M-ISMS 모델 기반의 군(軍) 보안감사 설계에 관한 연구

Abstract

Abstract

In recent, the levels of military information protection has been currently remained through very powerful legal systems such as Military Secret Protection Act and Military security operational defense minister instructions and regular and non-scheduled security inspection by considering the specialization of military. However, the changes of information speed of military are required because of a relative lower level compared to the developing speed of the private_based ICT(Information Communication Technology). Therefore, the military also needs to adopt management systems of information security based on KISA ISMS(Korea Internet & Security Agency Information Security Management System) following Korean standards for Information Security. We propose an improved M-ISMS(Military-ISMS) model for the characteristics of the military and management systems of information security based on the existing ISMS model. Our improved model focuses on 'internal security audit' and 'management of external activity' by considering military characteristics that have not been conducted in ISMS. Therefore, we added the six control items regarding confidentiality to internal security audits because the confidentiality is more important in militaries than fusibility which is importantly handled in private sectors. We also recommend some control items regarding standards establishment and level maintain for security management in the external activity management parts because its value for secrecy is disappeared in case militaries reveal information or their external activities such as national defense white papers. The proposed M-ISMS model in this thesis has an effect on preventing a rapid and future-oriented security intrusion incident in advance by considering a variety of its advantages and case studies of private intrusion incident collected from existing ISMS. However, specific guidelines and technologies of multiple control items in our proposed model will be studied in detail.