양쪽 이전 판이전 판다음 판 | 이전 판 |
policy [2013/07/25 07:42] – wiki1122 | policy [2024/04/04 05:12] (현재) – 바깥 편집 127.0.0.1 |
---|
| * 사업 등 관련 문의: T) 02-322-4688, F) 02-322-4646, E) [[info@wikisecurity.net]] |
| |
====== 보안정책 지침 ====== | ====== 보안정책 지침 ====== |
(출처: wikipedia)\\ | (출처: wikipedia)\\ |
보안 정책은 시스템을 위협하는 주요 위험요소로부터 기업의 자산을 보호하기 위한 정책이다. 정보 위험도를 서열화한 문서, 수용 가능한 보안 목표 식별, 목표를 달성하는 메커니즘의 식별로 구성된다\\ | 보안 정책은 시스템을 위협하는 주요 위험요소로부터 기업의 자산을 보호하기 위한 정책이다. 정보 위험도를 서열화한 문서, 수용 가능한 보안 목표 식별, 목표를 달성하는 메커니즘의 식별로 구성된다\\ |
\\ | \\ |
기업 고객과 정부 기관이 준수해야 하는 몇 가지 표준 및 규정(출처:symantec) | |
^ Standard/Regulation ^ Industry ^ Type ^ Comments/URLs ^ | |
| ISO/IEC 17799 | International - Baseline | Standard | "The International Organization for Standardization" www.iso-17799.com | | |
| BS 7799 Part 1 | British Government | Standard | British Standard. Predecessor to ISO 17799 standard | | |
| AS4444/NZS4444 | Australian Government | Standard | Australian Standard/New Zealand Standard. Replaced by ISO 17799 standard | | |
| HIPAA | Health Care | Regulation | Health Insurance Portability And Accountability Act of 1996. | | |
| CIS Benchmarks | Worldwide Consortium | Standard | The Center for Internet Security Solaris Benchmark | | |
| Gramm-Leach-Bliley Act (GLBA) | US Financial Services Law | Regulation | US Legislation passed Nov. 1999. | | |
| SANS/FBI Top 20 List | General Security | Standard | System Administration, Networking and Security/Federal Bureau of Investigation | | |
| CVE | General Security | Standard | MITRE's Common Vulnerabilities and Exposures | | |
| VISA | Banking | Standard | Visa International and Visa USA | | |
| ISO 15408\\ (Common Criteria) | International Security Program - Systems | Standard | May be replacing NSA's Red Book and Orange Book | | |
| CASPR | GNU Best Practices | Standard | Commonly Accepted Security Practices & Recommendations | | |
| OCC | Banking | Regulation | Office of the Comptroller of the Currency | | |
| FDIC | Banking | Regulation | Federal Deposit Insurance Corporation | | |
| SysTrust | AICPA | Standard | American Institute of Certified Public Accountants | | |
| FISCAM | GAO (Federal Govt.), Financial Systems | Regulation | Federal Information Systems Control Audit Manual | | |
| CobiT | ISACA | Standard | Control Objectives for Information and Related Technology | | |
| IETF Security Handbooks | Internet Community | Standard | The Internet Engineering Task Force | | |
| SEC | Brokerage | Regulation | U.S. Securities and Exchange Commission | | |
| Rainbow Series\\ (Orange Book) | Military commands and contractors | Regulation | Being replaced by Common Criteria | | |
| FDA | Pharmaceutical | Regulation | Food and Drug Administration | | |
| NPG 2810 (NASA) | Facilities and Contractors | Regulation | NASA Policy Guideline | | |
| 1974 Privacy \\ Act and Amendments | US Companies | Regulation | www.usdoj.gov/04foia/privstat.htm | | |
| ISO 13335(Parts 1,2,3,4,5) | International - Educational | Technical Report | A five-part technical report giving guidance on security management. | | |
| SAS70 | Auditing | Standard | Statement on Auditing Standards | | |
| GASSP | Older than CASPR | Standard | Generally Accepted Systems Security Principles | | |
| DITSCAP/NIACAP | Department of Defense (DOD) | Regulation | DoD Information Technology Security Certification and AccreditationProcess | | |
| AS/NZS 4360:1999 | Australian/New Zealand Government | Standard | Australian Standard / New Zealand Standard | | |
| FCC | US Government | Regulation | Federal Communications Commission | | |
| Other Standards | --- | Standard and Regulation | --- | | |
| |
| |
| |
| * [[:policy:기업 고객과 정부 기관이 준수해야 하는 몇 가지 표준 및 규정]] |
===== 지침 작성시 유의사항 ===== | ===== 지침 작성시 유의사항 ===== |
| |
~~PAGEINDEX=policy~~ | ~~PAGEINDEX=policy~~ |