• Title/Summary/Keyword: 개인정보 유출사고

Search Result 206, Processing Time 0.028 seconds

Job Analysis for IT Security Workers in Defense Industry through DACUM Process (DACUM 기법을 이용한 방위산업체 정보통신보안실무자 직무분석)

  • Woo, Kwang Jea;Song, Hae-Deok
    • Convergence Security Journal
    • /
    • v.14 no.4
    • /
    • pp.73-84
    • /
    • 2014
  • As the society turns into more of an information an technology centric society, the importance of information security is being increased these days. Recently, as the number of leaking accidents of personal information and valuable industrial technology is on the rise, every field of industry endeavors to come up with a security solution. In particular, since defense industry is a field where it establishes national defense power that is essential of national security, it requires higher standards of security solutions than any other ordinary fields of industry. According to Defense Industry Security Work Instructions, defense industry firms from security organizations and employ a security worker corresponding to the firm's scale and conditions. In an environment where essential information and technology are stored and managed in information and communication system or storing media, the duty and role of IT security workers are crucial. However, there is a shortage of systematic analysis on the work of IT security workers and development of curriculum to enhance their professionalism. Thus DACUM process, a job analysis technique, was used to identify IT Security workers' duties and responsibilities and verify the validity and credibility of the deducted results from the survey. The findings of this study will help in development of IT security duty in defense industry and can be used as baseline data for the development of curriculum and amendments of related regulations.

A Design of Certificate Management Method for Secure Access Control in IoT-based Cloud Convergence Environment (IoT기반 클라우드 융합환경에서 안전한 접근제어를 위한 인증서 관리기법 설계)

  • Park, Jung-Oh
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.7
    • /
    • pp.7-13
    • /
    • 2020
  • IoT which is the core IT of the 4th industrial revolution, is providing various services from users in the conversion with other industries. The IoT convergence technology is leading the communication paradigm of communication environment in accordance with the increase of convenience for users. However, it is urgently needed to establish the security measures for the rapidly-developing IoT convergence technology. As IoT is closely related to digital ethics and personal information protection, other industries should establish the measures for coping with threatening elements in accordance with the introduction of IoT. In case when security incidents occur, there could be diverse problems such as information leakage, damage to image, monetary loss, and casualty. Thus, this paper suggests a certificate management technique for safe control over access in IoT-based Cloud convergence environment. This thesis designed the device/user registration, message communication protocol, and device renewal/management technique. On top of performing the analysis on safety in accordance with attack technique and vulnerability, in the results of conducting the evaluation of efficiency compared to the existing PKI-based certificate management technique, it showed about 32% decreased value.

Cloud security authentication platform design to prevent user authority theft and abnormal operation during remote control of smart home Internet of Things (IoT) devices (스마트 홈 사물인터넷 기기(IoT)의 원격제어 시 사용자 권한 탈취 및 이상조작 방지를 위한 클라우드 보안인증 플랫폼 설계)

  • Yoo Young Hwan
    • Convergence Security Journal
    • /
    • v.22 no.4
    • /
    • pp.99-107
    • /
    • 2022
  • The use of smart home appliances and Internet of Things (IoT) devices is growing, enabling new interactions and automation in the home. This technology relies heavily on mobile services which leaves it vulnerable to the increasing threat of hacking, identity theft, information leakage, serious infringement of personal privacy, abnormal access, and erroneous operation. Confirming or proving such security breaches have occurred is also currently insufficient. Furthermore, due to the restricted nature of IoT devices, such as their specifications and operating environments, it is difficult to provide the same level of internet security as personal computers. Therefore, to increase the security on smart home IoT devices, attention is needed on (1) preventing hacking and user authority theft; (2) disabling abnormal manipulation; and (3) strengthening audit records for device operation. In response to this, we present a plan to build a cloud security authentication platform which features security authentication management functionality between mobile terminals and IoT devices.

Influence on Information Security Behavior of Members of Organizations: Based on Integration of Theory of Planned Behavior (TPB) and Theory of Protection Motivation (TPM) (조직구성원들의 정보보안행동에 미치는 영향: 보호동기이론(PMT)과 계획된 행동이론(TPB) 통합을 중심으로)

  • Jeong, hye in;Kim, seong jun
    • Korean Security Journal
    • /
    • no.56
    • /
    • pp.145-163
    • /
    • 2018
  • Recently, security behavior of members of organizations has been recognized as a critical part of information security at the corporate level. Leakage of customers' information brings more attention to information security behavior of organizations and the importance of a task force. Research on information breach and information security is actively conducted of personal behavior toward security threats or members of organizations who use security technology. This study aims to identify factors of influence on information security behavior of members of organizations and to empirically find out how these factors affect information security behavior through behavior toward attitude, subjective norm and perceived behavior control. On the basis of the research, this study will present effective and efficient ways to foster information security activities of members of organizations. To this end, the study presented a research model that applied significant variables based on integration of Theory of Planned Behavior (TPB) and Theory of Protection Motivation (TPM). To empirically verify this research model, the study conducted a survey of members of organizations who had security-related work experience at companies. So, it is critical for members of organizations to encourage positive word of mouth (WOM) about information security behavior. Results show that based on the integration of TPM and TPB, perceived vulnerability, perceived severity, perceived efficiency and perceived barriers of information security behavior of members of organizations had significant influences on mediating variables such as behavior toward attitude, subjective norm, perceived behavior control and intention. They also had significant influences on organization information security behavior which is a dependent variable. This study indicates companies should introduce various security solutions so that members of the organizations can prevent and respond to potential internal and external security risks. In addition, they will have to take actions to inspect vulnerability of information system and to meet security requirements such as security patches.

Performance Evaluation of VoIP Secure Communication Protocols based on SIP in Mobile Environment (모바일 환경에서 적용 가능한 SIP기반 인터넷전화(VoIP) 보안 통신 프로토콜 성능 평가)

  • Yoon, Seok-Ung;Jung, Hyun-Cheol;Che, Xuemei;Chu, Gyeong-Ho;Park, Han;Baek, Jae-Jong;Song, Joo-Seok;Yoo, Hyeong-Seon
    • The KIPS Transactions:PartC
    • /
    • v.18C no.3
    • /
    • pp.143-150
    • /
    • 2011
  • The adoption of VoIP is continuously increasing in public institutions, private enterprises and households due to cheaper cost and various supplementary services. Also, it is expected to spread widely the use of VoIP in mobile environment through the increasing use of smartphone. With the growing concern over the incidents of VoIP service while the VoIP service has become increasingly. Especially eavesdropping, it is possible to invade user privacy and drain the secret of company. So, it is important to adopt the protocols for VoIP secure communication. VoIP security protocols are already adopted in public institutions, but it is not adopted in private enterprises and households. In addition, it is necessary to verify whether the VoIP security protocol could be adopted or not in mobile VoIP due to its limited computing power. This paper compared the VoIP security protocol under fixed network and mobile network through performance evaluation. Finally, we found that it is possible to adopt the VoIP security protocols in mobile network.

Design and Implementation of a Web Application Firewall with Multi-layered Web Filter (다중 계층 웹 필터를 사용하는 웹 애플리케이션 방화벽의 설계 및 구현)

  • Jang, Sung-Min;Won, Yoo-Hun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.14 no.12
    • /
    • pp.157-167
    • /
    • 2009
  • Recently, the leakage of confidential information and personal information is taking place on the Internet more frequently than ever before. Most of such online security incidents are caused by attacks on vulnerabilities in web applications developed carelessly. It is impossible to detect an attack on a web application with existing firewalls and intrusion detection systems. Besides, the signature-based detection has a limited capability in detecting new threats. Therefore, many researches concerning the method to detect attacks on web applications are employing anomaly-based detection methods that use the web traffic analysis. Much research about anomaly-based detection through the normal web traffic analysis focus on three problems - the method to accurately analyze given web traffic, system performance needed for inspecting application payload of the packet required to detect attack on application layer and the maintenance and costs of lots of network security devices newly installed. The UTM(Unified Threat Management) system, a suggested solution for the problem, had a goal of resolving all of security problems at a time, but is not being widely used due to its low efficiency and high costs. Besides, the web filter that performs one of the functions of the UTM system, can not adequately detect a variety of recent sophisticated attacks on web applications. In order to resolve such problems, studies are being carried out on the web application firewall to introduce a new network security system. As such studies focus on speeding up packet processing by depending on high-priced hardware, the costs to deploy a web application firewall are rising. In addition, the current anomaly-based detection technologies that do not take into account the characteristics of the web application is causing lots of false positives and false negatives. In order to reduce false positives and false negatives, this study suggested a realtime anomaly detection method based on the analysis of the length of parameter value contained in the web client's request. In addition, it designed and suggested a WAF(Web Application Firewall) that can be applied to a low-priced system or legacy system to process application data without the help of an exclusive hardware. Furthermore, it suggested a method to resolve sluggish performance attributed to copying packets into application area for application data processing, Consequently, this study provide to deploy an effective web application firewall at a low cost at the moment when the deployment of an additional security system was considered burdened due to lots of network security systems currently used.