slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
정보보호 관련 표준 PowerPoint Presentation
Download Presentation
정보보호 관련 표준

Loading in 2 Seconds...

play fullscreen
1 / 43

정보보호 관련 표준 - PowerPoint PPT Presentation


  • 165 Views
  • Uploaded on

양 수 미. 정보보호 관련 표준. 차례. IETF 표준 ISO/IEC JTC1 표준 SC27 SC27 이외 ITU-T 표준. IETF 표준. IETF (Internet Engineering Task Force) 의 IESG (Internet Engineering Steering Group) 내의 Security Area 에서 제정한 표준들로 여러 Working Group 에서 연구 / 제정된다 .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '정보보호 관련 표준' - gad


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2
차례
  • IETF 표준
  • ISO/IEC JTC1 표준
    • SC27
    • SC27 이외
  • ITU-T 표준
slide3
IETF 표준
  • IETF (Internet Engineering Task Force)의 IESG (Internet Engineering Steering Group) 내의 Security Area에서 제정한 표준들로 여러 Working Group에서 연구/제정된다.
  • It is established to support internet protocol engineering and development tool at 1986 under the ISOC( internet society).
slide4

IETF (Internet Engineering Task Force) 의 주요한 목표는 인터넷의 운영상, 기술상의 문제점을 해결하기 위하여 프로토콜 및 구조에 대한 표준을 제안하고 개발 하는 것

internet standards and rfcs
Internet standards and RFCs
  • The Internet society
    • IAB (Internet Architecture Board) : responsible for defining the overall architecture of the Internet, providing guidance and broad direction to the IETF
    • IETF (Internet Engineering Task Force) : The protocol engineering and development arm of the Internet ,비영리 단체인 IAB(Internet Archetecture Board)의 하위 조직. TCP/IP와 인터넷에 관한 정책과 표준안 작성을 담당
    • IESG (Internet Engineering Steering Group) : responsible for technical management of IETF activities and the Internet standards process

Henric Johnson

slide6
IETF 표준화 과정
  • Standard development stages
  • Internet drafts : they are on working documents for RFC(request for comments), register on directory during 6M.
  • Proposed standard : implement and test protocol( 6M-2Y)
  • Draft standard : at least 2 independent and interoperated products, need more field test on different wide environments( 4M-2Y)
  • Internet standard : successfully implemented operated protocol
slide8

GENERAL area

  • APPLICATIONS area
  • INTERNET area
  • OPERATIONS and MANAGEMENT area
  • REAL-TIME APPLICATIONS and INFRASTRUCTURE area
  • ROUTING area
  • SECURITY area
  • TRANSPORT area
working groups 1
Working Groups-1
  • BTNS : IPsec/IKE(Internet Key Exchange) 관련
  • DKIM : Domain Keys Identified Mail
  • EMU : EAP(Extensible Authentication Protocol) Method 관련
  • HOKEY : 무선 Handover Keying
  • ISMS : SNMP 보안 관련, 인증..
  • KEYPROV : 대칭키 관련
  • KITTEN:GSS(Generic Security Services)-API개발
  • KRB-WG : Kerberos 관련
working groups 2
Working Groups-2
  • LTANS : Long-Term Archive와 공증서비스
  • MSEC : Multicast 보안
  • NEA: Network Endpoint Assessment
  • PKIX : 공개키 기반구조 (X.509)
  • SASL : SimpleAuthentication and Security Layer
  • SMIME : S/MIME 메일 보안
  • SYSLOG: 네트워크이벤트 로깅 보안 관련
  • TLS : Transport Layer Security
slide14
차례
  • IETF 표준
  • ISO/IEC JTC1 표준
    • SC27
    • SC27 이외
  • ITU-T 표준
iso iec jtc1
ISO/IEC JTC1 표준
  • ISO( International Organizaton for Standardization)/ IEC(International Electronical Commission)JTC(Joint Technical Committee) 1
    • A combined organization ( ISO/TC97 : information processing system fields and IEC/TC 83 : information equipments)
  • 정보처리시스템에 대한 국제표준화 활동과 정보기기에 대한 국제표준화 활동을 통합하여 구성된 정보기술분야의 국제표준화 활동을 위한 공동기술위원회
  • SC20( data cryptographic techniques) was expended into SC27( security techniques).
iso iec jtc11
ISO/IEC JTC1 표준
  • Standard development stages
  • Preliminary stage : preliminary work item (PWI)
  • Proposal stage : new work item proposal ( NP)
  • Preparatory stage : working drafts (WD)
  • Committee stage : committee drafts (CD)
  • Enquire stage : enquire drafts i.e. draft international standard (ISO) (DIS), committee draft for vote(IEC) (CDV)
  • Approval stage : final draft international standard (FDIS)
  • Publication stage : international standard(ISO,IEC,ISO/IEC)
iso iec jtc12
ISO/IEC JTC1 표준
  • SC27 : IT Security techniques
    • IT 보안에 관한 일반적인 방법과 기술에 대한 표준을 주로 연구/제정한다.
    • 응용에 보안 메커니즘을 삽입하는 것을 제외한 정보기술 보안을 위한 일반적 방법과 기술에 대한 표준화
    • 암호화 알고리즘의 표준화, 정보기술 시스템 보안 서비스를 위한 일반적 요구 명세, 보안 기술 및 메커니즘 개발, 문서 및 표준을 지원하는 관리 개발을 포함
  • SC27이외
iso iec 13335 1 2004
ISO/IEC 13335-1:2004
  • Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management
  • ISO/IEC 13335-1:2004 presents the concepts and models fundamental to a basic understanding of ICT security, and addresses the general management issues that are essential to the successful planning, implementation and operation of ICT security. Part 2 of ISO/IEC 13335 (currently 2nd WD) provides operational guidance on ICT security. Together these parts can be used to help identify and manage all aspects of ICT security.
iso iec 27002 2005 2007
ISO/IEC 27002:2005(2007)
  • BS 7799:1999으로부터 발전 -> 17799 -> 27002
  • 12 main sections
    • Risk assessment
    • Security policy - management direction
    • Organization of information security - governance of information security
    • Asset management - inventory and classification of information assets
    • Human resources security - security aspects for employees joining, moving and leaving an organization
    • Physical and environmental security - protection of the computer facilities
    • Communications and operations management - management of technical security controls in systems and networks
    • Access control - restriction of access rights to networks, systems, applications, functions and data
    • Information systems acquisition, development and maintenance - building security into applications
    • Information security incident management - anticipating and responding appropriately to information security breaches
    • Business continuity management - protecting, maintaining and recovering business-critical processes and systems
    • Compliance - ensuring conformance with information security policies, standards, laws and regulations
slide29
차례
  • IETF 표준
  • ISO/IEC JTC1 표준
    • SC27
    • SC27 이외
  • ITU-T 표준
itu t
ITU-T 표준
  • ITU-T(International Telecommunication Union-Telecommunication Standardization Sector) 통신표준을 정했던 국제적인 기관인 CCITT(Consultative Committee for International Telegraph and Telephone)가 개칭한 단체. 디지털전송을 위한 표준과 아날로그 전송을 위한 인터페이스 표준을 정의
itu t1
ITU-T 표준
  • SG 2, 3, 5, 9, 11, 12, 13, 15, 16, 17, TSAG(Telecommunication Standardization Advisory Group)
  • SG 17 : Security, languages and telecommunication software
  • 국내에서는 한국정보통신기술협회 (TTA : Telecommunication Technology Association) : 민간단체 성격의 정보통신표준제정기관이담당
    • TC10 : security committee( IT security management, crypto technology, system security group)
itu t sg17
ITU-T SG17 주요 내용
  • NGN(Next Generation Network) Security Framework
  • Multimedia
  • Security Frameworks Guidelines
  • Security Management
  • Awareness
  • Secure Communication Services
slide34
기타
  • ECMA(European computer manufacturers association)
    • establish for data processing standard in Europe at 1961
    • TC 17( include communication), TC 36(IT security).TC 32( communication, network and interoperability, security)
  • ETSI(European telecommunication standards institute)
    • establish for communication/information/broadcasting standards in Europe at 1988
    • Standard process
      • Inception : start development of standard
      • Conception : define concept
      • Drafting : propose standard
      • Adoption ; adopt standard
      • Promotion ; implement standard
    • TC sec is security standard technical committee-> OGG(Operational Co-ordination Group)
slide35
기타
  • 인터넷보안기술포럼 (ISTF : Information Security Technology Forum) : 인터넷 보안기술분야의 민간업체들이 중심이 되어 구성된 포럼으로 시장수요를 반영한 사실(de-facto) 표준을 개발
  • Establish at 2000 for public internet security standard
  • Network, PKI, mobile group.
slide36
NIST
  • NIST (National Institute of Standards and Technology)
    • To establish at 1901, named NBS(national bureau of standards) and then renamed NIST at 1988 under DoC(Department of Commerce).
    • 10 research laboratories
      • Building and fire researchChemical science and technologyElectronics and electrical engineeringInformation technologyManufacturing engineeringMaterials science and engineeringNanoscale science and technologyNeutron researchPhysicsTechnology services
slide37
NIST
  • information technology lab. : 6 research areas
    • Advanced Network Technologies
    • Computer Security
    • Information Access
    • Mathematical & Computational Sciences
    • Software & Systems
    • Statistical Engineering
slide38
NIST
  • 암호화 기술
  • 첨단 인증 기술
  • 공개키 기반 구조
  • 인터네트워킹 보안
  • 평가 기준 및 제도
  • 보안 관리 및 지원
  • 컴퓨터 보안 자원 정보 센터
slide39
ANSI
  • ANSI(American national standards institute)
    • To establish a non-profit organization at 1918.
    • Have three characteristics : don’t develop standards, ANS is used all industries, ANS is voluntary.
    • Major fields : all technical fields ( accreditation인정서, patent,etc)

contribute ISO, IEC

ANSI certifies other standard organizations

of USA

slide42
정보보호 평가기준
  • ITSEC(Information Technology Security Evaluation Criteria) : 유럽
  • TCSEC(Trusted Computer System Evaluation Criteria) : 미국1) D(Minimal Protection : 최소한의 보호) 2) C1(Discretionary Security Protection : 임의적 접근보호) 3) C2(Controlled Access Protection : 통제된 접근보호) 4) B1(Labeled Security Protection : 레이블된 보호) 5) B2(Structured Protection : 구조적 보호) 6) B3(Security Domain : 보안 영역) 7) A1(Verified Design : 검증된 설계)
  • K Series : 한국 K1~ 7
  • 국제공통평가기준 CC(Common Criteria) : EAL 1 ~ 7