Public institution security products Delivery even without CC certification

Information Security, often reduced to InfoSec, is the method of securing information by mitigating details risks. It belongs to information threat administration. It usually entails protecting against or decreasing the probability of unauthorized/inappropriate access to information, or the illegal usage, disclosure, disruption, removal, corruption, adjustment, evaluation, recording, or decline of details. Furthermore, it also includes actions planned to reduce the adverse impacts of such occurrences. Safeguarded info might take any type of type, e.g. digital or physical, substantial (e.g. documentation) or intangible (e.g. understanding). Information security's main focus is the balanced protection of the confidentiality, integrity, and accessibility of data (likewise referred to as the CIA triad) while preserving a concentrate on efficient plan execution, all without hindering company performance. This is mainly accomplished through an organized risk management process that includes:

Recognizing info as well as related assets, plus prospective threats, susceptibilities, as well as impacts; examining the dangers; making a decision exactly how to attend to or deal with the dangers i.e. to avoid, mitigate, share or accept them; where danger reduction is required, selecting or creating proper security controls and implementing them; keeping an eye on the activities, making adjustments as essential to address any type of issues, changes and improvement opportunities. To systematize this discipline, academics as well as professionals team up to offer advice, plans, as well as market criteria on password, antivirus software application, firewall program, file encryption software application, legal obligation, security understanding and training, and so forth. This standardization might be additional driven by a variety of legislations as well as guidelines that influence just how information is accessed, refined, saved, transferred as well as destroyed. Nonetheless, the implementation of any kind of standards and also support within an entity might have restricted effect if a society of regular renovation isn't embraced.

In next year, the requirements of the public institution of information protection products are diversified. With the issuance of security features without CC certification, security products can be delivered to national and public institutions.

The National Intelligence Service, which verifies the stability of the IT security product, from January 1, from January 1 to the stability of the IT security product, and if you deliver information protection products to national and public institutions, you can receive 'security function identification' without 'CC certification' Worked.

As a result, an enterprise who wants to deliver 24 kinds of information protection products such as intrusion blocking system and spam blocking system to the public institutions, which would be able to deliver the security function confirmation.

'Security Function Confirmation' is a Korean Machinery Electronic Examination Research Institute, Korea Information and Communications Technology Association, Korea Information Security Technology Association, Korea Information Security Technology Association, Korea System Guarantee, and Korean Haiti Evaluation Warriors.

The IS said, We expect the timely response to the timely response to the motivational institutions of the cyber threat to the cyber threat and intelligent cyber threat to the intelligent cyber threat.

The IS is the National Security Technology Institute and the security industry with the National Security Technology Research and Security Industry, which runs the 'verification system improvement TF' for four weeks from the 22nd of last month to the 17th of the month, reflecting the opinions of the corporate site, I provided it.

Both 'CC Certification' and 'Security Function Confirm' confirm the safety of the IT product, 'CC certification' is a CC certification to meet international standards, 'Security Function Confirmation' is to meet our security standards for the IT products introduced in public areas This is a confirmation system.

In the past, only 'CC certification' is recognized, the CC assessment application of the enterprise was held at once, and the issuance of certificates was delayed.

In accordance with the diversification of the introduction requirements, companies can deliver newly developed information protection products faster to public institutions, and public institutions can also cope with cyber threats with a timely delivery of products with responding to new hacking attacks The IS said that the IS was explained.

The IS was to reflect the Security Function Confirmation simplification of the Security Function Confirmation, which reflects the industry's opinion in July. Simplified procedure The issuance period that the average of 170 days after the implementation was greatly shortened to average 39 days.

In April this year, we revised the 'Security Requirements', which is based on 'CC certification', 'security function confirmation', etc. 437 were reflected in the amendment.

We will continue to communicate steadily with enterprise and related organizations, steadily, and simplifying verification procedures, and we will be actively reflected in improving the industry requirements.