• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.05b
• /
• pp.671-674
• /
• 2003

최근 정보보호에 대한 관심이 높아짐에 따라 그에 따른 기반 기술들이 요구되고 있다. 특히, 통신 인프라에 집중되었던 정보보호 산업이 이를 기반한 제품으로 관심이 부각되고 있다. 이러한 정보보호제품의 신뢰성은 매우 중요한 요소이며, 신뢰성 보장을 위한 보안 기능의 보증은 중요하다. 본 논문에서는 개발 단계에서 유지보수 단계에 이르는 생명주기 찰동의 보증과 품질보증 위한 방법 또한 중요하다는 것을 인식하고 이를 위해 소프트웨어 개발에 정보보호시스템 공동평가기준(정보통신부 고시 제2002-40호, 이하 공통평가기준)을 적용하여 개발할 수 있도록 프로세스를 제시한다 이를 통해 소프트웨어 개발자나 시스템 관리자들이 정보보호 인증을 보장하며, 안전한 소프트웨어를 개발하여 효율적으로 관리할 수 있도록 소프트웨어 개랄 및 변경시 발생할 수 있는 위험들과 이에 대한 통제들을 제안한다 향후 전산망 시스템에서 사용되는 정보보호 제품의 개발 및 관리에 도움 줄 것을 기대한다.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.11
• /
• pp.1383-1394
• /
• 2001

Through the extension of damages caused by hacking and computer virus, although security control has been emphasized, hackers' capability exceeded the security controllability. The basic security setup of server system will be free from the damages by primary and intermediate level which are the major group. It should be noted that security condition of most middle-sized and personal systems is widely open for hacker's intrusion. There is no perfect information system either software-wise or hardware-wise. It has to be recognized that our systems will be attacked easily by the hackers and computer virus. Computer users are demanded to be prepared for these types of surprise attacks. In this paper, I will propose a formation of Bastion server. This will protect risks from inside & outside intrusion which have been known till today.

• Journal of Convergence for Information Technology
• /
• v.7 no.2
• /
• pp.119-124
• /
• 2017

Information is a valuable asset regardless of the size of the enterprise and information security is an essential element for the survival and prosperity of the enterprise. However, in the case of large corporations, Security is ensured through rapid introduction of information security management system. but In the case of SMEs, security systems are not built or construction is delayed due to complex factors such as budget constraints, insufficient security guidelines, lack of security awareness. In this paper, we analyze the actual situation of information security management of SMEs through questionnaires, and We would like to suggest a comprehensive security plan for SMEs in free or inexpensive ways. We believe that by applying the method presented in this paper, SMEs will be able to implement the lowest cost basic information security and will benefit SMEs who plan to establish an information security plan.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.1A
• /
• pp.25-32
• /
• 2010

Recently a passenger ship and liner has been spread throughout men of diversity, the space and informations is not open to general passenger. Therefore security systems are necessary for special sailors to admit them. Although security systems has a variety usage methods which are organism recognition(finger printer, iritis and vein etc) a few years ago, these usages has a defect reusing other objects because of leaving a trace. Therefore this paper designs and implements using 3D Qube image password interface which hand gestures are recognized after acquiring from 2D input image for protective marker of finger printer.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.5-9
• /
• 2008

최근 RFID(Radio Frequency Identification)이 기술의 비약적인 발전과 확산으로 관심이 집중되고 있으며, 특히 군에서는 RFID를 활용하여 탄약관리체계, 공군 F-15K 자산관리체계 시범사업을 실시한 바 있고, 2007년부터는 국방부와 정보통신부 협약에 의해 U-Defense 구현의 일환으로 U-Army 실험사업을 추진 중에 있다. 이처럼 군에서 RFID 기술은 다양한 분야에서 활용된다. 그러나 최근 연구에서 RFID가 공격에 취약한 것으로 증명되었다. 이 논문에서는 군에서의 RFID 활용사례와 RFID 공격방법과 대책, 그리고 군에서 RFID 기술을 활용함에 있어 적 위험분석과 대책을 설명한다. 논문의 목적은 U-Defense 구현의 핵심인 RFID 기술의 적 위협들을 인식하고 대응책을 제시하기 위함이다.

• Review of KIISC
• /
• v.18 no.3
• /
• pp.101-108
• /
• 2008

어떤 조직이나 개인을 상대로 한 인터넷 자원에 대한 분산 서비스 거부 공격이 통상적인 위험이 되고 있다. 이런 공격은 봇넷이라는 수많은 감염되거나 침해된 좀비 머신을 통하여 이루어지고 있다. 우리나라에서는 홈네트워크의 구축으로 광대역 액세스를 가진 개인사용자의 호스트 컴퓨터가 주 공격대상이 될 수 있다. 특히 개인 사용자들은 인터넷 보안에 대한 낮은 인식과 제한된 방어 자원으로 인하여 공격자의 대표적인 타깃이 되고 있다. IRC(Internet Relay Chat) 네트워크를 이용하여 감염된 인터넷 호스트를 제어하고 관리하는 공격들이 증가하고 있어, 이에 대한 대책이 절실히 요구되고 있는 실정이다. 따라서 본 논문에서는 인터넷 호스트들을 감염시키고 원격에서 제어하는 악성 봇/봇넷의 기술 개요에 대하여 기술하고 분석하고자 한다. 또한 최근 증가하고 있는 P2P 봇넷에 대하여도 알아보고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.919-929
• /
• 2014

Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.

• Korean Security Journal
• /
• no.56
• /
• pp.145-163
• /
• 2018

Recently, security behavior of members of organizations has been recognized as a critical part of information security at the corporate level. Leakage of customers' information brings more attention to information security behavior of organizations and the importance of a task force. Research on information breach and information security is actively conducted of personal behavior toward security threats or members of organizations who use security technology. This study aims to identify factors of influence on information security behavior of members of organizations and to empirically find out how these factors affect information security behavior through behavior toward attitude, subjective norm and perceived behavior control. On the basis of the research, this study will present effective and efficient ways to foster information security activities of members of organizations. To this end, the study presented a research model that applied significant variables based on integration of Theory of Planned Behavior (TPB) and Theory of Protection Motivation (TPM). To empirically verify this research model, the study conducted a survey of members of organizations who had security-related work experience at companies. So, it is critical for members of organizations to encourage positive word of mouth (WOM) about information security behavior. Results show that based on the integration of TPM and TPB, perceived vulnerability, perceived severity, perceived efficiency and perceived barriers of information security behavior of members of organizations had significant influences on mediating variables such as behavior toward attitude, subjective norm, perceived behavior control and intention. They also had significant influences on organization information security behavior which is a dependent variable. This study indicates companies should introduce various security solutions so that members of the organizations can prevent and respond to potential internal and external security risks. In addition, they will have to take actions to inspect vulnerability of information system and to meet security requirements such as security patches.

• Journal of Navigation and Port Research
• /
• v.41 no.3
• /
• pp.119-126
• /
• 2017

As container vessels get larger, container terminals are also likely to grow. The problem that arises is that the growing volume should be handled in the same amount of time as before. Container terminals are introducing an automation system in order to overcome the limitations of existing manual methods and to continuously reduce operating expenses. Because, Manual handling of carrying containers gate in and out of terminals causes inaccurate data, which results in confusion. An alternative is for containers to be labeled with barcodes that can be scanned into a system with a scanner, but this takes quite a long time and is inconvenient. A RFID system, also known as a gate automation system, can solve these problems by reducing the time of gate management with a technology that detects number identification plates, helping operators more efficiently perform gate management work. Having said that, with this system, when container damage is detected, gate operators make and keep documents manually. These documents, which are insufficient evidence in proving container damage, result in customer claims. In addition, it is difficult for gate operators and other workers to manage containers, exposing them to danger and accidents. This study suggests that if an automation system is introduced at gates, containers can be managed by a video storage system in order to better document damage The video system maintains information on container damage, allowing operators the ability to search for videos they need upon customer request, also allowing them to be better prepared for customer claims. In addition, this system reduces necessary personnel and risk of accidents near gates by integrating a wide range of work.

• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.49-61
• /
• 2021

In a disaster situation such as COVID-19, our society has experienced the spread of the damage due to confirmed patients who have a negative or uncooperative attitude toward the disclosure of personal information. Accordingly, this study aims to find a policy direction that can improve the awareness of the disclosure of personal information about confirmed COVID-19 patients. This study classified the concept of acceptability into personal and social acceptability, and statistically verified their relationship with influential factors. In this study, 594 cases of data collected through an online survey were used. The analysis results show that the greater the trust in the government's personal information management capability, the lower the perception of the risks associated with the disclosure of personal information, and the lower the awareness of the risk, the higher the personal and social acceptability of the personal information disclosure of COVID-19 confirmed patients. In addition, the greater the recognition of the utility of personal information disclosure, the higher the perception of personal and social acceptability of the personal information disclosure. It is expected that the analysis results and discussions of this study will be useful information for policy development to create a more mature social atmosphere to reduce the public's reluctance to disclose information not only in COVID-19 but also in new disaster situations in the future.