차이
문서의 선택한 두 판 사이의 차이를 보여줍니다.
양쪽 이전 판이전 판다음 판 | 이전 판다음 판양쪽 다음 판 | ||
awareness [2013/07/08 08:16] – 220.71.11.86 | awareness [2013/07/18 02:26] – [정보보안 인식(Security awareness)] wiki1122 | ||
---|---|---|---|
줄 2: | 줄 2: | ||
===== 정보보안 인식(Security awareness) ===== | ===== 정보보안 인식(Security awareness) ===== | ||
+ | |||
+ | ==== 정보보안 인식 개요 ==== | ||
+ | \\ | ||
+ | (techtarget.com)\\ | ||
+ | Security awareness training is a formal process for educating employees about computer security.\\ | ||
+ | A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT). Employees should receive information about who to contact if they discover a security threat and how to handle confidential information. Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff. | ||
+ | |||
+ | \\ | ||
+ | 보안인식 훈련은 컴퓨터 보안을 교육하는 정식과정이다. | ||
+ | 좋은 프로그램은 직원들에게 IT기술을 활용하는 업무에 대한 회사정책과 절차를 교육해야 한다.\\ | ||
+ | [NIST 보안인식훈련 가이드 [[http:// | ||
+ | ---- | ||
+ | |||
(출처 : wikipedia)\\ | (출처 : wikipedia)\\ | ||
보안 인식은 물리적이고 특별한 조직의 특별한 정보자산의 보호에 관련하여 조직 구성원의 지식과 태도를 말한다. | 보안 인식은 물리적이고 특별한 조직의 특별한 정보자산의 보호에 관련하여 조직 구성원의 지식과 태도를 말한다. | ||
줄 8: | 줄 21: | ||
* The nature of sensitive material and physical assets they may come in contact with, such as trade secrets, privacy concerns and government classified information | * The nature of sensitive material and physical assets they may come in contact with, such as trade secrets, privacy concerns and government classified information | ||
+ | 구성원들이 접할 수도 있는 민감한 내용과 물리적 자산들의 특성(영업비밀, | ||
* Employee and contractor responsibilities in handling sensitive information, | * Employee and contractor responsibilities in handling sensitive information, | ||
+ | 민간정보를 다루는 직원과 계약인력의 책임(NDA인지 포함) | ||
* Requirements for proper handling of sensitive material in physical form, including marking, transmission, | * Requirements for proper handling of sensitive material in physical form, including marking, transmission, | ||
+ | 민감내용의 적절한 취급요구사항들(마킹, | ||
* Proper methods for protecting sensitive information on computer systems, including password policy and use of two-factor authentication | * Proper methods for protecting sensitive information on computer systems, including password policy and use of two-factor authentication | ||
+ | 시스템에 저장된 민감정보보호에 대한 적절한 방법(패스워드 정책과 2-factor인증) | ||
* Other computer security concerns, including malware, phishing, social engineering, | * Other computer security concerns, including malware, phishing, social engineering, | ||
+ | 다른 컴퓨터보안 우려사항(malware, | ||
* Workplace security, including building access, wearing of security badges, reporting of incidents, forbidden articles, etc. | * Workplace security, including building access, wearing of security badges, reporting of incidents, forbidden articles, etc. | ||
+ | 작업공간 보안(건물접근, | ||
* Consequences of failure to properly protect information, | * Consequences of failure to properly protect information, | ||
+ | 적절한 정보보안실패의 결과(고용에 있어서의 잠재적 손실, 조직에 미치는 경제적인 손실, | ||
---- | ---- | ||
- | \\ | ||
- | (techtarget.com)\\ | ||
- | Security awareness training is a formal process for educating employees about computer security. | ||
- | |||
- | A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT). Employees should receive information about who to contact if they discover a security threat and how to handle confidential information. Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff. | ||
- | |||
- | The National Institute of Standards and Technology (NIST) has an excellent publication with templates and guides for what should go into a security awareness training program. The 70-page document is available for free in PDF format from the institute' |