ȣ, ߿ ÷
(alignment) ϰ ϴ١ ̴. ϸ 翬 ٴ ̴. ұ? Į ֵ ȣ ־ Ѵٴ ̴.
(Strategic Alignment) ǥ ϱ ü ȹ Ƴ ̴. ȣ ؾ Ѵٴ ʹ θ ؼؼ ڵ鿡 ̴. Ư ȣ Źͽ ߵϰ ִ ǿ ü ִ ȣ ڵ鿡Դ ִ.
ٸ ڵ ٽ ѹ 鿩 ? ϴ ȣ ڷ ϸ鼭 ѹ ٰ ̴. 濵ȯ濡 Ƴ ִ. ⼭ ο . 鼭 ȣ Ȥ ̶ ִ°? ̷ ִٸ ȣ ϴ ȣ ü ̰ ̿ İ ãƺ ȣ Ȥ ̶ .
ȣ μ ϳε ν ִ. Ϲ ִ Ӿ ΰ üȭϴ ȹ̴. ̷ Ǿ߸ ӱ(going concern) Ģ Ǿ ϴ ̴. ϰ ִ ڻ ȣ ̷ ȣ μ ϰ Ѿ ϴ ̴.
Ư 츦 ϰ ̶ Ѵٸ ȣ ü ȸ δ ̴. ȣ ƴ϶, ȣ μ ü ϰ Ű ȣ ڳ 䱸 ּ ϴ ڸ ̴.
ȿ(Cost-effectiveness)
ϱ ؼ ȣ Ǿ ȣ Ǿ ϴµ ̶ ȿ̶ ߿ϴ. ϰ ϴµ Ǵ ڱݾ ϴ ̴. ȿ̶ ߴĸ Ѵ. ؼ ؼغ ؼ ȣ ̷µ ּ 鼭 ȣ ߴĴ ̴. ưԵ ǥѴ.
ü ǥ 䱸(Business Objective and Requirement)
ȣ ȿ̶ Ƿ 켱 ȿ Ǻϰ ϴ ־ Ѵ. ȿ Ǿٴ ε Ǿ ˱? ǥ Ȥ 䱸 Ȯؾ ȣ ڴ ȣ ǥ ü ִ. ü ȣ ǥ ־ ȭ ߴ ִ.
κ ǥ Ȯ ϸ鼭 ȣ 䱸 и 찡 . ù° ڳ ȣ μ ˾Ƽ ֱ⸦ ٶٴ ̴. ΰ̳ ̵ ƴϰ ˾Ƽ . ° 䱸 ȣ ڰ Ƶ̴ ٸٴ ̴. ȣ μ ӿ ȣ ̻ ȸǴ ٸ ϱ ֱ ְ Ȯ ϱⰡ ƴ.
ȣ 䱸 Ͻ (Business Language)
տ ȣ ǰ ϱ ؼ ȣڴ ˾Ƽ ֱ⸦ ٶ ü 䱸 ϱ ð ؾ Ѵ. Ȯ 䱸 Ǿ װ ִ.
ε ȣ Źͽ(Information Security Governance) ô뿡 Źͽ Ե ̶ ȣ ؿ ر ǻ CISO(Chief of Information Security; ȣ ̻) ƴ 濬 ̻ȸ å ̴.
濬 ̻ȸ ȣ 翬 ƴϴ. 濵 ̴. Ƿ CISO̵ ȣ ̵ ƴ 濵 ǻؾ Ѵ. Ͻ , 濵 ؾ 濵 ϴ ǵ ˾Ƶ ִ ̴.
Ͻ ǻ
踦 Ÿ ǥ(Indicators)
ٸ ȣ ٷ Ÿ ǥ 캸 Ʒ .
ȹ ü Ͻ Ȱ Ÿ Ѵ.
ȣ Ͻ 䱸 ؼ Ѵ.
ǥ ȣ ǥ ȣ ȣ Ȱ ǵǰ صž Ѵ.
ȸ(Information Security Steering Committee) ǰ ̻ȸ 濵 ƾ Ѵ.
ϻȰ κ Ģ̳ ȣϰ ȴ. ̵ ܿ£ Ű ͳݿ 鿡 . ϴ. ְ ; Ű ̿ ϸ ȿ ñϱ ̴. ϻȰ ְ ȿ ̷ õ ֱ ̴. ȣ ̿ ٸ ʴ. ȣ Źͽ ϱ ؼ ȹ ־ Ѵ. ȹ ȣ μ ȹ ļ ȵǸ иǾ ȴ.
ȣ Źͽ ù ° ϰ ϴ ٷ Ǿ߸ Ѵ. ȣ μ ̱ ϴ. Į ؼ ȣ θ ߿ ø ȸ DZ⸦ ٶ.
[ _ ITáIT ߾̿ ̻(josephc@chol.com)]
|