Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAE.IT-X.1521 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2011-12-21 ÃÑÆäÀÌÁö 41
ÇѱÛÇ¥ÁØ¸í °øÅë Ãë¾àÁ¡ Æò°¡ ü°è(CVSS)
¿µ¹®Ç¥Áظí Common Vulnerability Scoring System
Çѱ۳»¿ë¿ä¾à ÁÖ¿ä ³»¿ëÀ¸·Î´Â Á¤º¸Åë½Å±â¼ú °ü¸®ÀÚ°¡ ¿©·¯ ÀÌ ±âÁ¾ÀÇ Çϵå¿þ¾î ¹× ¼ÒÇÁÆ®¿þ¾î Ç÷§ÆûÀÇ Ãë¾àÁ¡µéÀ» È®ÀÎÇÏ°í °¢°¢ÀÇ µî±Þº°·Î Æò°¡ÇØ¾ß ÇÒ °ÍÀÌ ¸¹À» ¶§, Ãë¾àÁ¡ Á¤º¸µéÀ» À¯¿ëÇÑ Á¤º¸·Î ¹Ù²Ù¾î ó¸®ÇÒ ¼ö ÀÖ´Â °ø°³ ÇÁ·¹ÀÓ¿öÅ©ÀÎ CVSS ¹öÀü2¸¦ ¼³¸íÇÑ´Ù. CVSS´Â ±âº» ¸ÅÆ®¸¯½º, Àӽà ¸ÅÆ®¸¯½º, ȯ°æ ¸ÅÆ®¸¯½º ±×·ìÀ¸·Î ³ª´©°í, °¢ ±×·ìÀÇ ±¸¼º ¿ä¼Òµé, µ¿ÀÛ ¹æ½Ä, Æò°¡, »ç¿ëÀÚ¿¡ ´ëÇØ ¼³¸íÇÑ´Ù. ¶ÇÇÑ, Ãë¾àÁ¡ Æò°¡½Ã ºÐ¼®°¡µé¿¡°Ô µµ¿òÀÌ µÇ´Â ÁöħÀ» ¼³¸íÇÏ°í, °¢ ¸ÅÆ®¸¯½º ±×·ìµé¿¡ ´ëÇÑ ¹æÁ¤½Ä°ú ¾Ë°í¸®ÁòÀ» ¿¹Á¦¿Í ÇÔ²² ¼³¸íÇÑ´Ù.
¿µ¹®³»¿ë¿ä¾à The main content of this standard is that ICT management needs to identify and assess vulnerabilities across many disparate hardware and software platforms, and when there are so many to fix, with each being scored using different scales, it hard for ICT managers to convert this vulnerability data into actionable information. The CVSS version 2 is an open framework that addresses this issue. The CVSS is composed of Base, Temporal and Environmental metric groups, and this standard presents each consisting of a set of metrics, working of CVSS, CVSS scoring, CVSS users. Also, this standard presents guidelines that should help analysts when scoring vulnerabilities, and scoring equations and algorithms for each metric groups using some examples.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAE.IT-X.1521.pdf TTAE.IT-X.1521.pdf            

ÀÌÀü
ÀüÀÚÃ¥ DRM ¾Ïȣȭ ±Ô°Ý
´ÙÀ½
µðÁöÅÐ À½¾Ç ÄÜÅÙÃ÷ ±Ç¸®ÀÌ°üÁ¤º¸ ¸ÞŸµ¥ÀÌÅÍ ±¸¼º¿ä¼Ò