Home > Àüü±â»ç

[CBKƯÁý] Á¤º¸º¸¾ÈÀÇ ABC, CBK¸¦ ÀÌÇØÇÏÀÚ-¨çCBKÀÇ °³¿ä

ÀÔ·Â : 2009-07-31 17:37
ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

CISSP´Â ¾Æ´Âµ¥ CBK¸¦ ¸ð¸£¼¼¿ä?


ÃÖ±Ù¿¡ Á¤º¸(½Ã½ºÅÛ) º¸¾È¿¡ °üÇؼ­ ½Å¹® Áö»óÀ» Àå½ÄÇÏ´Â ÁÖÁ¦µéÀÌ ¸¹ÀÌ µîÀåÇÏ°í ÀÖ´Ù. ÃÖ±ÙÀÇ DDOS(Distributed Denial of Service: ºÐ»ê¼­ºñ½º°ø°Ý)´Â ¹°·Ð °è¼Ó À̽´°¡ µÉ °ÍÀÎ PIA(Private Impact Assessment: °³ÀÎÁ¤º¸ ¿µÇâÆò°¡) µîµî, ´©±º°¡ÀÇ ¸»Ã³·³ ÄÄÇ»Å͸¦ ÄÑÁö ¾Ê´Â °Í¸¸ÀÌ Á¤º¸º¸¾ÈÀÇ ÃÖ¼±Ã¥À̶ó´Â ¸»ÀÌ ³ª¿Ã Á¤µµÀÌ´Ù.

 

 ÀÌ·¸°Ô Á¤º¸º¸¾ÈÀÌ »çȸÀûÀÎ ¹®Á¦°¡ µÉ ¶§Àϼö·Ï, ¾Ë°í¼­ ´ëÀÀÇÏ´Â Çö¸íÇÑ ÀÚ¼¼°¡ ÇÊ¿äÇϸç (ISC)2¿¡¼­ ¿À·£ ±â°£ Á¤º¸º¸¾È ü°è¸¦ ¸¸µé¾î ¿Â CBK(Common Body of Knowledge: (Á¤º¸º¸¾È)Áö½Äü°è)¸¦ ÀÌÇØÇÏ´Â ½Ã°£À» °®µµ·Ï ÇÏ°Ú´Ù. CISSP (Certified Information System Security Professional: ±¹Á¦°øÀÎ Á¤º¸½Ã½ºÅÛ º¸¾È Àü¹®°¡) ÀÚ°ÝÁõÀ» ¼ÒÁöÇÏ°í ÀÖ´Â Á¤º¸º¸¾È Àü¹®°¡ÀÌ¸é ´©±¸³ª Çѹø ÀÌ»óÀº °øºÎÇÏ´Â CBK¿¡´Â Á¤º¸º¸¾È¿¡ ´ëÇÑ ¼º°æÀ̶ó°í ÇÒ¸¸Å­ÀÇ ¹æ´ëÇÑ Áö½Ä°ú ½Ç¹«°¡ ÀÖ´Ù. ÀÛ±ÝÀÇ Á¤º¸(½Ã½ºÅÛ) º¸¾È¿¡ ´ëÇÑ Çʿ伺ÀÌ ´õ¿í Àý½ÇÇÒ ¶§ ±âº»À¸·Î µ¹¾Æ°¡¼­ CBK¿Í ÇÔ²² ³­¼¼¸¦ ÇìÃijª°¡ º¸µµ·Ï ÇÏ°Ú´Ù.


<°ÔÀç ¼ø¼­>

¨çCBKÀÇ °³¿ä

¨èDomain 1  Information Security and Management(Á¤º¸º¸¾È°ú À§Çè°ü¸®)

¨éDomain 2  Access Control (Á¢±ÙÅëÁ¦)

¨êDomain 3  Cryptography (¾ÏÈ£ÇÐ)

¨ëDomain 4  Physical (Environmental) Security (¹°¸®Àû(ȯ°æÀû) º¸¾È)

¨ìDomain 5  Security Architecture and Design (º¸¾È ¾ÆÅ°ÅØó¿Í ¼³°è)

¨íDomain 6  Business Continuity and Disaster Recovery Planning (±â¾÷¿¬¼Ó ¹× Àç³­º¹±¸°èȹ)

¨îDomain 7  Telecommunications and Network Security (Åë½Å ¹× ³×Æ®¿öÅ© º¸¾È)

¨ïDomain 8  Application Security (ÀÀ¿ëÇÁ·Î±×·¥ º¸¾È)

¨ðDomain 9  Operations Security (¿î¿µº¸¾È)

¨ñDomain 10  Legal, Regulations, Compliance and Investigations (¹ý, ±ÔÁ¤, Áؼö ¹× Á¶»ç)


CBKÀÇ °³¿ä

CBK(Common Body of Knowledge: (Á¤º¸º¸¾È)Áö½Äü°è) ¶ó°í ÇÏ¸é ´Ü¾î¿¡¼­ ¾ê±âÇÏ´Â ´ë·Î Áö½Äü°èÀÌ´Ù. Á¤º¸ ¹× Á¤º¸½Ã½ºÅÛ º¸¾È(º¸È£)¿¡ ´ëÇÑ Áö½Ä ü°èÀÌ´Ù. ÇÊÀÚ°¡ CBK¸¦ ´ëÇϸ鼭 ´À³¢´Â °ÍÀº Áö½Äü°è¿Í ½Ç¹«¸¦ °âºñÇØ ³õ¾Ò´Ù´Â °ÍÀ» È®½Å ÇÒ ¼ö ÀÖ´Ù. ¿ø°í°¡ ¿¬ÀçµÇ´Â ¼ø¼­¸¦ º¸¸é ÁÖÁ¦º°·Î Á¤¸®ÇØ ³õ¾Ò´Ù. ÁÖÁ¦º°À̶ó°í ÇÑ´Ù¸é º¸¾ÈÀ̳ª º¸È£ÇØ¾ß ÇÒ ´ë»ó, Áï Á¤º¸(Information)¿Í ±× Á¤º¸¿¡ ¿µÇâÀ» ³¢Ä¡´Â °ÍµéÀ» ¸ð¾Æ ³õ¾Ò´Ù°í º¸¸é µÈ´Ù.

 

Á¤º¸¶ó°í ÇÏ´Â °ÍÀÌ º¸È£ÀÇ ´ë»óÀÌ µÉ ¼ö ÀÖ´Â ¸ðµç ¸Åü(media)¸¦ µµ¸ÞÀÎ(domain)È­ ÇÏ¿© ¼Ò°³ÇÏ°í ÀÖ´Ù. ¹«·Á 10°¡Áö³ª µÈ´Ù. ¶ÇÇÑ ÁÖÁ¦º°·Î ÀúÀÚ°¡ ´Ù ´Ù¸£´Ù´Â °ÍÀ» ¾Ë ¼ö ÀÖ´Ù. Àü¹®¼º°ú ½Ç¹«¸¦ ÃÖ´ëÇÑÀ¸·Î ²ø¾î ¿Ã¸®±â À§Çؼ­ ±×·¸°Ô ÁýÇÊ Çß´Ù°í ÇÒ ¼ö ÀÖ´Ù. ±×·¡¼­ CISSP (Certified Information System Security Professional: ±¹Á¦°øÀÎ Á¤º¸½Ã½ºÅÛ º¸¾È Àü¹®°¡)¸¦ À§ÇÑ ºÐ·ùÇÐ(taxonomy) À̶ó°í ºÒ¸®±âµµ ÇÑ´Ù.

 

´õ¿íÀÌ ³î¶ø±âµµ ÇÏ°í ¾öµÎµµ ¾È ³ª´Â °ÍÀÌ CBK Ã¥ÀÚÀÇ ºÐ·®ÀÌ´Ù. ¹«·Á 1,100¿© ÆäÀÌÁö¿¡ ´Ù´Ù¸¥´Ù. °¡Áö°í ´Ù´Ï¸é¼­ Æ´Æ´ÀÌ º¸±â À§Çؼ­´Â ºÎµæÀÌ ºÐöÀ» ÇØ¾ß ÇÒ Á¤µµÀÇ ºÐ·®ÀÌ´Ù. ¾ÆÁ÷Àº ÇѱÛÈ­°¡ ¾ÈµÇ¾ú´Ù´Â °ÍÀÌ ¶ÇÇÑ ¾Æ½±Áö¸¸ CISSP Korea (ISC2ÀÇ Çѱ¹ chapter)ÀÇ ¿ªÇÒ°ú È°¾àÀÌ Áß¿ä½Ã µÇ°í ¶ÇÇÑ ÇùȸÀÇ Àü¹®°¡µéÀÇ ´Éµ¿Àû È°µ¿À¸·Î ÇâÈĸ¦ ±â´ëÇØ º¸±â·Î ÇÑ´Ù.


Áö½Äü°è¸¦ ÀÌÇØÇϱâ À§Çؼ± Áö½Äü°è¿Í ÀÚ°ÝÁõÀ» ¸¸µé¾î ³½ (ISC)2¿¡ ´ëÇؼ­µµ ¾Ë¾Æº¼ ÇÊ¿ä°¡ ÀÖ´Ù. Á¤º¸º¸¾È(º¸È£¿¡) ´ëÇÑ Çʿ伺À» ´À³¤ ±¹Á¦ Á¶Á÷µéÀÌ 1989³â¿¡ ÄÁ¼Ò½Ã¾öÀ» Çü¼ºÇÏ¿© ¼³¸³ÇÑ °ÍÀÌ (ISC)2 (International Information Systems Security Certification Consortium)ÀÌ´Ù. µÎ¹®¹®ÀÚ(acronym)·Î IISSCC·Î Ç¥±âÇϱ⠺¸´Ù´Â ¼öÇаø½ÄÀ» Àû¿ëÇؼ­ (ISC)2·Î Ç¥ÇöÇÏ´Â ¼¾½ºµµ ¿³ º¸ÀδÙ.


¾ÕÀ¸·Î ´Ù·ç°Ô µÉ ÁÖÁ¦¿µ¿ªº° µµ¸ÞÀÎÀ» »ìÆ캸µµ·Ï ÇÏ°Ú´Ù.



°£·«ÇÏ°Ô »ìÆ캻 ³»¿ëÀ¸·Î º¸¾Æ¼­ Á¤º¸(Information)¶ó°í ÇÏ´Â °ÍÀº ±â¾÷À̳ª Á¶Á÷, ½ÉÁö¾î °³Àο¡°Ô ±îÁö Áß¿äÇÑ ÀÚ»êÀÌ´Ù. Áß¿äÇÑ ÀÚ»êÀÎ Á¤º¸´Â CBKÀÇ ³»¿ëó·³ ³Ê¹«³ª ¿©·¯ °¡Áö ÇüÅ·ΠÁ¸ÀçÇÏ°í ÀÖ°í, ¶ÇÇÑ °¡¸¸È÷ ÀÖÁö ¾Ê°í Á¤º¸¶ó´Â Ư¼ºÀ̱⿡ ´©±º°¡¿Í ÁÖ°í ¹Þ¾Æ¾ß¸¸ ÇÑ´Ù. ±Ý°í ¼Ó¿¡ °¡¸¸È÷ ²Ë Àá ±¸¾î ³õÀ» ¼ö¸¸ ÀÖ´Ù¸é ±×³ª¸¶ ¼ÒÁßÇÑ Á¤º¸¸¦ º¸È£ÇÏ´Â ¹æ¹ýÀÌ µÉ ÅÙµ¥, Á¤º¸´Â Èê·¯°¡Áö ¾ÊÀ¸¸é ¾Æ¹« Àǹ̰¡ ¾ø´Ù´Â °ÍÀº µ¶ÀÚµéÀÌ Àß ¾Ë °ÍÀÌ´Ù.

 

Á¤º¸ÀÇ ¼Ó¼º»ó ÁÖ°í ¹Þ¾Æ¾ß ÇÏ°í °è¼Ó ÁøÈ­ÇØ¾ß ÇÏ´Â ±× Ư¼º ¶§¹®¿¡ Á¤º¸´Â °¡Ä¡°¡ ÀÖ°í, ±×·¯±â¿¡ º¸È£³ª º¸¾È ¶ÇÇÑ ½±Áö´Â ¾Ê´Ù. Àü¹®ÀûÀÎ Á¤º¸º¸È£, Á¤º¸º¸¾È Àü¹®°¡¿¡ ÀÇÇؼ­ ´Ù·ç¾î Áú ¼ö ¹Û¿¡ ¾ø´Ù. CISSP (Certified Information System Security Professional: ±¹Á¦°øÀÎ Á¤º¸½Ã½ºÅÛ º¸¾È Àü¹®°¡) ÀÇ ¿ªÇÒ°ú Ã¥ÀÓÀÌ ²À ÇÊ¿äÇÑ ½Ã´ëÀÇ ¿ä±¸¸¦ ½Ã»çÇÏ°í ÀÖ´Ù°í ÇÏ°Ú´Ù.


Áö±ÝÀº ³ó°æ»çȸµµ ¾Æ´Ï, »ó¾÷»çȸµµ ¾Æ´Ñ, Áö½Ä»çȸÀÌ´Ù. Á¤º¸¸¦ °¡Áø ÀÚ°¡ ÈûÀÌ ÀÖ´Â ÀÚÀÌ´Ù. ±×·¯±â¿¡ Á¤º¸¸¦ º¸¾ÈÇÏ°í Á¤º¸´Â º¸È£ÇØ¾ß ÇÏ´Â °ÍÀÌ´Ù. CBKÀÇ µµ¸ÞÀÎ º° ³»¿ëÀ» ¿¬Àç·Î¼­ ½Ç¾î º½À¸·Î¼­ Áö½Ä»çȸÀÇ Áö½ÄÀÎÀÌ µÇ¾îº¸´Â Áö½ÄÈ°µ¿¿¡ µµ¿òÀÌ µÇ±æ ¹Ù¶õ´Ù.


º¸´Ù ÀÚ¼¼ÇÑ ³»¿ëÀº http://www.isc2.org/ȤÀº http://www.cisspkorea.or.kr/¿¡¼­ ã¾Æº¼ ¼ö ÀÖ´Ù.


Âü°íÀÚ·á ¹× Ãâó

www.isc2.org

www.cisspkorea.or.kr

Official (ISC)2 Guide to the CISSP CBK, Auerbach Publications, 2007~2008

Information Security Governance, ITGI, 2008

InfoSecurity Professional Magazine, ISC2, 2008~2009


[ÇÊÀÚ ¾à·Â]

-±â°íÀÚ: Á¶ Èñ ÁØ

-ITÄÁ¼³Æà ¹× °¨¸®¹ýÀÎ (ÁÖ)Å°»è Ã¥ÀÓÄÁ¼³ÅÏÆ® ÀçÁ÷ Áß

-°í·Á´ëÇб³ ´ëÇпø °¨»ç ÇàÁ¤Çаú ÀçÇÐ Áß

-(»ç)Çѱ¹Á¤º¸½Ã½ºÅÛ °¨»çÅëÁ¦Çùȸ ISACA GRA ¿¬±¸È¸¿ø

-Çѱ¹ CISSP Çùȸ ISC2 Korea ±³À°¿¬±¸ºÐ°ú ±³À°ÆÀÀå

-CISM, CGEIT, CISA, COBIT, CISSP, PMP, ITIL, CIA, IT-EAP, ISO 27001 Á¤º¸½Ã½ºÅÛ °¨¸®¿ø


±Û¡¤Á¶ÈñÁØ(CISM, CGEIT, CISA, COBIT, CISSP, PMP, ISO27001, CIA, Á¤º¸½Ã½ºÅÛ°¨¸®¿ø) / josephc@chol.com

[Á¤¸® ±æ¹Î±Ç ±âÀÚ(reporter21@boannews.com)]


<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>

  •  
  • 2
  • ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

  • ¡°
  •  SNS¿¡¼­µµ º¸¾È´º½º¸¦ ¹Þ¾Æº¸¼¼¿ä!! 
  • ¡±
¾Æ½ºÆ®·Ð½ÃÅ¥¸®Æ¼ ÆÄ¿öºñÁî 2023³â2¿ù23ÀÏ ½ÃÀÛ ³Ý¾Øµå ÆÄ¿öºñÁî ÁøÇà 2020³â1¿ù8ÀÏ ½ÃÀÛ~2021³â 1¿ù8ÀϱîÁö À§Áîµð¿£¿¡½º 2018
¼³¹®Á¶»ç
³»³â ȸ»ç¿¡ ²À µµÀÔÇÏ°í ½ÍÀº º¸¾È ¼Ö·ç¼Ç ¶Ç´Â Ç÷§ÆûÀº ¹«¾ùÀΰ¡¿ä?
XDR
EDR
AI º¸¾È
Á¦·ÎÆ®·¯½ºÆ®
°ø±Þ¸Á º¸¾È ü°è(SBOM)
Ŭ¶ó¿ìµå º¸¾È ¼Ö·ç¼Ç
±âŸ(´ñ±Û·Î)