Browse > Article
http://dx.doi.org/10.6109/jkiice.2022.26.2.265

An Enhancement of The Enterprise Security for Access Control based on Zero Trust  

Lee, Seon-A (Department of Information Security Protection Engineering, Sangmyung University)
Kim, Beomseok (Department of Information Security Protection Engineering, Sangmyung University)
Lee, Hyein (Department of Information Security Protection Engineering, Sangmyung University)
Park, Wonhyung (Department of Information Security Protection Engineering, Sangmyung University)
Abstract
With the advent of the Fourth Industrial Revolution, the paradigm of finance is also changing. As remote work becomes more active due to cloud computing and coronavirus, the work environment changes and attack techniques are becoming intelligent and advanced, companies should accept new security models to further strengthen their current security systems. Zero trust security increases security by monitoring all networks and allowing strict authentication and minimal access rights for access requesters with the core concept of doubting and not trusting everything. In addition, the use of NAC and EDR for identification subjects and data to strengthen access control of the zero trust-based security system, and strict identity authentication through MFA will be explained. Therefore, this paper introduces a zero-trust security solution that strengthens existing security systems and presents the direction and validity to be introduced in the financial sector.
Keywords
Zero-Trust; Information security; Enterprise security; Access control; Remote work;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 J. H. Lee and H. Y. Kwon, "A Study on Human Vulnerability Factors of Companies : Through Spam Mail Simulation Training Experiments," The Journal of Korea Institute Of Information Security And Cryptology, vol. 29, no. 4, pp. 847-857, Aug. 2019.   DOI
2 S. Rose, O. Bor, S. Mit, and S. Con, "Zero Trust Architecture," National Institute of Standards and Technology Special Publication 800-207, Aug. 2020.
3 S. Bal, C. Cun, and P. Cer, "Five Steps To A Zero Trust Network : Zero Trust Is The Blueprint For Your Security Architecture," Forrester Research Report, Oct. 2018.
4 Korea Financial Information Service, Cyber-threat information and statistics [Internet]. Available: https://kpfis.or.kr/ko/major_biz/cyber_safety_oper/attack_info/notice_issue?articleSeq=1898.
5 M. H. Kim, The advent of the era of Zero Trust, Doubt and Investigate everything [Internet]. Available:http://www.itdaily.kr/news/articleView.html?idxno=95035.
6 S. W. Ha and H. J. Kim, "The Effects of User's Security Awareness on Password Security Behavior," The Journal of Digital Contents Society, vol. 14, no. 2, pp. 179-189, Jun. 2013.   DOI
7 H. G. Moon and S. C. Park, "Establishment of an integrated management system for diagnosing vulnerabilities to strengthen corporate security," The Journal of The Korean Institute of Communication Sciences, vol. 31, no. 5, pp. 39-45, Apr. 2014.
8 D. W. Kim. "Security threats from Remote work" Is your company safe? [Internet]. Available:http://www.aitimes.com/news/articleView.html?idxno=137844.
9 T. H. Kim and D. H. Won, "A Study on the Modeling of Internal Critical Information Leakage Detections and Security Monitoring," The Korean Institute of Information Scientists and Engineers, pp. 791-793, Dec. 2019.