FIPS 199: Difference between revisions
From IT Wiki
(새 문서: 분류:보안 ;보안의 CIA 개념을 설명하는 NIST의 미국 공식 표준 문서 * '''기밀성(Confidentiality)''' ** Preserving authorized restrictions on inform...) |
No edit summary |
||
Line 2: | Line 2: | ||
;보안의 [[CIA]] 개념을 설명하는 [[NIST]]의 미국 공식 표준 문서 | ;보안의 [[CIA]] 개념을 설명하는 [[NIST]]의 미국 공식 표준 문서 | ||
== 공식적 정의 == | |||
* '''기밀성(Confidentiality)''' | * '''기밀성(Confidentiality)''' | ||
** Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information | ** Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information | ||
Line 7: | Line 8: | ||
** Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity | ** Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity | ||
* '''가용성(Integrity)''' | * '''가용성(Integrity)''' | ||
** Ensuring timely and reliable access to and use of information. | ** Ensuring timely and reliable access to and use of information | ||
== 3단계 보안성 == | |||
{| class="wikitable" | |||
|- | |||
! 구분 !! 낮음(Low) !! 중간(Moderate) !! 높음(High) | |||
|- | |||
| 기밀성 | |||
|| The unauthorized disclosure of information could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The unauthorized disclosure of information could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The unauthorized disclosure of information could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|- | |||
| 무결성 | |||
|| The unauthorized modification or destruction of information could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The unauthorized modification or destruction of information could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The unauthorized modification or destruction of information could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|- | |||
| 가용성 | |||
|| The disruption of access to or use of information or an information system could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The disruption of access to or use of information or an information system could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The disruption of access to or use of information or an information system could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|} |
Latest revision as of 13:34, 30 October 2019
공식적 정의[edit | edit source]
- 기밀성(Confidentiality)
- Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information
- 무결성(Integrity)
- Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
- 가용성(Integrity)
- Ensuring timely and reliable access to and use of information
3단계 보안성[edit | edit source]
구분 | 낮음(Low) | 중간(Moderate) | 높음(High) |
---|---|---|---|
기밀성 | The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
무결성 | The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
가용성 | The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |