Journal of Information Technology and Architecture (정보화연구)

Korea Institute of Enterprise Architecture (한국엔터프라이즈아키텍처학회)
권호 표지

The Exploratory Study on Security Threats and Vulnerabilities for Mobile Office Environment

모바일오피스 환경에서의 보안위협 및 취약점에 대한 탐색적 연구

  • 최영진 (을지대학교 의료경영학과) ;
  • 나종회 (광주대학교 물류유통경영학과) ;
  • 신동익 (홍익대학교 상경대학 E-마케팅전공)
  • Received : 2014.05.26
  • Accepted : 2014.06.27
  • Published : 2014.06.30
⟨ Previous Next ⟩

Abstract

This study is based on the information security management system, the threat from mobile office, mobile office configuration item type, vulnerability analysis and control at the level of the current possibilities for technology to its purpose. To perform exploratory study for mobile Office to target the new technology, we were used the integrated research methods such as the documentary survey, expert FGI and real user's survey. To identify the main risk areas of mobile office services, we develop the mobile service layer model that separated the place, terminal, network, server according to service deliverly system. Finally, the result of survey for threats and vulnerabilities showed that the control of the terminal of user is a significant.

본 연구는 정보보안 관리체계에 따라 모바일 오피스에서 위협, 취약점을 모바일 오피스 구성항목의 유형별로 분석하고 현재 기술수준에서 통제가능성을 제시하는데 그 목적이 있다. 모바일오피스라는 신기술 분야를 대상으로 탐색적 연구를 수행하기 위해 문헌조사, 전문가 FGI, 그리고 실사용자 설문조사 등의 통합적 연구 방법을 사용하였다. 모바일오피스 서비스의 주요 위험영역을 파악하기 위해 서비스 전달체계에 따라 사용자, 장소, 단말, 네트워크, 서버로 모바일오피스 서비스 계층 모형을 개발하고, 다섯 가지 계층별로 구분하고 실사용자 그룹을 대상으로 설문지법을 이용하여 위협 및 취약점을 조사한 결과 사용자와 사용자가 사용하는 단말의 통제가 중요한 것으로 나타났다.

Keywords

References

  1. 삼성경제연구소, "스마트폰이 열어가는 미래," 2010.2.3.
  2. 이민혜, 이준기, "스마트워크 연구에 대한 고찰과 향후 연구 주제," 정보화정책 제18권 제2호 통권67호, pp. 72-84, 2011.
  3. 이형찬, 이정현, 손기욱, "스마트워크 보안 위협과 대책," 정보보호학회지, 제21권 제3호, pp. 12-21, 2011.
  4. 정명수, 이동범, 곽진, "스마트워크 보안위협 및 보안 요구사항 분석," 정보보호학회지, 제21권 제3호, pp. 55-63, 2011.
  5. 한국정보화진흥원, "기업을 위한 스마트워크 도입.운영 가이드라인," 2010.
  6. 황해수, 이기혁, "안전한 스마트워크 향상을 위한 Mobile Security 대응모델에 관한 연구," 정보보호학회지, 제21권 제3호, pp. 22-34, 2011.
  7. Alan Bryman, "Barriers to Integrating Quantitative and Qualitative Research," Journal of Mixed Methods Research, Vol. 1, No. 1, pp. 8-22, 2007. https://doi.org/10.1177/2345678906290531
  8. Benjamin Halpert, "Mobile device security, InfoSec-CD," '04: Proceedings of the 1st annual conference on Information security curriculum development, pp. 99-101, 2004.
  9. Claudio Marciano, "DO YOU FEAR TELEWORK?-Understanding the petrify effect," ICT4S 2013: Proceedings of the First International Conference on Information and Communication Technologies for Sustainability, pp. 265-270, 2013.
  10. Day, F. C. and Burbach, M. E., "Telework Considerations for Public Managers with Strategiesfor Increasing Utilization," Communications of the IBIMA, vol. 2011.
  11. Ernst and Young, "Risk at Home: Privacy and Security in Telecommuting," Ernst and Young, pp. 1-23, 2008.
  12. Furnell, S., "Securing the home worker. Network Security," 2006(11), pp. 6-12, 2006.
  13. Godlove, "Examination of the factors that influence teleworkers willingness to comply with information security guidelines," Information Security Journal : A Global Perspective, Vol. 21, No. 4, pp. 216-229, 2012. https://doi.org/10.1080/19393555.2012.668747
  14. Ian Paul, Five Big Security Threats for 2011, PCwolrd, 2011. http://www.pcworld .com/article/2217 80/five_big_security_ threats_for_2011 .html
  15. James, P., "Are existing security models suitable for teleworking?," The 9th Australian Information Security Management Conference, 2011.
  16. Johnson, R. Burke, Onwuegbuzie, Anthony J., & Turner, Lisa A., "Toward a Definition of Mixed Methods Research," Journal of Mixed Methods Research, Vol. 1, pp. 112-133, 2007. https://doi.org/10.1177/1558689806298224
  17. Joice, W., "Implementing Telework: The Technology Issue," Public Manager, Vol. 36, pp. 64-68, 2007.
  18. Karen Scarfone, Murugiah Souppaya, "User's Guide to Securing External Devices for Telework and Remote Access," NIST Special Publication 800-114, NIST, 2007.
  19. Kent, K., Hoffman, P., and Souppaya, M., "Guide to enterprise telework and remote access security (draft)," U.S. Dept. of Commerce, National Institute of Standards and Technology, 2009.
  20. Krueger, Richard A., "Focus Groups: A Practical Guide for Applied Research," Thousand Oaks, Calif: Sage Publications, 1994.
  21. Kitzinger, Jenny., "The Importance of Interaction between Research Participants," Sociology of Health and Illness, Vol. 16, No. 1, pp. 103-121, 1994. https://doi.org/10.1111/1467-9566.ep11347023
  22. Microsoft, "Telework Planning Considerations : A Risk-based Approach for it Managers," A Microsoft U.S. government white paper, 2011.
  23. Morgan, David L., "Paradigms Lost and Pragmatism Regained: Methodological Implications of Combining Qualitative and Quantitative Methods," Journal of Mixed Methods Research, Vol. 1, No. 1, pp. 48-76, 2007. https://doi.org/10.1177/2345678906292462
  24. Morrow, B., "BYOD security challenges: control and protect your most sensitive data," Network Security. Dec2012, Vol. 2012 Issue 12, pp. 5-8, 2012.
  25. Patricia Mayer Milligan, Donna Hutcheson, "Business Risks and Security Assessment for Mobile Devices," Proceedings of the 8th WSEAS Int. Conference on Mathematics and Computers in Business and Economics, pp. 189-193, 2007.
  26. Paul Turpin, "Securing Telecommuters : Possible threats and Solutions," Global Information Assurance Certification Paper, 2004.
  27. Peacey, A.,"eleworkers - extending security beyond the office," Network Security Journal, Vol. 2006, no. 11, pp. 14-16, 2006.
  28. Peltier, T. R., "Remote Access Security Issue," Information Systems Security, Vol. 10, No. 6, pp.31-36, 2013.
  29. Pyöriä, P., "Managing telework: risks, fears and rules," Management Research Review, Vol. 34, No. 4, pp. 386-399, 2011. https://doi.org/10.1108/01409171111117843
  30. Ruth, S., "The Dark Side of Telecommuting - Is a Tipping Point Approaching? GMU School of Public Policy Research Paper No. 2012-02, 2011.
  31. Sale, Joanna E. M., Lohfeld, Lynne H., & Brazil, Kevin, "Revisiting the Quantitative-Qualitative Debate: Implications for Mixed-Methods Research," Quality & Quantity, Vol. 36, pp. 43-53, 2002. https://doi.org/10.1023/A:1014301607592
  32. Saint-Germain, Michelle A., Bassford, Tamsen L. & Montano, Gail, "Surveys and Focus Groups in Health Research with Older Hispanic Women," Qualitative Health Research, Vol. 3, No. 3, pp.3 41-367, 1993. https://doi.org/10.1177/104973239300300306
  33. Scarfone, K., Hoffman, P. & Souppaya, M., "Guide to enterprise telework and remote access security: recommendations of the national institute of standards and technology," National Institute of Standards and Technology, 2009.
  34. Shedden, P., Scheepers, R., Smith, W. & Ahmad, A., "Incorporating a knowledge perspective into security risk assessments," The journal of information and knowledge management systems, Vol. 41 No. 2, pp. 152-166, 2011.
  35. Singleton, R. A., & Straits, B. C., "Approaches to social research (4th edition)," New York: Oxford University Press, 2005.
  36. Tashakkori, Abbas & Creswell, John W., "The New Era of Mixed Methods," Journal of Mixed Methods Research, Vol. 1, No. 1, pp. 3-7, 2007. https://doi.org/10.1177/2345678906293042
  37. Tim Godlove, Telework and Mobile Computing : Security Concerns and Risks, The security Journal, Vol. 30, pp. 5-11, 2010.
  38. Von Bergen C. W., "Safety and Workers' Compensation Considerations in Telework," Regional Business Review, vol. 27, 2009.
  39. William M. Fitzgerald, Ultan Neville, Simon N. Foley, "Automated Smartphone Security Configuration," Data Privacy Management and Autonomous Spontaneous Security Lecture Notes in Computer Science Volume 7731, pp. 227-242, 2013. https://doi.org/10.1007/978-3-642-35890-6_17
  40. Wolcott, Harry F., "Writing up Qualitative Research. Better," Qualitative Health Research, Vol. 12, No. 1, pp. 91-103, 2002. https://doi.org/10.1177/1049732302012001007
  41. Zhi Peng Shao, Shi Da Lu, Mu Chen, "Risk Analysis of Smart Terminals in Mobile Application of Power System and the Protection Solution Design," Applied Mechanics and Materials, Vol. 260-261, pp. 397-401, 2012. https://doi.org/10.4028/www.scientific.net/AMM.260-261.397
  42. Zernand, M., "The Risks and Management of Telework," EBS Review, Issue 16, pp. 101-104, 2003.
  43. Zimmerman, M., Haffey, J., Crane, E., Szumowski, D., Alvarez, F., Bhiromrut, P., Brache, V., Lubis, F., Salah, M., Shaaban, M., Shawky, B., & Sidi, I. P. S., "Assessing the Acceptability of Norplant Implants in Four Countries; Findings from Focus Group Research," Studies in Family Planning, Vol. 21, No. 2, pp. 92-103, 1990. https://doi.org/10.2307/1966670