FIPS 199: 두 판 사이의 차이
IT위키
(새 문서: 분류:보안 ;보안의 CIA 개념을 설명하는 NIST의 미국 공식 표준 문서 * '''기밀성(Confidentiality)''' ** Preserving authorized restrictions on inform...) |
편집 요약 없음 |
||
| 2번째 줄: | 2번째 줄: | ||
;보안의 [[CIA]] 개념을 설명하는 [[NIST]]의 미국 공식 표준 문서 | ;보안의 [[CIA]] 개념을 설명하는 [[NIST]]의 미국 공식 표준 문서 | ||
== 공식적 정의 == | |||
* '''기밀성(Confidentiality)''' | * '''기밀성(Confidentiality)''' | ||
** Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information | ** Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information | ||
| 7번째 줄: | 8번째 줄: | ||
** Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity | ** Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity | ||
* '''가용성(Integrity)''' | * '''가용성(Integrity)''' | ||
** Ensuring timely and reliable access to and use of information. | ** Ensuring timely and reliable access to and use of information | ||
== 3단계 보안성 == | |||
{| class="wikitable" | |||
|- | |||
! 구분 !! 낮음(Low) !! 중간(Moderate) !! 높음(High) | |||
|- | |||
| 기밀성 | |||
|| The unauthorized disclosure of information could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The unauthorized disclosure of information could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The unauthorized disclosure of information could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|- | |||
| 무결성 | |||
|| The unauthorized modification or destruction of information could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The unauthorized modification or destruction of information could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The unauthorized modification or destruction of information could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|- | |||
| 가용성 | |||
|| The disruption of access to or use of information or an information system could be expected to have a '''limited''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The disruption of access to or use of information or an information system could be expected to have a '''serious''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|| The disruption of access to or use of information or an information system could be expected to have a '''severe or catastrophic''' adverse effect on organizational operations, organizational assets, or individuals. | |||
|} | |||
2019년 10월 30일 (수) 13:34 기준 최신판
공식적 정의[편집 | 원본 편집]
- 기밀성(Confidentiality)
- Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information
- 무결성(Integrity)
- Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
- 가용성(Integrity)
- Ensuring timely and reliable access to and use of information
3단계 보안성[편집 | 원본 편집]
| 구분 | 낮음(Low) | 중간(Moderate) | 높음(High) |
|---|---|---|---|
| 기밀성 | The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
| 무결성 | The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
| 가용성 | The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
