| 양쪽 이전 판이전 판다음 판 | 이전 판 |
| policy [2013/07/25 07:42] – wiki1122 | policy [2024/04/04 05:12] (현재) – 바깥 편집 127.0.0.1 |
|---|
| | * 사업 등 관련 문의: T) 02-322-4688, F) 02-322-4646, E) [[info@wikisecurity.net]] |
| | |
| ====== 보안정책 지침 ====== | ====== 보안정책 지침 ====== |
| (출처: wikipedia)\\ | (출처: wikipedia)\\ |
| 보안 정책은 시스템을 위협하는 주요 위험요소로부터 기업의 자산을 보호하기 위한 정책이다. 정보 위험도를 서열화한 문서, 수용 가능한 보안 목표 식별, 목표를 달성하는 메커니즘의 식별로 구성된다\\ | 보안 정책은 시스템을 위협하는 주요 위험요소로부터 기업의 자산을 보호하기 위한 정책이다. 정보 위험도를 서열화한 문서, 수용 가능한 보안 목표 식별, 목표를 달성하는 메커니즘의 식별로 구성된다\\ |
| \\ | \\ |
| 기업 고객과 정부 기관이 준수해야 하는 몇 가지 표준 및 규정(출처:symantec) | |
| ^ Standard/Regulation ^ Industry ^ Type ^ Comments/URLs ^ | |
| | ISO/IEC 17799 | International - Baseline | Standard | "The International Organization for Standardization" www.iso-17799.com | | |
| | BS 7799 Part 1 | British Government | Standard | British Standard. Predecessor to ISO 17799 standard | | |
| | AS4444/NZS4444 | Australian Government | Standard | Australian Standard/New Zealand Standard. Replaced by ISO 17799 standard | | |
| | HIPAA | Health Care | Regulation | Health Insurance Portability And Accountability Act of 1996. | | |
| | CIS Benchmarks | Worldwide Consortium | Standard | The Center for Internet Security Solaris Benchmark | | |
| | Gramm-Leach-Bliley Act (GLBA) | US Financial Services Law | Regulation | US Legislation passed Nov. 1999. | | |
| | SANS/FBI Top 20 List | General Security | Standard | System Administration, Networking and Security/Federal Bureau of Investigation | | |
| | CVE | General Security | Standard | MITRE's Common Vulnerabilities and Exposures | | |
| | VISA | Banking | Standard | Visa International and Visa USA | | |
| | ISO 15408\\ (Common Criteria) | International Security Program - Systems | Standard | May be replacing NSA's Red Book and Orange Book | | |
| | CASPR | GNU Best Practices | Standard | Commonly Accepted Security Practices & Recommendations | | |
| | OCC | Banking | Regulation | Office of the Comptroller of the Currency | | |
| | FDIC | Banking | Regulation | Federal Deposit Insurance Corporation | | |
| | SysTrust | AICPA | Standard | American Institute of Certified Public Accountants | | |
| | FISCAM | GAO (Federal Govt.), Financial Systems | Regulation | Federal Information Systems Control Audit Manual | | |
| | CobiT | ISACA | Standard | Control Objectives for Information and Related Technology | | |
| | IETF Security Handbooks | Internet Community | Standard | The Internet Engineering Task Force | | |
| | SEC | Brokerage | Regulation | U.S. Securities and Exchange Commission | | |
| | Rainbow Series\\ (Orange Book) | Military commands and contractors | Regulation | Being replaced by Common Criteria | | |
| | FDA | Pharmaceutical | Regulation | Food and Drug Administration | | |
| | NPG 2810 (NASA) | Facilities and Contractors | Regulation | NASA Policy Guideline | | |
| | 1974 Privacy \\ Act and Amendments | US Companies | Regulation | www.usdoj.gov/04foia/privstat.htm | | |
| | ISO 13335(Parts 1,2,3,4,5) | International - Educational | Technical Report | A five-part technical report giving guidance on security management. | | |
| | SAS70 | Auditing | Standard | Statement on Auditing Standards | | |
| | GASSP | Older than CASPR | Standard | Generally Accepted Systems Security Principles | | |
| | DITSCAP/NIACAP | Department of Defense (DOD) | Regulation | DoD Information Technology Security Certification and AccreditationProcess | | |
| | AS/NZS 4360:1999 | Australian/New Zealand Government | Standard | Australian Standard / New Zealand Standard | | |
| | FCC | US Government | Regulation | Federal Communications Commission | | |
| | Other Standards | --- | Standard and Regulation | --- | | |
| |
| |
| |
| | * [[:policy:기업 고객과 정부 기관이 준수해야 하는 몇 가지 표준 및 규정]] |
| ===== 지침 작성시 유의사항 ===== | ===== 지침 작성시 유의사항 ===== |
| |
| ~~PAGEINDEX=policy~~ | ~~PAGEINDEX=policy~~ |
