• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.77-79
• /
• 2014

시스템은 대중화된 NFC 기술을 이용하여 회사 보안실의 전자 기기의 반입과 출입을 관리하는 시스템이다. NFC Tag를 이용하여 전자 기기의 정보를 저장, 수정, 삭제가 가능하고 이 정보는 회사 내의 데이터베이스에 저장이 된다. 시스템을 통한 전자 기기의 반입과 출입 정보는 시스템의 웹페이지에서 확인할 수 있다. 이 시스템을 통하여 데이터의 관리의 효과적인 운영이 가능하도록 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.145-154
• /
• 2010

End-to-End(E2E) encryption is to encrypt private and important financial information such as user's secret access numbers and account numbers from user's terminal to financial institutions. There has been found significant security vulnerabilities by various hacking in early E2E encryption system since early E2E encryption is not satisfied the basic security requirement which is that there does not exist user's financial information on plaintext in user's terminal. Extensional E2E encryption which is to improve early E2E encryption provides confidentiality and integrity to protect user's financial information from vulnerabilities such as alteration, forgery and leakage of confidential information. In this paper, we explain the extensional E2E encryption technology and present considerable security issues when the extensional E2E encryption technology is applied to financial systems.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.243-253
• /
• 2016

Company strengthen various information security policy and activity in order to protect important information assets that the company has been dealing with and prevents information security accidents such as personal information spill. However, some study said these policy and activity increase employee's information security stress and still information security accidents by employees have happened so far. Therefore, this study will review preceding theories and studies used in many various fields including Information Security areas needed to explain human's behavioral intention and determinants and summarize characteristic factors that have influence on control of human's behavioral intention in the results of the above theories and studies. Secondly, this study will implement exploratory analysis on characteristic factors perceived by employees that has been stemmed from various company's information security policy and activity in order to increase employee/'s information security compliance intention under the its surrounding security circumstance. Thirdly, this study will fulfil multiple-regression analysis in order to identify cause-effect relationship between employee's perceived information security stress and employee's perceived characteristic factor. Finally, this study will explain casual relationship with same analysis methods between information security stress and information security compliance intention based on results of the survey conducted on the financial firm's employees with same analysis methods.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.9
• /
• pp.464-472
• /
• 2017

In the ICT (Information and Communication Technology) convergence security environment, a lot of companies use an external public web system for the external disclosure and sharing of product information, manufacturing technology, service manualsand marketing materials. In this way, the web system disclosed on the Internet is an important aspect of cyber security management and has an always-on vulnerability requiringan information protection solution and IT vulnerability checks. However, there are limits to vulnerability detection management in anexternal environment. In this study, in order to solvethese problems, we constructed a system based on digital forensics and conducted an empirical study on the detection of important information in enterprises by using forensic techniques. It was found thatdue to the vulnerability of web systems operated in Korea and overseas, important information could be revealed,such as the companies' confidential data and security management improvements. In conclusion, if a system using digital forensic techniques is applied in response to theincreasing number of hacking incidents, the security management of vulnerable areas will be strengthened and the cyber security management system will be improved.

• KEPCO Journal on Electric Power and Energy
• /
• v.3 no.2
• /
• pp.73-78
• /
• 2017

Recently, a number of foreign electric power companies including domestic Korea Electric Power Corporation (KEPCO) have actively engaged in the construction of a power grid with the concept of a smart grid. The Smart grid is a technology that increases the efficiency of the power by converging the information network with the power grid. It can maximize the energy efficiency through the two-way communication between the utility and the consumer. However, as the power grid converges with the information and communication network, security threats are increasing more than existing power grids. Due to the nature of the power grid, the damage caused by security threats is not only personal privacy but also economic loss of society. So smart grid becomes the target of hackers. In this paper, we discuss security vulnerabilities of Advanced Metering Infrastructure (AMI), which is a core technology of smart grid construction, and the corresponding security technologies to prevent security damage of smart grid.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.885-895
• /
• 2019

As seen in recent cases of hacking in financial services, attackers are attempting to hacking trustee with poor security management, rather than directly hacking a financial company. As a result, the consignor is strengthening the security check and control of the trustee, but small trustee has difficulties to invest in information security with the lack of computer facilities and the excessive cost of security equipment. In this paper I investigate the vulnerability of personal information processing life cycle standards in order to enhance the security of small consignee that receive personal information form the credit card company. To solve the vulnerability the company should use litigation management system constructed on cloud computing service and install VPN to secure confidentiality and intergrity in data transfer section. Also, to enhance the security of users, it is suggested to protect personal credit information by installing PC firewall and output security on user PC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1181-1191
• /
• 2021

The pandemic has rapidly developed a non-face-to-face environment. However, the sudden transition to a non-face-to-face environment has led to new security issues in various areas. One of the new security issues is the security threat of insiders, and the zero trust security model is drawing attention again as a technology to defend against it.. Software Defined Perimeter (SDP) technology consists of various security factors, of which device validation is a technology that can realize zerotrust by monitoring insider usage behavior. But the current SDP specification does not provide a technology that can perform device validation.. Therefore, this paper proposes a device validation technology using SVDD-based abnormal behavior detection technology through user behavior monitoring in an SDP environment and presents a way to perform the device validation technology in the SDP environment by conducting performance evaluation.

• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.5
• /
• pp.91-95
• /
• 2002

Electronic commerce over the Internet is predicted to grow at an ever-increasing rate over the next few years, with on-line sales already heading for several billion. Many companies are using this new sales channel, and a few retailers now have established major on-line sales sites. There have been some successes, particularly in technology, business-to-business and niche markets. This paper has been produced to summarise the basics of electronic commerce system, covering on-line catalogues and on-line purchasing. Electronic commerce systems consists of the authoring tools and web applications, the electronic payment technology, and the security and transaction processing.

• 정보보호뉴스
• /
• s.137
• /
• pp.26-29
• /
• 2009

지난 2008대규모 해킹 개인정보 유출 등 보안 사고로 얼룩진 한 해였다. 중국발 해킹으로 인해 국내 대표 오픈마켓 회원 1,000개인정보가 유출됐고, 포털 사이트의 고객 상담정보가 해커에 의해 탈취됐으며, 정유회사 고객정보 1,100내부 직원에 의해 유출되는 등 다양한 형태의 보안 사고가 발생했던 한해였다. 지난 십여년에 결쳐 진행된 정보화혁명으로 인해, 거의 모든 정보들이 디지털화되고 인터넷을 통한 유통이 일반화되면서 정보보호 이슈는 날이 갈수록 심화되고 있는 실정이다. 인터넷이 우리 사회에 가져 올 순기능은 형언할 수 없을 만큼 크지만 개인정보 침해를 비롯한 역기능 또한 심각한 수준에 이르고 있다. 향후 유비쿼터스 시대 도래 등과 더불어 다양한 개인 맞춤형 IT 서비스가 더욱 확산된다면 개인정보 보호와 프라이버시에 대한 이슈는 지금보다 더 첨예하게 대두될 것으로 예상된다. 더 많은 정보사회의 편익을 누리기 위해 개인정보의 적절한 수집과 활용은 계속될 것이기 때문이다. 그런 의미에서 개인정보 보호는 고도 정보화 사회를 위한 기본 전제조건이자, 결정적인 신뢰요소다. 그리고 지금은 우리 사회 의 개인정보보호 수준제고를 위해 모두의 지혜가 필요한 시점이다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2017.01a
• /
• pp.139-140
• /
• 2017

현재 사물인터넷 시장이 커져감에 따라 사물인터넷 보안위협도 증가하고 있다. 시중의 가정이나, 회사 등에서 사용하는 사물인터넷 플랫폼은 사용자 개개인에 대해 각 장치의 제어권한을 설정할 수 없다. 이로 인해 보안사고, 자원낭비 등 여러 문제가 발생할 가능성이 높다. 본 논문에서는 관리자가 사용자 개개인에게 각 장치의 제어 권한을 설정하고, 인증을 거친 사용자가 장치를 쉽게 제어할 수 있는 사물인터넷 플랫폼에서 활용할 수 있는 권한 인증 모델을 제시한다.