Evaluation Method for Information Security Levels of CIIP (Critical Information Infrastructure Protection)

As the information age matures, major social infrastructures such as communication, finance, military and energy, have become ever more dependent on information communication systems. And since these infrastructures are connected to the Internet, electronic intrusions such as hacking and viruses have become a new security threat. Especially, disturbance or neutralization of a major social infrastructure can result in extensive material damage and social disorder. To address this issue, many nations around the world are researching and developing various techniques and information security policies as a government-wide effort to protect their infrastructures from newly emerging threats. This paper proposes an evaluation method for information security levels of CIIP (Critical Information Infrastructure Protection), which can enhance the security level of critical information infrastructure by checking the current security status and establish security measures accordingly to protect infrastructures effectively.

Authors:

• Soon-Tai Park
• Jong-Whoi Shin
• Bog-Ki Min
• Ik-Sub Lee
• Gang-Shin Lee
• Jae-Il Lee

Keywords:

• Information Security Evaluation Methodology
• Critical Information Infrastructure Protection.

References:

[1] The White House (The Department of Homeland Security),
http://www.whitehouse.gov/deptofhomeland/
[2] NIST SP800-53(Recommended Security Controls for Federal Information
System) http://www.nist.gov/
[3] NIST SP800-26 (Security Self-Assessment Guide for Information
Technology System) http://www.nist.gov
[4] SSE-CMM
[5] http://www.kisa.or.kr/isms/
[6] http://www.iwar.org.uk/