[국가R&D연구보고서]ICT 융합환경에 적합한 사이버 보안정책 및 거버넌스 연구: 인증제도를 중심으로 A Study on Cyber Security Policy and Governance in the ICT Convergence Environment: Focused on “Authentication”원문보기
□ 이에 본 연구는 선행연구, 국내외 사례연구 및 전문가 브레인스토밍과 보안 전문가 AHP 조사 결과를 토대로 범정부 사이버보안 핵심가이드 라인과 세부 정책제언 도출 ○ 환경변화 분석, 이론 및 선행연구, 법제연구, 실증연구 진행
Abstract▼
Today’s cyberspace is a powerful, virtual environment enabled by a pervasive global digital infrastructure, yet this cyberspace remains vulnerable to attack and manipulation from ever-evolving malicious threats. Cyber-attacks and crimes are currently the fasting growing threats to almost every aspec
Today’s cyberspace is a powerful, virtual environment enabled by a pervasive global digital infrastructure, yet this cyberspace remains vulnerable to attack and manipulation from ever-evolving malicious threats. Cyber-attacks and crimes are currently the fasting growing threats to almost every aspect of modern life, from the government to the private sector. New cyber-attacks such as DDoS, Malicious Apps, Pharming, Smishing, APT, etc. are also rapidly expanding across the world. In addition, with the technological advancement and convergence like ICBM (Internet of Things, Cloud, Big Data, Mobile), complexity, uncertainty, and risk in the cyber security environment are ever accelerating. It is well-known that a majority of cyber security incidents take place due to personal information disclosure. According to FIDO alliance (2015), 76% of cyber incidents occur in the process of authentication. However, South Korea’s cyber security institutional arrangements and the government’s policies do not seem to address these issues and challenges in a timely and appropriate manner. Indeed, even previous studies in this field have partially addressed the aforementioned issues by focusing only on a certain area, mostly either legal aspects or technological aspects. In this milieu, the aim of this study is to cover all aspects of cyber security including the current legal arrangement, governance structure, finance, human resources and so on by taking a “holistic and integrated approach.” It is well known fact that every country faces unique cyber security challenges. Understanding the factors that contribute to these challenges are critical. In line with this rationale, this study first explores the notions of cyber vulnerabilities and cyber resilience with their main tenets, and it further develops the analytical framework based upon the cyber resilience concept. In chapters 3 and 4, this study tries to identify and compare the key cyber vulnerable factors and cyber resilient factors in both domestic and foreign cyber security environments. Based upon the ‘cyber resilience analytical framework’, this study categorizes cyber resilience into four dimensions; robustness, resourcefulness, rapidity, and adoptability. Then it further develops a new national cyber security ‘TGIF’. T (Technology) stands for technology & expertise, G (Governance) stands for governance and institution, I (Insights) stands for leadership and awareness, and lastly F(Finance) stands for government budget for cyber security. The key cyber vulnerability and resilience factors were drawn from the literature review, domestic and foreign case studies, and interviews with experts and practitioners in cyber security, and expert brainstorming. Then, an AHP (Analytic Hierarchy Process) survey was conducted so as to prioritize national cyber security policy. Through integrating findings from theoretical reviews, case studies, interviews and the AHP survey, specific policy implications and policy suggestions were drawn reflecting the aforementioned TGIF index.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.