ISO/IEC 38500 ¿¡ ±â¹ÝÇÑ IT °Å¹ö³Í½ºÀÇ ±Ùº»
ISACA JOnline October 2010
Haris Hamidovic, CIA
°³º° ±â¾÷ ¾È¿¡¼³ª °æÁ¦ Àü¹Ý¿¡ °ÉÃļ, È¿°úÀûÀÎ ±â¾÷ °Å¹ö³Í½º ½Ã½ºÅÛÀÇ Á¸Àç´Â ½ÃÀå °æÁ¦ÀÇ ¿Ã¹Ù¸¥ ±â´ÉÀ» À§ÇØ ÇÊ¿äÇÑ ½Å·Ú ¼öÁØÀ» Á¦°øÇϴµ¥ µµ¿òÀ» ÁØ´Ù. 1
°Å¹ö³Í½º´Â °æ¿µÁøÀ» Åë°úÇÏ¿©, ÀÌ»çȸ°¡ ±â¾÷ ¹Ì¼ÇÀ» ´Þ¼ºÇϵµ·Ï ȸ»ç¸¦ ÀεµÇÏ°í ȸ»çÀÇ ÀÚ»êÀ» º¸È£Çϵµ·Ï ÇÏ´Â ÇÁ·Î¼¼½ºÀÌ´Ù. È¿°úÀûÀÎ °Å¹ö³Í½º´Â ÀÌ»çȸ°¡ °æ¿µÁø¿¡°Ô Á¶Á÷À» À§ÇÑ Àü·«Àû ¹æÇâ¿¡ ´ëÇÑ ¿Ã¹Ù¸¥ ¾È³»¸¦ Á¦°øÇÒ ¶§ ³ªÅ¸³´Ù. 2
Áö³ ¸î ³â¿¡ °ÉÃÄ, ¾÷¹« ±â´ÉÀÇ »ó´ç¼ö°¡ IT ¾øÀÌ´Â ºÒ°¡´ÉÇÒ Á¤µµ·Î IT´Â ºñÁî´Ï½ºÀÇ Á᫐ ÃàÀÌ µÇ°í ÀÖ´Ù. ´õ ÀÌ»ó IT´Â ±â¾÷°ú ºÐ¸®µÉ ¼ö ¾ø´Ù; IT´Â ±â¾÷ÀÇ Çʼö ¿ä¼ÒÀÌ´Ù. °ú°Å¿¡ »ç¾÷ º»ºÎÀåµé(=°íÀ§ ÀÓ¿ø)Àº IT °áÁ¤À» À§ÀÓÇϰųª, ¹«½ÃÇϰųª ȤÀº ȸÇÇÇÒ ¼ö ÀÖ¾úÁö¸¸, ÀÌÁ¦´Â ´ëºÎºÐ Áö¿ª°ú »ê¾÷¿¡¼ ºÒ°¡´ÉÇÏ´Ù. 3
IT È°µ¿¿¡ ´ëÇÑ ÀÌ»çȸ °¨µ¶ÀÇ ºÎÀç´Â À§ÇèÇÏ´Ù. ±×°ÍÀº ȸ»ç¸¦ ȸ°è ÀåºÎ¿¡ ´ëÇÑ °¨»ç¸¦ ½ÇÆÐÇÏ¿´À» °æ¿ì¿Í °°Àº À§Çè¿¡ ³õÀÌ°Ô ÇÑ´Ù. 4 »ç½Ç, ±¹Á¦°áÁ¦ÀºÇà(BIS)Àº ±ÝÀ¶±â°üÀÇ ÀÌ»çµéÀÌ ITµµ ´Ù¸¥ Àü·«ÀûÀÎ ÀÌ»çȸ ÀÇÁ¦¸¦ Ãë±ÞÇϵíÀÌ ´Ù·ç¾î¾ß ÇÑ´Ù°í ÁöÀûÇÏ°í ÀÖ´Ù. 5
Á¤º¸ ±â¼ú¿¡ ´ëÇÑ °áÁ¤Àû ÀÇÁ¸Àº IT ÅõÀÚ°¡ ÇÊ¿äÇÑ ºñÁî´Ï½º °¡Ä¡¸¦ »ý»êÇÒÁö¿Í IT °ü·Ã À§ÇèÀÌ ¿ÏȵǴÂÁö¸¦ º¸ÀåÇϱâ À§ÇÑ IT °Å¹ö³Í½º¿¡ Ưº°ÇÑ °ü½ÉÀ» ÇÊ¿ä·Î ÇÑ´Ù. 6
ÀÌ ±ÛÀÇ ÁÖ¿ä ¸ñÀûÀº IT °Å¹ö³Í½ºÀÇ ÁÖ¿ä ¿ä¼Ò, ¾÷°è¿¡¼ ÀÌ¿ëµÇ´Â ÁÖ¿ä ÇÁ·¹ÀÓ¿öÅ©, ±×¸®°í Á¶Á÷ÀÇ ÀÌ»çµéÀ» À§ÇØ ISO/IEC 38500¿¡ ±Ù°ÅÇÑ Á¶Á÷ ³»¿¡¼ È¿°úÀûÀÌ°í È¿À²ÀûÀÌ¸ç ¼ö¿ë°¡´ÉÇÑ IT ÀÌ¿ë¿¡ °üÇÑ °¡ÀÌµå ¿øÄ¢¿¡ ´ëÇØ ¼Ò°³ÇÏ´Â °ÍÀÌ´Ù. 7 ±×°ÍÀº Á¶Á÷¿¡¼ IT È°¿ë¿¡ ´ëÇÑ Ã¥¹«¸¦ ´ÙÇÏ´Â °ÍÀ¸·ÎºÎÅÍ ÀÌ»çµéÀ» Á¶·ÂÇØ¾ß ÇÒ °ÍÀÌ´Ù.
IT °Å¹ö³Í½º´Â ¹«¾ùÀ» ´Ù·ç´Â°¡?
IT°Å¹ö³Í½ºÇùȸ(ITGI)´Â IT °Å¹ö³Í½º°¡ ±Ùº»ÀûÀ¸·Î 2°¡Áö »çÇ׿¡ ´ëÇØ °ü·ÃÀÌ ÀÖ´Ù°í À̾߱âÇÑ´Ù: ITÀÇ ºñÁî´Ï½º¿¡ ´ëÇÑ °¡Ä¡ Á¦°ø°ú IT À§ÇèÀÇ ¿ÏÈ. óÀ½ °ÍÀº IT¿Í ºñÁî´Ï½ºÀÇ Àü·«Àû ¿¬°è¿¡ ÀÇÇØ ÃßÁøµÈ´Ù. µÎ¹ø° °ÍÀº ¼®¸í±Ç(accountability)¸¦ Àü»çÀûÀ¸·Î µµÀÔÇÔÀ¸·Î½á ÃßÁøµÈ´Ù.
IT °Å¹ö³Í½º´Â ÁÖ¿ä ÀÇ»ç°áÁ¤À» Çϴµ¥ ÀÖ¾î ´©°¡ ÀÚ°ÝÀ» °®´Â°¡, ´©°¡ ÅõÀԵǴ°¡, ´©°¡ ±× °áÁ¤¿¡ ÀÌÇàÇÏ´Â °Í¿¡ ¼®¸í±Ç(accountability)¸¦ °®´Â°¡¿¡ °üÇÑ °ÍÀÌ´Ù. ±×°ÍÀº IT °ü¸®(management)¿Í µ¿ÀǾ ¾Æ´Ï´Ù. IT °Å¹ö³Í½º´Â °áÁ¤ ±ÇÇÑ¿¡ °üÇÑ °ÍÀÌ°í ¹Ý¸é¿¡ IT °ü¸®´Â Á¦ÇÑµÈ IT °áÁ¤°ú ±¸ÇöÇÏ´Â °Í¿¡ °üÇÑ °ÍÀÌ´Ù. 10
IT °Å¹ö³Í½º ÇÁ·¹ÀÓ¿öÅ©
¸¹Àº Àü¹®°¡µéÀÌ Áß°£°ü¸®Àڵ鿡 ÀÇÇÑ ±¸ÇöÀ» À§ÇÏ¿© »ó¼¼ÇÏ°í ÀǵµµÈ ÇÁ·¹ÀÓ¿öÅ©µéÀ» Á¦½ÃÇÏ¿´´Ù. À̰͵éÀÌ IT °Å¹ö³Í½º ¡°ÇÁ·¹ÀÓ¿öÅ© frameworks¡±·Î ¾Ë·ÁÁ® ÀÖ´Ù. ÀÚÁÖ ÀοëµÇ´Â ÇÁ·¹ÀÓ¿öÅ©ÀÇ ÀϺδ µðÀ½°ú °°Àº °ÍÀÌ ÀÖ´Ù: 11
-
-
IT Infrastructure Library (ITIL)13
-
ÀÌ·¯ÇÑ ÇÁ·¹ÀÓ¿öÅ©µéÀÌ ¡°IT °Å¹ö³Í½º ÇÁ·¹ÀÓ¿öÅ©¡±·Î ±ÔÁ¤ÇÒ ¼ö ÀÖÀ» ¼ö´Â ÀÖÁö¸¸, »ç½ÇÀûÀ¸·Î ÀÌµé °¡¿îµ¥ ÀϺδ °ü¸® ÇÁ·¹ÀÓ¿öÅ©ÀÌ´Ù.
ÀÌ·¯ÇÑ ÇÁ·¹ÀÓ¿öÅ©µéÀº (À§¿Í) °°Àº Çö¾Èµé¿¡ ´ëÇÑ ´ë¾ÈÀû Ä¡·á¹ýÀÌ ¾Æ´Ï´Ù.15
COBITÀº IT °Å¹ö³Í½º ÇÁ·¹ÀÓ¿öÅ©ÀÌ¸é¼ Ã¥ÀÓÀÚ¿¡°Ô ÅëÁ¦ ¿ä°Ç, ±â¼úÀû À̽´ ±×¸®°í ºñÁî´Ï½º À§Çèµé »çÀÌÀÇ °¸À» ¸Þ¿ï ¼ö ÀÖµµ·Ï ÇØÁÖ´Â Áö¿ø µµ±¸µéÀÇ ¸ðÀ½ÀÌ´Ù. COBITÀº Á¶Á÷ Àü¹Ý¿¡ °ÉÃÄ IT ÅëÁ¦¸¦ À§ÇÑ ¸íÈ®ÇÑ Á¤Ã¥ °³¹ß°ú ¿ì¼ö ½Ç¹«¸¦ °¡´ÉÇÏ°Ô ÇØÁØ´Ù. COBITÀº ±Ô¹ü Áؼö¸¦ °Á¶ÇÏ°í, Á¶Á÷À¸·Î ÇÏ¿©±Ý IT·ÎºÎÅÍ ¾ò¾îÁö´Â °¡Ä¡¸¦ Áõ´ëÇϵµ·Ï µµ¿ÍÁÖ°í, (IT¿Í ºñÁî´Ï½º Àü·«ÀÇ) ¿¬°è¸¦ °¡´ÉÇÏ°Ô ÇÏ°í, ±×¸®°í COBIT ÇÁ·¹ÀÓ¿öÅ©ÀÇ ±¸ÇöÀ» ½±°Ô ÇØÁØ´Ù. 16
ITILÀº º»ÁúÀûÀ¸·Î IT ¼ºñ½º °ü¸®¸¦ À§ÇÑ ÇÁ·¹ÀÓ¿öÅ©ÀÇ ±¸ÇöÀ» µ½´Âµ¥ »ç¿ëµÇ´Â ÀÏ·ÃÀÇ ¹®¼µéÀÌ´Ù. ÀÌ ¸ÂÃãÈ°¡ °¡´ÉÇÑ ÇÁ·¹ÀÓ¿öÅ©´Â ¼ºñ½º °ü¸®°¡ Á¶Á÷ ¾È¿¡ Àû¿ëµÇ´Â ¹æ¹ýÀ» Á¤ÀÇÇÑ´Ù. ¿ø·¡ ITILÀº ¿µ±¹ Á¤ºÎ ±â°üÀÎ Áß¾Ó ÄÄÇ»ÅÍ ¹× Åë½Å Çùȸ(CCTA)¿¡ ÀÇÇØ ¸¸µé¾îÁ³Áö¸¸, Áö±ÝÀº IT ¼ºñ½º ±ÔÁ¤ÀÇ ¸ð¹ü ½Ç¹«¸¦ À§ÇÑ »ç½Ç»ó Ç¥ÁØÀ¸·Î½á ¼¼°èÀûÀ¸·Î äÅõǰí ÀÌ¿ëµÇ°í ÀÖ´Ù. ºñ·Ï ITILÀÌ ¸¹Àº ºÐ¾ß¸¦ ´Ù·ç°í ÀÖÁö¸¸, ±×°ÍÀÇ ÁÖ¿ä ÃÊÁ¡Àº IT ¼ºñ½º °ü¸®¿¡ °üÇÑ °ÍÀÌ´Ù. 17
ISO/IEC 27001:2005´Â Á¤º¸ º¸¾È °ü¸® ½Ã½ºÅÛÀ» À§ÇÑ ¿ä°ÇÀ» »ó¼¼È÷ ¼³¸íÇÑ Ç¥ÁØÀÌ´Ù. ±×°ÍÀº Á¤º¸°¡ ÀϹÝÀûÀ¸·Î ´çÇϱ⠽¬¿î À§ÇùÀÇ ¹üÀ§¸¦ È®ÀÎÇÏ°í, °ü¸®ÇÏ°í ±×¸®°í ÃÖ¼ÒÈÇϴµ¥ µµ¿òÀ» ÁØ´Ù. ÀÌ Ç¥ÁØÀº Á¤º¸ ÀÚ»êÀ» º¸È£ÇÏ°í °í°´À» Æ÷ÇÔÇÑ ÀÌÇØ°ü°èÀڵ鿡°Ô ½Å·Ú¸¦ ÁÖ´Â ÀûÀýÇÏ°í ±ÕÇüÀÖ´Â º¸¾È ÅëÁ¦ÀÇ ¼±ÅÃÀ» º¸ÀåÇϵµ·Ï ¼³°èµÇ¾î ÀÖ´Ù. 18
IT¿¡ ´ëÇÑ ÁÁÀº ±â¾÷ °Å¹ö³Í½º¸¦ À§ÇÑ ¿ø¸®
´Ã¾î³ª°í ÀÖ´Â IT °Å¹ö³Í½ºÀÇ Á߿伺 »ç·Ê·Î, Á¶Á÷¿¡¼ IT ÀÌ¿ëÀ» Æò°¡ÇÏ°í, Áö½ÃÇÏ°í ¸ð´ÏÅÍÇÒ ¶§, ÀÌ»çµéÀÌ ÀÌ¿ëÇϱâ À§ÇÑ ¿ø¸® ÇÁ·¹ÀÓ¿öÅ©¸¦ Á¦°øÇϱâ À§ÇÑ ¸ñÀûÀ¸·Î ISO°¡ 2008³â ¹ßÇ¥ÇÑ »õ·Î¿î ¼¼°è Ç¥ÁØÀ» ²ÅÀ» ¼ö ÀÖ´Ù. ISO´Â ÀÌ Ç¥ÁØ¿¡¼ IT °Å¹ö³Í½ºÀ» À§ÇÑ 6°³ÀÇ ¿ø¸®¸¦ ¸í½ÃÇÏ°í ÀÖ´Ù: 19
1. ¼öÇàÃ¥ÀÓ(responsibility)—Á¶Á÷ÀÇ °³ÀÎ ¹× ±×·ìÀº IT¿¡ ´ëÇÑ °ø±Þ ¹× ¼ö¿ä¿¡ °üÇؼ ÀڽŵéÀÇ ¼öÇàÃ¥ÀÓÀ» ÀÌÇØÇÏ°í ¼ö¿ëÇÑ´Ù.
2. Àü·«—Á¶Á÷ÀÇ ºñÁî´Ï½º Àü·«Àº ÇöÀç ¹× ¹Ì·¡ÀÇ IT ¿ª·®À» °í·ÁÇÑ´Ù; IT Àü·« °èȹÀº Á¶Á÷ÀÇ ºñÁî´Ï½º Àü·«ÀÇ ÇöÀç ¹× ¹Ì·¡ ¿ä±¸¸¦ ÃæÁ·½ÃŲ´Ù.
3. ±¸¸Å—IT ±¸¸Å´Â ÇÕ´çÇÑ ÀÌÀ¯¿¡ ÀÇÇØ, ÀûÀýÇÏ°í Áö¼ÓÀûÀÎ ºÐ¼®¿¡ ±âÃÊÇؼ ±×¸®°í ºÐ¸íÇÏ°í Åõ¸íÇÑ ÀÇ»ç°áÁ¤¿¡ ÀÇÇØ ÀÌ·ç¾îÁø´Ù. Àå´Ü±â Ãø¸é¿¡¼, ÀÌÀÍ, ±âȸ, ºñ¿ë ±×¸®°í À§Çè °£¿¡ ÀûÀýÇÑ ±ÕÇüÀÌ ÀÖ¾î¾ß ÇÑ´Ù.
4. ¼º°ú—IT´Â Á¶Á÷À» Áö¿øÇÏ°í, ÇöÀç ¹× ¹Ì·¡ÀÇ ºñÁî´Ï½º ¿ä°ÇÀ» ÃæÁ·Çϴµ¥ ÇÊ¿äÇÑ ¼ºñ½º, ¼ºñ½º ¼öÁØ, ±×¸®°í ¼ºñ½º Ç°ÁúÀ» Á¦°øÇÏ´Â ¸ñÀû¿¡ ºÎÇÕÇÑ´Ù.
5. ¼øÀÀ—IT´Â (´ë³»¿Ü) ¸ðµç °Á¦ÀûÀÎ ¹ý±Ô¸¦ µû¸¥´Ù. Á¤Ã¥ ¹× ½Ç¹«°¡ ¸íÈ®ÇÏ°Ô Á¤Àǵǰí, ±¸ÇöµÇ°í ½ÃÇàµÇ¾îÁø´Ù.
6. Àΰ£ Çൿ—IT Á¤Ã¥, ½Ç¹« ±×¸®°í °áÁ¤»çÇ×µéÀÌ ÇÁ·Î¼¼½º »óÀÇ ¸ðµç »ç¶÷µéÀÇ ÇöÀç ¹× ¹Ì·¡ ¿å±¸¸¦ Æ÷ÇÔÇÏ´Â Àΰ£ Çൿ¿¡ ´ëÇÑ Á¸°æÀ» ³ªÅ¸³½´Ù.
ISO/IEC 38500¿¡¼´Â ÀÌ»çµéÀÌ 3°¡Áö ÁÖ¿ä ŽºÅ©¸¦ ÅëÇؼ IT¸¦ ÃÑ°ý°ü¸®ÇÏ¿©¾ß ÇÑ´Ù°í ±Ç°íÇÑ´Ù.
-
ITÀÇ ÇöÀç ¹× ¹Ì·¡ÀÇ È°¿ëÀ» Æò°¡Ç϶ó
-
IT È°¿ëÀÌ ºñÁî´Ï½º ¸ñÀûÀ» ÃæÁ·½ÃÅ°µµ·Ï º¸ÁõÇϱâ À§ÇÑ °èȹ ¹× Á¤Ã¥À» Á÷Á¢ ÁغñÇÏ°í ±¸ÇöÇ϶ó
-
±×·¯ÇÑ °èȹµé¿¡ ´ëºñÇÏ¿© Á¤Ã¥¿¡ ´ëÇÑ ¼øÀÀ°ú ¼º°ú¸¦ ¸ð´ÏÅÍÇ϶ó
IT °Å¹ö³Í½º ±¸Çö
±â¾÷Àº °Å¹ö³Í½º ¸ÞÄ¿´ÏÁò ¼¼Æ®¸¦ ÅëÇؼ ±×µéÀÇ °Å¹ö³Í½º ¾î·¹ÀÎÁö¸ÕÆ®¸¦ ±¸ÇöÇÑ´Ù: ±¸Á¶, ÇÁ·Î¼¼½º ±×¸®°í Ä¿¹Â´ÏÄÉÀ̼Ç. 20 Àß Á¤Àǵǰí, Àß ÀÌÇصǰí Åõ¸íÇÑ °Å¹ö³Í½º ¸ÞÄ¿´ÏÁòµéÀº ¹Ù¶÷Á÷ÇÑ IT ÇൿÀ» ÃËÁø½ÃŲ´Ù. ¹Ý´ë·Î, ¸ÞÄ¿´ÏÁòÀÌ ¾û¼ºÇÏ°Ô ±¸ÇöµÇ¸é, °Å¹ö³Í½º ¾î·¹ÀÎÁö¸ÕÆ®´Â ¹Ù¶ó´Â °á°ú¸¦ ³ºÀ» ¼ö ¾øÀ» °ÍÀÌ´Ù.
È¿°úÀûÀÎ °Å¹ö³Í½º´Â ¸ÞÄ¿´ÏÁòÀÇ 3°³ÀÇ ¼·Î ´Ù¸¥ ÇüŸ¦ È¿À²ÀûÀ¸·Î È°¿ëÇÑ´Ù:
-
ÀÇ»ç°áÁ¤ ±¸Á¶—À§¿øȸ, ÁýÇàºÎ¼ ±×¸®°í ºñÁî´Ï½º/IT °ü°è Ã¥ÀÓÀÚµé°ú °°Àº IT ÀÇ»ç°áÁ¤¿¡ Ã¥ÀÓÀÌ ÀÖ´Â Á¶Á÷ ´ÜÀ§¿Í ¿ªÇÒ
-
¿¬°è ÇÁ·Î¼¼½º—ÀÏ»óÀû ÇàÀ§µéÀÌ IT Á¤Ã¥°ú ÀÏ°ü¼ºÀÌ ÀÖµµ·Ï ±×¸®°í °áÁ¤»çÇ×À» ÈÄ¿øÇÏ´Â ÀÚ¿øÀ» Á¦°øÇϵµ·Ï º¸ÀåÇÏ´Â °ø½ÄÀûÀÎ ÇÁ·Î¼¼½ºµé
-
Ä¿¹Â´ÏÄÉÀÌ¼Ç Á¢±Ù¹æ¹ý—IT °Å¹ö³Í½º ¿ø¸® ¹× Á¤Ã¥°ú IT ÀÇ»ç°áÁ¤ ÇÁ·Î¼¼½ºÀÇ °á°ú¹°À» ³Î¸® ÀüÆĽÃÅ°´Â ¹ßÇ¥, ¿ËÈ£, ä³Î ±×¸®°í ±³À° ³ë·Â
¹°¾î¾ß ÇÏ´Â Áú¹®µéÀº ¹«¾ùÀΰ¡?
È£ÁÖ ÄÄÇ»ÅÍ ÇùȸÀå, ¸®Â÷µå Ȥ,Àº ¸»Çß´Ù:
Á¤º¸ ¹× Åë½Å ±â¼ú(ICT) Ã¥ÀÓÀÚµéÀÌ ±×µéÀÌ Áö¿øÇÒ ÇÊ¿ä°¡ ÀÖ´Â ºñÁî´Ï½º Á¶Á÷ ¹× ÇÁ·Î¼¼½º¿¡ ´ëÇÑ º¸´Ù ³ªÀº ÀÌÇظ¦ À§ÇÏ¿© ÀڽŵéÀÇ ½ºÅ³À» È®´ëÇÏ°í ÀÖ´Â °Íó·³, ÀÌ»çµéµµ ¹Ýµå½Ã IT¿Í °ü·ÃµÈ ´Ù¾çÇÑ À̽´µé¿¡ ´ëÇÑ ÀÌÇظ¦ ³ôÀÌ·Á ³ë·ÂÇؾ߸¸ ÇÑ´Ù. ÀÌ»çµéÀº ICT °Å¹ö³Í½º¿¡ °üÇØ ¹°¾î¾ß ÇÏ´Â Áú¹®µéÀÌ ¹«¾ùÀÎÁö ¹è¿ö¾ß¸¸ ÇÑ´Ù¡¦.. IT °Å¹ö³Í½º¸¦ IT Ã¥ÀÓÀÚ ¼öÁØÀ¸·Î ¶³¾î¶ß¸®´Â °ÍÀº ºÎ½ÇÇÑ ±â¾÷ °Å¹ö³Í½ºÀÌ´Ù. ICT´Â ±â¾÷ ºñÁî´Ï½º¿¡¼ ¾ø¾î¼´Â ¾ÈµÉ ¿ä¼ÒÀ̸ç ICT °Å¹ö³Í½º´Â ±â¾÷ °Å¹ö³Í½º¿¡¼ ¾ø¾î¼´Â ¾ÈµÉ ¿ä¼ÒÀÌ´Ù. 21
°ï¶õÇÑ Áú¹®À» ÇÏ´Â °ÍÀº IT °Å¹ö³Í½º ±¸ÇöÀ» ½ÃÀÛÇϵµ·Ï ÇÏ´Â È¿°úÀûÀÎ ÇÑ°¡Áö ¹æ¹ýÀÌ´Ù. ¹°·Ð, °Å¹ö³Í½ºÀÇ ¼öÇàÃ¥ÀÓÀÌ ÀÖ´Â »ç¶÷µéÀº ÀÌ·¯ÇÑ Áú¹®µé¿¡ ´ëÇØ ÁÁÀº ´äÀ» ÇÏ±æ ¿øÇÑ´Ù. ±×¸®°í ³ª¸é ±×µéÀº ÇൿÀ» ÇÏ°í ½Í¾îÇÑ´Ù. ±×·± ´ÙÀ½ ±×µéÀº ÈÄ¼Ó Á¶Ä¡¸¦ ÇÊ¿ä·Î ÇÑ´Ù. ÇÒ Àϸ¸ÀÌ ¾Æ´Ï¶ó, ´©°¡ ¾ðÁ¦±îÁö ¹«¾ùÀ» Àü´ÞÇÒÁö¸¦ °áÁ¤ÇÏ´Â °Íµµ ÇʼöÀûÀÌ´Ù. 22
ij³ª´Ù °øÀÎȸ°è»çȸ´Â ±â¾÷ÀÇ ÀÌ»çµéÀÇ Ã¥ÀÓ ÀÌÇàÀ» Áö¿øÇϱâ À§ÇØ ÀÌ»çµéÀÌ ¡°IT¿¡ °üÇØ ¹°¾î¾ß ÇÏ´Â 20°³ÀÇ Áú¹®µé¡±À̶ó´Â ¼ÒÃ¥ÀÚ¸¦ ¹ß°£Çß´Ù. ÀÌ Ã¥ÀÚ´Â ¿ª½Ã °¨»ç ¹× IT ¿î¿µ À§¿øȸ¸¦ µ½°íÀÚ ÇÏ´Â Àǵµµµ ÇÔ²² °¡Áö°í ÀÖ´Ù. 23 ÀÌ Áú¹®µéÀº ÇÊ¿äÇÑ ÀýÂ÷¸¦ ±¸ÇöÇÏ´Â ¿ì¼± Ã¥ÀÓÀ» °æ¿µÁø¿¡°Ô ºÎ°úÇÏ´Â Á¡À» ºÐ¸íÇÏ°Ô ÇÏ°í ÀÖ´Ù. ÀÌ»çȸ ÀÌ»çµéÀº °æ¿µÁøÀÌ Á¤ÇØÁø ÀýÂ÷´ë·Î ÇÏ°í ÀÖ´ÂÁö¸¦ °áÁ¤ÇÒ ÇÊ¿ä°¡ ÀÖ´Ù.
´õ±¸³ª, ÀÌ»çµéÀÌ °æ¿µÁø¿¡ ´ëÇÏ¿© È¿°úÀûÀÎ °¨µ¶ ¿ªÇÒÀ» ¼öÇàÇϴµ¥ ÀÖ¾î, ±×µéÀÌ ¾ó¸¶³ª Á¤Á÷ÇÏ°í ½Å·Ú°¡´ÉÇÑÁö´Â º°°³·Î, ´Ü¼øÈ÷ °æ¿µÁøÀÇ º¸°í¸¸À» ¹Ï´Â °ÍÀº ¹«Ã¥ÀÓÇÑ °ÍÀÏ ¼ö ÀÖ´Ù. ±×·¯¹Ç·Î, ¾î¶°ÇÑ È®½ÇÇÑ Áõ°Å¹°Àº ÇʼöÀûÀÎ °ÍÀÌ´Ù. ÀÌ»çµéÀº ÀýÂ÷µéÀÌ °®ÃçÁ® ÀÖ´ÂÁö, ÀýÂ÷°¡ ÀûÀýÇÑÁö¸¦ °áÁ¤Çؾ߸¸ ÇÏ°í, ±×¸®°í ÀÌ»çµéÀº È®½ÇÇÑ ÁõºùÀ» È®º¸Çؾ߸¸ ÇÑ´Ù. 24
°á·Ð
¿À´Ã³¯ ÁÖ¿ä Àڻ꿡 ´ëÇÑ °Å¹ö³Í½ºÀÇ ¼º¼÷µµ´Â ´ëºÎºÐ ±â¾÷ ³»¿¡¼ ¸Å¿ì ´Ù¾çÇÏ´Ù. ÀüÇüÀûÀ¸·Î À繫 ¹× ¹°¸®Àû Àڻ꿡 ´ëÇÑ °Å¹ö³Í½º°¡ °¡Àå Àß µÇ¾î ÀÖ´Â °Í¿¡, Á¤º¸ Àڻ꿡 ´ëÇÑ °Å¹ö³Í½º°¡ °¡Àå ¸øµÇ°í ÀÖ´Â °Í¿¡ ¼ÓÇÑ´Ù. ±×·¸Áö¸¸, IT°Å¹ö³Í½º´Â ±â¾÷ °Å¹ö³Í½ºÀÇ ÇÙ½É ¿ä¼ÒÀ̾î¾ß ÇÑ´Ù. ÀûÀýÇÑ Áú¹®À» ÇÏ´Â °ÍÀÌ IT °Å¹ö³Í½º ±¸ÇöÀ» ½ÃÀÛÇϵµ·Ï ÇÏ´Â È¿°úÀûÀÎ ¹æ¹ýÀÇ ÇϳªÀÌ´Ù. ÀÌ»çµéÀº IT °Å¹ö³Í½º¿¡ °üÇØ ¹°¾î¾ß ÇÏ´Â Áú¹®ÀÌ ¹«¾ùÀÎÁö¸¦ ¹è¿ö¾ß¸¸ ÇÑ´Ù. ±× ´ÙÀ½, ÀÌ·¯ÇÑ Áú¹®¿¡ ´ëÇؼ ÁÁÀº ´äÀ» ¾òÀ» ÇÊ¿ä°¡ ÀÖ°í ±×¸®°í ÇൿÀ» ¿ä±¸Çؾ߸¸ ÇÑ´Ù. ´ÙÀ½ ´Ü°è´Â °Å¹ö³Í½º ¸ÞÄ¿´ÏÁò ¼¼Æ®¸¦ – ±¸Á¶, ÇÁ·Î¼¼½ºµé ±×¸®°í Ä¿¹Â´ÏÄÉÀÌ¼Ç – ¼·Î ¿¬°áÇÏ¿© °Å¹ö³Í½º ¾î·¹ÀÎÁö¸ÕÆ®¸¦ ±¸ÇöÇÏ´Â °ÍÀÌ´Ù.
Endnotes
1 Organisation for Economic Co-operation and Development (OECD), OECD Principles of Corporate Governance, France, 2004
2 Rock, Rachel; Maria Otero; Sonia Saltzman; Principles and Practices of Microfinance Governance, ACCION International, USA, August 1998
3 Van Grembergen, Wim; Steven DeHaes; Implementing Information Technology Governance: Models, Practices and Cases, IGI Publishing, USA, 2008
4 Nolan, Richard; F. Warren McFarlen; ¡°Information Technology and the Board of Directors,¡± Harvard Business Review, 1 October 2005
5 Bank for International Settlements (BIS), ¡°Enhancing Corporate Governance in Banking Organisations,¡± September 1999, referenced in IT Governance Institute (ITGI), Unlocking Value: An Executive Primer on the Critical Role of IT Governance, USA, 2008
6 Op cit,Van Grembergen and DeHaes, 2008
7 International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), ISO/ IEC 38500:2008, Corporate governance of information technology, 2008, www.iso.org/iso/catalogue_detail.htm?csnumber=51639
8 ITGI, Board Briefing on IT Governance, 2nd Edition, USA, 2003
9 Weill, Peter; Jeanne Ross; IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business Press, USA, 2004
10 Broadbent, Marianne; ¡°Understanding IT Governance,¡± CIO Canada, 1 April 2003
11 Musson, David; ¡°IT Governance: A Critical Review of the Literature,¡± Information Technology Governance and Service Management: Frameworks and Adaptations, Ed. Aileen Cater-Steel, Information Science Reference, USA, 2009
12 ITGI, COBIT, 1996-2007, www.isaca.org/cobit
13 Office of Government Commerce, IT Infrastructure Library (ITIL) V3, UK, 2009
14 ISO and IEC, ISO/IEC 27001, Information technology— Security techniques—Information security management systems—Requirements, 2005, www.iso.org/iso/catalogue_detail?csnumber=42103
15 Van Bon, Jan; Arjen de Jong; Axel Kolthof; Mike Pieper; Ruby Tjassing; Annelies van der Veen; Tieneke Verheijen; Foundations of IT Service Management Based on ITIL¢ç V3, Van Haren Publishing, The Netherlands, 2007
16 ISACA, www.isaca.org/cobit
17 IT Service Management Zone, www.itil.org.uk
18 BSI Management Systems, www.bsi-emea.com
19 Op cit, ISO/IEC 38500:2008
20 Op cit, Weill and Ross
21 Australian Computer Society (ACS), ¡°ACS Stresses Need for Better ICT Governance,¡± media release, 5 March 2002
22 Op cit, ITGI, 2003
23 Canadian Institute of Chartered Accountants (CICA), ¡°20 Questions Directors Should Ask About IT,¡± Canada, 2004
24 Trites, Gerald; ¡°Director Responsibility for IT Governance,¡± International Journal of Accounting Information Systems, vol. 5, issue 2, July 2004
Haris Hamidovic, CIA
i
s chief information security officer at Microcredit Foundation EKI Sarajevo, Bosnia and Herzegovina. Prior to his current assignment, Hamidovic served as IT specialist in the North Atlantic Treaty Organization (NATO)- led Stabilization Force (SFOR) in Bosnia and Herzegovina. He is the author of four books and more than 60 articles for business and IT-related publications. Hamidovic is a certified information technology expert appointed by the Federal Ministry of Justice of Bosnia and Herzegovina.