• Journal of Advanced Navigation Technology
• /
• v.17 no.4
• /
• pp.442-448
• /
• 2013

I&C (Instrumentation & Control) system is different from information system and the security design of the two systems are also different. The modeling activity is needed based on the security control guide in order to build I&C system security control. In this paper, the role and by the security control, we designed the relationship (that is, the relation schema) between the documents for 'The system for supporting the cyber security control of I&C system design' based on the security control guide. The designed schema plans 'The system for supporting the cyber security control of I&C system' for observing the security control guide, and is used as the database and content that supports its design and implementation. The process and system of the proposed schema is utilized and designed. The design of the schema and system is intensified in the design phase with the proposed mode and supporting the I&C system cyber security design.

• Review of KIISC
• /
• v.24 no.1
• /
• pp.23-31
• /
• 2014

대기업과 중소기업을 막론하고, 기업의 정보화는 기업의 지속가능한 발전을 위하여 필수불가결한 요소가 되어가고 있다. 또한, 기업들의 업무 프로세스는 기존의 정보화 시스템 및 신규 정보화 시스템 개발 및 보완을 통하여 전사적 단계로 진화되고 있으며, 자체적인 정보화 시스템 개발 및 운영인력을 보유하지 못하는 대다수의 기업들은 이러한 정보화 시스템 개발과 운영의 많은 부분을 기업 외부의 자원을 활용하는 아웃소싱에 위탁하여 수행하고 있다. 근래에 들어, 아웃소싱 인력을 포함한 내부자에 의한 정보유출 및 보안 사고의 규모는 매해 증가하고 있으나, 기업의 보안시스템은 해킹, 크래킹 등의 외부자 공격에 대한 방어위주로 구축되어 있다. 또한, 아웃소싱에 참여하고 있는 인력에 대한 적절한 기술적 관리적 보안체계의 수립이 미흡함으로써 발생하는 보안사고로 인하여 기업이 막대한 피해를 입는 사례가 나타나고 있다. 따라서, 아웃소싱 인력에 대한 보안수준을 향상하고 체계적인 아웃소싱 보안관리를 위한 가이드라인 수립이 필요한 시점이다. 본 연구에서는 기존의 선행연구를 조사하여 아웃소싱에 대한 보안 통제항목을 도출하고 도출된 보안 통제항목을 바탕으로 아웃소싱 보안수준을 높이기 위한 보안관리 추진방향을 제언하였다.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.101-110
• /
• 2017

The purpose of this study is to examine possibilities of industry secret information leakage through IoT devices and to prevent information leakage from the perspective of administrative and technique security. From the administrative security perspective, first, it is important to face the possibility of industry information data leakage through anyone who can access companies and should establish guidelines to limit the use of IoT devices when entering companies. Second, security management guideline should be prepared by companies or upon user's request and use of any electronic devices sharing wireless internet connection should be eliminated or restricted. From technique security perspective, channels that sharing IoT devices in computers should be controlled since industry secret information are stored in computers and servers. Furthermore, IoT devices that accessing wireless internet network or devices that already registered should be regularly checked in order to minimize any information leakage. Lastly, data and information stored in computers and servers should be encrypted.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.246-248
• /
• 2018

사이버 위협이 증가하면서 국가 기반시설을 담당하는 산업제어시스템 보안에 대한 위험이 증가하고 있다. 이를 보완하기 위해 산업제어시스템의 다양한 분야에서 표준화가 진행되고있고, IEC 62443 Series는 산업제어시스템의 전반적인 안전을 위한 가이드를 제시한다. 본 논문은 최근 발행 된 IEC 62443-4-1의 통제항목들을 타 표준들과 비교 및 ?석하여 개선방안을 제시하고 최종적으로 산업제어시스템의 제품 개발단계 보안을 향상에 기여하여 전반적인 기반시설 보안 수준을 향상하는 것을 목표로 한다.

• Review of KIISC
• /
• v.33 no.5
• /
• pp.57-68
• /
• 2023

최근 클라우드 규제의 변화에 따라 국내 금융권의 클라우드 전환이 확산되면서 주요 인프라로서 클라우드 활용에 관한 연구·개발이 관심을 받고 있다. 2016년도 10월 이전에는 금융회사의 모든 전산시스템에 대하여 물리적 망분리를 적용하여야 하는 등의 과도한 규제로 퍼블릭 클라우드 활용에 어려움이 있었다. 이후 전자금융감독규정이 점차 완화되면서 클라우드 이용이 활성화되고 현재에 이르게 되었다. 안전한 클라우드 이용을 위해서는 금융분야 클라우드 컴퓨팅 서비스 이용 가이드에서 제시하는 업무 연속성 계획 및 출구 전략을 수립하고, 안전성 확보 조치 방안을 마련하며, 클라우드 서비스 제공자의 안전성 평가, 자체 정보보호위원회 심의·의결 및 감독 당국의 보고 등의 내부통제를 준수하여야 한다. 본 고에서는 금융분야의 클라우드 전환 사례 조사를 토대로 전환 동향과 전환 요인, 업권별 특징 및 규제 변화에 대해 살펴보고, 향후 클라우드 이용 환경 변화를 전망해본다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.9
• /
• pp.1166-1175
• /
• 2021

We investigate the current situation and development trend of domestic smart city and emergency vehicle priority signal control system analyzing the existing effectiveness of 1) emergency vehicle priority signal control system and 2) control emergency vehicle priority signal, based on domestic and foreign prior research for signal control system security. The effectiveness of time reduction was analyzed through actual application and test operation to emergency vehicles after establishing the system. In addition, for security management and stable service of real-time signal system control we propose improvement for the technical control items of the ISMS-P certification system to secure golden time to protect citizens' precious lives and property in case of emergency by classifying and mapping the existing ISMS-P certification system and the Korea Internet & Security Agency's cyber security guide according to the items of security threats.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.9-20
• /
• 2018

Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have not been treated importantly in financial industry. In addition, this study presented that ISMS can be an effective management system applicable for financial service industry.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.945-950
• /
• 2017

Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.

• Convergence Security Journal
• /
• v.2 no.1
• /
• pp.87-97
• /
• 2002

Many firms are utilizing the Internet and various information technologies to effectively manage their business operations with a goal of gaining a competitive advantage in the rapidly changing business environments. Today, the business is characterized as digital economy where information freely flows and business processes are improved with the use of information technologies. Internet technology is playing a key role in transforming the organization and creating new business models. It has become the infrastructure of choice for electronic commerce because it provides process efficiency, cost reduction, and open standards that can easily be adopted by different organizations. Here, the vast amount of data and information slow among the related parties and security issues are very critical matter of research interests by academicians and practitioners. In this research, we address the importance of security framework in managing the data shared among the related parties in the e-business and suggest the security architecture for effectively supporting the needs of e-business in an organization. This research provides valuable contributions both in academics and industry in terms of how security framework and architecture should be set in order to provide the necessary e-business.

• Journal of Korea Technology Innovation Society
• /
• v.21 no.2
• /
• pp.875-905
• /
• 2018

Recently China's science and technology development is accelerating, and some technologies have the world's best technology. With the rapid development of science and technology, China has been deeply aware of the importance of science and technology, and many efforts are being made to legislate security regulations to protect their technologies. Korea and other countries are also interested in research security, and research and development cooperation with China is also on the rise. In this paper, we derived some implications by comparing and analyzing China's science and technology security regulation and Korea's national R&D project management regulations. China is also enacting science and technology security regulations as a subordinate to the laws and regulations of science and technology. However, it should be reflected in future legislation that the difference from Korea is composed of separate independent regulations. In particular, the fact that the science and technology security regulations have been enacted separately may be a hint that can be reflected in the nation's future legislation processes. In this paper, major contents of the science and technology security regulations, points to division of knowledge property into scientific and technological cooperation or security tasks, designation of regulations on the characteristics of research security guidelines, and operation of individual national security agencies In addition, in the event that the contents of the related statutes, confidentiality provisions, and import and import control are recorded in this paper, and the results of the joint R&D project are not utilized, or the technology transfer is not carried out.