• Journal of the Korea Convergence Society
• /
• v.10 no.3
• /
• pp.177-184
• /
• 2019

The Defense Technology Security Act was enacted in 2015 to protect the defense industrial technology from being duplicated or interfering technologies being developed, which prevents its value and utility from deterioration and prevents inappropriate export. Defense industrial technology refers to technology that should be protected for national security among the national defense science and technology related to the defense industry. However, technical identification criteria of identification and management system of protection technology are not regulated. Therefore, in this study, through the Delphi survey, diesel engine core technology identification criteria related to the high efficiency internal combustion engine propulsion technology among the 141 defense industrial technologies is established to improve the identification and management system of the technology to be protected among the defense industrial technology protection system. As a result of the study, operational operability, durability, safety, sequencing and modularization were established as diesel engine core technology identification criteria.

• Korean Security Journal
• /
• no.24
• /
• pp.147-170
• /
• 2010

This study is to present a improvement directions for the protection of industrial key technology. For the purpose of the study, the survey was carried out on the administrative security activity of 68 enterprises including Large companies, small-midium companies and public corporations. survey result on the 10 items of security policy, 10 items of personal management and 7 items of the assets management are as follows; First, stable foundation for the efficient implement of security policy is needed. Carrying a security policy into practice and continuous upgrade should be fulfilled with drawing-up of the policy. Also for the vitalization of security activity, arrangement of security organization and security manager are needed with mutual assistance in the company. Periodic security inspection should be practiced for the improvement of security level and security understanding. Second, the increase of investment for security job is needed for security invigoration. Securing cooperation channel with professional security facility such as National Intelligence Service, Korea internet & security agency, Information security consulting company, security research institute is needed, also security outsourcing could be considered as the method of above investment. Especially small-midium company is very vulnerable compared with Large company and public corporation in security management, so increase of government's budget for security support system is necessary. Third, human resource management is important, because the main cause of leak of confidential information is person. Regular education rate for new employee and staff members is relatively high, but the vitalization of security oath for staff members and the third party who access to key technology is necessary. Also access right to key information should be changed whenever access right changes. Reinforcement of management of resigned person such as security oath, the elimination of access right to key information and the deletion of account. is needed. Forth, the control and management of important asset including patent and design should be tightened. Classification of importance of asset and periodic inspection are necessary with the effects evaluation of leak of asset.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.333-336
• /
• 2024

스마트팩토리는 기존 제조산업에 ICT 기술이 융합된 지능형 공장이다. 이는 IT(Information Technology)영역과 OT(Operation Technology)으로 구분되고, 영역 간 연결을 통해 제조공정 자동화 및 지능화를 수행한다. IT영역은 외부 네트워크와 연결되어 스마트팩토리의 전사업무 관리를 수행하며, OT영역은 폐쇄망 네트워크로 구성되어 직접적인 제조과정을 수행한다. 이는 2개의 영역으로 구분되어 자동화 및 지능화된 제조공정 과정을 수행함에 따라 구조가 복잡해지고 있으며, 이로 인해 스마트팩토리 보안위협이 발생 가능한 공격 표면이 증가하고 있다. 이에 대응하기 위해서는 스마트팩토리 IT영역과 OT영역의 특징을 분석하고, 영역별 적합한 보안위협 대응체계를 수립해야 한다. 이에 따라, 본 논문에서는 다수의 장치에 대한 학습이 용이하고, 세부적으로 학습기법을 구분할 수 있는 연합학습을 활용하여 스마트팩토리 영역별 적합한 보안위협 대응방안을 제안한다.

• Korean Security Journal
• /
• no.50
• /
• pp.35-57
• /
• 2017

Security Act has been partially revised many times since it was revised to "Security Service Act". Main contents of such revision consist of the addition of security work such as protection or special security, responsibility enforcement of security company or security guard and systematic management of security service based on security work of previous security service act. But, it needs to be checked out that the fundamental matter about the concept of 'security' is directly related as double-edged sword in such flow of legal revision. That is because security service satisfies the multiple needs for security in the modern risky society and is based on the concept of active management whose goal is to forster and develop the function of actual security service comparing that current "Security Service Act" regulates the formal security service whose goal is permission of security service and systematic management based on article 2 as previous facilities and manned security that is guard duty-centered security service in another respect. So, this study pointed out the limit of interpreting security and security service in "Security Services Industry Act" in respect of providing private security service and drew the conclusion that the legislation and efforts are required for 'security for citizen' by reinterpreting the legislation and revision of private security service-related law as the normal regulation of "Security Services Industry Act" and the special law of "Private Security Services Industry Act".

• Journal of Korean Society of societal Security
• /
• v.2 no.3
• /
• pp.67-72
• /
• 2009

The occurrence of disaster lately is coming with the more complex form and increasing the necessity of National Infrastructures Protection Plan(NIPP). International and domestic laws and systems related to critical infrastructures were investigated. The program in which the classification of national critical infrastructures was expanded eight fields to thirteen fields including emergency services, large gathering sites, defense industrial base, and national monuments was presented in this study. The plan for integrating national critical infrastructures, national important infrastructures and national security infrastructures and a NIPP framework were proposed.

• Journal of the Society of Disaster Information
• /
• v.10 no.4
• /
• pp.536-547
• /
• 2014

With the changing safety services and social order systems accompanied by the economic development and changing public security environment since the Chinese economic reform, the security service industry in China is growing daily and related problems are increasing. For the Chinese security service market to be activated, the monopoly of security services by the public security agencies must be removed. In addition, the research and development, expansion, and applications of safety and crime prevention technologies regarding the safety and protection of exhibition, sales, culture, sports, commerce activities, combinations of safety technologies and crime prevention processes, the provision of relevant technical operations, and the expansion of security service areas are required. Furthermore, the administration rights, property rights, and business management rights of security companies must be separated, the security headquarters must be integrated and coordinated for optimization of various resources solely by market needs, and their rights and affiliation relations must be clear. Besides, the competitiveness of security companies in the security service market must be enhanced by unifying the business management, and optimizing and sharing their resources. The security service ordinances of China that have been implemented now must be applied realistically, methods to activate the true market economy for security services must be researched, and various ordinances related to security services must be realigned in line with the characteristics of security services. Finally, for the mutual cooperation system between public and private security services, the public security agencies must acknowledge the importance of private security services and the status of security service providers in crime prevention and social order maintenance. They must establish partnership relations with each other beyond the unilateral direction and management system for security services and drive with positive attitudes the security service industry which is still in its infancy.

• Review of KIISC
• /
• v.18 no.5
• /
• pp.21-32
• /
• 2008

신용카드 정보를 노린 해킹이나 카드 분실 도난 사고가 증가하면서 고객정보를 보호하고자 하는 지불카드산업 데이터 보안표준(PCI DSS) 컴플라이언스가 제정되고 이를 준수하도록 강제화 되고 있다. 국내에서는 정보보호 인식이 높아지고 정보보호시스템이 운영되고 있음에도 불구하고 PCI DSS 를 준수하기 위한 중복된 정보보호활동이 필연적인 상황이다. 본 논문에서 제안하는 정보보호 통제항목 코드화 방안은 효과적인 PCI DSS 구현을 가능하게 하며 하나의 통제 항목 준수로 유사한 다중 정보보호관리체계 준수를 가능하게 한다. 결과적으로 IT 컴플라이언스 통제항목 준수의 상시적 자가진단을 할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.309-327
• /
• 2022

As ICT convergence is progressing in all industrial fields and creating the global ecosystem of the supply chain is accelerating, supply chain risk related with cyber area are also increasing. In particular. the supply chain of ICT products is very complex in terms of technical and environmental factors to be managed, so it is vert difficult to transparently manage the entire life cycle. Accordingly, the US, UK, and EU, etc. are conducting and establishing cyber supply chainsecurity-related research and policies for ICT product supply chains. Korea also has the plan to establish management system to secure the supply chain of major ICT equipment as a task in the basic plan of the national cybersecurity strategy announced in 2019, but there is no concrete policy yet. So, In this paper, we review the cyber supply chain security management system in the United States and present a supplementary way to the National Information Security Manual in Korea from the perspective of cyber supply chain security. It is expected that this will serve as a reference material for cyber supply chain measures that can be introduced in domestic information security field.

• Journal of Industrial Convergence
• /
• v.16 no.2
• /
• pp.25-31
• /
• 2018

An APT attack is a new hacking technique that continuously attacks specific targets and is called an APT attack in which a hacker exploits various security threats to continually attack a company or organization's network. Protect employees in a specific organization and access their internal servers or databases until they acquire significant assets of the company or organization, such as personal information leaks or critical data breaches. Also, APT attacks are not attacked at once, and it is difficult to detect hacking over the years. This white paper examines ongoing APT attacks and identifies, educates, and proposes measures to build a security management system, from the executives of each organization to the general staff. It also provides security updates and up-to-date antivirus software to prevent malicious code from infiltrating your company or organization, which can exploit vulnerabilities in your organization that could infect malicious code. And provides an environment to respond to APT attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.561-575
• /
• 2023

The information security industry has seen a wide variety of growth over the past few decades. In particular, various solutions have been proposed in terms of technology, management, and institutional aspects. Nevertheless, it should be notedthat security accidents continue to occur every year. This proves that there are limitations to various business changes in the digital era as existing security is being promoted with technology-oriented and prevention-oriented policies. Thus, people-centric security (PCS) has recently become a hot topic in order to escape the limitations of traditional securityapproaches. Through the concept of information security violations, PCS strategic principles, and expert interviews, this studyaims to present a fundamental security incident response plan by classifying human-caused vulnerabilities into 5 categories and classifying them into 21 detailed components.