원문정보
초록
영어
In these days, many organizations try to manage their information system in safe way(i.e., Evaluation, Assurance and Certification of Information Security) due to more rapidly change in information security system(i.e., Operational System). The CC (Common Criteria) is scheme to secure evaluation for information security solution. And the CC was approved by ISO/IEC 15408 in June, 1999 as international standard for information security system evaluation. The UK established C-TAS(CESG Tailored Assurance Service) that evaluate to IT product and software, and operational system. The Japan developed ISO/IEC19791 for information security operating system security evaluation. Thus, we are preparing operating system evaluation. This paper is to propose evaluation model related with operating system evaluation to be enforced in the future.
목차
1. Introduction
2. Evaluation Scope Model for Security Schemes
2.1 Security Evaluation Scheme for Operational System(ISO/IEC TR 19791)
2.2 Security Evaluation Scheme for Information Security Solution(ISO/IEC 15408)
2.3 Security Evaluation Scheme for Information Security Product and System(C-TAS)
3. Definition of evaluation scope
3.1 Temporal scope
3.2 Spatial scope
3.3 Functional scope
4. Conclusion
References
저자정보
참고문헌
- 1ISO/IEC TR 19791, Information technology–Security techniques–Security assessment of operational systems, ISO/IEC, April(2010).
- 2ISO/IEC 15408, Common Criteria for Information Technology Security Evaluation Part 1, 2, 3, Version 3.1 R4, Common Criteria, September(2012).
- 3ISO/IEC 18045, Common Methodology for Information Technology Security Evaluation, Version 3.1 R4, Common Criteria, September(2012).
- 4CESG, http://www.cesg.gov.uk, February 10(2013).
- 5The Common Criteria, http://www.commoncriteriaportal.org, February 10(2013).
- 6KISA(Korean Internet Security Agency), http://kisec.kisa.or.kr/kor/main.jsp, February 10(2013).
- 7ISO/IEC 21827, Information technology-Security Engineering-Capability Maturity Model(SSE-CMM), ISO/IEC, October 16(2002).
- 8Hirohisa Nakamura, Evaluation of application systems by ISO/IEC TR 19791, 6'th ICCC, September 28(2005).
- 9Information Security System Evaluation & Certification Guide, KISA, December(2006).
- 10Definition of Evaluation Assurance Level for ISO/IEC 19791(Security Assessment of Operational Systems)earticle 원문 이동
- 11Analysis of Information Protection Scheme on Information Security Operation System of UKearticle 원문 이동
- 12Development of Maturity Model Evaluation Support Tool for EA(Enterprise Architecture) Systemearticle 원문 이동
- 13Development of Security Functional Requirement Specification Tool of Information Security Operational System Levelearticle 원문 이동
- 14A study on information security management system evaluation—assets, threat and vulnerability네이버 원문 이동