• The Journal of Korean Association of Computer Education
• /
• v.17 no.2
• /
• pp.21-29
• /
• 2014

In spite of the R&D level of Korea, the efforts to protect the R&D results from outflowing has not been raised up. We investigated the current status of security education and the level of researcher's awareness for research security in the government-financed institutes. Also, we attempted to find out the needs for institutionalization of the security education. We conducted a survey and in-depth interviews of all the security officers in the thirty-seven government-financed institutes. The results show that the awareness level of the researchers for R&D security is below adequate level, and that security education is necessary in order to increase the security awareness. Also, it is necessary to institutionalize the security education.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.139-143
• /
• 2002

IDS, Firewall 등의 보안도구들은 보편화되어 있는 보안 솔루션이다. 시스템의 보안을 책임지는 이러한 도구들이 보안상 문제점(즉, 우회 공격 가능성)을 가지고 있다는 것은 보안에 있어 근본적인 부분이 취약성을 내포하고 있는 것과 같다. 그러므로 시스템 및 네트워크에 대한 새로운 보안 기법을 연구하기에 앞서 현재의 보안 솔루션들이 가지고 있는 우회공격과 같은 위험성을 해결하는 것 필수적이다. 따라서 본 논문에서는 일반적으로 사용되는 보안 솔루션들에 대한 우회 공격 기술 분석 및 대응 방안에 관한 연구를 수행한다.

• Review of KIISC
• /
• v.18 no.3
• /
• pp.109-117
• /
• 2008

기업의 Network 보안은 회사의 관문 방화벽에만 의존하고 있어 보안정책의 집중으로 효율성이 저하되고 이를 우회할 경우 심각한 위험에 노출될 수 있다. 본 연구는 신속성, 보안강화 측면에서 Network보안 관리 모델을 제시하여 기업의 보안 수준을 강화하는 것을 목적으로 하고 있다. 따라서 기업 비즈니스 환경 변화를 배경으로 관련 연구 결과 및 Trend에서 제시하는 이론(802.1x 사용자 인증, Virtual Backbone 등)을 조사하고 이를 바탕으로 보안 강화 측면에서의 기업의 Network 구조와 보안정책 관리모델을 제시하여 이를 실제 기업 Network에 적용하여 얻어진 효과를 검증한다.

• Information Systems Review
• /
• v.19 no.3
• /
• pp.69-89
• /
• 2017

In the information age, the rapid development of information technology provides people with an enriching experience yet also causes them harm because of information security (IS) issues. The IS of smartphones faces great challenges. Although many studies on IS awareness have been conducted, most of them have focused on PCs and do not consider the security issues of smartphones. In this study, we focus on those factors that affect IS awareness for both PCs and smartphones. We also analyze the differences in the impacts of certain factors on PCs and smartphones based on the proposed research model. The results are summarized as follows. First, the understanding of security technique, understanding of IS threat, and IS education have significant impacts on IS awareness for PCs and smartphones, while IS intention has a significant impact on IS awareness for PCs but not for smartphones. Moreover, IS policy has no significant impact on IS awareness. Second, PCs and smartphones show no significant differences in IS awareness, IS threat, and IS intention, but show significant differences in understanding of security technique, IS education, and IS policy.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.39-46
• /
• 2019

Recently, information security accidents are becoming more advanced as social engineering attacks using new types of malicious codes such as phishing. Organizations have made various efforts to prevent information security incidents, but tend to rely on technical solutions. Nevertheless, not all security incidents can be prevented completely. In order to overcome the limitations of the information security approach that depends on these technologies, many researchers are increasingly interested in People-Centric Security. On the other hand, some researchers have applied behavioral economics to the information security field to understand human behavior and identify the consequences of the behavior. This study is a trend analysis study to grasp the recent research trend applying the concept and idea of behavioral economics to information security. We analyzed the research trends, research themes, research methodology, etc. As a result, the most part of previous research is focused on 'operational security' topics, and in the future, it is required to expand research themes and combine behavioral economics with security behavioral issues to identify frameworks and influencing factors.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.754-755
• /
• 2015

최근 국내에 연구개발을 하는 과정에서 발생하는 보유(연구성과물)기술의 유출 가능성이 증가하고 있다. 이러한 유출사고를 대비하기 위해 지속적으로 보안투자를 하고 있고, 보안 관리체계를 마련하여 시행하고 있다. 하지만 실질적으로 도움이 되는 연구보안을 위해서는 연구개발 과정의 특정부분이 아닌, 전체적인 연구개발 흐름을 대상으로 유기적으로 연결되는 연구보안 관리체계를 설계할 필요가 있다. 이 논문은 먼저, 일반적인 연구개발 프로세스를 파악하고, 연구개발에 필요한 보안활동을 알아본다. 다음, 조사한 보안활동을 연구개발 프로세스 흐름에 맞게 배치하여, 전체적인 관점에서의 연구보안 관리체계를 설계하고자 한다.

• Korean Security Journal
• /
• no.50
• /
• pp.287-303
• /
• 2017

Industrial security research has shown a rapid increase over the past decade. With the establishment of the Korean Association for Industrial Security in 2008 and the establishment of the departments of industrial security in recent years, academic interests and research on industrial security are also spreading at a rapid pace. Although academic interest and research have grown in quantitative terms, research on theoretical fields that are the basis of academic systematization is extremely limited. There is a focus on the issue of specific issues and practical solutions without worrying about the theoretical basis including conceptualization. Therefore, in most studies, the concept of industrial security remains at the level of accepting the concept applied in the previous research. Most industrial security research focuses on the specific topic of 'industrial technology protection' because it considers the concept of industrial security to be reduced to industrial technology protection. Although industrial security is composed of a wide range of fields, recognizing a specific field as an entirety of industrial security appears to be a serious problem. As a result, the concept of industrial security in industrial security research is being used ambiguously, incorrectly, and conveniently. It is necessary to accurately and recognize the concept of industrial security based on logical clarity and empirical feasibility.

• Informatization Policy
• /
• v.23 no.1
• /
• pp.3-19
• /
• 2016

The purpose of the study is to analyze the existing literature and to suggest future research directions in the big data security area. This study identifies 62 research articles and analyses their publication year, publication media, general research approach, specific research method, and research topic. According to the results of the analyses, big data security research is at its intial stage in which non-empirical studies and research dealing with technical issues are dominant. From the research topic perspective, the area demonstrates the signs of initial research stage in which proportion of the macro studies dealing with overall issues is far higher than the micro ones covering specific implementation methods and sectoral issues. A few promising topics for future research include overarching framework on big data security, big data security methods for different industries, and government policies on big data security. Currently, the big data security area does not have sufficient research results. In the future, studies covering various topics in big data security from multiple perspectives are anticipated.

• Review of KIISC
• /
• v.13 no.4
• /
• pp.37-48
• /
• 2003

응용 수준에서 정보보호를 위한 침입차단시스템(Firewall)과 침입탐지시스템(IDS)은 조직 내의 컴퓨터 서버 보안 대책으로는 그 한계를 갖고 있다. 이에 따라 보안 운영체제(Secure OS)에 관한 필요성이 점차 사회적으로 공감대를 형성하고 있다. 본 고에서는 보안 리눅스 운영체제의 필요성, 기존 리눅스의 보안성, 보안 리눅스의 개발에 따른 요구사항과 개발 방법을 기술한다. 또한 최근 보안 리눅스 연구 동향으로 미국, 일본, 독일 등의 리눅스 보안 연구동향을 살펴보고, 국내 연구기관과 업체의 제품 출시 현황을 살펴본다. 특히 최근 리눅스 커널 2.5.29부터 표준기능으로 포함되고 있는 커널 보안 모듈 방식인 LSM(Linux Security Module)의 기본 구조를 살펴본다. 현재 국내에서 개발하여 보급되고 있는 보안 리눅스 운영체제는 기존 리눅스 커널에 시스템 호출 후킹을 통한 LKM 방식으로 추가적인 접근제어 외에 해킹 차단, 감사 추적, root의 권한 제한, 통합보안관리 등의 추가적 기능을 제공한다. 향후 Firewall, IDS의 한계를 보완하는 서버 보안 대책으로 활발한 보급이 예상된다.