Ȩ > Q&A
| TTAK.KO-12.0093: Á¶Á÷ÀÇ Á¤º¸º¸È£ Á¤Ã¥ ¼ö¸³ °¡À̵å | |||
|---|---|---|---|
| ÀÛ¼ºÀÚ | Á¶³²Á÷ | ÀÛ¼ºÀÏ | ´äº¯¿Ï·á |
| À̸ÞÀÏ | no_lst@naver.com | Á¶È¸¼ö | 4519 |
| Á¤º¸º¸È£ Á¤Ã¥°ü·Ã ½ºÅ͵ðÁß TTA¿¡ ÁÁÀº ³»¿ëÀÌ ÀÖ¾î º¸°Ô µÇ¾ú½À´Ï´Ù. ³»¿ëÁß "5.2 ÂüÁ¶ÇÑ Ç¥ÁØ(±Ç°í)°ú º» Ç¥ÁØÀÇ ºñ±³Ç¥"°¡
ISO/IEC 27005:2011ÀÇ ³»¿ëÀ¸·Î º¸À̴µ¥ (Table 1 — Alignment of ISMS and Information Security Risk Management Process), À§Çè»çÁ¤(ASSESSMENT)À» À§Çè °ü¸®·Î Ç¥±âÇÏ¿© Á¤º¸º¸È£ Á¤Ã¥ ¼ö¸³(Establishment of Policy) ,Á¤º¸º¸È£°ü¸®Ã¼°è ¹üÀ§ ¼³Á¤(Scope Setting up), ±¸Çö(Implementation) , »çÈÄ°ü¸®(Follow-up Management)°¡ ¸ðµÎ À§Çè °ü¸®ÇÁ·Î¼¼½ºÀε¥ ¾Æ´Ñ°Í ó·³ Ç¥±â µÇ¾ú½À´Ï´Ù. ISO/IEC 27005¸¦ º¸½Ã¸é Risk assessment ÇÁ·Î¼¼½º´Â Risk management ÇÁ·Î¼¼½º¿¡ Æ÷ÇԵǴ ÇÁ·Î¼¼½ºÀÔ´Ï´Ù. |
|||
| ´äº¯ |
|---|
| ¾È³çÇϼ¼¿ä. TTA Á¤º¸Åë½Å ´ÜüǥÁØ¿¡ °ü½É °¡Á®Áּż °¨»çÇÕ´Ï´Ù. º» Ç¥ÁØÀ» °³¹ßÇÑ ¿¡µðÅͲ²¼ »ó¼¼ ¼³¸íÀ» µî·ÏÇϽŠ¸ÞÀÏ·Î ¼ÛºÎ µå·È½À´Ï´Ù. °¨»çÇÕ´Ï´Ù. |
