.jpg)
е ո...Ϻ ũ ּȭ ߱ؾ
[ȴ=赿 /SC] Ϻ() ¸ ǹѴ. ̹ ȿ 100% Ϻ ұ?
̿ ã , . Ŀ ̵ ϱ ڻ̴. ߿ ϰ óϴ ڻϼ ڰ ̵浵 . Ϻ 䱸´. ڻ꿡 ߿ ˾Ƴ, Ѽϰų ıϴ ƾѴ. ϸ ɱ?
ϴٰ ִ 캸, ܺο ܵǰ ð ġ ִ ݰ ߿ Ѵ. ش ҿ ԵǴ ڻ Ȯϰ öϰ ϵ Ѵ. , CCTV ġ 24ð 365 ϰ, ν̳ ȫä νİ Ѵ. ̷ ܿ ٵ ʴ´ٸ 100% ո ʴ´ٰ ?
ŸԵ No. 赵 , ó ϱ ̴.
⺸ ý ڸ ż Ѵ.
ο ڻ ڸ ż ´.
ý ǿ Ѵ.
ó ΰ ݰ Ա ѵ Ư Ȳ̴. ͳ ϴ ȯ濡 ó ϰ ɼ .
ó Ͻ õ ϰ پ ϴµ ִ. ̸ ǰ ƴ. ڿ µ ȭǰ ִ. ΰɰ Ŭ, ű ϴ ̿ ֵ Ǽ , ؾ ڻ ÷ȴ. Ŀ հ о, ̸ ȣ д ȯ ƴ.
Ϻ + = ũ ּȭ
ü赵 ϴ ο տ Ӽå ִ ̹ ȿ Ϻ ߱ϱ⺸ ٽ ƾ Ѵ. Ŀ 븮 ǥ(Attack Surface) ľϰ ũ ּȭϴ ߿ϴ. , ǥ ̰, ظ ּȭϴ Ϻ ȿ ̶ ִ.
ȭ ǥ ̴ Ȱ
ø̼ǰ ϴ ܰ. ǥ ʿѵ, 䱸 Ѵ. , , ȣȭ α ǥ ؼ Ǿ Ѵ. ǰ , ǰ ü ܿ ش ȣ ü ϴ ־ ũ ȭ ִ. ߿䵵 ó ڻϼ 䱸 ʿϰ, Ʈ μ͵ Ǿ Ѵ.
° ǥؿ Ǿ Ϸϰ, ĺ ġ Ǵ ܰ. (Continuous Integration) (Continuous Deployment) ο ڵȭ ϸ ȼ ִ. ڵ尡 Ƿ ȯ濡 ʵ ϴ ٽ̴.
° ø̼ǰ ĺ , ߰ ǰ ϰ ݿϴ ܰ. ̹ ȯ ȭϰ Ұ Ư¡̹Ƿ ߰ ϰ, ǰ ؾ ִ. ̸ ȭ ϰ ó ִ DevSecOps ȯ ʿϸ, ũ ӿũ ũ Ȱ ̷ ؾ Ѵ.
Ž ȭ ظ ּȭϴ Ȱ
ħ ̾ ִ ̺Ʈ ϴ ܰ. ̺Ʈ ܿ ܺ ؾ Ѵ. ̺Ʈ ؼ ø̼, , DB, Ʈũ, ڻ꿡 ϴ α SIEM(Security Information & Event Management) ϴ Ǿ Ѵ.
ƮƮ( ŷ , ϶) Ģ ŷ ִ ڸ 缺 ʿϴ. Ŀ Ǿ ְ, ڰ ֱ ̴. Ӽ (ABACAttribute Based Access Control) ϴ ܸ, , ð Ӽ ϰ ȭؾ Ѵ.
ܺ ŷ ǥ ִ , , ڻ, ǿϴ , ݿ ϴ Ǽڵ ɵ ľϴ Ȱ̴. ĺϰ ġ ν ִ.
° Ž ĺ ̺Ʈ ÿ Ȯϴ ܰ. α ǽɵǴ ̺Ʈ Žϰ Ž θ ϴ ٽ̴. ̸ ؼ Ž ó ȭϰ, Ž Ȯ ̴ ߿ϴ. ſ õ, Ŀ ߴٸ ֱٿ AI Ϸ õ ̷ ִ. Ǵ α ϸ鼭, Ǵϱ Ѱ迡 ߱ ̴.
°, Ž ĺ ̺Ʈ ϰ ġϴ ܰ. IP ϰ, Ӱ Ž Ʈϴ Ȱ ְ ȴ. ħ ǽɵǐ, ħص ڻ ݸϰ ܺ 縦 Ѵ. ̺Ʈ żϰ Ȯ ֵ, ϰ ÷̺(Playbook) ʿϴ. SOAR(Security Orchestration, Automation & Response) ϸ ṵ̈ ڵȭ ִ.
̹ 鿪 ü Źͽ ü ȭ ʿ
â ִ а, ̸ â ո ̹ ̴. ǥ ܴϰ ϰ, â հ ȯθ ĺϰ ġϴ ̹ 鿪 ü踦 ϴ ߿ϴ.
ϰ, ȿ ̹ 鿪 ü踦 ϱ ؼ DevSecOps ڵȭ SIEM, SOAR Ž ü踦 ִ ý ʿϴ. 濵 ̻ȸ ɰ , ȯ --- μ ũ ӿũ ٽ ϴ Źͽ ü踦 Ѵ.
̹ ó, Ϻ ȿ å ڸ ƴϴ. ΰ а Ǿ ڸ ϰ, ε ΰ 氢 ܸ ϰ, ϰ ̿ ִ ȭ Ǿ Ѵ. ̹ Źͽ ü谡 ȭǾ Ѵ.
[_赿 ]
Ұ_
- SC Ⱥ Ѱ(CISO)
- , ǻͽý, ISMS-P ɻ, ȱ
[ȴ=赿 /SC] Ϻ() ¸ ǹѴ. ̹ ȿ 100% Ϻ ұ?
̿ ã , . Ŀ ̵ ϱ ڻ̴. ߿ ϰ óϴ ڻϼ ڰ ̵浵 . Ϻ 䱸´. ڻ꿡 ߿ ˾Ƴ, Ѽϰų ıϴ ƾѴ. ϸ ɱ?
[ڷ: AI Ȱ]
ϴٰ ִ 캸, ܺο ܵǰ ð ġ ִ ݰ ߿ Ѵ. ش ҿ ԵǴ ڻ Ȯϰ öϰ ϵ Ѵ. , CCTV ġ 24ð 365 ϰ, ν̳ ȫä νİ Ѵ. ̷ ܿ ٵ ʴ´ٸ 100% ո ʴ´ٰ ?
ŸԵ No. 赵 , ó ϱ ̴.
⺸ ý ڸ ż Ѵ.
ο ڻ ڸ ż ´.
ý ǿ Ѵ.
ó ΰ ݰ Ա ѵ Ư Ȳ̴. ͳ ϴ ȯ濡 ó ϰ ɼ .
ó Ͻ õ ϰ پ ϴµ ִ. ̸ ǰ ƴ. ڿ µ ȭǰ ִ. ΰɰ Ŭ, ű ϴ ̿ ֵ Ǽ , ؾ ڻ ÷ȴ. Ŀ հ о, ̸ ȣ д ȯ ƴ.
Ϻ + = ũ ּȭ
ü赵 ϴ ο տ Ӽå ִ ̹ ȿ Ϻ ߱ϱ⺸ ٽ ƾ Ѵ. Ŀ 븮 ǥ(Attack Surface) ľϰ ũ ּȭϴ ߿ϴ. , ǥ ̰, ظ ּȭϴ Ϻ ȿ ̶ ִ.
ȭ ǥ ̴ Ȱ
ø̼ǰ ϴ ܰ. ǥ ʿѵ, 䱸 Ѵ. , , ȣȭ α ǥ ؼ Ǿ Ѵ. ǰ , ǰ ü ܿ ش ȣ ü ϴ ־ ũ ȭ ִ. ߿䵵 ó ڻϼ 䱸 ʿϰ, Ʈ μ͵ Ǿ Ѵ.
° ǥؿ Ǿ Ϸϰ, ĺ ġ Ǵ ܰ. (Continuous Integration) (Continuous Deployment) ο ڵȭ ϸ ȼ ִ. ڵ尡 Ƿ ȯ濡 ʵ ϴ ٽ̴.
° ø̼ǰ ĺ , ߰ ǰ ϰ ݿϴ ܰ. ̹ ȯ ȭϰ Ұ Ư¡̹Ƿ ߰ ϰ, ǰ ؾ ִ. ̸ ȭ ϰ ó ִ DevSecOps ȯ ʿϸ, ũ ӿũ ũ Ȱ ̷ ؾ Ѵ.
Ž ȭ ظ ּȭϴ Ȱ
ħ ̾ ִ ̺Ʈ ϴ ܰ. ̺Ʈ ܿ ܺ ؾ Ѵ. ̺Ʈ ؼ ø̼, , DB, Ʈũ, ڻ꿡 ϴ α SIEM(Security Information & Event Management) ϴ Ǿ Ѵ.
ƮƮ( ŷ , ϶) Ģ ŷ ִ ڸ 缺 ʿϴ. Ŀ Ǿ ְ, ڰ ֱ ̴. Ӽ (ABACAttribute Based Access Control) ϴ ܸ, , ð Ӽ ϰ ȭؾ Ѵ.
ܺ ŷ ǥ ִ , , ڻ, ǿϴ , ݿ ϴ Ǽڵ ɵ ľϴ Ȱ̴. ĺϰ ġ ν ִ.
° Ž ĺ ̺Ʈ ÿ Ȯϴ ܰ. α ǽɵǴ ̺Ʈ Žϰ Ž θ ϴ ٽ̴. ̸ ؼ Ž ó ȭϰ, Ž Ȯ ̴ ߿ϴ. ſ õ, Ŀ ߴٸ ֱٿ AI Ϸ õ ̷ ִ. Ǵ α ϸ鼭, Ǵϱ Ѱ迡 ߱ ̴.
°, Ž ĺ ̺Ʈ ϰ ġϴ ܰ. IP ϰ, Ӱ Ž Ʈϴ Ȱ ְ ȴ. ħ ǽɵǐ, ħص ڻ ݸϰ ܺ 縦 Ѵ. ̺Ʈ żϰ Ȯ ֵ, ϰ ÷̺(Playbook) ʿϴ. SOAR(Security Orchestration, Automation & Response) ϸ ṵ̈ ڵȭ ִ.
̹ 鿪 ü Źͽ ü ȭ ʿ
â ִ а, ̸ â ո ̹ ̴. ǥ ܴϰ ϰ, â հ ȯθ ĺϰ ġϴ ̹ 鿪 ü踦 ϴ ߿ϴ.
ϰ, ȿ ̹ 鿪 ü踦 ϱ ؼ DevSecOps ڵȭ SIEM, SOAR Ž ü踦 ִ ý ʿϴ. 濵 ̻ȸ ɰ , ȯ --- μ ũ ӿũ ٽ ϴ Źͽ ü踦 Ѵ.
̹ ó, Ϻ ȿ å ڸ ƴϴ. ΰ а Ǿ ڸ ϰ, ε ΰ 氢 ܸ ϰ, ϰ ̿ ִ ȭ Ǿ Ѵ. ̹ Źͽ ü谡 ȭǾ Ѵ.
[_赿 ]
Ұ_
- SC Ⱥ Ѱ(CISO)
- , ǻͽý, ISMS-P ɻ, ȱ
<۱: ȴ(www.boannews.com) ->
ȣ 纸
.jpg){kind=spacer}
.jpg)
.jpg)
