CISM, ִ ҵ
° ϴ ʿء
̹ȸ â ̹ ü ȮѰ Ѵٴ ȸ ȭΰ ǰ ִ. ̸ Ѱ ִ 簡 Ȳ̴. ̹ ֺ 8ȸп CISO(Chief of Information Security Officer: ȴ ̻) ʿ伺 ϰ CISM ڰ ؼ Ұϴ ð ϰڴ. ڴ IT ()Ű åƮ. < >
[ ]
CISM Ұ
CISM 迵: ȰŹͽ
CISM 迵:
CISM 迵: α
CISM 迵: α
CISM 迵:
ISMS(Ȱü)
ù ° ۿ CISM CISO(Chief of Information Security Officer: ̻)μ ڸű Ͽ, ° ۿ CISM ڰ 5 ù ° ȣŹͽ 캸Ҵ. ̹ ȣ ° ð 迵 ° ڰ Ѵ. CISM ڽ ϰ ̰ Ǿ ٶ.
CISM 2
Information Risk Management Ѵٸ CISM ϴ (Risk)̶ ΰ? Ʈ ԵǾ ְ, IT ƴ϶ Ÿ ȹ, 迡 ĺϰ å Ͽ ϰ , IT ϳ س ϱ Ѵ. ٸ ̶ ־ ٷ ϴ ϱ? CISM ȮǼ(Uncertainty) Ѵ. Ȯϴٴ װ (positive) (negative) ٴ ̴. ȮǼ ĺؼ Ҹ Ű Ҹ ּȭ ϴ ̴.
Ȱ ٽڻ Ͽ 迡 ༺(Vulnerability) мϰ ༺ (Threat) 跮ȭϿ å(Countermeasures) ϴ Ϸ ֱ ȯü ̴.
(ȭ) ϴ ִ ִµ ̸ ܿ(residual risk) ϸ ܿ 濵 ؼ ȴ. ü ŵ Ӵ ( ڻ ϴ ȯ ؼ ο DZ ̴.) Ȥ ȭϱ ؼ Ѵ. (ALR: Acceptable Level of Risk) 濵 ϰ Ǵ ִ ̴. Ʒ ALR ̴.
7 Ȱ(Task Statement) ȭ (Knowledge Statement) Ǿ ִ.
CISM
(ȭ) Ǵ Ϸ üΰ CISM Ѵٸ?
̴.
(ALR) Ȥ (acceptance), å(countermeasures) ϴ Ҹ ̴.
2 迡 (monitoring) õϰ ִ. ϰ װ ŭ Ǵ CISM ؾ ̴.
CISM 迵 2 ٶ ð ٰ Ѵ. ⡱ ܾ ȸ ߴ. װ ȸ , ̲ ̴. ̷ ǻ ̻μ CISM ߾ ڰݿ̶ Ѵ. CISM ִ ҵ ° ϴ ʿ ?
ڼ http://www.isaca.or.kr/Ȥ http://www.lyzeum.com/ ãƺ ִ.
ڷ ó
http://www.isaca.org/
www.isaca.or.kr
www.lyzeum.com
Information Security Governance-Guide for BOD and xecutives, ITGI, 2004
Information Security Governance, ITGI, 2008
CISM Review Manual, ISACA. 2006~2008
CISM Review Questions/Answer/Explanations Manual, ISACA, 2008
[ ]
-:
-IT ()Ű åƮ
-б п а
-()ѱý ȸ ISACA GRA ȸ
-ѱ CISSP ȸ ISC2 Korea а
-CISM, CGEIT, CISA, COBIT, CISSP, PMP, ITIL, CIA, IT-EAP, ISO 27001 ý
ۡ(CISM, CGEIT, CISA, COBIT, CISSP, PMP, ISO27001, CIA, ý۰) / josephc@chol.com
[ α (reporter21@boannews.com)]
|