• Annual Conference of KIPS
• /
• 2009.11a
• /
• pp.669-670
• /
• 2009

기업 내부적으로 고객의 정보를 다루는 DataWarehouse 시스템에 대한 활용도가 증대되고 있다. 특히 고객 식별자 정보(주민번호, 고객성명, 전화번호, E-mail, 주소)에 대한 접근을 통해 데이터를 추출하여 분석하고 이를 마케팅이나 고객 Segment 를 위해 활용이 증대되고 있다. 따라서 민감한 고객의 고객의 정보를 전사적인 차원에서 체계적인 관리를 위한 시스템이 필요하다. 본 논문에서는 DW 고객 식별자 정보 이용절차를 개선하여 대량정보 유출 및 불법 이용을 사전에 예방하고 사후 보안 체계를 강화하는 시스템을 구현 모델을 설명하며, 그 결과로 사용자, 관리자, 감사자까지의 각 단계별 검증 프로세스를 통한 고객 식별자 정보 관리의 극대화 방향을 제시한다.

• KIISE Transactions on Computing Practices
• /
• v.22 no.7
• /
• pp.332-337
• /
• 2016

System administrator or security managers need to collect logs of computing device (desktop or server), which are used for the purpose of cause-analysis of security incident and discover if damage to system was either caused by hacking or computer virus. Furthermore, appropriate log maintenance helps preventing security breech incidents through identification of vulnerability. In addition, it can be utilized for prevention of data leakage through the insider. In the paper, we present log collection system developed using open source supported by commands and basic methods of Windows. Furthermore, we aim to collect log information to enable search and analysis from diverse perspectives and to propose a way to integrate with open source-based search engine system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.273-279
• /
• 2014

Recently, it was occurred in the nation's largest Information spill about 140 million cases of credit card customers' personal and credit information. As such, it was rapidly to increase in consumer complaints about the privacy of personal information in accordance with outflow of financial companies increased accident. But it is still not clear precaution. Therefore, in financial customer position, it is possible to confirm and determine in advance whether or not superior to the security company. In addition, It is time to be required institutional device that can be a real effort to equip a good security company. This report is considered a model of "Disclosure of corporate security assessment " of these devices institutional study. And We study in realistic and objective stance about why do we need this policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.769-776
• /
• 2016

Recently, cyber attacks are continuously threatening the cyberspace of the state across the border. Such cyber attacks show a surface which is intelligent and sophisticated level that can paralyze key infrastructure in the country. It can be seen well in cases, such as hacking threat of nuclear power plant, 3.20 cyber terrorism. Especially in public institutions of the country in which there is important information of the country, advanced prevention is important because the large-scale damage is expected to such cyber attacks. Technical support is also important, but by improving the cyber security awareness and security expert knowledge through the cyber security education to the country's public institutions workers is important to raise the security level. This paper suggest education courses for the rise of the best security effect through a short-term course for the country's public institutions workers.

• Proceedings of the KIEE Conference
• /
• 2011.07a
• /
• pp.2081-2082
• /
• 2011

사회의 발달에 따라 전기 전자 통신설비에 대한 중요성 및 이용률이 커짐에 따라 전기사고 발생 시 파급되는 인적, 물적 피해 또한 급증하여 안정적인 전력공급이 필수적으로 요구되고 있는 실정이다. 본 논문에서는 수배전반 전기사고 사전 예방을 위해 전기 관리자가 시간과 장소에 구애받지 않고 전력설비의 상태를 실시간으로 감시할 수 있도록 구축한 스마트폰을 활용한 수배전반 종합 감시 시스템에 대하여 설명한다. 스마트폰을 활용한 수배전반 종합 감시 시스템은 크게 전력설비의 상태를 모니터링 할 수 있는 감시부분, 설비 데이터 분석을 통해 전력설비의 상태를 미리 예측하고 이상을 진단하는 진단부분, 그리고 승인된 관리자만 접속 및 관리가 가능하도록 하는 보안부분으로 구성하였다. 향후 스마트폰을 이용한 수배전반 종합 감시 시스템의 활용은 수배전반 전기 사고의 감소와 관리 효율 증대에 큰 도움이 될 것으로 사료된다.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.89-98
• /
• 2011

The counter-terrorism in Korea should be approached practically divided both internally and externally. However, in reality it is impossible for the military and the police to control all the counter-terrorism. So there is a need of precaution using the partnership with private companies. But the military and the police have stressed the conservative and closed operation. Furthermore, the focus of counter-terrorism in Korea is more on expose facto treatment than prevention, so they are almost the defenseless. In order to solve this problem, we should form the private subcontractors of the counter-terrorism experts. That is the introduction and the application of PMSCs system. First, the military and the police need to change its mind set for the partnership with private companies to prepare appropriateness. Second, it should be built up infrastructure to let the hands-up workers on counter-terrorism out place. Third, it should be set up the institutions of learning to train regularly to applicate PMSCs system and to specialize. Fourth, the training of counter-terrorism should be made it mandatory about exit passengers to danger zone. Fifth, the selection of PMSCs suitable for counter-terrorism should be strict.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.79-87
• /
• 2024

This paper addresses the increasing cyber attacks exploiting security vulnerabilities in software due to the rise in web applications. CSRF (Cross-Site Request Forgery) attacks pose a serious threat to web users and developers and must be prevented in advance. CSRF involves performing malicious requests without the user's consent, making protection methods crucial for web applications. This study compares and verifies the CSRF defense performance of two frameworks, Spring Security and Apache Shiro, to propose an effectively applicable framework. The results show that both frameworks successfully defend against CSRF attacks; however, Spring Security processes requests faster, averaging 2.55 seconds compared to Apache Shiro's 5.1 seconds. This performance difference stems from variations in internal processing methods and optimization levels. Both frameworks showed no significant differences in resource usage. Therefore, Spring Security is more suitable for environments requiring high performance and efficient request processing, while Apache Shiro needs improvement. These findings are expected to serve as valuable references for designing web application security architectures

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.107-114
• /
• 2015

Since 2002, information security management system has been implemented (ISMS) certification scheme whilst providing telecommunications services to enhance the level of enterprise information security was ongoing and Prevent accidents and avoid spread of infringement, such as rapid response and there is a lot of it came true. However, this system is the protection of the country or the investment company, as part of the actual information on how management affects the performance came from or how measures are still lacking for. In this study, the companies have their own privacy ISMS certification measures the level of activity continued to improve information security performance measures and methodology are presented. The government is also based on the validity of the certification system to ensure the overall implementation of the ISMS itself is this a step increase effective information security system is to be certified in advance to prevent security incidents and to improve business performance to help.

• Convergence Security Journal
• /
• v.14 no.6_1
• /
• pp.45-55
• /
• 2014

China has vast land, variety of people, religions and cultures. China has faced terrorism threat from the struggles of people, religions and resources. The 11thStanding Committee of the National People's Congress of China decided to strengthen the anti-terrorism action on October 29, 2011. This study compared, analyzed and estimated the counter-terrorism laws of the USA, Britain and Germany thinking about the China's anti-terrorism decision. The counter-terrorism laws of the USA, Britain and Germany are largely composed of previous prevention of terror and oppression of it later. They enacted the laws both for people and property. They also rearranged the power and role of governmental institutes on counter-terrorism. The contents of the counter-terrorism laws are specific, detailed and systematic. But the anti-terrorism law of China has restriction on the power and roles for previous prevention and oppression of terrorism, handling of people and property. This study reviewed the foreign countries' counter-terrorism laws and the way to connect the regulations on terrorism crimes of the revised Chinese criminal law and the anti-terrorism decision, when they enact the anti-terrorism laws in China in the future.

• Convergence Security Journal
• /
• v.16 no.3_2
• /
• pp.25-32
• /
• 2016

Drone refers to an unmanned flying system according to the remote control. That is a remote control systems on the ground or a system that automatically or semi auto-piloted system without pilot on board. Drones have been used and developed before for military purposes. However there are currently utilized in a variety of areas such as logistics and distribution of relief supplies disaster areas, wireless Internet connection, TV, video shooting and disaster observation, tracking criminals etc. Especially it can be actively used in activities such as search or the structure of the disaster site, and may be able to detect the movement of people and an attacker using an infrared camera at night. Drones are very effective for private security.