KR101674198B1 - Cyber security device and method based on cyber security life-cycle, computer readable medium for storing a program for executing the method - Google Patents
Cyber security device and method based on cyber security life-cycle, computer readable medium for storing a program for executing the method Download PDFInfo
- Publication number
- KR101674198B1 KR101674198B1 KR1020150057842A KR20150057842A KR101674198B1 KR 101674198 B1 KR101674198 B1 KR 101674198B1 KR 1020150057842 A KR1020150057842 A KR 1020150057842A KR 20150057842 A KR20150057842 A KR 20150057842A KR 101674198 B1 KR101674198 B1 KR 101674198B1
- Authority
- KR
- South Korea
- Prior art keywords
- security
- information
- server
- evaluation items
- knowledge
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cyber security device and method based on the cyber security life cycle and a computer readable recording medium on which a program for performing the method is recorded. To provide information on security evaluation criteria determined from the cyber security lifecycle ranging from security practices to security practices, to calculate the cyber security ethics index according to the results of evaluations, to provide security reports on security improvements, and to generate security warnings , Which can prevent information security accidents that may arise from insider companies or organizations.
Description
The present invention relates to an information security technology, and more particularly, to a cyber security ethics index that calculates a cyber security ethics index for a person in charge of information to prevent cyber security related accidents in advance, A security apparatus and method, and a computer-readable recording medium recording a program for performing the method.
Recently, a large number of information security accidents such as an information leakage case of a card company or a bank, and a leakage of a core technology of an electronic device maker have occurred. Such information security incidents are more fatal than those caused by insiders, which are relatively easier to access information than accidents caused by outsiders. In fact, information security accidents by insiders are increasing. The causes of information security incidents by insiders include dissatisfaction due to improper treatment by corporations and organizations, pursuit of monetary gain, and information security accidents are attributable to lack of ethics awareness of insiders.
In order to prevent accidents related to information security, it is necessary to prevent people from carrying out their duties. Especially, the cyber security ethics information is evaluated for the persons who deal with important information of companies. A solution to prevent such problems is required.
An object of the present invention to solve the above problems is to calculate a cyber security ethics index of a person in charge of information according to a security life cycle from knowledge acquisition required for information security to security practice, A cyber security device and method based on the cyber security life cycle in which a security warning can be generated or prevented, and a computer readable recording medium recording a program for performing the method.
According to an aspect of the present invention, there is provided a cyber security device based on a cyber security lifecycle. The cyber security device includes a security evaluation criterion determined according to a cyber security lifecycle from information acquisition, A security index calculation unit for calculating a cyber security ethics index according to an evaluation result based on the security evaluation standard information, and a security report for security improvement items according to the cyber security ethics index And a security state management unit for generating a security warning.
In the cyber security lifecycle based on the cyber security lifecycle according to the present invention, the type of the information is classified into general information and server information, and the information manager is responsible for general information manager, general information and server information A server information manager who manages the general information manager, and a manager who manages general information and manages the server information manager, wherein the cyber security life cycle corresponds to a type of the information and a classification of the information manager Wherein the security evaluation criteria information includes at least one information security knowledge evaluation item corresponding to the information security knowledge evaluation process and at least one information security assessment item corresponding to the information security practice evaluation process, Including practice evaluation items It is gong.
In the cyber security device based on the cyber security lifecycle according to the present invention, the information security knowledge evaluation item may include evaluation items on physical security knowledge of the personal computer including management tips of the information storage medium, An evaluation item about the software security knowledge of the personal computer including the update of the operating system and the vaccine, and the server information person in charge includes the evaluation items, the operating system, and the evaluation items of the physical security knowledge of the personal computer including the management tips of the information storage medium Evaluation items of software security knowledge of personal computers including update of vaccine, evaluation items of management and supervision knowledge of general information personnel including establishment and implementation of inspection plan of each personal computer, access control procedure of server room Physical security in the server room Evaluation items for evaluation of the server's physical security knowledge including verification of connection contents of the server, evaluation items for the software security knowledge of the server including installation and operation of the security program, and the manager , Evaluation items on physical security knowledge of personal computers including management of information storage media, evaluation items on software security knowledge of personal computers including updating of operating system and vaccine, and server room access control procedures including server room access control procedures Evaluation items of physical security knowledge, evaluation items of physical security knowledge of the server including confirmation of connection contents of server, evaluation items of software security knowledge of server including installation and operation of security program, And management and management of the server information person including the transition And an evaluation item for poison knowledge.
In the cyber security lifecycle based on the cyber security lifecycle of the present invention, the information security practice evaluation item includes, in the case of the general information manager, evaluation items on physical security practice of the personal computer including management tips of the information storage medium, The evaluation items for the software security practice of the personal computer including the update of the operating system and the vaccine. In the case of the server information person, the evaluation items, the operating system, and the evaluation items for the physical security practice of the personal computer, Evaluation items on software security practices of personal computers, including updates to vaccines, evaluation items for management and supervision of the above general information personnel, including establishment and implementation of inspection plans for individual personal computers, and access control procedures for server rooms Physical security in the server room Evaluation items of the server, evaluation items of physical security practices of the server including confirmation of connection contents of the server, evaluation items of the software security practice of the server including installation and operation of the security program, , Evaluation items on physical security practices of personal computers including management of information storage media, evaluation items on software security practices of personal computers including updating of operating systems and vaccines, And an evaluation item for the management and supervision practice of the server information person in charge.
In the cyber security lifecycle based on the cyber security lifecycle according to the present invention, the security index calculator may set a weight differently according to the type of the information, set different weights according to the information officer, And the cyber security ethics index is calculated by setting different weights according to the respective processes.
In the cyber security device based on the cyber security lifecycle of the present invention, the security status management unit may be configured to, when the cyber security ethics index is less than or equal to a predetermined value, or when the index of a specific item included in the cyber security ethics index is less than a predetermined value, And provides a security report or generates a security warning.
According to an aspect of the present invention, there is provided a cyber security system based on a cyber security lifecycle. The cyber security system includes a cyber security lifecycle ranging from acquiring knowledge required for information type, information officer and information security to security practice Providing the cyber security ethics index according to an evaluation result based on the security evaluation criteria information, and calculating the cyber security ethics index according to the cyber security ethics index Providing security reports for security enhancements or generating security warnings.
In the cyber security lifecycle based on the cyber security lifecycle according to the present invention, the type of the information is classified into general information and server information, and the information manager is responsible for a general information manager, general information, and server information A server information manager who manages the general information manager, and a manager who manages general information and manages the server information manager, wherein the cyber security life cycle corresponds to a type of the information and a classification of the information manager Wherein the security evaluation criteria information includes at least one information security knowledge evaluation item corresponding to the information security knowledge evaluation process and at least one information security assessment item corresponding to the information security practice evaluation process, Including practice evaluation items It is gong.
In the cyber security lifecycle based on the cyber security lifecycle according to the present invention, the information security knowledge evaluation item may include evaluation items on the physical security knowledge of the personal computer including the management tips of the information storage medium, An evaluation item about the software security knowledge of the personal computer including the update of the operating system and the vaccine, and the server information person in charge includes the evaluation items, the operating system, and the evaluation items of the physical security knowledge of the personal computer including the management tips of the information storage medium Evaluation items of software security knowledge of personal computers including update of vaccine, evaluation items of management and supervision knowledge of general information personnel including establishment and implementation of inspection plan of each personal computer, access control procedure of server room Physical security in the server room Evaluation items for evaluation of the server's physical security knowledge including verification of connection contents of the server, evaluation items for the software security knowledge of the server including installation and operation of the security program, and the manager , Evaluation items on physical security knowledge of personal computers including management of information storage media, evaluation items on software security knowledge of personal computers including updating of operating system and vaccine, and server room access control procedures including server room access control procedures Evaluation items of physical security knowledge, evaluation items of physical security knowledge of the server including confirmation of connection contents of server, evaluation items of software security knowledge of server including installation and operation of security program, And management and management of the server information person including the transition And an evaluation item for the poison.
In the cyber security method based on the cyber security lifecycle according to the present invention, the information security practice evaluation item includes, in the case of the general information manager, evaluation items on the physical security practice of the personal computer including management tips of the information storage medium, The evaluation items for the software security practice of the personal computer including the update of the operating system and the vaccine. In the case of the server information person, the evaluation items, the operating system, and the evaluation items for the physical security practice of the personal computer, Evaluation items on software security practices of personal computers, including updates to vaccines, evaluation items for management and supervision of the above general information personnel, including establishment and implementation of inspection plans for individual personal computers, and access control procedures for server rooms Physical security in the server room Evaluation items of the server, evaluation items of physical security practices of the server including confirmation of connection contents of the server, evaluation items of the software security practice of the server including installation and operation of the security program, , Evaluation items on physical security practices of personal computers including management of information storage media, evaluation items on software security practices of personal computers including updating of operating systems and vaccines, And an evaluation item for the management and supervision practice of the server information person in charge.
In the cyber security lifecycle based on the cyber security lifecycle according to the present invention, the step of calculating the cyber security ethic index may include the steps of: setting the weight according to the type of the information; Or the cyber security ethics index is calculated by setting different weights according to each process of the cyber security life cycle.
In a cyber security method based on the cyber security lifecycle of the present invention, the step of providing the security report or generating a security warning may include: determining whether the cyber security ethics index is less than or equal to a predetermined value, The security report is provided or a security warning is generated.
According to an aspect of the present invention, there is provided a computer readable recording medium storing a program for performing a cyber security method based on a cyber security life cycle.
According to the cyber security device and method based on the cyber security life cycle of the present invention and the computer readable recording medium recording the program for performing the method, The Cyber Security Ethics Index can be calculated according to the cyber security lifecycle leading up to the security practice, and the cyber security ethics index calculated can be used to inform security improvements or to raise security warnings. Information security incidents can be prevented in advance.
1 is a block diagram of a cyber security system according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating a configuration of a cyber security apparatus according to an embodiment of the present invention.
3 is a flowchart illustrating a cyber security method according to an exemplary embodiment of the present invention.
In the following description, only parts necessary for understanding the embodiments of the present invention will be described, and the description of other parts will be omitted so as not to obscure the gist of the present invention.
The terms and words used in the present specification and claims should not be construed as limited to ordinary or dictionary meanings and the inventor is not limited to the meaning of the terms in order to describe his invention in the best way. It should be interpreted as meaning and concept consistent with the technical idea of the present invention. Therefore, the embodiments described in the present specification and the configurations shown in the drawings are merely preferred embodiments of the present invention, and are not intended to represent all of the technical ideas of the present invention, so that various equivalents And variations are possible.
The present invention relates to a technology capable of preventing an information security accident in advance. Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a diagram illustrating a configuration of a
1 and 2, the
The
The
On the other hand, the server information person in charge of the information of the
The
The
The evaluation
The table below summarizes these security evaluation criteria information.
manager
Kinds
Life cycle
Table 1 shows the security evaluation criteria information and details of security evaluation criteria items for performing security evaluation for each information officer.
In Table 1, the types of information are classified into general information and server information.
The information manager is classified as a general information manager in charge of general information, a server information manager in charge of general information and server information, a general information manager, and a manager in charge of general information and a server information manager. That is, the general information is managed by the general information manager, the server information manager, and the manager, the server information is managed by the server information manager, the general information manager is supervised and managed by the server information manager, Supervision and management is the responsibility of the manager.
The cyber security lifecycle is classified into the process of securing information security knowledge and the information security practice process corresponding to the type of information and the classification of information personnel. At this time, the security evaluation standard information includes one or more information security knowledge evaluation items corresponding to the information security knowledge evaluation process and one or more information security practice evaluation items corresponding to the information security practice evaluation process.
At this time, the general information manager takes charge of the general information, and the corresponding information security knowledge evaluation items include evaluation items on the physical security knowledge of the personal computer including the management information of the information storage medium, It includes evaluation items on software security knowledge. This is to evaluate whether a general information officer handling general information using a personal computer for business purposes has acquired appropriate security knowledge to maintain information security. The corresponding information security practice evaluation items include evaluation items on physical security practices of personal computers, including management of information storage media, and evaluation items on software security practices of personal computers, including updates of operating systems and vaccines. do. This is to evaluate whether a general information officer handling general information using a personal computer for business is practicing security of general information according to the learned security knowledge.
The server information person in charge is responsible for general information and server information, and is responsible for general information manager in relation to general information. At this time, the information security knowledge evaluation items corresponding to the general information include evaluation items on the physical security knowledge of the personal computer including management information of the information storage medium, evaluation items on the software security knowledge of the personal computer including the update of the operating system and the vaccine It also includes evaluation items on management and supervisory knowledge of the general information officer, including establishment and implementation of the inspection plan of each personal computer. This is because the server information officer also handles general information on the job, so it evaluates whether it has acquired appropriate security knowledge to maintain general information security, and the server information officer also performs the role of checking and managing the security status of the general information officer This is to evaluate whether you have acquired management knowledge for this. In addition, the information security practice evaluation items corresponding to the general information include evaluation items on the physical security practice of the personal computer including the management information storage medium, evaluation items on the software security practice of the personal computer including the update of the operating system and the vaccine It also includes evaluation items for management and supervision of the above general information personnel including establishment and implementation of inspection plans for each personal computer. This means that the server information officer assesses whether the general information security is practiced according to the learned security knowledge, and checks and manages the security status of the general information person in accordance with the security management knowledge of the general information person in charge This is to assess whether the role is actually being practiced.
In addition, the information security knowledge evaluation item corresponding to the server information person in charge of the server information person includes evaluation items of the physical security knowledge of the server room including the access control procedure of the server room, the physical security knowledge of the server , Evaluation items for the software security knowledge of the server, including the installation and operation of the security program. This is to evaluate whether the person in charge of the server information handling the server information acquires proper security knowledge to maintain information security of the server information. In addition, the information security action evaluation items corresponding to the server information include evaluation items on the physical security practice of the server room including access control procedures of the server room, evaluation items on the physical security practices of the server including confirmation of the server connection contents, Includes evaluation items for the software security practices of the server, including the installation and operation of security programs. This is to evaluate whether the general information officer handling the server information is practicing the security of the server information according to the learned security knowledge.
The administrator takes charge of general information and manages the server information manager in relation to the server information. At this time, the information security knowledge evaluation item corresponding to the general information includes evaluation items on the physical security knowledge of the personal computer including the management information storage medium, evaluation of the software security knowledge of the personal computer including the update of the operating system and the vaccine ≪ / RTI > This is to assess whether the administrator is acquiring appropriate security knowledge to maintain general information security, since it also handles general information in business. In addition, the information security practice evaluation items corresponding to the general information are evaluation items of the physical security practice of the personal computer including the management information storage medium, evaluation of the software security practice of the personal computer including the updating of the operating system and the vaccine ≪ / RTI > This is to evaluate whether the administrator is practicing the security of the general information according to the learned security knowledge.
In addition, the information security knowledge evaluation items corresponding to the manager information related to the manager include evaluation items on the physical security knowledge of the server room including the access control procedure of the server room, Evaluation items, evaluation items of the software security knowledge of the server including the installation and operation of the security program, and evaluation items on the management and supervision knowledge of the server information manager, including establishment and implementation of the inspection plan of the server. This is to evaluate whether the administrator who supervises and supervises the server information person is acquiring knowledge for maintaining the security of the server information and checking and managing the security information of the server information person on the basis thereof. The information security practice evaluation items corresponding to the server information include evaluation items for the management and supervision practice of the server information person including the establishment and implementation of the inspection plan of the server. This is to evaluate whether the manager who manages and supervises the server information manager is practicing the management information of the server information manager according to the precautionary management knowledge.
The security
The security
The cyber security method according to the present invention will be described in detail with reference to FIG.
3 is a flowchart illustrating a cyber security method according to an exemplary embodiment of the present invention.
Referring to FIG. 3, the cyber security apparatus provides security evaluation criteria information determined in accordance with a cyber security lifecycle ranging from the type of information, the information manager, and knowledge acquisition required for information security to security practice (S1).
In step S1, the security evaluation criteria information may be provided to the evaluator performing the security evaluation, and may be provided to each information representative subject to security evaluation.
At this time, the type of information is classified into general information that each information person can create, edit, or confirm using a personal computer while processing information, and server information stored in the server. The information manager is classified as a general information manager in charge of general information, a server information manager in charge of general information and server information, a general information manager, and a manager in charge of general information and a server information manager.
In addition, the cyber security life cycle is classified into information security process and information security practice process corresponding to the type of information and the information representative, and the security evaluation standard information is classified into one or more information security Knowledge evaluation items, and one or more information security practice evaluation items corresponding to the information security evaluation process.
In this case, since the general information manager is responsible for general information, the information security knowledge evaluation item for the general information manager includes evaluation items on the physical security knowledge of the personal computer including the management information storage medium, and updates of the operating system and vaccine And includes evaluation items on the software security knowledge of personal computers. In addition, since the server information person in charge is responsible for general information and server information and manages and supervises the general information person in charge, the information security knowledge item for the server information person includes physical information Evaluation items on security knowledge, evaluation items on software security knowledge of personal computers including update of operating system and vaccine, evaluation items on management and supervision knowledge of general information personnel including establishment and implementation of inspection plan of each personal computer, Evaluation items on the physical security knowledge of the server room including access control procedures of the server room, evaluation items on the physical security knowledge of the server including checking the server connection contents, and software security of the server including installation and operation of the security program It includes evaluation items for knowledge. In addition, since the manager plays the role of general information and manages and supervises the server information officer, the information security knowledge evaluation items for the manager include evaluation items on the physical security knowledge of the personal computer including the management information storage medium, Evaluation items of software security knowledge of personal computers including update of operating system and vaccine, evaluation items of physical security knowledge of server room including access control procedure of server room, physical security knowledge of server Evaluation items for the software security knowledge of the server including the installation and operation of the security program, evaluation items for the management and supervision knowledge of the server information person including the establishment and implementation of the inspection plan of the server.
In response, the information security practice evaluation items for the general information manager include evaluation items on the physical security practice of the personal computer including the management information storage medium, software security of the personal computer including the update of the operating system and the vaccine It includes evaluation items for practice. In addition, the information security practice evaluation items for the server information manager include evaluation items on the physical security practice of the personal computer including the management information storage medium, evaluation items on the software security practice of the personal computer including the update of the operating system and the vaccine Evaluation items for management and supervision of the above general information personnel including establishment and implementation of inspection plan of each personal computer, evaluation items for physical security practice of the server room including access control procedures of the server room, confirmation of server connection contents , Evaluation items on the physical security practices of the server, and evaluation items on the software security practices of the server including the installation and operation of the security program. In addition, the information security practice evaluation items for administrators include evaluation items on the physical security practices of the personal computer including management of information storage media, evaluation items on the software security practice of the personal computer including the updating of the operating system and the vaccine, And evaluation items for management and supervision of the server information manager including establishment and implementation of the inspection plan of the server.
Administrators evaluate whether the server room or server has acquired physical or software security knowledge, but this knowledge does not evaluate security practices for server rooms or servers. This is because the administrator is not directly responsible for the security of the server information, but the security information is required to maintain the security of the server information in order to manage and supervise the server information person.
Then, the cyber security apparatus proceeds the security related evaluation based on the security evaluation standard information provided in step S1 (S2), and calculates the cyber security ethics index according to the evaluation result (S3).
In step S3, the cyber security apparatus sets a weight according to the kind of information, sets different weights according to the person in charge of the information, or sets a weight according to each process of the cyber security life cycle, Can be calculated. Thus, it is possible to calculate the cyber security ethics index according to the situation of a company or an organization to which the present invention is applied.
Thereafter, the cyber security device provides a security report on the security enhancement according to the cyber security ethic index calculated in step S3 or generates a security warning (S4).
In step S4, the cyber security apparatus provides a security report or generates a security warning if, for example, the cyber security ethics index is less than or equal to a predetermined value, or the index of a specific item included in the cyber security ethics index is less than or equal to a predetermined value So that the user can recognize this.
The cyber security method based on the security lifecycle according to the embodiment of the present invention can be implemented in a form of a program readable by various computer means and recorded in a computer-readable recording medium.
It should be noted that the embodiments disclosed in the present specification and drawings are only illustrative of specific examples for the purpose of understanding, and are not intended to limit the scope of the present invention. It will be apparent to those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein. Furthermore, although specific terms are used in this specification and the drawings, they are used in a generic sense only to facilitate the description of the invention and to facilitate understanding of the invention, and are not intended to limit the scope of the invention.
10: personal computer 20: server
30: cyber security device 31: evaluation reference storage unit
32: security index calculation unit 33: security status management unit
100: Cyber Security System
Claims (13)
A security index calculation unit for calculating a cyber security ethics index according to an evaluation result based on the security evaluation standard information; And
A security state management unit for providing a security report on security improvement matters or generating a security warning according to the cyber security ethics index;
Lt; / RTI >
The type of the information is classified into general information and server information,
The information manager is classified into a general information manager in charge of general information, a server information manager in charge of general information and server information and managing the general information manager, and a manager in charge of general information and managing the server information manager,
The cyber security lifecycle is classified into an information security knowledge acquisition process and an information security practice process corresponding to the type of the information and the classification of the information officer,
Wherein the security evaluation reference information includes at least one information security knowledge evaluation item corresponding to the information security knowledge evaluation process and at least one information security practice evaluation item corresponding to the information security practice evaluation process,
The information security knowledge evaluation item includes:
In the case of the general information manager, evaluation items on the physical security knowledge of the personal computer including management tips of the information storage medium and evaluation items on the software security knowledge of the personal computer including the update of the operating system and the vaccine,
In the case of the person in charge of the server information, evaluation items on the physical security knowledge of the personal computer including management tips of the information storage medium, evaluation items on the software security knowledge of the personal computer including the update of the operating system and the vaccine, Evaluation items on the management and supervision knowledge of the above general information personnel including planning and implementation, evaluation items on the physical security knowledge of the server room including access control procedures of the server room, physical security of the server Evaluation items for the knowledge, evaluation items about the software security knowledge of the server including the installation and operation of the security program,
In the case of the manager, evaluation items of the physical security knowledge of the personal computer including the management information of the information storage medium, evaluation items of the software security knowledge of the personal computer including the update of the operating system and the vaccine, Evaluation items of the physical security knowledge of the server room including the evaluation items of the physical security knowledge of the server including checking of the connection contents of the server, evaluation items of the software security knowledge of the server including the installation and operation of the security program, Including the evaluation items on the management and supervisory knowledge of the server information manager including the establishment and implementation of the inspection plan of the server information,
The information security practice evaluation item includes:
In the case of the above-mentioned general information manager, evaluation items on the physical security practice of the personal computer including management tips of the information storage medium, and evaluation items on the software security practice of the personal computer including the update of the operating system and the vaccine,
In the case of the person in charge of the server information, evaluation items about the security security practice of the personal computer including the evaluation item about the physical security practice of the personal computer including the management information of the information storage medium, the operating system and the update of the vaccine, Evaluation items for management and supervision of the above general information personnel including planning and implementation, evaluation items for the physical security practice of the server room including access control procedures of the server room, physical security of the server Evaluation items for practical use, and evaluations of software security practices of servers including installation and operation of security programs,
In the case of the manager, evaluation items for the physical security practice of the personal computer including the management information storage medium, evaluation items for the software security practice of the personal computer including the update of the operating system and the vaccine, Wherein the evaluation information includes an evaluation item for management and supervision of the server information manager including the execution of the cyber security lifecycle.
The security index calculator may calculate the cyber security ethics index by setting different weights according to the type of the information or setting different weights according to the information officer or setting different weights according to each process of the cyber security life cycle, Based on the cyber security lifecycle.
Wherein the security state management unit provides a security report or generates a security warning when the cyber security ethics index is less than or equal to a predetermined value or the index of a specific item included in the cyber security ethics index is less than or equal to a predetermined value, Cyber security device based on security life cycle.
Calculating the cyber security ethics index according to an evaluation result based on the security evaluation standard information; And
The cyber security device providing a security report or generating a security warning on security improvement items according to the cyber security ethics index;
Lt; / RTI >
The type of the information is classified into general information and server information,
The information manager is classified into a general information manager in charge of general information, a server information manager in charge of general information and server information and managing the general information manager, and a manager in charge of general information and managing the server information manager,
The cyber security lifecycle is classified into an information security knowledge acquisition process and an information security practice process corresponding to the type of the information and the classification of the information officer,
Wherein the security evaluation reference information includes at least one information security knowledge evaluation item corresponding to the information security knowledge evaluation process and at least one information security practice evaluation item corresponding to the information security practice evaluation process,
The information security knowledge evaluation item includes:
In the case of the general information manager, evaluation items on the physical security knowledge of the personal computer including management tips of the information storage medium and evaluation items on the software security knowledge of the personal computer including the update of the operating system and the vaccine,
In the case of the person in charge of the server information, evaluation items on the physical security knowledge of the personal computer including management tips of the information storage medium, evaluation items on the software security knowledge of the personal computer including the update of the operating system and the vaccine, Evaluation items on the management and supervision knowledge of the above general information personnel including planning and implementation, evaluation items on the physical security knowledge of the server room including access control procedures of the server room, physical security of the server Evaluation items for the knowledge, evaluation items about the software security knowledge of the server including the installation and operation of the security program,
In the case of the manager, evaluation items of the physical security knowledge of the personal computer including the management information of the information storage medium, evaluation items of the software security knowledge of the personal computer including the update of the operating system and the vaccine, Evaluation items of the physical security knowledge of the server room including the evaluation items of the physical security knowledge of the server including checking of the connection contents of the server, evaluation items of the software security knowledge of the server including the installation and operation of the security program, Including the evaluation items for the management and supervision of the server information person including the establishment and execution of the inspection plan of the server information,
The information security practice evaluation item includes:
In the case of the above-mentioned general information manager, evaluation items on the physical security practice of the personal computer including management tips of the information storage medium, and evaluation items on the software security practice of the personal computer including the update of the operating system and the vaccine,
In the case of the person in charge of the server information, evaluation items about the security security practice of the personal computer including the evaluation item about the physical security practice of the personal computer including the management information of the information storage medium, the operating system and the update of the vaccine, Evaluation items for management and supervision of the above general information personnel including planning and implementation, evaluation items for the physical security practice of the server room including access control procedures of the server room, physical security of the server Evaluation items for practical use, and evaluations of software security practices of servers including installation and operation of security programs,
In the case of the manager, evaluation items for the physical security practice of the personal computer including the management information storage medium, evaluation items for the software security practice of the personal computer including the update of the operating system and the vaccine, And the evaluation items for the management and supervision practice of the person in charge of the server information including the implementation of the cyber security lifecycle.
Wherein the step of calculating the cyber security ethics index comprises:
Wherein the cyber security apparatus sets a weight according to the type of the information or sets a weight differently according to the information manager or sets the cyber security ethics index according to each process of the cyber security life cycle, Based on the cyber security lifecycle.
The step of providing the security report or generating a security alert may include:
Wherein the security report is provided or a security warning is generated when the cyber security ethics index is less than or equal to a predetermined value or the index of a specific item included in the cyber security ethics index is less than or equal to a predetermined value, Security method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150057842A KR101674198B1 (en) | 2015-04-24 | 2015-04-24 | Cyber security device and method based on cyber security life-cycle, computer readable medium for storing a program for executing the method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150057842A KR101674198B1 (en) | 2015-04-24 | 2015-04-24 | Cyber security device and method based on cyber security life-cycle, computer readable medium for storing a program for executing the method |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20160126589A KR20160126589A (en) | 2016-11-02 |
KR101674198B1 true KR101674198B1 (en) | 2016-11-08 |
Family
ID=57518409
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150057842A KR101674198B1 (en) | 2015-04-24 | 2015-04-24 | Cyber security device and method based on cyber security life-cycle, computer readable medium for storing a program for executing the method |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101674198B1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115208638B (en) * | 2022-06-24 | 2024-04-16 | 深圳零时科技有限公司 | Network security consciousness assessment method and device |
KR102665351B1 (en) * | 2023-12-11 | 2024-05-10 | 주식회사 이노크루 | Method of operating server calculating cbti type based on user's diagnosis of integrity competency and comparing calcuated cbti type for each user |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101008148B1 (en) * | 2008-02-15 | 2011-01-13 | 주식회사 포스코 | Method for operating information security accomplishment indexes dependent on the introduction of information security management system |
KR101478233B1 (en) | 2014-08-01 | 2015-01-06 | (주)세이퍼존 | System for evaluating worker based on adaptive bigdata process |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20040011863A (en) | 2002-07-31 | 2004-02-11 | 컨설팅하우스 주식회사 | Real Time Information Security Risk Management System and Method |
KR101011456B1 (en) | 2008-06-30 | 2011-02-01 | 주식회사 이너버스 | Method for accounting information leakage, computer-readable medium for storing a program for executing the method, and system for preforming the same |
-
2015
- 2015-04-24 KR KR1020150057842A patent/KR101674198B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101008148B1 (en) * | 2008-02-15 | 2011-01-13 | 주식회사 포스코 | Method for operating information security accomplishment indexes dependent on the introduction of information security management system |
KR101478233B1 (en) | 2014-08-01 | 2015-01-06 | (주)세이퍼존 | System for evaluating worker based on adaptive bigdata process |
Also Published As
Publication number | Publication date |
---|---|
KR20160126589A (en) | 2016-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210312059A1 (en) | Evaluation of policies of a system or portion thereof | |
US10664771B2 (en) | Product development management system and method | |
Aleksandrova et al. | Business continuity management system | |
US10496815B1 (en) | System, method, and computer program for classifying monitored assets based on user labels and for detecting potential misuse of monitored assets based on the classifications | |
US20150356477A1 (en) | Method and system for technology risk and control | |
US20160210631A1 (en) | Systems and methods for flagging potential fraudulent activities in an organization | |
US20140278664A1 (en) | Real-time Deployment of Incident Response Roadmap | |
CN106548436A (en) | Dangerous matter sources risk management and control method and control device | |
US20110231221A1 (en) | Automated risk assessment and management | |
US20150242625A1 (en) | Pre-Delegation of Defined User Roles for Guiding User in Incident Response | |
CN112598249A (en) | Object evaluation method, device and equipment | |
KR101674198B1 (en) | Cyber security device and method based on cyber security life-cycle, computer readable medium for storing a program for executing the method | |
US20140278647A1 (en) | Entity monitoring | |
US20130041796A1 (en) | Application governance process and tool | |
US10706026B1 (en) | Selective purging of data attributes | |
CN115374099A (en) | Data management method and system based on block chain | |
CN111222162A (en) | Industry cloud resource access control method and device | |
Ifijeh et al. | Disaster management in digital libraries: Issues and strategies in developing countries | |
US20150317567A1 (en) | Business Change Management System | |
Vinnakota | Systems approach to Information Security Governance: An imperative need for sustainability of enterprises | |
Kim et al. | Assessment of Risks in Management Factors | |
Dinu | Tools and techniques for risk identification and assessment | |
KR102266103B1 (en) | System for checking performance of risk management plan | |
Mancuso | NoNprofit risk maNagemeNt | |
US12117823B1 (en) | Monitoring systems and methods for assessing risk |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20191001 Year of fee payment: 4 |