사이버테러위협에서 CISSP 의역할과나아갈방향 2009.10.16 Ju Hyun, Jeon CISSP Korea Chapter Copyright 2009 (ISC)², Inc.. and CISSP Korea Chapter All Rights Reserved.
Profile * Ju Hyun, Jeon (sis@sis.pe.kr) http://twitter.com/boanin (CISSP, KISA ISMS) - CISSP Korea Chapter (CISSP Korea Chapter YongNam branch) - Dong Myong University as the holding of an additional post professor - www.boanin.com - Blog: www.sis.pe.kr - 지경부 IT mentor 2
NIST ( 미국표준기술연구소 ) CVE 연도별현황 CVE ; (Common Vulnerablities and Exposure) 3
전세계 CISSP 현황 There are approximately 63,124 CISSPs in 134 countries -2009,6 (source:isc2) (39,255) (2,541) (1,152) (1,258) (982) (1017) 5
(ISC)² ALIG members in the Asia-Pacific region include: * Australian Information Security Association (www.aisa.org.au) * Hong Kong Professional Information Security Association (www.pisa.org.hk) * Korea CISSP Chapter (www.cisspkorea.or.kr) * Malaysia INFOSEC.my (www.cybersecurity.org.my) * Singapore Association of Information Security Professional (www.aisp.sg) * Thailand Information Security Association (www.tisa.or.th) 6
Why CISSP? - 취직, 이직 - 자기계발 - 보안사업을위한전문인력수급 ( 법률에명시 ) - 글로벌 CBK 10개도메인 - CISA,CISSP - CSO,CISO 7
지금 CISSP 현실은? - 사후유지관리미흡 - 명함, 사업에만이용 - 자격증취득자활용 - 형식적유지, 실질적유지안함 - 수개월후에는또다른수많은위협대두 - CPE 유지어려움 - 왜 CISSP 자격증유지를해야하는지필요성못느낀다. 8
CPE 유지잘하려면? - CISSP CBK Review - e 심포지엄청취 https://isc2.brighttalk.com/ - Self study - CBK 10개도메인관련업무 - 자격증 ( 라이선스 ) 으로만아닌보안보증노력 9
CISSP Resource Guide https://resourceguide.isc2.org/index.asp 10
CISO 의무화 - Chief Information Security Officer - 연매출액 8000억원이상 - 내년부터의무적으로선임 - 정보통신망법에 CISO 의무화조치 - 정보화예산 5%, 정보화인력 10% 이상 ( 디지털타임스 -2009-09-20일자) http://www.asestores.com/merchant2/merchant.mvc?screen=prod&product_code=isc- AU7943&Category_Code=ISC-ISC2PRESS&Store_Code=ISC2 ( 참고포스팅 : http://www.sis.pe.kr/2856 ) 11
Exciting Computer Security Career Path - Systems Administrator - Information System Security Officer - Information System Security Manager - Chief Information Security Officer 12
Exciting Computer Security Career Path - Systems Administrator - basic computer configuration - helping end users - managing backups - troubleshooting basic network connectivity - administering user accounts - monitoring network performance - and learning what it takes to become an Information Security Officer 13
Exciting Computer Security Career Path - System Administrator Salary Range (source May 2008, Salary.com) 14
Exciting Computer Security Career Path - Information System Security Officer - implementing security policies - securing networks - troubleshooting access problems - reviewing security logs - assisting in developing security procedures - incident response - participate in recovery efforts - maintain security documents 15
Exciting Computer Security Career Path - Information System Security Officer Salary Range (source May 2008, Salary.com) 16
Exciting Computer Security Career Path - Information System Security Manager - developing security plans - recommending configuration and security products - planning disaster recovery - risk analysis, incident response - crisis management, asset allocation - performing security audits, penetration testing - educating employees on security policy - providing expert advice on security relevant projects 17
Exciting Computer Security Career Path - Information System Security Manager Salary Range (source May 2008, Salary.com) 18
Exciting Computer Security Career Path - Chief Information Security Officer - The CISO will ensure organizational security is being implemented and systems function as needed - The CISO will be involved with critical decisions affecting all things security. 19
Exciting Computer Security Career Path - Chief Information Security Officer Salary Range (source May 2008, Salary.com) 20
CISSP 나아갈방향 (1) - Systems Administrator - Information System Security Officer - Information System Security Manager - Chief Information Security Officer 21
CISSP 나아갈방향 (2) - 국내 CISSP 활성화, 홈페이지활용 - CPE 부여세미나개최 (2009년서울3회, 부산1회, 국제세미나 ) - 지역별, 기업별분야활성화 - (ISC)² 의적극적인지원 - 뉴스레터발송, CISSP의적극적참여 - 우수 CISSP 발굴포상 22
CISSP 나아갈방향 (3) - 트위터활용 (U.S.A) https://twitter.com/isc2 - 실시간창구역할 - http://www.twitter.com/boanin, @boanin 23
결론 - CISSP 윤리강령과역할에충실하자. - 한국 CISSP 위상을높이자. - CISSP 의자부심을가지고사이버지킴이가되자. - 자격증취득에만그치지말고활용을잘하자. 24
Thank you! Q & a Copyright 2009 (ISC)², Inc.. and CISSP Korea Chapter All Rights Reserved.