Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.5.1133

A Study on development of evaluation indicators on the Managed Security Service(MSS)  

Lee, Hyundo (Graduate School of Information Security, Korea University)
Lee, Sangjin (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.5, 2012 , pp. 1133-1143 More about this Journal
Abstract
Currently, Many Cyber Security Centers(CSC) are established and being operated in our country. But, in the absence of indicators to evaluate activities of the Managed Security Service(MSS), We can't identify the CSC's level of overall job performance. Therefore, we can't derive strengths and weaknesses from the CSC. From these reasons, The purpose of this research is to develop an objective indicator to evaluate activities of the MSS. I studied both international and domestic Information Security Management System(ISMS) as related standards(ISO/IEC 27001, G-ISMS). Moreover, I analysed the NIST Computer Security Incident Handing Guide and the Incident Management Capability Metrics(IMCM) of Carnegie Mellon Software Engineering Institute(SEI). The implications for this analysis and domestic hands-on experience are reflected in the research. So I developed 10 evaluation domains and 62 detail evaluation items. This research will contribute to our understanding the level of the CSC's job performance.
Keywords
Managed Security Service; Evaluation indicators;
Citations & Related Records
연도 인용수 순위
  • Reference
1 김영진, "국가정보통신망에 대한 체계적인 보안관 제수행을 위한 모델 연구," 박사학위논문, 고려대학 교, pp. 27-51, 2010년 6월.
2 이연수, 이수연, 윤석구, 전재성, "주요국의 사이버 안전관련 법.조직체계 비교 및 발전방안 연구, "국가정보연구, 1(2), pp. 30-56, 2008년 12월.
3 박민수, "공공기관의 사이버안전센터 모델에 관한 실증적 연구," 박사학위논문, 숭실대학교, pp. 3-58, 2011년 6월.
4 방송통신위원회․행정안전부․지식경제부, 2011 국가정보보호백서, pp. 112-128, 2011년 5월.
5 한국인터넷진흥원․한국침해사고대응팀협의회, 침해사고대응팀(CERT) 구축/운영 안내서, pp. 71, 2010년 1월.
6 한국인터넷진흥원, 2011 ISMS 구축 및 운영교육 자료, pp. 15-58, 2011년.
7 국가사이버안전센터, 국가사이버안전매뉴얼, pp. 92-99, 2005년 10월.
8 국가사이버안전센터, 2011년도 중앙행정기관․ 광역지자체 정보보안 관리실태 평가 해설, pp. 3-7, 2011년.
9 행정안전부․한국인터넷진흥원, 전자정부 정보보호관리체계(G-ISMS) 인증안내서, pp. 3-12, 2011년.
10 지식경제부, 보안관제 전문업체 지정 등에 관한 공고, 2010년 12년 21월.
11 국가사이버안전관리규정, 대통령훈령 제267호, 일부개정 2010년 4월16일.
12 홍진기, "침해사고관리 평가지표 개발에 관한 연구 - 보안관제업무 평가 중심으로," 석사학위논문, 동국대학교, pp. 9-11 32-35, 2009년 6월.
13 http://www.skinfosec.com/05_control/5 _02_01.php, SK인포섹(주).
14 http://www.ahnlab.com/kr/site/product/controlInfo.do?svccode=aa1001&cont entscode=432, (주)안랩.
15 http://sniper.wins21.co.kr/, 윈스테크넷.
16 http://www.igloosec.co.kr/p/husky, 이글 루씨큐리티.
17 Moira J. West-Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, and Mark Zajicek, Handbook for Computer Security Incident Response Teams(CSIRTS): Carnegie Mellon Software Engineering Institute, Second Edition, pp. 76-91, Apr. 2003.
18 Karen Scarfone, Tim Grance, and Kelly Masone, Computer Security Incident Handling Guide, Recommendations of the National Institute of Standards and Technology: NIST Special Publication 800-61 Revision 1, March. 2008.
19 http://www.iso27001certificates.com/, the site of the International Register of ISMS Certificates.
20 John Snare and Eva Kuiper, "Text for ISO/IEC Final DIS 27001 Information technology - Security techniques - Information security management systems - Requirements," ISO/IEC FDIS 27001: 2005(E), pp. 1-29, Apr. 2005.
21 Audrey Dorofee, Georgia Killcrece, Robin Ruefle and Mark Zajicek, Incident Management Capability Metrics: Carnegie Mellon Software Engineering Institute, Version 0.1, pp. 23-207, Apr. 2007.