2010資通安全政策白皮書

2010

......................................................................................................... I
................................................................................................... II
.................................................................................................. IV
.......................................................................................... 1
.................................................... 3
.................................................... 8
................................................................................ 10
......................................................... 10
......................................................... 13
.............................................. 22
.............................................. 27
..................................................................... 34
............................................................................... 34
........................................................................ 36
................................................................................ 39
......................................................... 40
.................................................. 42
......................................................... 47
.................................................. 55
........................................................................................ 59
2009 ...................................................... 61
SRB
99 102 ............................................. 80
.................................... 90
2010
1-1
... 2
1-2
...................................................... 3
1-3
........................................... 6
2-2
.................................. 24
2-3
.............................. 24
2-4
2009-2010
......................................................................................... 28
2-5
2010 2009 ..... 29
3-1
.............................. 34
3-2
2009 SRB ..................... 38
4-1
............................................. 39
4-2
SRB ......................................................................... 40
4-3
.................................. 51
4-4
............ 58
1-1
........................................................ 61
1-2
................................................. 62
1-3
............................................................... 63
1-4
2008 ........ 64
1-5
2008 ................................. 65
1-7
....................... 67
1-8
............................................................ 69
1-9
....................................................................... 69
1-10
.......................................................... 70
1-11
................................................... 71
1-12
ISO27001/BS7799 CNS27001 .................. 72
II
2010
1-13
........................................ 73
1-14
........................................... 74
1-15
................................................... 75
1-16
.......................................................... 75
1-17
................................................... 76
1-18
2008 ....................................... 77
1-19
2008 ................. 77
III
2010
2-1
SWOT ................................................ 85
2-2
SRB .................................. 86
2-3
........................................................ 89
3-1
- ............... 90
3-2
- ............... 97
3-3
- ..............102
IV
2010
Information and Communication Security

2008 3 2008

2009 8
Strategy Review BoardSRB

1-1
1-1
2010
2010

2010

1994
2001
1-2
(CIIP)
(CISO)
(NSOC)
2008
(ISMS)
2001
2004
1-2
2005
2008
2009
2012
2001-2004
2001
2001-2004

3,713

1 2
3 4 7
A B C
D 4
3

20

Security Operation CenterSOC

2002 5
2008

PKIPublic Key Infrastructure

2007 e-Taiwan
2005-2008

2004 2005-2008 2007 2

Chief Information Security
OfficerCISO National Security
Operation CenterNSOC

2005
37 25

2010

NSOC

DNSDomain Name System

2001 30

2005
2003 2006
3,713 6,797

80
2006

2006

2009-2012

2009 1 2009-2012

5 20
4
10
30 2012

1-3

3~5
(
)
()
1-3
()
()
()
()
2010

2009 1
8 SRB

2009
12 SRB
36

2010

SCADASupervisory Control and Data Acquisition
DCSDistributed Control System

Center for Strategic and International Studies,
CSIS 600
10
2010
5 4

4 50
5000
Consumers Union 2010 5
52%

Personally
Identifiable Information

2010 4
15%

JavaScript
JavaScript

11

FBI National White
Collar Crime Center, NW3C Internet
Crime Complaint Center, IC32010 3 2009
IC3 2005 23.1
2009 33.6 1.8 5.6 2008
2.65 1

95 2009

12
2010

International Data Corporation, IDC

1 7

2014 2,655
2009-2014 15.1%

Web 2.0
Web 2.0

World Economy ForumWEF 2008-2009
Networked Readiness IndexNRI

13
1990

2001 911
Department of Homeland SecurityDHS

2002 Title III
Federal Information Security Management Act of 2002
FISMA
National Institute of Standards and TechnologyNIST

FISMA Office of Management and
BudgetOMB

Chief Information OfficerCIO
Inspector GeneralIG

85

2003 2
The National Strategy to Secure CyberspaceNSSC

14
2010

National Information Assurance PartnershipNIAP

The Infrastructure Security PartnershipTISP

National Cyber Security Partnership NCSP

NSSC

2009

15

2004 3 European Network
and Information Security AgencyENISA

2004 7 1
26 4
2001 11 23
3

2008 2 1 43

Identity, Privacy and Trust
Future Internet Assembly
FIA Towards a European approach to the Future Internet

Network Security Information
Exchanges NSIEs
Awareness Raising
AR2008 CERTComputer Emergency Response
16
2010
Team CSIRT Computer Security Incident Response Team

2008
2008-2010 Multi-annual Thematic Programmes
MTP
MTP1

MTP2

MTP3

2009 Information and Communication
TechnologyICT

2001 e-Japan
2005

e-Japan 2004 17
u-Japan
49 733 7

2003 2005 Japanese
Personal Information Protection ActJPIPA

2005
17
2006

2006 New IT Reform Strategy

2006 6 7
J-SoxJ-Sox 2008

Privacy Mark, P-Mark JIS Q15001

Japan Information Processing
Development CorporationJIPDEC P-Mark

2009

1996
Ministry of Information and CommunicationMIC
Korea Information Security Agency, KISA
18
2010
Research & Education Community Secure

Administration Security Vendors
KISA
KrCERT/CC Korea Computer Emergency Response Team Coordination
Center

2002 e-Korea Vision 2006
Broadband IT Korea Vision
2007
2004 IT 839
Ubiquitous Network SocietyUNS
2005

2008
Ministry of Public Administration and Security
MOPAS 5 2012

Soft Power
5
2009 7 23
National Internet Development Agency of Korea
Korea IT International Cooperation Agency
Korea Internet & Security Agency, KISA

2005 Infocomm Development Authority
IDA I-HubNext Generation I-Hub
19

6
National Infocomm Security
CommitteeNISC 2005-2007
Infocomm Security Masterplan 3,800 500

24

intelligent Nation 2015
iN2015 8,000 17.6
2015

iN2015

Association of Information Security Professionals
20
2010
AISP 2004

1984 1986
15 1991-1995
1996-2000 2001-2005

1999

Security Gateway

1995 1996

1999

1995 1994

2007 6
21

2008 5
2009 7
5

2001

2005

2006-2009
2007 65.5%

2009
22
2010
2-1
100%
350,000
80%
76.7%
75.3%
60%
300,000
65.5%
70.1%
250,000
200,000
150,000
40%
100,000
20%
14,419
26,046
174,352
285,718
0%
50,000
0
2006
2007
2008
2009
80
2-1
2006-2009

2009
49.0% 2.0%
9.3% 36.1%
2-2

2-3
23
,
9.3%
,
2.0%
,
36.1%
,
49.0%
, 3.7%
2009 12
15
2-2
56.5%
52.4%
44.8%
4
5
36.7%
33.9%
2009 12
2-3
24
2010

2008
52.9% 2009
36.5%

2001 10 31
2002 4 1

Public Key Infrastructure, PKI
PKI

2003

Common Criteria Recognition Arrangement
CCRA

2002
CNS 27001 59 2009 4

25
Information Security Management SystemISMS

Plan-Do-Check-Act PDCA

ISMS A 2008
ISMS B

2005

2003

2003 6 36

2004

2010 4 27

2010
26
2010

7 1

11
2-4
27
16.9%
60.6%
20.2% 1.5% 0.8%
15.1%
63.1%
19.0% 2.0% 0.8%
13.6%
51.2%
11.1%
30.5%
4.0%
SOA&BPM 2.3%
2.3%
1.3%
54.8%
21.0%
53.6%
17.1%
14.9%
24.3%
50.5%
27.0%
48.0%
40.1%
13.4%
2.5%
12.4%
2.8%
19.4%
49.7%
0.5% 6.8%
11
7.6% 1.2%
45.9%
26.0%
1.0% 14.6%
10
6.1% 2.5%
35.6%
44.5%
7.8%
26.7%
26.2%
39.7%
3.6%
6.6%
6.3%
10.3%
12.9%
MIC 2009 11
2-4
2009-2010

2010 66.3%
8.5%
17.7% 7.5% 2-5

/

28
2010
(-10%),
2.7%
(-10%),
4.8%
(10%),
8.5%
(10%),
17.7%
, 66.3%
MIC 2009 11
2-5
2010 2009

MIC 19.1

72%
4.5 28%
56.1
1.2 25.4%
1 74.6

29

40

ICSA International Computer Security Association
CVECommon Vulnerabilities and Exposures

AB

Unified
Threat ManagementUTM

30
2010

UTM

UTM

MIC 140

56
240

HIPAAHealth Insurance Portability and Accountability Act

31

50

32
2010
33

3-1
3-1
34
2010
35
36
2010

2009 8 SRB

3-2

37

300
1,700
ISMS
2010
2011ABISMS75
201210%
2010-20137.4
2010-20137.12

ISMS
300
1,700
3-2
2009 SRB
38
2010

4-1

4-1

2009 SRB
39

4-2
4-2
SRB
SRB
2009 12

40
2010

CERT CSIRT

2005

911 921
Severe Acute Respiratory Syndrome
SARS

41
42
2010

CISO

2010 1 2012
43

IT
governance COSOCommittee of Sponsoring OrganizationCOBIT
Control Objectives for Information and related Technologies
ISO27001 ITIL IT Infrastructure Library

/
44
2010

ISMS

1980

45

SRB

2010

1990
4,108 4

46
2010

Sarbanes-Oxley Act of 2002

COSOCOBITISO27001
ITIL

47
Policy People Process

Product

IC

ISO27001 PKI

48
2010

2009 SRB

SRB
ISO27001 2005
49

2004 8

2009 1

8

300 1,700

2010 20

SRB

50
2010
4-3
4-3

HIPAA

1996 HIPAA
2003
2005 Japanese Personal
Information Protection ActJPIPA
2008

51

Privacy Mark

Agreement on Government
Procurement GPA

IC

52
2010
ISO 27001

1.

2.

3.

53

Common CriteriaCC

CC

CCRA
54
2010
55

2003
G8 24/7 Network

2007

/

2006

56
2010

2006
2008

2010

2009 7

2006

SRB

1.
57

2.

4-4

4-4
58
2010

2001
2005-2008

2009
SRB

2008

59
60
2010
2009

2006

3
2009 SRB
2.1
1-1 3 10 20
1-2
3.1
3.2
2.1
2.2
2.3
2.4
2.5
1.1
1.2
1.3
1-1
61
2006
2007
2008
2009
5.08
4.56
5.4
5.2
38.0
39.9
46.1
16.2
9.6
14.54
72.7
72.7
72.7
72.7
*75.3
*65.5
*70.8
*76.7
*14.32
*18.16
*12.9
%
1,106
1,352
1,369
1,471
USTPO%
5.12 4.6 5.07 4.95
%
86.4
90.7
86.7
91.8
67.5
76.9
76.4
75.5
17.6
21.9
28.4
20.6
38.8
46.0
40.21
5.3
6.7
12.69
196
248
342
SSL
*169
*298
*312
*471.1
40.5
51.8
52.4
54.77
0.65
0.8
1.5
2.23
38.8
49.9
49.5
53.2
5.0
7.1
9.3
10.68
33.8
42.7
44.11
11.35
12.34
12.09
1-2
62
2010
3 5

2008
5.20
1-3

7.91 9.24
2008
1-3

63

New BASEL Capital Accord
BASEL II 53.8%

2005
2
2008
1-4
2008
2007
2006
2008
2007
2006
5996
2762
46.1%
5968
2381
39.9%
3537
1343
38.0%
1564
206
13.2%
1564
222
14.2%
1000
217
21.7%
225
84
37.3%
373
126
33.8%
200
103
51.5%
1342
123
9.2%
1191
96
8.1%
800
114
14.3%
()
1710
1138
66.5%
2074
1273
61.4%
1169
638
54.6%
2722
1418
52.1%
2330
886
38.0%
1368
488
35.7%
1-4
2008

14.54%

43.55% 1-5
64
2010
()
2009
5,999
1,567
225
1,342
2,117
2,315
2008
872
296
98
198
425
151
2008 2007 2007 2006

%
%
14.54%
18.89%
43.55%
14.75%
20.08%
6.52%
5,968
1,564
373
1,191
2,074
2,330
571 9.57% 3,537

117 7.48% 1,000
56 15.01% 200
61 5.12% 800
230 11.09% 1,169
224 9.61% 1,368
573
427
148
279
79
66
16.20%
42.70%
74.00%
34.88%
6.76%
4.82%
1-5
2008
36

65

2009 2008

80
2009
80 76.7 6.62%
1-6
80
80
2006
2007
14,419
10,863
75.30%

1-6
66
26,046
17,066
65.50%
2008
2009
174,352 285,718
143,122 219,146
70.08% 76.70%
2010

5 12

2008 140
369.41 96 12.9%
Gartner 2008
105 11.2%

2009
2009
2009
509 1.6
12.8 5 160
2009 369.41
12.8% 1-7
(:)
2004
2005
21,545 24,223
18,540 20,692
86.05% 85.42%
12.43%
2006
2007
2008
2009(f)
27,691
23,447
84.67%
14.32%
32,721
27,506
84.06%
18.16%
36,941
30,798
83.37%
12.90%
41,669
34,621
83.09%
12.80%
:2009
1-7
67
USTPO
2008 USTPO 1,471
4.95% 4 2004 10.03%
2005 -10.01% 2006
22.24%2007 1.26% 2008 7.45% 2008
22.94%
2003 5%2004 5.28%2005
5.12%2006 4.60% 2007 5.07%2008 4.95%
2004 5.87%2005 6.20%2006
6.65% 2007 8.15% 2003 2008
4.06% 2008 1.51%
22.94% 7.45%

97 91.82
1-8

68
2010
97 96 95 94 93
42,695
91.82
39,874
86.68
32,626
90.70
32,137
86.42 33,623
89.14
37,861
90.83
35,067
85.64
27,834
90.65
27,404
85.86 28,723
89.31
1,710
100.00
1,675
95.88
1,672
94.02
1,670
91.08
1,708
88.88
407
100.00
399
99.25
404
99.26
401
98.75
530
97.36
2,274
99.87
2,287
92.00
2,262
86.34
2,231
85.93
2,245
84.63
41
100.00
43
97.67
43
97.67
44
93.18
39
89.74
348
94.54
349
94.56
351
94.87
343
94.75
333
92.19
54
100.00
54
100.00
60
100.00
44
97.73
45
97.78
2004 2008
1-8

97 1.67%

1-9
97
96 95 94
42,695
75.51 39,874
76.40
32,626
76.91 32,137
67.50
37,861
73.59 35,067
75.26
27,834
76.27 27,404
66.03
1,710
89.47
1,675
83.82
1,672
78.23
1,670
79.52
407
76.41
399
72.93
404
73.51
401
71.57
2,274
92.88
2,287
85.96
2,262
81.87
2,231
72.21
41
90.24
43
97.67
43
97.67
44
93.18
348
94.83
349
91.40
351
88.03
343
85.13
54
100.00
54
94.44
60
95.00
44
88.64
93
21,033
62.56
17,570
61.17
1,275
74.65
295
55.66
1,541
68.64
35
89.74
276
82.88
41
91.11
2004 2008
1-9
IDS

20.26%
69

55.56% 44.25%

IDS CSI/FBI69%

10 1-10
97 96 95 94
(IDS)
(IDS)
(IDS)
42,695
20.26 39,874
28.35
32,626
21.91
32,137
17.65
37,861
21.85 35,067
27.56
27,834
20.54
27,404
16.17
1,710
7.66
1,675
42.51
1,672
36.36
1,670
34.61
407
7.62
399
44.11
404
42.08
401
36.91
2,274
1.14
2,287
24.31
2,262
21.09
2,231
16.09
41
12.20
43
55.81
43
58.14
44
40.91
348
44.25
349
42.12
351
35.61
343
34.40
54
55.56
54
48.15
60
41.67
44
40.91
93
(IDS)
33,623
18.71
28,723
17.95
1,708
29.92
530
29.25
2,245
14.25
39
41.03
333
33.63
45
46.67
2004 2008
1-10

2008
40.21 46.03%
2008
40.40 23.20

1-11
70
2010
97 96 95
(%)
(%)
6,401 2,574 40.21% 5,968

2,747
46.03%
3,537 1,068 30.2%
1,567
403
25.70%
1,564
765
48.91%
1,000
272
27.2%
225
91
40.40%
373
261
69.97%
200
90
45.0%
1,342
311
23.20%
1,191
504
42.32%
800
182
22.8%
()
2,117
995
47.00%
2,074
974
46.96%
1,169
444
38.0%
2,717 1,176
43.28%
2,330
1,008
43.26%
1,368
352
25.7%
2004 2008
1-11

e

ISO27001BS7799 CNS27001
2009 10
11.87 1-12 A
B 2005
A BCD A B

71
A
B
1,584
1,231
688
543
353
61
292
188
31
26
5
157
54
103
11.87%
2.52%
3.78%
0.92%
44.48%
88.52%
35.27%
International ISMS Register Search
1-12
ISO27001/BS7799 CNS27001

Certified
Information Systems Security Professional, CISSPISO27001/BS7799
Lead Auditor Certified Ethical Hacker,
CEH Computer Hacking Forensic Investigator, CHFI

1-13 2009
342 278.56 ISO27001/BS7799

72
2010
2007 2008 2009
214
248
224
CISSP
1,452 2,156 2,896
ISO27001/BS7799 Lead Auditor()
91
371
471
(CEH)()
12
19
19
(CHFI)()
9.76 10.03 10.57
()
181.25 278.56
342
()
:BSS7799
1-13
SSL

EU e-Business W@tch
SSLSecure Socket LayerTLSTransport
Layer Security SSL

97

SSL
2009 471.1 2008 311.8
SSL
pchome
73

2008
54.77 1-14

97 96 95 94
42,695
54.77 39,874
52.40
32,626
51.85 32,137 40.55
37,861
55.52 35,067
53.07
27,834
52.31 27,404 38.59
1,710
39.47
1,675
36.30
1,672
36.30
1,670 41.74
407
25.31
399
24.56
404
27.97
401 39.40
2,274
55.41
2,287
54.70
2,262
57.25
2,231 58.05
41
48.78
43
41.86
43
39.53
44 61.36
348
76.15
349
77.65
351
78.35
343 73.76
54
72.22
54
68.52
60
80.00
44 54.55
93
33,623
49.55
28,723
48.58
1,708
46.78
530
40.19
2,245
62.49
39
61.54
333
72.37
45
57.78
2004 2008
1-14

2.23
1-15
CSI 2008
17%
74
2010
97 96 95 94 93
42,695
2.23
39,874
1.52
32,626
0.80 32,137
0.65 21,033
0.55
37,861
1.99
35,067
1.50
27,834
0.76 27,404
0.61 17,570
0.43
1,710
3.80
1,675
0.72
1,672
0.48
1,670
0.36
1,275
0.76
407
0.49
399
404
401
295
2,274
5.15
2,287
2.49
2,262
1.41
2,231
1.30
1,541
1.47
41
2.44
43
43
44
35
348
3.74
349
2.87
351
2.85
343
2.04
276
4.80
54
1.85
54
2
60
44
41
-
2004 2008
1-15

1-16 2008 53.2

97 96 95 94 93
42,695
53.20
39,874
49.48
32,626
49.87 32,137 38.80 21,033
48.34
37,861
54.51
35,067
50.92
27,834
51.33 27,404 37.68 17,570
48.03
1,710
33.74
1,675
28.36
1,672
28.83
1,670 35.81
1,275
40.87
407
23.83
399
21.55
404
24.01
401 37.41
295
37.36
2,274
48.86
2,287
44.43
2,262
48.32
2,231 50.47
1,541
57.10
41
43.90
43
32.56
43
30.23
44 52.27
35
56.41
348
67.24
349
70.49
351
71.79
343 65.31
276
69.67
54
70.37
54
64.81
60
78.33
44 50.00
41
57.78
2004 2008
1-16

2008
10.68
75

1-17
97 96 95 94 93
42,695
37,861
1,710
407
2,274
41
348
54
10.68
11.57
0.94
0.25
3.42
0.00
28.16
20.37
39,874
35,067
1,675
399
2,287
43
349
54
9.34
8.91
6.75
5.26
14.30
13.95
34.67
25.93
32,626
27,834
1,672
404
2,262
43
351
60
7.05
5.83
6.46
6.44
18.30
6.98
33.62
15.00
32,137
27,404
1,670
401
2,231
44
343
44
5.00
3.70
7.60
2.99
14.93
11.36
32.07
13.64
21,033
17,570
1,275
295
1,541
35
276
41
4.92
3.52
10.36
3.58
15.32
5.13
27.93
15.56
2004 2008
1-17

2
2

1-18
76
2010
2008
2008
2007 2006 2006
2007
(%)
(%)
(%)
5,999
2,646
44.11%
5,968
2,548
42.69%
3,537 1,196
33.80%
1,567
156
9.95%
1,564
162
10.36%
1,000
134
13.40%
225
78
34.70%
373
105
28.15%
200
89
44.50%
1,342
78
5.80%
1,191
57
4.79%
800
45
5.63%
2,117
1,509
71.28%
2,074
1,220
58.82%
1,169
744
63.64%
2,315
981
42.38%
2,330
1,166
50.04%
1,368
319
23.32%
1-18
2008

12.08 M
6
18
M
1-19
(%)
6~ 12~ 18
12 18
3,618
877
53.5%
10.2%
1.9%
33.2%
1,567
124
48.4%
8.0%
5.4%
34.4%
225
46
78.3%
6.5%
2.2%
13.0%
1,342
140
38.6%
8.6%
6.4%
41.4%
()
1,042
180
62.67%
12.00%
0.00%
25.33%
1,009
573
49.49%
10.51%
0.26%
39.74%
1-19
2008
77

2007 100
2008
98
96 2009
106
109.07
2006 106.14

103.26
1-20

IDS

1-21
78
2010
112
110
109.07
108.80
108
106.14
106
103.26
104
102
100
100
98
98.15
96
96.48
94
92
90
96
97
98

1-20
97
98
(96)
(96)
(97 CSI FISMA)
120
120
100
100
80
80
60
60
40
40
20
20
-20
-20
-40
-40
-60
-60
-80
-80
79
1-21
(IDS)
(USTPO)

SRB
99 102

98 1 7
98
8 18 20

5 12

( )
( )
80
2010

()
2008 56
240
2008 458 2011

682
Cloud Computing ICT

2 3

220
180 3

81

98 1 98 101
300
1,700
82
2010
( 2008 ) 47%1~8
449 446 40%
2,200 1 $2.76
59%
2
97 98 9 2
5 2008
35.5 26.3

97 30
1,377.02 5.2% 71.56
9.24% 7.91% 6.74%
4.84% 4.78% 4.51%

9.12% 3
TWNIC 2009
1580 7
262 167

1 Identity Theft Resource Center, ITRC

2008 8
2 14 2008 11
3 2007/2008 650/680 59/62
9.08%/9.12% US Fiscal Year 2008 Report to Congress on Implementation
of The Federal Information Security Management Act of 2002
83

SWOT 1
84
2010
2-1
SWOT
Strengths S
WeaknessesW
1.
1.
2.

2.
3.

3.
4.
4.

5.

5.
OpportunitiesO
ThreatsT
1.
1.
2.
2.
3.
3.
4.
4.
85

15 2

2-2
SRB
1.
1.1
2.1
(ISMS)
2.
3.1
3.
4.
5.
4.1
5.1
6.
6.1
6.2

7.
7.1
7.2
8.
8.1
8.2
86
2010
9.
9.1
9.2
( )
( )

10.

10.1

10.2

10.3
10.4

10.5

10.6
11.
ISO
27001:2005
12.
11.1
12.1
13.1
13.
13.2
300
13.3
1,700
)
14.

14.1

87
15.
15.1
15.2

15.3

15.4

15.5
15.6

15.7

15.8
88
2010

99 ~102 3
2-3
99
100
101
102
8,000
8,000
282,775
152,775
152,775
152,775
741,100
149,550
165,150
183,150
214,150
712,000
96,000
96,000
96,000
96,000
384,000
191,500
192,000
200,000
2,000
1,000
1,000
1,000
5,000
56,000
50,000
50,000
50,000
206,000
25,000
25,000
25,000
215,000
225,000
235,000
245,000
920,000
1,025,825
906,925
942,925
758,925
3,634,600
583,500
75,000
89

3-1
1.
1.1.
99
~102
99
(1) ISMS
(1)
(2)
(2) (3)
(ISMS)
(2)

(ISMS)
99 ~102
(3) ISMS
25%
(4) ISMS
1
(3)
90
2010
(4)
2.
2-1.
99
~102
99
(1)
(1)
100 ~102
(2)
100 15 (
IASP )101
20 (
)102 25 (
99 ~102
(2)
(3)
3.
3-1.
99
~102
(1)
99
(1)
(1)
100
(2)
91
(3)
(4) 3
(5) 1
( )
(6)
101
(7) 1
(2)
(8) 1
102
(9)
(3)
(4)

(10)
)
(5)
92
2010
4.
(1)
98 (1)
~101
(2) 98
99
(3) A B
(2)
98 99 100
50% 65% 75%
(3)
(ISMS)
5.
(1)
98 (1) 98
~101
(3) 98
99 101 2
(2) 98 99 2 6
(2)
(3)
6.
6-1.
99 (1)
~102
(2)
(3) A B ( ) 135
(1)
(2)
(3) AB
120
(4) CD ( ) 250
(5)
93
(4) CD
(5)
6-2.
99 (1)
~102
(1)
(2)
2
(2)
(3)
(3)
(4)
7-1.
99 (1) A-SOC A-ISAC
~102
(1) A-SOC
7.
A-ISAC
3
(2) Botnet 10%
(3) 13

(2) Botnet
(3)
(4)
(mini
SOC)
(4)
7-2.
99 (1)
~102
(TANetCERT)
(2)
TANetCERT
(3)
(4) (
REN-ISAC FIRST CERT/CC)
94
2010
8.
8-1.
99
~102
(1)
(1)
(2) 360
) (2)
(3) 20
(4)
(3)
(5)
(6)
(4)
(5)
(6)
8-2.
99 (1)
~102
(1)
(2)
(3)
30-35
(2)
200 ( )
(3)
35
(4) 1
1
(4)
(5)
ISMS 100
10
(5)
(6)
ISMS
(6)
95
96
2010
3-2
9-1.
99
~102
(1)
9.

(1)
( )
(2) 99
50
(3) 5
(2)
9-2.
99
~102
(1)
(1)
(2)
(3) 6
100
(2)
10-1.
99
~102
(1)
10.
(1)
400
(2)
(3)
(2)
10-2.
99
~102
4000
97
10-3.
99
~102
(1)
2000
(2)
2500
10-4.
99
~102
(1)
(1)
8
(2)
80 12
(2)
10-5.
99
~102
(1)
(2)
(3)
98
2010
10-6.
99
~102
(1)
(1)
(2)

( ) 25
4000
(2)
30
(3)
30
(4)
(5)
99
(6)
165
(7)
165
15
165
100
2010
11-1.
99
~101
(1)
ISO
27001:2
11.
005
(1) 400
(2) 80
(3)
9%
(2)
(3)
12-1.
99
~101
12.
(1)
(2) 10%
101
3-3
13-1.
99
~102
(1)
13.

(1)
(2)
4
(3) 30
(2)
(3)
13-2.
99
~102
(1) 99
~102
13-3.
99
(1)
(2) 100
(3) 101
(4) ( )
102
2010
(2)
(3) /
(4)
14-1.
99
~102
(1)
14.
(1) 2
(2) 2
/
(2)
-
103
(1) 1 Web
15-1.
99
~101
(1)
15.
(2) 1
3
(3) 40
(2)
15-2.
99
2 (
~101
104
2010
15-3.
99
~101
(1)
Top10
(2)
(3)
15-4.
99
~102
(1)
(2)
(3)
15-5.
99
~102
(1) 70
(2) 3
105
(1)
(2)
15-6.
99
~102
(1)
(1)
50
(2)
(3) 300
(2)
15-7.
99
~102
(1)
(1)
(2) ( )
(3) 500
(2)
15-8.
99
~102
(1)
(1)
(2)
(3)
106
2010
(2)
107

2010資通安全政策白皮書

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2010資通安全政策白皮書

Uploaded by

Copyright:

Available Formats

2010

2010 2009 ..... 29

2009 SRB ..................... 38

ISO27001/BS7799 CNS27001 .................. 72

Information and Communication Security

Team CSIRT Computer Security Incident Response Team

Research & Education Community Secure

Information Security Management SystemISMS

20.2% 1.5% 0.8%

19.0% 2.0% 0.8%

Policy People Process

2008 2007 2007 2006

571 9.57% 3,537

6,401 2,574 40.21% 5,968

International ISMS Register Search

2007 2008 2009

(97 CSI FISMA)

2008 458 2011

Cloud Computing ICT

1 Identity Theft Resource Center, ITRC

50% 65% 75%

99 (1) A-SOC A-ISAC

You might also like