Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.897

Analysis of the Trends of Domestic/International IT Product Introduction Policy and Deduce Improvement Plan of Domestic Policy  

Son, Hyo-hyun (Hannam University)
Kim, Kwang-jun (Hannam University)
Lee, Man-hee (Hannam University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 897-906 More about this Journal
Abstract
As the Information and Communication Technology developed, the administration computerization of the government was promoted, and cyber attacks targeting IT products are spreading all over the world due to the reverse functions. Accordingly, governments in each country have begun to verify the security in the introduction of IT products by national and public institutions in order to protect information, and established the policy required in the introduction process. This research analyzes the introduction policy of domestic IT products to identify the supplement point. In addition, we analyze trends of introduction of IT products in the major developed countries such as USA, UK, Japan, Canada, and Australia. Finally, we propose the improvement method of domestic introduction policy through comparison analysis with domestic introduction policy.
Keywords
Introduction Policy; Security Conformance; Common Criteria; Cryptographic Module Validation Program; Common Criteria Recognition Arrangement;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Australian Cyber Security Centre, "Evaluated Products List" https://asd.gov.au/infosec/epl/, Aug. 2019.
2 Australian Cyber Security Centre, "Australian Government Information Security Manual" https://acsc.gov.au/publications/ism/Australian_Government_Information_Security_Manual.pdf, Feb. 2019.
3 Australian Cyber Security Centre, "ARRANGEMENT on the Recognition of Common Criteria Certificates" https://acsc.gov.au/publications/aisep/ccra.pdf, Jul. 2014.
4 National Archives of Korea, "Administration Computerization" http://www.archives.go.kr/next/search/listSubjectDescription.do?id=001951, Aug. 2019.
5 KISA, "Cyber-threat intelligence network and '2017 seven Cyber attack forecast'", https://www.kisa.or.kr/jsp/common/downloadAction.jsp?bno=8&dno=1516&fseq=1, Dec. 2016.
6 Nam-Kyun Baik, Min-Woo Son, Woong-Sang Kim, Ho-Jun Park and Jason Kim, "Analysis of security evaluation & certification scheme for CCRA CAP," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp. 2009(06), pp. 1670-1673, Jun. 2009.
7 Myeonggil Choi, Hacyun Na and Jaehun Jeong, "Analysis of international evaluation certification scheme," Korea Institute Of Information Security And Cryptology, 23(5), pp. 29-35, Oct. 2013.
8 Nam-Kyun Baik, Minwoo Son and Jason Kim, "Foreign certificate issuing country CC-based information protection product evaluation trend," Korea Institute Of Information Security And Cryptology, 19(6), pp. 49-67, Dec. 2009.
9 Lee Dae Seob and Hong Won Soon, "Status and future direction of domestic evaluation and certification policy," Korea Institute Of Information Security And Cryptology, 17(6), pp. 20-24, Dec. 2007.
10 Choi, Myeong-Gil and Jeong, Jae-Hun, "A study on domestic and foreign policy trends of CMVP," Proceedings of Symposium of the Korean Academy Industrial Cooperation Society, pp. 471-474, May. 2010.
11 Choi, Myeong-Gil and Jeong, Jae-Hun, "A study on the policy of cryptographic module verification program," Korea Academy Industrial Cooperation Society, 12(1), pp. 255-262, Jan. 2011.   DOI
12 National Intelligence Service, "Security Conformance" https://www.nis.go.kr:4016/AF/1_7_2_1.do, Aug. 2019.
13 National Intelligence Service, "Security function test result" https://www.nis.go.kr:4016/AF/1_7_2_3/view.do?seq=66& currentPage=1, Aug. 2019.
14 National Information Assurance Partnership, "What is NIAP/CCEVS?" https://www.niap-ccevs.org/Ref/What_is_NIAP.CCEVS.cfm, Aug. 2019.
15 Information Technology Promotion Agency, "Japan Cryptographic Module Validation Program" https://www.ipa.go.jp/security/english/jcmvp.html, Aug. 2019.
16 Committee on National Security System, "CNSSP Policy No.11 - National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology Products", Jun. 2013.
17 Government Security Classifications, "Government Security Classifications" https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/715778/May-2018_Government-Security-Classifications-2.pdf, May. 2018.
18 Information Technology Promotion Agency, https://www.ipa.go.jp/indexe.html, Aug. 2019.
19 Information Technology Promotion Agency, "Japan Information Technology Security Evaluation and Certification Scheme" https://www.ipa.go.jp/security/jisec/jisec_e/index.html, Aug. 2019.
20 Canadian Centre for Cyber Security, "Cryptographic Module Validation Program" https://cyber.gc.ca/en/cryptographic-module-validation-program-cmvp, Aug. 2019.
21 EVALUATION OF CRYPTOGRAPHIC FUNCTIONALITY, https://cyber.gc.ca/sites/default/files/publications/instruction4-eng_0.pdf, Jul. 2016.
22 Canadian Centre for Cyber Security, "Canadian Common Criteria Program" https://cyber.gc.ca/en/common-criteria, Aug. 2019.
23 Canadian Centre for Cyber Security, "Protection Profiles" https://cyber.gc.ca/en/protection-profiles, Aug. 2019.
24 Canadian Centre for Cyber Security, "COMSEC" https://cyber.gc.ca/en/comsec, Aug. 2019.