• The Journal of Korean Association of Computer Education
• /
• v.16 no.1
• /
• pp.73-80
• /
• 2013

Government promotes that the strategy of national R&D converts from catch-up R&D type to leading R&D type for the future growth and national competitiveness according to the recent paradigm shift in the research and development. So the many national researches about foundation, source and core technology are actively being made. As a result of these researches, the security has become an important part of success factor in R&D. And so various security diagnosis and evaluation is being conducted about national R&D program. Existing the research security evaluation models are classified domains in terms of security management and created evaluation indicators according to the domains. However the models are inappropriate in case of researchers doing self-diagnosis of research security. This paper set up the domains in aspect of research management and then proposed the evaluation indicator of research security according to the domains. The evaluation indicator model that is suggested can be utilized in self-diagnosis of research security effectively.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.83-91
• /
• 2007

Information security is a critical issue for network centric warfare(NCW). This paper provides a information security governance index for NCW, which is a result of the research through a group decision making process. The purpose of the research is to intended to help military organization's planners determine the degree to which they have implemented an information systems governance framework at the strategic and tactical level within their organization.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.65-73
• /
• 2022

Since cyber operations are performed in a virtual cyber battlefield, the measurement indicators that can evaluate and visualize the current state of the cyber environment in a consistent form are required for the commander to effectively support the decision-making of cyber operations. In this paper, we propose a method to define various evaluation indicators that can be collected on the cyber battlefield, normalized them, and evaluate the cyber status in a consistent form. The proposed cyber battlefield status element consists of cyber asset-related indicators, target network-related indicators, and cyber threat-related indicators. Each indicator has 6 sub-indicators and can be used by assigning weights according to the commander's interests. The overall status of the cyber battlefield can be easily recognized because the measured indicators are visualized in time series on a single screen. Therefore, the proposed method can be used for the situational awareness required to effectively conduct cyber warfare.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.515-518
• /
• 2002

근래에 범용 운영체제의 보안성을 강화하기 위해 접근 통제, 침입 탐지 그리고 감사 등과 같은 새로운 보안 기능이 계속해서 추가되고 있다. 추가된 보안 기능에 의해서 어느 정도 시스템 성능에 변화가 생기는지는 보안 운영체제를 도입하려는 사용자들에게 중요한 선택 기준이 되고 있다. 그러나 현재 보안 운영체제들에 대한 성능 분석 자료는 범용 운영체제와 동일한 방법으로 평가된 것들이 대부분이며 여러 보안 운영체제들의 성능을 객관적으로 비교해 놓은 자료 또한 없는 상태이다. 본 논문에서는 잘 알려진 보안 운영체제들을 대상으로 범용 성능 평가 도구를 이용하여 성능 분석 지표를 추출하였다. 본 논문의 결과는 보안 운영체제의 성능 평가를 위해 유용하게 사용될 수 있다.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.29-35
• /
• 2015

The network security encryption type is divided into two, one is point-to-point, second method is link type. The level of security quality attributes are a system security quality requirements in a networked environment. Quality attributes can be observed and should be able to be measured. If the quality requirements can be presented as exact figures, quality requirements are defined specifically setting quality objectives. Functional requirements in the quality attribute is a requirement for a service function which can be obtained through the encryption. Non-functional requirements are requirements of the service quality that can be obtained through the encryption. Encryption quality evaluation system proposed in this study is to derive functional requirements and non-functional requirements 2 groups. Of the calculating measure of the evaluation index in the same category, the associated indication of the quality measure of each surface should be created. The quality matrix uses 2-factor analysis of the evaluation for the associated surface quality measurements. The quality requirements are calculated based on two different functional requirements and non-functional requirements. The results are calculated by analyzing the trend of the average value assessment. When used this way, it is possible to configure the network security encryption based on quality management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.763-777
• /
• 2021

Information security started as an IT operation process and is now recognized as an important issue of information technology, and each international organization is newly defining the concept. Information security itself is a new combination of IT technologies, a set of technologies and a technology area. As IT outsourcing becomes common in many public sectors, SLAs are introduced to evaluate the level of IT services. In the area of information security, many studies have been conducted on the derivation and selection of SLA performance indicators, but it is difficult to find a way to apply the performance indicators to service level evaluation and performance systems. This thesis conducted a study on the application of a service evaluation system for information security performance indicators based on the public sector and a performance system including compensation regulations. It presents standards and rewards(incentive and penalty) that define expectation and targets of performance indicators that take into account the environment and characteristics of a specific public sector, and defines appropriate SLA costs. It proposes a change plan for the organizational structure for practical SLA application and service level improvement.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.145-151
• /
• 2004

School Networks environment is implemented in many schools to support educational activities for networking resources required in teaching-teaming activities with government initiative. On the other hand, the open system in school which are used in internet in internet do considerable damage committed by intruder and cracker to the preservation of computer data and system due to second schools security state. Therefore this study is to present assortment in information resources of schools, security items and problem. finally, we give the effective and systematic metrics of estimates for security of secondary schools in information resources parts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.289-307
• /
• 2022

The Global Cybersecurity Index (GCI) developed by the International Telecommunication Union (ITU) is used to diagnose a country's cybersecurity development level and to strengthen its cybersecurity capabilities. This paper analyzes GCI and tries to suggest a way to strengthen its effectiveness. In addition, we analyze the GCI version 1~GCI version 4 evaluation index in advance, and examine the development plan through SWOT analysis. Through this, basic principles for GCI improvement and utilization will be established, and new indicators related to the GCI version 5 questionnaire will be discovered and suggested. This paper is expected to be used as basic data for GCI performance analysis and improvement plan. In addition, it is intended to contribute to enhance the effectiveness of GCI and the nation's cybersecurity capabilities by proposing more advanced proactive and reactive indicators to be applied to the future GCI evaluations. This paper is an improvement and development for the research result of [1].

• Journal of the Korea Society for Simulation
• /
• v.21 no.3
• /
• pp.17-24
• /
• 2012

This paper suggests Effectiveness Evaluation Methods of DDoS attacks countermeasures model by simulation. According to the security objectives that are suggested by NIST(National Institute of Standards and Technology), It represents a hierarchical Effectiveness Evaluation Model. we calculated the weights of factors that security objectives, security controls, performance indicator through AHP(Analytic Hierarchy Process) analysis. Subsequently, we implemented Arena Simulation Model for the calculation of function points at the performance indicator. The detection and protection algorithm involve methods of critical-level setting, signature and anomaly(statistic) based detection techniques for Network Layer 4, 7 attacks. Proposed Effectiveness Evaluation Model can be diversely used to evaluate effectiveness of countermeasures and techniques for new security threats each organization.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.67-73
• /
• 2006

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. a general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.