Home > Àüü±â»ç

Risk IT ÇÁ·¹ÀÓ¿öÅ©¶õ ¹«¾ùÀΰ¡?

ÀÔ·Â : 2012-07-25 14:02
ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â
IT ¸®½ºÅ©¿Í Á¤º¸º¸È£ ¸®½ºÅ©´Â ºñÁî´Ï½º ¸®½ºÅ©·Î Á÷°á


Risk IT ÇÁ·¹ÀÓ¿öÅ©´Â 1³â Àü¿¡ ISACA ±¹Á¦Çùȸ¿¡¼­ IT ¸®½ºÅ© °ü¸®¿Í Á¤º¸º¸È£ ¸®½ºÅ© °ü¸®¸¦ À§ÇØ ¸¸µé¾î³½ ¸ðµ¨ÀÌ´Ù. ¿À´Ã³¯ °Å¹ö³Í½º ½Ã´ëÀÇ È®Àå°ú ºÒÈ®½Ç¼ºÀÌ Áö¹èÇÏ´Â ±â¾÷ ȯ°æ¿¡¼­ IT ¸®½ºÅ©¿Í Á¤º¸º¸È£ ¸®½ºÅ©´Â ºñÁî´Ï½º ¸®½ºÅ©·Î ¹Ù·Î Á÷°áµÇ´Â »ç¾ÈÀ¸·Î Á߿伺ÀÌ ´õ¿í ³ô¾ÆÁö°í ÀÖ´Ù. ÀÌ¿¡ º»Áö¿¡¼­´Â IT°Å¹ö³Í½º/ÄÁ¼³ÆÃ/°¨¸®¹ýÀÎ ¾¾¿¡ÀÌ¿¡½º ÄÁ¼³Æÿ¡¼­ ±Ù¹«Çϸ鼭 °ü·Ã ºÐ¾ß¿¡¼­ ¿Õ¼ºÇÑ È°µ¿À» ÆîÄ¡°í ÀÖ´Â Á¶ÈñÁØ ÀÌ»çÀÇ ¿¬Àç±â°í¸¦ ½Æµµ·Ï ÇÑ´Ù. [ÆíÁýÀÚ ÁÖ]


¿¬Àç¼ø¼­-----------------------

1. Risk IT ÇÁ·¹ÀÓ¿öÅ©

2. Á¤º¸º¸È£¿¡¼­ÀÇ Risk

3. Risk IT ÇÁ·¹ÀÓ¿öÅ©ÀÇ µµ¸ÞÀÎ 1

4. Risk IT ÇÁ·¹ÀÓ¿öÅ©ÀÇ µµ¸ÞÀÎ 2

5. Risk IT ÇÁ·¹ÀÓ¿öÅ©ÀÇ µµ¸ÞÀÎ 3

6. Risk IT ÇÁ·¹ÀÓ¿öÅ©¿Í Á¤º¸º¸È£ÀÇ ¿¬°è

-----------------------------------

[º¸¾È´º½º=Á¶ÈñÁØ ¾¾¿¡ÀÌ¿¡½º ÀÌ»ç] ¿äÁò µé¾î Risk¶ó´Â ´Ü¾î°¡ È­µÎÀÌ´Ù. ¸®½ºÅ©? ¿Ö À§ÇèÀ̶ó°í ÇÏÁö ¾Ê°í ¸®½ºÅ©¶ó°í Ç¥ÇöÇÒ±î? ¸®½ºÅ©ÀÇ Àǹ̴ ºÒÈ®½Ç¼º(uncertainty)ÀÌ´Ù. ºñÁî´Ï½ºÀÇ ¸ñÀû ´Þ¼º¿¡ ¿µÇâÀ» ³¢Ä¥ ¼ö ÀÖ´Â ±àÁ¤ÀûÀÎ ¸éµµ ºÎÁ¤ÀûÀÎ Ãø¸éµµ ¸ðµÎ °¡Áö°í Àֱ⿡ ¸®½ºÅ©¸¦ ºÒÈ®½ÇÇÑ °ÍÀ̶ó°í ¾ê±âÇÏ´Â °ÍÀÌ´Ù. À§Çè(êËúÏ)À̶ó´Â ±¹¾î·Î Ç¥ÇöÇÏ´Ù º¸¸é ¸®½ºÅ©ÀÇ ºÎÁ¤ÀûÀÎ ¸é¸¸À» ³ªÅ¸³»±â ½±´Ù. ±×·¡¼­ ¿äÁîÀ½ ¸®½ºÅ©¿Í °ü·ÃµÈ ÇÐȸ³ª ¾÷°è¿¡¼­´Â Risk¸¦ ±×³É ¡®¸®½ºÅ©¡¯¶ó°í Ç¥ÇöÇÏ´Â Ãß¼¼ÀÌ´Ù.


¸®½ºÅ© IT ÇÁ·¹ÀÓ¿öÅ©ÀÇ Åº»ý

COBIT°ú IT °Å¹ö³Í½º·Î ³Î¸® ¾Ë·ÁÁø ISACA(Information System Audit & Control Association : Á¤º¸½Ã½ºÅÛ°¨»çÅëÁ¦ ±¹Á¦Çùȸ www.isaca.org)¿¡¼­ IT °Å¹ö³Í½ºÀÇ ÇÁ·¹ÀÓ¿öÅ©ÀÎ COBIT°ú À̸¦ È®ÀåÇÑ Val IT, ±×¸®°í ´ÙÀ½À¸·Î Ãâ½ÃÇÑ ÇÁ·¹ÀÓ¿öÅ©°¡ ¹Ù·Î ¸®½ºÅ© ITÀÌ´Ù.


COBITÀº IT °Å¹ö³Í½ºÀÇ 5´ë ¸ñÇ¥ÀÎ,

¨çÀü·«Àû ¿¬°è

¨è°¡Ä¡ Á¦°ø

¨é¸®½ºÅ© °ü¸®

¨êÀÚ¿ø °ü¸®

¨ë¼º°ú ÃøÁ¤À» ½Ç¹«Â÷¿ø¿¡¼­ ¼³¸íÇÏ°í ±¸ÇöÇس»´Â ÇÁ·¹ÀÓ¿öÅ©ÀÌ´Ù.

COBITÀÇ ¸ñÇ¥

 

À̸¦ ±¸ÇöÇϱâ À§ÇØ

¨ç»ç¾÷ ¿ä±¸»çÇ×

¨èIT ÀÚ¿ø

¨éIT ÇÁ·Î¼¼½ºÀÇ 3°¡Áö Â÷¿øÀ¸·Î ¼³¸íÇÏ°í ÀÖ´Ù.

 

 COBIT ÇÁ·¹ÀÓ¿öÅ©

 

±× ÀÌÈÄ IT ÅõÀÚ¿Í ±×¿¡ µû¸¥ ÀÇ»ç°áÁ¤ÀÌ Áß¿ä½ÃµÊ¿¡ µû¶ó ¡®¨è °¡Ä¡ Á¦°ø¡¯À» °æ¿µÀÚ¿Í ÅõÀÚÀÚ µîÀÇ ÀÌÇØ°ü°èÀÚµéÀ» À§Çؼ­ ¸¸µé¾î³½ 2¹ø° ÇÁ·¹ÀÓ¿öÅ©°¡ Val IT ÀÌ´Ù. Val IT´Â 3°¡Áö µµ¸ÞÀÎÀ¸·Î ±¸¼ºµÇ¾î ÀÖ´Ù.


¨ç°¡Ä¡ °Å¹ö³Í½º(Value Governance)

¨èÆ÷Æ®Æú¸®¿À °ü¸®(Portfolio Management)

¨éÅõÀÚ °ü¸®(Investment Management)

 Val IT ÇÁ·¹ÀÓ¿öÅ©


COBIT°ú Val IT ÀÌÈÄ¿¡ ¡®¨é ¸®½ºÅ© °ü¸®¡¯¸¦ ÁßÁ¡ÀûÀ¸·Î ¼ÒÈ­ÇØ ³»±â À§ÇØ ¸®½ºÅ© IT ÇÁ·¹ÀÓ¿öÅ©°¡ ź»ýÇß´Ù. Á¶Á÷ÀÇ ¿ÜºÎÀûÀΠȯ°æÀÇ ºÒÈ®½Ç¼ºÀº Á¡Á¡ Ä¿Á®¸¸ °¡°í Á¤º¸¿Í Á¤º¸º¸È£¿¡ ´ëÇÑ ¸®½ºÅ©°¡ Á¶Á÷ÀÇ »ýÁ¸¿©ºÎ¸¦ ÁÂÁö¿ìÁöÇÏ´Â ºñÁî´Ï½º ȯ°æ¿¡¼­ ¸®½ºÅ©´Â ½Éµµ ÀÖ°Ô Àü¹®ÀûÀ¸·Î ´Ù·ç¾îÁ®¾ß ÇϹǷΠÀÌ¿¡ ´ëÇÑ ±¸Ã¼ÀûÀÎ ÇÁ·¹ÀÓ¿öÅ©°¡ ź»ýµÈ °ÍÀÌ´Ù. ¸®½ºÅ© IT ÇÁ·¹ÀÓ¿öÅ©´Â 3°¡Áö µµ¸ÞÀÎÀ¸·Î ±¸¼ºµÇ¾î ÀÖ´Ù.


¨ç¸®½ºÅ© °Å¹ö³Í½º(Risk Governance)

¨è¸®½ºÅ© Æò°¡(Risk Evaluation)

¨é¸®½ºÅ© ´ëÀÀ(Risk Response)

 

 ¸®½ºÅ© IT ÇÁ·¹ÀÓ¿öÅ©


À̹ø ¿¬Àç±â°í¸¦ ÅëÇØ ÃÖ±Ù¿¡ ÁÖ¸ñ ¹Þ°í ÀÖ´Â ¸®½ºÅ©¿Í À̸¦ ÅëÇØ IT¿Í Á¤º¸º¸È£ÀÇ ¸®½ºÅ©¸¦ ½ÉÃþ ºÐ¼®ÇÑ ¡®¸®½ºÅ© IT ÇÁ·¹ÀÓ¿öÅ©¡¯¸¦ µÎ·ç »ìÆ캸±â·Î ÇÑ´Ù. À̸¦ ÅëÇؼ­ Á¤º¸º¸È£¸¦ µµ±¸³ª ±â¼ú·Î¸¸ º¸´Â Â÷¿ø¿¡¼­ ±â¾÷À̳ª °ø°ø±â°üÀÇ Áß¿äÇÑ Àü·«À¸·Î ²ø¾î¿Ã¸®´Â ±âȸ°¡ µÇ±â¸¦ ¹Ù¶õ´Ù. º¸´Ù ÀÚ¼¼ÇÑ ³»¿ëÀº http://www.isaca.org/¿Í www.isaca.or.kr ¿¡¼­ ã¾Æº¼ ¼ö ÀÖ´Ù.

 

[Âü°íÀÚ·á ¹× Ãâó]

www.isaca.org

www.isaca.or.kr

www.isc2.org

www.cisspkorea.or.kr

Information Security Governance, ITGI, 2008

CISM Review Manual, ISACA, 2009

The IT Governance Implementation Guide-Using COBIT¢ç and Val IT 2nd Edition, ISACA, 2007

Official (ISC)2 Guide to the CISSP CBK, Auerbach Publications, 2007~2008

CISM ÇÑ±Û Review Manual, ISACA, 2011

ISACA Áö½Ä¿ë¾îÁý, ISACA Áö½Ä FAQ, Çѱ¹Á¤º¸½Ã½ºÅÛ°¨»çÅëÁ¦Çùȸ, 2009

IT °Å¹ö³Í½º ÇÁ·¹ÀÓ¿öÅ© ÄÚºø COBIT4.1À» Áß½ÉÀ¸·Î, ÀÎÆ÷´õºÏ½º, 2010

Á¤º¸º¸È£ Àü¹®°¡ÀÇ CISSP ³ëÆ®, ÀÎÆ÷´õºÏ½º, 2011

¸®½ºÅ© IT ÇÁ·¹ÀÓ¿öÅ©, Çѱ¹Á¤º¸½Ã½ºÅÛ°¨»çÅëÁ¦Çùȸ, 2012


ÇÊÀÚ´Â ---------------------------------------------------------------------------

Á¶ Èñ ÁØ josephc@chol.com         

CIA, CRMA, CGEIT, CISA, COBIT, CISM, CRISC, CCFP, CISSP, CSSLP, ISO 27001(P.A), ITIL intermediate, IT-PMP, PMP, ISO 20000(P.A)

G-ISMS ½É»ç¿ø, BS10012(P.A), BS25999(P.A), CPPG

PMS(P.A), (ISC)2 CISSP °øÀΰ­»ç, Á¤º¸½Ã½ºÅÛ°¨¸®¿ø,

ÇàÁ¤¾ÈÀüºÎ °³ÀÎÁ¤º¸º¸È£ Àü¹®°­»ç

ÇàÁ¤¾ÈÀüºÎ/Çѱ¹Á¤º¸È­ÁøÈï¿ø »çÀ̹ö¹üÁË¿¹¹æ±³È­ Àü¹®°­»ç


IT°Å¹ö³Í½º/ÄÁ¼³ÆÃ/°¨¸®¹ýÀÎ ¢ß¾¾¿¡ÀÌ¿¡½º ÄÁ¼³Æà ÀÌ»ç, °­¿ø´ëÇб³ °âÀÓ±³¼ö, ¼¼Á¾»çÀ̹ö´ëÇб³ ¿Ü·¡±³¼ö, ÇѾç´ëÇб³ ´ëÇпø ¿Ü·¡°­»ç, (ISC)2 CISSP Korea Çѱ¹ÁöºÎ, (»ç)Çѱ¹Á¤º¸½Ã½ºÅÛ°¨»çÅëÁ¦Çùȸ, Çѱ¹Æ÷·»½ÄÁ¶»çÀü¹®°¡Çùȸ¿¡¼­ È°µ¿ÇÏ°í ÀÖ´Ù. IT°¨»ç, ³»ºÎ°¨»ç, IT°Å¹ö³Í½º¿Í Á¤º¸º¸È£ °Å¹ö³Í½º°¡ ÁÖ °ü½ÉºÐ¾ßÀÌ´Ù, ÀÌ¿Í °ü·ÃÇؼ­ ÄÁ¼³ÆÃ, ±â°í, °­ÀÇ, °­¿¬È°µ¿À» È°¹ßÇÏ°Ô ÆîÄ¡°í ÀÖ´Ù. 2010³â µÎ ¹ø° ´ÜÇົÀÎ ¡®IT°Å¹ö³Í½º ÇÁ·¹ÀÓ¿öÅ© ÄÚºø, COBIT¡¯ Ãâ°£ ÈÄ, 2011³â¿¡ ¡®Á¤º¸º¸È£ Àü¹®°¡ÀÇ CISSP ³ëÆ®¡¯¸¦ ¹ß°£Çß°í, 2012³â ¡®¸®½ºÅ© IT ÇÁ·¹ÀÓ¿öÅ©¡¯¸¦ ¹ø¿ª Ãâ°£ÇßÀ¸¸ç, ÇöÀç °í·Á´ëÇб³ ÀϹݴëÇпø ¹Ú»ç°úÁ¤¿¡¼­ °øºÎ ÁßÀÌ´Ù.

-------------------------------------------------------------------------------------

 

<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>

  •  
  • 1
  • ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

  • ¡°
  •  SNS¿¡¼­µµ º¸¾È´º½º¸¦ ¹Þ¾Æº¸¼¼¿ä!! 
  • ¡±
¾Æ½ºÆ®·Ð½ÃÅ¥¸®Æ¼ ÆÄ¿öºñÁî 2023³â2¿ù23ÀÏ ½ÃÀÛ ³Ý¾Øµå ÆÄ¿öºñÁî ÁøÇà 2020³â1¿ù8ÀÏ ½ÃÀÛ~2021³â 1¿ù8ÀϱîÁö À§Áîµð¿£¿¡½º 2018
¼³¹®Á¶»ç
³»³â ȸ»ç¿¡ ²À µµÀÔÇÏ°í ½ÍÀº º¸¾È ¼Ö·ç¼Ç ¶Ç´Â Ç÷§ÆûÀº ¹«¾ùÀΰ¡¿ä?
XDR
EDR
AI º¸¾È
Á¦·ÎÆ®·¯½ºÆ®
°ø±Þ¸Á º¸¾È ü°è(SBOM)
Ŭ¶ó¿ìµå º¸¾È ¼Ö·ç¼Ç
±âŸ(´ñ±Û·Î)