Ȩ > Ç¥ÁØÈ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ
Ç¥ÁعøÈ£ | TTAK.KO-12.0157 | ±¸Ç¥ÁعøÈ£ | |
---|---|---|---|
Á¦°³Á¤ÀÏ | 2010-12-23 | ÃÑÆäÀÌÁö | 23 |
ÇѱÛÇ¥Áظí | Á¶Á÷ÀÇ Á¤º¸º¸È£¸¦ À§ÇÑ ÀÚ»ê °ü¸® Áöħ | ||
¿µ¹®Ç¥Áظí | The Asset Management Guideline for Information Security of Organization | ||
Çѱ۳»¿ë¿ä¾à | Á¶Á÷¿¡¼´Â »ç¾÷À» ÃßÁøÇÏ°í ºñÁî´Ï½º¸¦ ¿µÀ§Çϱâ À§ÇØ ´Ù¾çÇÑ ÀÚ»êÀ» º¸À¯ÇÏ°í È°¿ëÇÏ°Ô µÈ´Ù. ±×·¯ÇÑ ÀÚ»êÀº »õ·Ó°Ô µµÀԵǰųª ÀÚ»êÀÇ »óÅ°¡ º¯°æµÇ°Å³ª ȤÀº »ç¿ëÀÌ ÁßÁöµÇ°Å³ª ȤÀº Æó±âµÇ´Â °úÁ¤À» °ÅÄ£´Ù. Áï ÀÚ»êÀÇ Æ¯¼º ¹× ¸ñÀû¿¡ µû¶ó »ý¸í ÁֱⰡ Àִµ¥, ÀÚ»êÀÇ »ý¸í Áֱ⠵¿¾È ÀÚ»êÀÌ Áö´Ñ °¡Ä¡¿¡ µû¶ó º¸È£µÇ±â À§Çؼ´Â ÀÚ»êÀÇ »óÅ¿¡ µû¶ó °ü¸® Á¤Ã¥ÀÌ ¼ö¸³µÇ¾î¾ß Çϸç, ÀÌ·¯ÇÑ °ü¸®Á¤Ã¥ ¼ö¸³Àº Á¶Á÷ÀÇ ¿î¿µ ȯ°æÀ» °í·ÁÇÏ¿© ¿øÄ¢°ú ±âÁØÀ» ¸¶·ÃÇÏ¿©¾ß ÇÑ´Ù.
º» Ç¥ÁØÀº Á¶Á÷¿¡¼ º¸È£ÇØ¾ß ÇÒ È¤Àº °¡Ä¡¸¦ Áö´Ñ ÀÚ»êÀÇ °ü¸® ÀýÂ÷¸¦ Á¤ÀÇÇÏ°í ÀÖ´Ù. Áï ÀÚ»êÀÇ °ü¸®Á¤Ã¥ ¼ö¸³, ÀÚ»êÀÇ Á¶»ç ¹× ½Äº°, ÀÚ»êÀÇ ºÐ·ù ¹× µî·Ï, ÀÚ»êÀÇ °¡Ä¡(Áß¿äµµ) Æò°¡, ÀÚ»êÀÇ º¯°æ °ü¸® µî 5°³ ´Ü°è·Î ±¸ºÐÇÏ¿© Á¦½ÃÇÏ°í ÀÖÀ¸¸ç, °¢ ´Ü°è¸¶´Ù ¼öÇàÇØ¾ß ÇÏ´Â ÁÖ¿ä È°µ¿À» Á¤ÀÇÇÏ°í ÀÖ´Ù. ¶ÇÇÑ Á¶Á÷¿¡¼ Á¤º¸º¸È£ Ãø¸éÀ» °í·ÁÇÏ¿© ÀÚ»ê °ü¸®¸¦ À§ÇØ È°¿ëµÉ ¼ö ÀÖ´Â °ü¸®¾ç½Ä(ÅÛÇø´)À» ¿¹·Î Á¦½ÃÇÏ°í ÀÖ´Ù. |
||
¿µ¹®³»¿ë¿ä¾à | An organization possesses and utilities various assets to promote and manage business. The assets are newly introduced, or the states of the assets are changed. Otherwise, the assets are stopped being used or are discarded.
The asset has a lifecycle based on its characteristics and purpose. A management policy based on the state of the asset is required to protect the asset in accordance with the value of the asset during the lifecycle of the asset. The management policy should have its principle and standard in consideration of the operating environment of the organization. This standard document defines procedures for managing assets to be protected by the organization or valuable assets. That is, this standard document shows that the asset management procedure includes five steps consisting of asset management policy establishment, examination and identification of assets, classification and registration of assets, estimation of asset values, change management, and defines main activities for each step. Also, this standard document suggests a management register(form) as an example which can be used for asset management in consideration of information security requirement. |
||
±¹Á¦Ç¥ÁØ | |||
°ü·ÃÆÄÀÏ | TTAK.KO-12.0157.pdf |