, pp. 99-307   DOI
7 Wood, C.C., 'Shifting IS Security Responsibility from User Organizations to Vendor/Publisher Organizations,' Computers & Security, Vol. 14, Issue 4, 1995, pp. 283-284   DOI   ScienceOn
8 Niederman, F., et aI., 'Information System Management Issues for the 1990s,' MIS Quarterly, Vol. 17, No. 4, 1991, pp. 475-500
9 DoD, Department of Defense Directive S-3600.1 Inforrmation Operations(IO), US. Department of Defense, 1996
10 정보통신부, 정보보호 기술개발 5개년 계획, 정보통신부 보고서, 2001
11 Schneier, B., Applied cryptography, John Wiley & Sons INC, New York, 1993
12 Menezes, A.J., et aI., Handbook of Applied Cryptograpy, CRC Press, 1997
13 Palvis, P., et aI., 'An Expanded global Information Technology Issue Model: an Addition of Newly Industrialized Countries,' The Journal of Information Technology Management, Vol. 6, No. 2, 1995, pp. 29-39
14 Wood, C.C., How to Achieve a Clear Definition of Responsibilities for Information Security, DATAPRO, Information Security Service, 1993
15 Baskerville, R., 'Information System Security Design Methods: Implication for Information Systems Development,' ACM Computing Surveys, Vol. 5, No. 4, 1993, pp. 375-414
16 Jung, B., et al., 'Security Threat to Internet: a Korean Multi-Industry Investigation,' Information & Management, Vol. 37, Issue 8, 2001, pp. 487-498
17 김기윤, 나현미, '정보보호관리자의 직무분석,' 정보보호학회지, 제10권 제4호, 2000, pp. 69-74
18 김기현 외, 3인, '정보보호기술분류,' 정보보호학회지, 제8권 제1호, 1998
19 Wilson, M., An Introduction to Computer Security: The NIST Handbook, NIST Special Publication 800-16, 1998
20 ISO/IEC 74982-2, Information Processing Systems- OSI Basic Reference Model- Part2, Security Architecture, 1989
21 Cooper, J.A., Computer and Communication Security, McGraw-Hill, New York, 1989
22 Kim, K.Y. and Surendran, K., 'Information Security Management Curriculum Design: A Joint Industry and Academic Effort,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 227-236
23 Carol, H. and Backhouse, J., 'Information Systems Security Education:Redressing the Balance of Theory and Practice,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 249-258
24 Patricia Y. Logan, 'Crafting an Undergraduate Information Security Emphasis within Information Technology,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 177-182
25 인터넷침해대응지원센타, http://www.krcert.or.kr/upload/statistics/2003_12.pdf
26 Wetherbe, J.C., et aI., 'Key Issues in Information System Management: 1994-1995 SIM Delphi Results,' MIS Quarterly, Vol. 20, No. 2, 1996, pp. 225-242   DOI   ScienceOn
27 Michael R.G. and Kim, I.K., 'An Undergraduate Business Information Security Course and Laboratory,' Journal of Information Systems Education, Vol. 13, No. 3, 2002, pp. 189-196
28 Tryfonas, T., 'Embedding Security Practices in Contemporary Information Systems Development Approaches,' Information Management & Computer Security, Vol. 9, No. 4, 2001, pp. 183-197   DOI   ScienceOn
29 한국정보보호진흥원, 주요 만간부분 정보보실태 조사, 보고서, 2001
30 Kim, S.H. and Choi, M.G., 'Educational Requirement Analysis for Security Professionals in Korea,' Journal of Inforrmation Systems Education, Vol. 13, No. 3, 2002, pp. 237-248