차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

--- awareness [2013/07/12 02:50] – 220.71.11.86
+++ awareness [2024/04/04 05:12] (현재) – 바깥 편집 127.0.0.1
@@ 줄 2: / 줄 2: @@
 ===== 정보보안 인식(Security awareness) =====
-(출처 : wikipedia)\\
-보안 인식은 물리적이고 특별한 조직의 특별한 정보자산의 보호에 관련하여 조직 구성원의 지식과 태도를 말한다.
-정보인식 훈련에 포함할 내용 :
+==== 정보보안 인식 개요 ====
-  * The nature of sensitive material and physical assets they may come in contact with, such as trade secrets, privacy concerns and government classified information
-    구성원들이 접할 수도 있는 민감한 내용과 물리적 자산들의 특성(영업비밀, 개인정보유출 그리고 정부의 분류된 정보)
-  * Employee and contractor responsibilities in handling sensitive information, including review of employee nondisclosure agreements
-    민간정보를 다루는 직원과 계약인력의 책임(NDA인지 포함)
-  * Requirements for proper handling of sensitive material in physical form, including marking, transmission, storage and destruction
-    민감내용의 적절한 취급요구사항들(마킹, 전송, 보관과 파기)
-  * Proper methods for protecting sensitive information on computer systems, including password policy and use of two-factor authentication
-    시스템에 저장된 민감정보보호에 대한 적절한 방법(패스워드 정책과 2-factor인증)
-  * Other computer security concerns, including malware, phishing, social engineering, etc.
-    다른 컴퓨터보안 우려사항(malware, phishing, social engineering, etc.)
-  * Workplace security, including building access, wearing of security badges, reporting of incidents, forbidden articles, etc.
-    작업공간 보안(건물접근, 뱃지착용, 사고보고, 금지사항 등)
-  * Consequences of failure to properly protect information, including potential loss of employment, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal penalties
-    적절한 정보보안실패의 결과(고용에 있어서의 잠재적 손실, 조직에 미치는 경제적인 손실,개개인의 기록노출 그리고 민사 형사상의 불이익)
-----
 \\
 (techtarget.com)\\
-Security awareness training is a formal process for educating employees about computer security.
+Security awareness training is a formal process for educating employees about computer security.\\
+A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and how to handle confidential information. Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff.  Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time.\\
+\\
 보안인식 훈련은 컴퓨터 보안을 교육하는 정식과정이다.
-A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and how to handle confidential information. Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff.  Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time.
+좋은 프로그램은 직원들에게 IT기술을 활용하는 업무에 대한 회사정책과 절차를 교육해야 한다.\\
-좋은 프로그램은 직원들에게 IT기술을 활용하는 업무에 대한 회사정책과 절차를 교육해야 한다.
+[NIST 보안인식훈련 가이드 [[http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf|다운로드]]]
-The National Institute of Standards and Technology (NIST) has an excellent publication with templates and guides for what should go into a security awareness training program. The 70-page document is available for free in PDF format from the institute's Web site.
+----
-NIST는 보안인식훈련에 대한 좋은 템플릿과 가이드가 있다. 웹사이트에서 PDF문서로 다운로드 가능.
+  * [[:awareness:정보인식 훈련에 포함할 내용]]
+===== 인식제고 자료 ===== \\
+당신의 스마트폰은 안전합니까? \\
+  * [[:교육자료-1:당신의 스마트폰은 안전합니까?]]

추적:

차이

검색