IT용어위키



FIPS 199

보안의 CIA 개념을 설명하는 NIST의 미국 공식 표준 문서

공식적 정의

  • 기밀성(Confidentiality)
    • Preserving authorized restrictions on information access and disclosure, including means for protecting persona privacy and proprietary information
  • 무결성(Integrity)
    • Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
  • 가용성(Integrity)
    • Ensuring timely and reliable access to and use of information

3단계 보안성

구분 낮음(Low) 중간(Moderate) 높음(High)
기밀성 The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
무결성 The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The unauthorized modification or destruction of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
가용성 The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

  출처: IT위키(IT위키에서 최신 문서 보기)
  * 본 페이지는 공대위키에서 미러링된 페이지입니다. 일부 오류나 표현의 누락이 있을 수 있습니다. 원본 문서는 공대위키에서 확인하세요!