5. 위험평가 2004.10 신수정
Reference Information Security Architecture – Tudor 4장 Risk Management Guide for Information Technology Systems – NIST SP 800-30 Guide for Developing Security Plans for Information Technology Systems – NIST SP 800-18 ISO 13335 BS7799 Part 1,2 기타 신수정의 내부 자료 - 더 자세한 내용은 ‘보안관리’(이재우교수님) 수업에서 공부하시길…
1. Introduction 위험평가 People 보안전략/조직 정책/정보분류 보안기술 아키텍쳐 Process Data Application User System Network Physical Data Application User System Network Physical Process Technology 기밀성 무결성 가용성 Identification Authentication Authorization Administration Audit 보안관리 아키텍쳐 모니터링 사고대응 사업연속 인력보안 보안교육 외주보안 Validation/Audit/Measure/Certification Enterprise Architecture & IT Planning
2. 기본 Concept Risk=f(value of Assets, likelihood of Threats, ease of exploitation of the Vulnerabilities by the threat , Existing Safeguard) Risk Management Risk Identification Risk Analysis(qualitative, quantitative) Risk Response planning Risk monitoring and control Risk Assessment Impact Likelihood/Probability Risk Assessment
2. 기본 Concept exploit Threat Threat(위협) Vulnerabilities Assets Control covers threat Threat circumvents control Unreliable over threat (safeguard) Vulnera-bility Threat(위협) Vulnerabilities (취약성) Assets expose Increase Protect against(방어) Increase Safeguard (보안대책) Risk have Indicate Increase Met by Protection Requirement Values
3. 위험관리 절차 Risk Analysis No Yes Establishment of Review Boundary 3. 위험관리 절차 Establishment of Review Boundary Risk Analysis Identification of Assets Valuation of assets and Establishment of dependencies between assets Threat Assessment Identification of existing/planned safeguard Assessment of Vulnerabilities Assessment of Risks Selection of safeguards Identification Review of constraints Risk Acceptance No Yes IT System security policy ISO: Risk Management involving Detailed risk analysis IT security plan
3. 위험관리 절차 NIST
4. 위험평가 기법 – 자산 조사 및 가치 부여 Asset are anything of value… 4. 위험평가 기법 – 자산 조사 및 가치 부여 Asset are anything of value… Within the review boundary physical Assets logical Data/information software System SW Application SW personnel hardware facilities documentation supplies Mainframe,minis, micro Peripherals, online/offline Storage media
4. 위험평가 기법 – 위협 및 빈도 조사 Threat source – target - likelihood 4. 위험평가 기법 – 위협 및 빈도 조사 A threat The potential for a threat-source(natural, human, environmental) to exercise a specific vulnerability some action or event that can lead to a loss. Possible source of harm for the IT system Threat source – target - likelihood Assess the Likelihood
4. 위험평가 기법 – 위협 및 빈도 조사
4. 위험평가 기법 – 취약성 분석 Vulnerability 4. 위험평가 기법 – 취약성 분석 Vulnerability Weakness which allow a threat to occur Vulnerability in itself does not cause harm 취약성 점검 방법 체크리스트: NIST, BS7799 Control 등 시스템 보안 테스팅: 자동화툴, 보안테스트, 침투테스트
4. 위험평가 기법 – 취약성 분석 위협-취약성 연계
4. 위험평가 기법 – 위험 계산 Risk=f(value of Assets, likelihood of Threats, ease of exploitation of the Vulnerabilities by the threat , Existing Safeguard)
4. 위험평가 기법 – 위험 계산 Level of threat Low Medium High Level of vul. L M H 4. 위험평가 기법 – 위험 계산 Level of threat Low Medium High Level of vul. L M H L M H L M H Asset Value L M H
Techniques for Risk response planning 5. 위험 대응(완화) 정책 Techniques for Risk response planning Avoidance: changing the situation(ex. Plan) to eliminate the risk or condition. Transference:seeking to shift the consequence of a risk to a third party together with ownership of the response Mitigation: seeking to reduce the probability or/and consequences of adverse risk event to an acceptable threshold. Acceptance: ‘contingency plan’(active) or ‘no action’(passive)
5. 위험 대응(완화) 정책
5. 위험 대응(완화) 정책 Controls Technical Management Operation Residual Risk
6. 정보보호 대책이행 계획
7. Case Study 조별로 1개의 시스템에 대해서 위험평가 및 보안계획 수립 SP 800-18, SP 800-30 Reading