• Journal of Industrial Technology
• /
• v.31 no.A
• /
• pp.113-118
• /
• 2011

Federal Information Security Management Act emphasizes the importance of information security to the economic and national security interests of the United States. This paper provides a brief review on FISMA which is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002, and predicts the possible problems which might be caused from domestic introduction of FISMA. The domestic introduction of FISMA could improve the average level of information security of government agencies. Whereas, the government agencies and the government officials might face with many problems such as the increased government budget, lack of social awareness and security professionals, and the effectiveness of penalty on non-compliance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.123-139
• /
• 2020

In 1987, Computer Security Act was enacted, requiring computer security awareness and practical training for federal workforce. This is the beginning of US development of federal cybersecurity workforce. It has been strengthening the development of federal cybersecurity workforce policy by establishing OPM regulations and OMB circulation in cases where it is difficult to define by law. Through GISRA 2000 and FISMA 2002, which has been improved, it played a central role for development of federal cybersecurity workforce for more than 10 years. Since then, FISMA 2014 has been enacted as a necessity for supplementing technology and policy. In 2014, the importance of cyber security personnel in US federal agencies has been increased even more, by enacting a single law on cybersecurity workforce twice. We will review the current state of Korea's development of cybersecurity workforce by reviewing and analyzing the development and federal cybersecurity workforce in the United States.

• Review of KIISC
• /
• v.29 no.3
• /
• pp.51-65
• /
• 2019

미국의 사이버보안 관련 법률은 1987년 컴퓨터보안법이 제정되는 시점이 본격적인 시작이라고 할 수 있다. 1990년대에는 컴퓨터 및 인터넷의 발전으로 정보보안의 중요성이 대두되었으며 법률은 데이터 보호 및 프라이버시 중심으로 제정되었다. 2002년 국토안보부 설립을 위한 국토안보법의 제정을 통해 본격적인 국가 사이버보안 정책을 시작할 수 있는 토대를 마련하였다. 전자정부법(2002) 부속법률인 연방정보보안관리법(FISMA 2002)은 연방기관들의 사이버보안 관련 임무를 구체화하여 국가차원의 사이버위협 대응을 체계적으로 할 수 있었다. 2014년 연방정보현대화법(FISMA 2014)으로 개정되어 지난 10여년간의 시행착오를 바로잡는 노력을 진행하고 있다. 2015년 사이버보안법(Cybersecurity Act 2015), 2018년 사이버보안 및 기반구조보안기관법(CISA 2018)을 제정하여 국가 사이버보안 체계를 획기적으로 발전한 미국의 사이버보안 법률의 추진 현황을 살펴봄으로써 우리나라의 법체계의 발전방향에 대해 고찰해 보도록 한다.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.107-113
• /
• 2019

Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

• The KIPS Transactions:PartC
• /
• v.13C no.1 s.104
• /
• pp.69-74
• /
• 2006

USA is strengthening the information sanity by managing federal agency's information and information system systematically. For this purpose, US government put the Federal Information Security Management Act into the E-Government Act of 2002. According to the FISMA, it is required to have information security management plan for ail federal agencies. In addition that, Inspector Generals of these agencies should assess the status of their agency and report the result to the office of Management and Budget. Collecting all the reports from each agency, OMB should report to GAO on general status of information security of federal agency. It is helpful to provoke the information security as a necessary activity to realize the E-government. Comparing these efforts with our system will give us good implications to get more idea to secure our information system.

• 한국IT서비스학회:학술대회논문집
• /
• 2003.11a
• /
• pp.550-557
• /
• 2003

최근 정보보호의 중요성에 대한 인식이 확산되고 있음에도 불구하고 정보보호에 관한 적절한 투자가 이루어지지 못하고 있다. 이는 전 세계적인 경제 불황이라는 원인도 있겠지만, 정보보호 예산 편성에 대찬 제도적 장치 및 절차가 미흡하여 정보보호에 대한 요구사항이 적절하게 반영되지 못하는 구조적인 문제를 가지고 있다. 미 정부에서는 정보보호 예산편성을 체계적으로 수립하도록 여러 법규와 지침이 작성되어 현재 수행 중에 있는 반면, 국내에서는 예산편성지침에 정보보호 관련 예산편성에 대한 지시는 있으나 구체적인 방법 제시나 지침이 존재하지 않고 있다. 본 연구에서는 미국의 전자정부의 출범에 따른 정보기술 예산 편성과 관련된 미 연방정부정보보호관리법(FISMA) 및 관련 법규를 검토하고 자본계획 및 투자통제프로세스를 통한 정보보호 예산 편성 과정을 분석하고자 한다. 또한 국내 정부의 예산편성 과정을 미국의 경우와 비교 분석함으로써 보다 효과적인 정보보호 예산 반영을 위한 제도적 방안 및 지침 수립을 위한 시사점을 제공하고자 한다.

• The KIPS Transactions:PartC
• /
• v.14C no.2
• /
• pp.115-122
• /
• 2007

US is strengthening the information security by managing federal agency's information and information system systematically. For this purpose. US government put the Federal Information Security Management Act into the E Government Act of 2002. According to the FISMA, it is required to have information securitv management plan for all federal agencies. In addition that, OMB Circular A II requires all federal agencies to identity the ratio of information security investment. That is the basis of strengthening the information security of federal agency, This paper will compare the budget status and information security mechanism of Korea and US.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.249-267
• /
• 2018

The US cybersecurity workforce policy is being pursued comprehensively and systematically, based on the NICE established initiated in 2010. Security Technologies, one of the eight areas of Advanced Technology Education(ATE) of the National Science Foundation(NSF) included in the STEM. This policy has been comprehensively promoted in conjunction with NICE, and this security technology field is operated with five detailed programs. In this paper, we examine in detail five cybersecurity workforce development programs supported by ATE, and compare them with the current status cultivation of cybersecurity workforce in Korea. After finding out the problems and improvements by comparison with the current situation of cybersecurity workforce development in Korea, we propose several implementations of nation-wide strategies for cultivating new cybersecurity workforce in Korea.