資訊安全營運中心(SOC)安全模型建立之研究-根基於ISO/IEC 27000標準系列

Abstract

二十一世紀的網路環境與資訊科技浪潮快速的演進下，各國政府組織及企業經營體競相欲藉知識與資訊系統做為競爭策略之際，在數位社會環境中之資訊資產亦成為頗具誘惑力之攻擊目標所威脅，以致資安風險急遽升高，引爆資訊疆界內外資訊安全的問題，因此宜建構具備在遭受全方位個體攻擊之資安威脅時，能展現偵測、即時預警及精確反應資安事件與通報系統之能量需求。因應此一新情勢之形成，資訊安全營運中心（Security Operation Center，SOC）之支援安全防護服務，將成為未來實現資安深度防禦（Defense in Depth）觀念成敗重要的環節。 本研究將根基於國際標準組織(International Organization for Standardization， ISO)公布之ISO/IEC 27000標準系列應遵循之標準及其框架探討，來做為建立資訊安全營運中心安全模型依據，冀望藉由建立系統安全性模型方法研究，提供一較符合組織安全需求及標準要求之建構過程，幫助如何識別威脅與風險分析及選擇控制措施，來降低潛在資訊資產衝擊問題為目的，以及探討SOC防護系統之資訊安全管理要求基準，並初步對其安全標準框架做一初探。確保SOC資訊與系統之安全，才能據以為實現堅實其在深度防禦策略框架中提升支援性基礎建設之安全，本研究可做為未來建構資訊安全營運中心時，提供促進開發人員和管理人員進行安全性分析與選擇控制措施之參考。

In 21st Century, we are living under the circumstances which computer network and information technology are rapidly fast. While the organizations of government and corporation all over the world have adopted knowledge and information systems as competition strategies, the worthy information assets and system became a very temptation targets to attack. The risk of information became more and more serious due to animus threats. It causes information security issues in the external and internal areas on the information domain. The adoption of an Information Security Management System (ISMS) should be a strategic decision for an organization. The design and implementation of a supporting system, such as Security Operation Center (SOC), are expected. The SOC will be responsible to detect, alert in time, and response to a contingency when the event took place. This supporting system is very important that it will protect services for the information and information system and carry out the conception of Defense in Depth (DiD). This study established a security model for the Security Operation Center (SOC) base on ISO/IEC 27000 Series. The study expected to establish security model for SOC relied on threat modeling process. The goal of the study is to help identify threats and to select control countermeasures or security mechanisms through a risk analysis process. The study can mitigate threat, reduce impact of the information assets, and make a preliminary study of the baseline of security management for SOC. A solid ultimate security of SOC will be implemented with a framework of DiD strategy to ensure a supportive security of the basic infrastructure.