Risk Analysis Methodology for New Critical Information Infrastructure

In Korea, hacking, computer viruses, such as infringement on electronic systems for protecting Critical Information Infrastructure from the law was enacted. Every year, Specified facilities that Critical Information Infrastructure are analysed system risks and will be submitted to Central Government. This research intends to provide IT service attributes to take into account the methodology that predicts the security of Critical Information Infrastructure. The service provider who wants to offer the new Critical Information Infrastructure service needs to secure appropriate security measures based on threat and vulnerability analysis from IT service attributes and the service planning stage. However, it is difficult to use existing risk methodologies that perform threat analysis as the one that allows Service attributes This paper propose the information security framework that figures out security threats at the new IT Critical Information Infrastructure service planning stage, and easily identifies relevancy between security technologies and IT service attributes.