Improve of Evaluation Method for Information Security Levels of CIIP (Critical Information Infrastructure Protection)
As the disfunctions of the information society and
social development progress, intrusion problems such as malicious
replies, spam mail, private information leakage, phishing, and
pharming, and side effects such as the spread of unwholesome
information and privacy invasion are becoming serious social
problems. Illegal access to information is also becoming a problem as
the exchange and sharing of information increases on the basis of the
extension of the communication network. On the other hand, as the
communication network has been constructed as an international,
global system, the legal response against invasion and cyber-attack
from abroad is facing its limit. In addition, in an environment where
the important infrastructures are managed and controlled on the basis
of the information communication network, such problems pose a
threat to national security. Countermeasures to such threats are
developed and implemented on a yearly basis to protect the major
infrastructures of information communication. As a part of such
measures, we have developed a methodology for assessing the
information protection level which can be used to establish the
quantitative object setting method required for the improvement of the
information protection level.
[1] FISMA FRAMEWORK, September 19. 2006.
[2] NIST SP800-53(Recommended Security Controls for Federal
Information System) http://www.nist.gov/
[3] NIST SP800-53A(Guide for Assessing the Security Controls in Federal
Information Systems)
[4] NIST SP800-80(Guide for Developing Performance Metrics for
Information Security) [1] The White House (The Department of
Homeland Security), http://www.whitehouse.gov/deptofhomeland/
[5] NIST SP800-26 (Security Self-Assessment Guide for Information
Technology System) http://www.nist.gov
[6] SSE-CMM
[7] http://www.kisa.or.kr/isms/
[8] http://www.iwar.org.uk/
[1] FISMA FRAMEWORK, September 19. 2006.
[2] NIST SP800-53(Recommended Security Controls for Federal
Information System) http://www.nist.gov/
[3] NIST SP800-53A(Guide for Assessing the Security Controls in Federal
Information Systems)
[4] NIST SP800-80(Guide for Developing Performance Metrics for
Information Security) [1] The White House (The Department of
Homeland Security), http://www.whitehouse.gov/deptofhomeland/
[5] NIST SP800-26 (Security Self-Assessment Guide for Information
Technology System) http://www.nist.gov
[6] SSE-CMM
[7] http://www.kisa.or.kr/isms/
[8] http://www.iwar.org.uk/
@article{"International Journal of Information, Control and Computer Sciences:53284", author = "Dong-Young Yoo and Jong-Whoi Shin and Gang Shin Lee and Jae-Il Lee", title = "Improve of Evaluation Method for Information Security Levels of CIIP (Critical Information Infrastructure Protection)", abstract = "As the disfunctions of the information society and
social development progress, intrusion problems such as malicious
replies, spam mail, private information leakage, phishing, and
pharming, and side effects such as the spread of unwholesome
information and privacy invasion are becoming serious social
problems. Illegal access to information is also becoming a problem as
the exchange and sharing of information increases on the basis of the
extension of the communication network. On the other hand, as the
communication network has been constructed as an international,
global system, the legal response against invasion and cyber-attack
from abroad is facing its limit. In addition, in an environment where
the important infrastructures are managed and controlled on the basis
of the information communication network, such problems pose a
threat to national security. Countermeasures to such threats are
developed and implemented on a yearly basis to protect the major
infrastructures of information communication. As a part of such
measures, we have developed a methodology for assessing the
information protection level which can be used to establish the
quantitative object setting method required for the improvement of the
information protection level.", keywords = "Information Security Evaluation Methodology,Critical Information Infrastructure Protection.", volume = "1", number = "12", pages = "3825-5", }