• Journal of Advanced Navigation Technology
• /
• v.13 no.4
• /
• pp.586-599
• /
• 2009

Recently, a lot of nations are establish and researches the u-City which ubiquitous technology based city, and u-City Management Center(UMC) is also establish and researches. Technical researches of UMC are increasing. However, administrator privilege management researches for UMC is not enough. If we don't manage to administrator privilege who can access and control all of information in UMC, security problems will be occurs. Therefore, in this paper, analyses of administrator privilege management security problems, and proposed administrator privilege management system classification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.541-550
• /
• 2016

Considering the results of the 3.20 Cyber Attack, leaks of personal information by card companies, and so on, convenience and efficiency cannot be guaranteed without security as a prerequisite. In addition, it is more likely that customers' interests seem to be interfered with in financial institutions than in any other industry. Therefore, when a security accident occurs, users may suffer mental damage and monetary loss, leading to class action, customer defection, loss of reputation, and falloff in international credibility, which all may have a significant effect on the business continuity of corporations. This study integrates the representative information security certification systems in order to improve the efficiency of information security management and demonstrate the necessity of information security management system certification for the financial sector. If the certification is needed, we would like to recommend the desirable development direction.

• Review of KIISC
• /
• v.26 no.4
• /
• pp.36-40
• /
• 2016

오늘날 차량 교통 시스템은 지능형 교통 시스템(ITS, Information Transportation System) 으로 진화하고 있다. 특히 차량 간 통신 및 차량과 인프라 간 통신을 활용하여 차량 주행의 안전성을 높이고 교통 체계의 운영 및 관리를 과학화하고자 하는 연구가 활발히 진행 중이며, 특히 운전자의 안전을 확보하기 위한 보안 기술에 대한 연구 또한 활발히 진행되어야 한다. 본 고에서는 ITS 보안 기술에 대한 표준화가 활발히 진행 중인 ITU-T SG17 에서의 표준화 동향을 살펴 본다.

• Review of KIISC
• /
• v.25 no.4
• /
• pp.38-42
• /
• 2015

오늘날 차량 교통 시스템은 지능형 교통 시스템(ITS, Information Transportation System) 으로 진화하고 있다. 특히 차량 간 통신 및 차량과 인프라 간 통신을 활용하여 차량 주행의 안전성을 높이고 교통 체계의 운영 및 관리를 과학화하고자 하는 연구가 활발히 진행 중이다. 그러나, 지능형 교통 시스템의 상용화를 위해서는 차량 통신 보안 기술의 확보가 필수적이다. 본 고에서는 차량 통신 보안 기술 표준화 동향을 살펴본다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1329-1335
• /
• 2014

The importance of information security is increasing in the public and private organizations. The interruption of the information system might cause massive disorder. To protect information systems effectively, information systems would be categorized and managed in terms of degree of importance. In this study, we suggest a new evaluation method that categorizes information systems based on the three nature of security, confidentiality, integrity and availability. For validation of the method, we use a case study in a public sector. Through the validation of method, the availability of applying the method for categorization information systems to other domains could be suggested.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.4
• /
• pp.140-149
• /
• 2021

Most industries have introduced and operate an information security management system (ISMS) or a personal information security management system (PIMS) to suitably protect and maintain customer's information and company trade secrets. This study starts with the premise that it is desirable for every industry considering information security to maintain an ISMS. ISMS can be of different types among various organizations, taking into consideration culture, practical work procedures, and guidelines for information security. This study intends to derive primary control areas of an ISMS for each industry based on organizational size and audit type by analyzing non-conformity trends and control factors according to certification audits for organizations introduced for international ISMS under ISO27001. This study analyzed improvement effects of ISMS through case analyses. It is meaningful as exploratory research, although it was difficult to acquire data for empirical study because few organizations maintain certification in major industrial sectors. The requirements presented the highest frequency of non-conformity for each type from the 2013-initiated ISO27001; the years 2013 to 2020 were extracted as the primary control area. The study found that for primary control areas of ISMS for each of three industries, organizational size and audit type had differences.

• Journal of Internet Computing and Services
• /
• v.7 no.5
• /
• pp.109-121
• /
• 2006

In this paper, we suggest lattice based role graph security management model which changes security level in mandatory access control model as well as constraint and role hierarchy systematically in role base access control model. In this model, we solved privilege abuse of senior role that is role graph model's problem, and when produce conflict between privileges, we can keep integrity of information by reseting grade of subject through constraint. Also, we offer strong security function by doing to be controlled by subject's security level as well as privilege inheritance by role hierarchy, Finally, we present the role graph algorithms with logic to disallow roles that contain conflicting privileges.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.123-132
• /
• 2019

Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.309-327
• /
• 2022

As ICT convergence is progressing in all industrial fields and creating the global ecosystem of the supply chain is accelerating, supply chain risk related with cyber area are also increasing. In particular. the supply chain of ICT products is very complex in terms of technical and environmental factors to be managed, so it is vert difficult to transparently manage the entire life cycle. Accordingly, the US, UK, and EU, etc. are conducting and establishing cyber supply chainsecurity-related research and policies for ICT product supply chains. Korea also has the plan to establish management system to secure the supply chain of major ICT equipment as a task in the basic plan of the national cybersecurity strategy announced in 2019, but there is no concrete policy yet. So, In this paper, we review the cyber supply chain security management system in the United States and present a supplementary way to the National Information Security Manual in Korea from the perspective of cyber supply chain security. It is expected that this will serve as a reference material for cyber supply chain measures that can be introduced in domestic information security field.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.1C
• /
• pp.37-46
• /
• 2003

As Information Security Technology has become rather transparent, wide, and integrated than in part, exclusive, and separated, A necessity of the study about integrating the separated distributed security systems into one module, has grown However, there is no integrated framework which can manage all separate security systems as one integrated one yet. Accordingly, we propose a new policy based network admirustrative model in this paper which can integrate individual security systems and distributed control way into one effectively.