̹ȸ â ̹ ü ȮѰ Ѵٴ ȸ ȭΰ ǰ ִ. ̸ Ѱ ִ 簡 Ȳ̴. ̹ ֺ 8ȸп CISO(Chief of Information Security Officer: ȴ ̻) ʿ伺 ϰ CISM ڰ ؼ Ұϴ ð ϰڴ. ڴ IT ()Ű åƮ. < >
[ ]
CISM Ұ
CISM 迵: Źͽ
CISM 迵:
CISM 迵: α
CISM 迵: α
CISM 迵:
ISMS(Ȱü)
ü ħ ִٰ . ħ Կ ä Ȱ ʴ´ٸ ƹ ҿ ƴѰ? Ͻ Ͽ ȰŹͽ ȣǾ α߱ .
غ ȭǾٰ ȿ̰ ȿ DZ ؼ ø ־ Ѵ. ȴ̻μ CISM α ϼ ̷ Ѵ.
CISO(Chief of Information Security Officer: ̻)μ CISM ڰ 4° αμ, üȭǾ ǰ ִ α , ϴ ܰ ̴. CISM̶ Ź߲ ѹ Ű Ѱ ư ϴ ̴. Ǿ ϰ Ͽ Ѵ. ̹ 翡 CISM 忡 ſ DZ ٶ.
CISM 4 α
ȹǰ ߵ α Ǵ Ϸ Ȱ Ȱ , , ϱ CISM ȿ ȿ Ϳ ξ Ѵ. ü ϴ ȿ̶ Ѵٸ ð, Ͽ ڴ ִȭϿ ̷ ȿ̶ ִ.
,, ؼ CISM پ ȿ ˾ƾ ϸ ħ տ å ħ ϰǰ Ǵ ⼺ ִ Ͽ Ѵ. å ؼ ȿ, ȿ ϰ (monitor)ϱ (metrics) ϸ, ÿ (report)Ǿ ϰ мǾ м(trend analysis) Ǿ Ѵ. м ȰŹͽ ٽ ȯ(feedback)Ǿ 濵 ġǴ ϰ Ǵ, ȰŹͽ (cycle) ϰ ȴ. (Ʒ )
α ٽ ִٰ ִ. ̳ ȭ ȿ νĵǰ ȭ(in place)Ǿ ִ, 濵 Ǵ, ν (security awareness program) ǥ, Ǵ° α а ¿ ִٰ ϰڴ.
α 9 Ȱ(Task Statement) ȭ (Knowledge Statement) Ǿ ִ.
CISM
å DZ ? CISM Ѵٸ?
̴.
å ؼ Ѵ. Ȥ å ؼ ش١ ϰ ̴.
4 α߰ å ؼ ֱ ǽѴ١ õϰ ִ. ο ذż θ ֱ ϰ ־ Ѵٴ CISM Ұ å ̴.
CISM 迵 4 α Ͽ å ذż ֱ ϰ ó ´ ؾ Ѵ. ġ ּ ø Ͱ ٰ . ּ ø ּ տ ǻʹ 1ʿ Ž Ѵٰ Ѵ. ٶ, , ּ ȭҸ ϰ Ͽ ٴ ̴.
() CISM ϳ̴. ִ ̿ ȸ(social engineering) ȭ(phishing) ͳݻ(pharming) α ༺ Ÿ . ν α CISM 弭 ֵ غ Ѵ. CISM Ļ ƴ϶ ų ־ ? .
ڼ www.isaca.or.kr Ȥ www.lyzeum.com ãƺ ִ.
ڷ ó
http://www.isaca.org
http://www.isaca.or.kr
http://www.lyzeum.com
Information Security Governance-Guide for BOD and Executives, ITGI, 2004
Information Security Governance, ITGI, 2008
CISM Review Manual, ISACA. 2006~2008
CISM Review Questions/Answer/Explanations Manual, ISACA, 2008
[ ]
-:
-IT ()Ű åƮ
-б п а
-()ѱý ȸ ISACA GRA ȸ
-ѱ CISSP ȸ ISC2 Korea а
-CISM, CGEIT, CISA, COBIT, CISSP, PMP, ITIL, CIA, IT-EAP, ISO 27001 ý
ۡ(CISM, CGEIT, CISA, COBIT, CISSP, PMP, ISO27001, CIA, ý۰) / josephc@chol.com
[ α (reporter21@boannews.com)]
|