յ GRC: ö̾ ü
ۼ 2008-12-02
ȸ : 12,154
By Dr.Anton Chuvakin,Chief Logging evangelist, Loglogic SC Magaine
Mar 18,2008
ó, ¿ Ը ؼ 쿡 ǻ ڵ鿡 ſ Ǵ ó ϴ ǥص鿡 ִ.
Sarbanes-Oxley(SOX)Ӹ ƴ϶, CIO CSO Ƿ þ HIPAA ϰ Ѵ; ſī ŷ óϴ PCI DSS; ٸ ۷ι, ų ӹ Ӹ ƴ϶ FISMA ִ.
CIO - ʰ!- Ű ϱ⸦ ٶ, װ͵ 翡 ִ: å Ű ͻӸ ƴ϶ ̰ ȣϱ ǻͿ Ʈũ ϱ ̴.
ö̾ ϰ ɸ ϴ DZ CIO ־ Ǹ̴. ö̾ 翡 ϴ Ǵ Ҽ 쿡 CIO ȸ簡 鸸 밡 ġ ֵ Ѵ.
쿡 մϴ, ʴ ǰ Դϴ. 뵵 Ϻδ: .
ϰԵ, ϰ, IT ְϰ ö̾ ϱ յ ý äϴµ ຸ Դ. ӽù ġ߱ ٹ Ͽ.
ö̾ ϰ, а ȥ , װ͵ ٷ Ϸ(silos)-governance, risk, compliance- IT GRC ˷ ϳ յ ڵȭ ÷ ν ִ.
GRC: New Acronym - New Concept?
Źͽ, ũ, ö̾ μ ؾ ϴ ̴. ǹ̸ 캸 .
IT Źͽ IT äð 뿡 Ͽ ٽ ǻ å ִ, 鿡 å , ͵ǰ Ǵ ϴ IT å Ѵ. ǻȰ, IT Źͽ ϴ ä, Ʈ м ̲ ȸ Ӹϴ Ѵ. Źͽ μ,μ,μ - ϱ ̰ ؾ Ѵ.
GRC IT Ʈ ̴. CIO Ҿ Ӿ õ ȭϴ Ͻ 䱸 ϴ 䱸ϴ Ӹ ƴ϶, ġ Ǵ ϰ, Ʈ ַǰ μ ҽ ڵκ ϴ ҵ ϵ 䱸ϴ ̴. Դٰ, Ͻ ø ȿ ϴ ÿ, perimeter ܴ ˰ ȭ ϴ Ӿ ϴ landscape ϴ ̴.
, 츮 åӰ ǥص, SOX, HIPAA, PCI DSS, FISMA IT ǹ ġ ĺ Ȱ ö̾ ƿԴ. IT ö̾ Źͽ ϴµ, װ ٽ ö̾ ӿ , , ϴµ Ѵ. ñ IT ȿ Ǵ и ϴ پ ǰ best practice εǾ Ѵ.
IT GRC , ε ϴ ˰Ե ̴.
Źͽ, ũ, ö̾ ̿ ٷ ɷ̰ ִ Ѵ. , ȭϰ ö̾ ϱ , ITŹͽ μ ̼ ǰ ü Ѵ.
ϰ, ö̾ µ ǥ , 谨 ° ߺȴ. Źͽ ö̾ ӿ ϵ .
, IT Źͽ, ũ, ö̾ ϸ Ǿ ٷٸ ɸ ̰ ū ̴. ư, μ ο ؾ ϱ , μ鿡 G, R, C ν ϰ Ȯϰ ϰ ȿ شȭ ʰڴ°?
GRC vs ǡ ϴ
ݱ, IT GRC 縦 ϰ ݿ ϵ 鼭, κ Ͻ ȣϴ ǿ μ ֵ ȯ߱⸦ ٶ. ̸ ܰ ΰ?
ǰ α GRC ¿ ϶ ̴. Դ, ð̳ ڴ , ̳ ӽ ° ﰢ ְ ° λ ؾ Ѵ. , GRC ֵ Ǵ Ͽ, װ͵ ȭѶ.
Analysis firm ǵ ó, IT GRC Ϲ Ҵ Ѵ:
-α
-Identity access management
-Configuration management
- м
ٷ ڵȭ ַ ĺϴ GRC ִ ɵ ϴ Ѵ.
ù°, α ȯ ̳ Ž, , ñ åӼ ù° layer ϴ ̴. α ʹ , ,, ǵȴ ϱ ؼ Ʈũ, ȭ, ̼, ͺ̽ ͵κ ʿ䰡 ִ. α ʹ dead weight . ̰ ܺ Ȱ ϱ ݵ мǾ ϰ Ǿ Ѵ.
̷ӰԵ, α identity access management ϵ Ѵ. IdM ġ ȭϰ, Ȱ ϰ Ǽ ID α״ ϴ ̺Ʈ Ӿ fingerprint Ѵ.
α ΰ ý ȹ濡 Ͽ Ӿ ϵ ν 濡 Ѵ. Ǵ ̾ ϴ ݸ, α configuration ٸ ʰ ϴ Žϰ װ͵ ϴ .
, α ȮǼ åӼ layer ν µ ϵ ´. SoD ǹ ݵ Ŵ α鿡 Ÿ ̰ Ͽ ŽǾ ִ.
ֵ, α IT GRC Ѹ ִ. IT GRC ڵȭϿ డϵ α ַ Ȯ强 ʿ伺 ؾ . α Ȯ强 ߴ; Դٰ α ַ Ͻ Բ ־ Ѵ.
GRC IT ⸦ Ͽ ȭų ̴
IT Źͽ, ũ, ö̾ Ȱ ϴ ó CIO鿡 ̰ ֹó غ GRC ñ IT ȭϿ ȭų ̴.
ض, ⺻ ϱ ʿ . IT GRC ܰ踦 ϶: ̷ Źͽ μ, м , ö̾ ǥ ϵ ̺Ʈ ĸó ϱ Ȯ尡 α ַ ϶. εκ Է° ǵ Ƽ ų ִ .
, IT GRC ǥ Ͻ Ӹ ƴ϶ åӼ ǥ µ ξ Ѵ.