Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.6.1535

Quality Evaluation Model on Information Protection Product  

Yoon, Hyung-Deuk (Korea Testing Laboratory)
Lee, kyung-ho (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.6, 2017 , pp. 1535-1547 More about this Journal
Abstract
The purchase of information protection products accounts for the largest portion of corporate information protection activity budgets. However, there are no evaluation factors and evaluation models that should be applied to objectively compare information protection products, and therefore, product selection is difficult. Therefore, in this study, we study the inherent quality characteristics of information security products and select evaluation factors accordingly. The selected evaluation factors are analyzed and a quality determination model is given by weighting according to importance. The target is limited to the network information protection product and can be extended to all information protection products.
Keywords
Information Protection Product; Quality Evaluation Model; Quality factor; AHP;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 Information security survey(Corporate sector), Ministry of Science, ICT and Future Planning, Dec. 2016
2 National Information Protection White Paper, NIS, Apr. 2016
3 http://www.boannews.com/media/view.asp?idx=52750
4 Crosby and Philip B, "Quality is free: The art of making quality certain.", Signet, 1980.
5 Juran, Joseph, and A. Blanton Godfrey, Quality handbook, 5th Ed, McGraw-Hill, pp. 173-178, 1999.
6 Regulations for the evaluation and certification of information protection products, Ministry of Science and ICT, Sep. 2017
7 Ha-Yong Lee and Hyo-Sik Yang, "Convergence Performance Evaluation Model for Intrusion Protection System based on CC and ISO Standard," Journal of Digital Convergence, 13(5), pp. 251-257, May. 2015.   DOI
8 Ha-Young Lee and Hae-Sool Yang, "Quality Evaluation Model for Intrusion Detection System based on Security and Performance," Journal of Digital Convergence, 12(6), pp. 289-295. Jun. 2014   DOI
9 ISO and I.E.C, "Information Technology - Security techniques - Evaluation criteria for IT security," ISO/IEC 15408, 2012
10 ISO and I.E.C, "Software engineering - Product quality," ISO/IEC 9126, 2003
11 Yong-Hee Jeon. "Technical analysis and evaluation of intrusion prevention system," REVIEW OF KIISC, 15(2), pp 63-73, Apr. 2005
12 Lee Jong-Min, "Investigation in Evaluation Matrix for Security Software Product," Proceedings of the Korean Information Science Society Conference, 33(2C), pp 427-432, 2006.
13 Yun, Yeo-Wung and Sang-Ho Lee, "A Study on the Quality Model and Metrics for Evaluating the Quality of Information Security Products," Journal of the Korea Institute of Information Security and Cryptology, 19(5), pp 131-142, Sept. 2009
14 ISO and I.E.C, "Systems and software engineering - Systems and software Quality Requirements and Evaluation (SQuaRE) - Measurement of system and software product quality," ISO/IEC 25023, 2016
15 Lee Chun Seong, Kim Young Deok, Jang Woong, and Lee Keun Ku, "A Study on the Testing Methodology and Test Cases for DDoS Protection Appliance," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp 537-538, 2011
16 Lyu, Michael R. and Lorrien KY Lau., "Firewall security: Policies, testing and performance evaluation," Computer Software and Applications Conference, COMPSAC 2000. The 24th Annual International. IEEE, 2000
17 Hickman, B., Newman, D., Tadjudin, S., and Martin, T, "Benchmarking methodology for firewall performance. No. RFC 3511", April 2003
18 Niemann, Raik, Pfingst, Udo, and Gobel, Richard, "Performance Evaluation of netfilter: A Study on the Performance Loss When Using netfilter as a Firewall", Jan. 2015
19 Sheth, Chirag, and Rajesh Thakker, "Performance evaluation and comparative analysis of network firewalls,", ICDeCom, International Conference on. IEEE, pp 1-5, Feb. 2011
20 Tae-In Jung, Jin-Ho Kim, Young-Nyuo Shin, and Hee-Un Park, "Analysis of information protection product performance test trend," REVIEW OF KIISC, 12(5), pp 62-69, Oct. 2002
21 TTA, "How to measure performance for network security appliances", TTAS.KO-12.0044, Dec. 2006
22 T.L. Saaty, "The Analytic Hierarchy Process," McGraw Hill, 1980
23 T.L. Saaty, "How to Make a Decision: The Analytic Hierarchy Process," European Journal of Operation Research, 1990
24 Suk-Won Lee and Kyung-Ho Lee, "Decision Making Model for Selecting Financial Company Server Privilege Account Operations," Journal of the Korea Institute of Information Security & Cryptology, 25(6), pp 1607-1620, Dec. 2015   DOI
25 Seokung Yoon, Haeryong Park, and Hyeong Seon Yoo, "Factor analysis of VoIP Security Checklists using AHP," Journal of the Korea Institute of Information Security & Cryptology, 22(5), pp 1115-1122, Sept. 2012
26 NIS, Firewall Protection Profile V1.0, Jun. 2016
27 NIS, VoIP Firewall Protection Profile V1.0, Jun. 2016
28 National Intelligence Service, Wireless intrusion prevention system Protection Profile V1.0, Aug. 2017
29 NIS, Network Device Protection Profile V1.0, Jun. 2016
30 NIS, Network Data outflow prevention Protection Profile V1.0, Jul. 2017
31 http://www.itscc.kr/
32 ISO and I.E.C, "Information technology - Service management -," ISO/IEC 25000, 2012
33 NIS, Intrusion Prevention System Protection Profile V1.0, Jul. 2017
34 ISO and I.E.C, "Information technology - Security techniques - Methodology for IT security evaluation," ISO/IEC 18045, 2012
35 NIS, Virtual Private Network Protection Profile V1.0, Jun. 2016