최신판 |
당신의 편집 |
2번째 줄: |
2번째 줄: |
| ;보안의 [[CIA]] 개념을 설명하는 [[NIST]]의 미국 공식 표준 문서 | | ;보안의 [[CIA]] 개념을 설명하는 [[NIST]]의 미국 공식 표준 문서 |
|
| |
|
| == 공식적 정의 ==
| |
| * '''기밀성(Confidentiality)''' | | * '''기밀성(Confidentiality)''' |
| ** Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information | | ** Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information |
8번째 줄: |
7번째 줄: |
| ** Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity | | ** Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity |
| * '''가용성(Integrity)''' | | * '''가용성(Integrity)''' |
| ** Ensuring timely and reliable access to and use of information | | ** Ensuring timely and reliable access to and use of information. |
| | |
| == 3단계 보안성 ==
| |
| {| class="wikitable"
| |
| |-
| |
| ! 구분 !! 낮음(Low) !! 중간(Moderate) !! 높음(High)
| |
| |-
| |
| | 기밀성
| |
| || The unauthorized disclosure of information could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| || The unauthorized disclosure of information could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| || The unauthorized disclosure of information could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| |-
| |
| | 무결성
| |
| || The unauthorized modification or destruction of information could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| || The unauthorized modification or destruction of information could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| || The unauthorized modification or destruction of information could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| |-
| |
| | 가용성
| |
| || The disruption of access to or use of information or an information system could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| || The disruption of access to or use of information or an information system could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| || The disruption of access to or use of information or an information system could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals.
| |
| |}
| |