Improve of Evaluation Method for Information Security Levels of CIIP (Critical Information Infrastructure Protection)

Dong-Young Yoo; Jong-Whoi Shin; Gang Shin Lee; Jae-Il Lee

Commenced in January 2007

Frequency: Monthly

Edition: International

Paper Count: 32797

Improve of Evaluation Method for Information Security Levels of CIIP (Critical Information Infrastructure Protection)

Authors: Dong-Young Yoo, Jong-Whoi Shin, Gang Shin Lee, Jae-Il Lee

Abstract:

As the disfunctions of the information society and social development progress, intrusion problems such as malicious replies, spam mail, private information leakage, phishing, and pharming, and side effects such as the spread of unwholesome information and privacy invasion are becoming serious social problems. Illegal access to information is also becoming a problem as the exchange and sharing of information increases on the basis of the extension of the communication network. On the other hand, as the communication network has been constructed as an international, global system, the legal response against invasion and cyber-attack from abroad is facing its limit. In addition, in an environment where the important infrastructures are managed and controlled on the basis of the information communication network, such problems pose a threat to national security. Countermeasures to such threats are developed and implemented on a yearly basis to protect the major infrastructures of information communication. As a part of such measures, we have developed a methodology for assessing the information protection level which can be used to establish the quantitative object setting method required for the improvement of the information protection level.

Keywords: Information Security Evaluation Methodology, Critical Information Infrastructure Protection.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1082597

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1612

References:

[1] FISMA FRAMEWORK, September 19. 2006.
[2] NIST SP800-53(Recommended Security Controls for Federal Information System) http://www.nist.gov/
[3] NIST SP800-53A(Guide for Assessing the Security Controls in Federal Information Systems)
[4] NIST SP800-80(Guide for Developing Performance Metrics for Information Security)
[1] The White House (The Department of Homeland Security), http://www.whitehouse.gov/deptofhomeland/
[5] NIST SP800-26 (Security Self-Assessment Guide for Information Technology System) http://www.nist.gov
[6] SSE-CMM
[7] http://www.kisa.or.kr/isms/
[8] http://www.iwar.org.uk/