• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.673-685
• /
• 2017

STI(Social Trust Index) indicates levels of trustworthiness, honesty and reliability among people in a society. Since the STI varies in countries, security control on cyber space should be applied differently according to the STI so that companies can protect their assets efficiently and effectively. We compare STIs between Korea and United States using the Diamond Model and investigate how the STIs affect corporate security controls in those two countries. We finally present a formula using AHP (Analytic Hierarchy Process) to measure levels of corporate security controls in different countries.

• Journal of Convergence Society for SMB
• /
• v.2 no.2
• /
• pp.43-49
• /
• 2012

Recently, the safety of being processed in a corporate enterprise with a wide range of IT skills applied to the Corporate Affairs information services are increasing requirement. Businesses that are required by various IT corporate information technology services to companies that need to protect information being leaked to other companies, a security incident has been applied and is growing, but is lacking about how to respond to the protection of corporate information services. In this paper, the information that is important in the corporate authority by the user's access control model to reduce the number of security incidents such as information leakage and security services for enterprise informatization is proposed. The proposed model can be used in order to block the access of the users to access information managed by a central administrator role and the rights of users to access information any abnormality has been captured. In addition, the proposed model can take advantage of protecting corporate information from the systematic recovery and operational continuity strategies to build your company's information services.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.177-191
• /
• 2015

Recently, the necessity of systematic security management system that consider company' character and environment has appeared because of increasing security accident continuously in domestic companies. However, most of companies has applied to only K-ISMS which is existing information security management system, although They are different from object, purpose and way of security level evaluation by companies. According to this situation, Many experts have questioned that there are many problems with effectiveness of introducing security management system. In this study, We established definition of information security management system, industrial security management system and research security management system through analysis of previous study and developed evaluation item which can implement security in whole industry comparing and analyzing the control items of them. Also, we analyzed existing security level evaluation and suggest design direction of industry-centric security level evaluation model considering character of industry.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.197-199
• /
• 2017

요즘 현대사회에 들어 개인정보보호 개인정보유출 등 정보보호에 관하여 많은 기업들이 관심을 가지고 DRM(Digital Right Management) 및 pc보안 솔루션을 적극 도입하고 있다. 기업의 이러한 투자에도 불구하고 많은 개인정보유출 사고가 지속적으로 발생 하고 있다. PC보안솔루션의 단순 구축이 아닌 기업에 적합한 보안 정책을 사전에 수립하고 정책에 맞는 시스템을 운영한다면 개인정보유출 사고를 미연에 방지 할 수 있을 것이다. 본 논문은 다양한 PC보안솔루션 중 개인정보유출 방지를 위해 PC에 필수 설치되는 보안솔루션을 정의하고, 필수보안 솔루션을 개인정보보호 관점에서 통합 운영하는 방안, 개인정보유출 사고 방지를 위한 효과적인 보안정책 및 동향을 연구하고자 한다.

• Review of KIISC
• /
• v.21 no.3
• /
• pp.55-63
• /
• 2011

최근 발달된 IT 기술을 활용하여 국내에서는 업무와 삶의 균형을 추구하는 스마트워크 기술 개발에 대한 움직임이 활발히 진행되고 있다. 그러나 국내의 많은 기업들이 스마트워크 기술 도입의 악영향으로 보안 관리에 대한 문제를 지적하고 있다. 이러한 보안 관리 문제는 기술만으로 해결하는 것이 아니라, 기업에서의 기술 정책적 관리를 통해 스마트워크 환경에서 발생할 수 있는 보안 사고를 미연에 방지할 수 있다. 이에 본 고에서는 스마트워크 환경에 대한 보안위협과 스마트워크 환경을 구축하기 위해 필요한 보안 요구사항에 대하여 분석하고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.805-807
• /
• 2003

인터넷 환경의 발달이 기업 내부까지 깊숙이 파고들어 기업 내의 각종 시스템 환경에 새로운 패러다임을 만들고 있다. 이러한 시스템의 활용적인 측면 뿐 아니라 보안적 관리도 중요해지면서 다양한 보안 시스템과 서비스가 내부 네트워크에서 운영되고 있다. 그래서 이 논문에서는 대기업을 모델로 하여 DNS(Domain Name System), 방화벽(Firewall), 침입 탐지 시스템(IDS)에 대하여 현 이용 실태를 파악해 보고, 각각의 개선 방향을 찾아본다.

• Journal of Navigation and Port Research
• /
• v.36 no.3
• /
• pp.261-271
• /
• 2012

The purpose of the present study is to empirically examine factors that affect the information security awareness and perceived information security risk of employees of port companies. In particular, in order to identify factors that affect the perceived information security risks, we investigated the relation of assets, threats, and vulnerabilities to it, using the risk analysis methodology. With A total of 252 valid questionnaires, we also performed the structural equation modeling analysis using AMOS. It was found that first, there was no meaningful relationship between the information assets and the perceived information security risk in the case of employees of port companies. Second, threats and vulnerabilities turned out to have positive influences on the perceived information security risk. Finally, there was a positive relationship not only between the information security awareness and the information security education, but also between the information security awareness and the intention of information security. However, there was no meaningful relationship between the information security concern and the information security awareness.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2005.05a
• /
• pp.664-668
• /
• 2005

ERP(Enterprise Resource Planning) 시스템은 급여, 회계, 인사, 생산, 판매, 물류 등을 포함한 핵심 비즈니스 프로세스를 담고 있는 소프트웨어이다. 인터넷의 등장으로 ERP 시스템이 WEB 기반으로 전환되었고 ERP의 영역도 기업내부에 국한된 것이 아니라 기업간의 거래를 모두 포함하기에 이르렀다. 그러나 ERP 시스템은 회사의 중요한 의사결정 데이터들과 한 Application 안에서 일어나는 Transaction 처리 등의 정보 보안에 대한 취약성을 가지고 있다. 이에 ERP 시스템에도 보안에 대한 필요성이 대두되었으나 ERP 업체들의 대다수는 아직도 구체적인 보안에 대한 방안을 제시하지 않고 있는 실정이다. 결국 비즈니스의 성공도 취약한 기업의 자원을 인증되지 않은 다른 사용자로부터 보호하는 능력에 달려 있으며, 이 연구의 목적은 ERP 시스템의 보안 이슈를 어떻게 다룰 것이며, ERP 보안 요구 사항을 어떻게 모델링 할 것인가에 대한 연구 이다. 현재 나와있는 SAP R/3와 EAGLE ERP의 제품 보안 모델을 비교함으로써 외산 제품과 국산 제품의 보안 요구 사항을 분석 하고, ERP시스템 보안에 대한 고려사항 및 접근 방법을 모델링 할 것이다. 본 연구에서는 UML을 이용하여 ERP 시스템 안에서 찾을 수 있는 모든 보안 사항을 점검 하고,UML의 물리적 요소와 논리적 요소를 이용함으로써 ERP 보안을 모델링 하고자 한다. 이 논문을 통하여 ERP 시스템의 각 분야의 담당자가 ERP 보안을 개념적으로 접근 할 수 있도록 할 것이다. 차후 연구 과제는 좀더 구체적인 모델링을 통한 ERP 보안 solution 개발이다.

• Information Systems Review
• /
• v.15 no.2
• /
• pp.1-19
• /
• 2013

Smart working sparked by iPhone3 opens a revolution in smart ways of working at any time, regardless of location and environment. Also, It provide real-time information processing and analysis, rapid decision-making and the productivity of businesses, including through the timely response and the opportunity to increase the efficiency. As a result, every company are developing mobile information systems. But company data is accessed from the outside, it has problems to solve like security, hacking and information leakage. Also, Mobile devices such as smart phones belonging to the privately-owned asset can't be always controlled to archive company security policy. In the meantime, public smart phones owned by company was always applied security policy. But it can't not apply to privately-owned smart phones. Thus, this paper is focused to archive company security policy, but also enable the individual's free to use of smart phones when we use mobile information systems. So, when we use smart phone as individual purpose, the normal operation of all smart phone functions. But, when we use smart phone as company purpose like mobile information systems, the smart phone functions are blocked like screen capture, Wi-Fi, camera to protect company data. In this study, we suggest the design and implementation of real time control and management of mobile device using MDM(Mobile Device Management) solution. As a result, we can archive company security policy and individual using of smart phone and it is the optimal solution in the BYOD(Bring Your Own Device) era.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.649-664
• /
• 2015

Recently, the risk of security incidents has been increased due to change of IT environment and development of new hacking methods. Event study methodology that measures the effect of a specific security incident on the stock price is widely adopted to analyze the damage cost of security incidents on market value. However, analysis of company's temporary stock price change is limited to immediate practical implication, and reputation loss should be considered as a collateral damage caused by security incidents. We analyzed 52 security incidents of listed Korean companies in the last decade; by refining the criteria presented by Tobin's q, we quantitatively showed that the companies has significantly higher reputation loss due to security loss than the other companies. Our research findings can be used in order that the companies can efficiently allocate its resource and investment for information security.