• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.117-129
• /
• 2010

To support the establishment of Information Security Management System, the private sector and the public sector have taken some measures. In the private sector, KISA(Korea Internet & Security Agency) has certified ISMS system based on "The Act on Communication Network Use Promotion and Information Security etc.". In the public sector, No authentication system has been established. Instead, NIS(National Intelligence Service) has enforced 'Information Security Management Condition Evaluation' based on "Electronic Government Act". This article compared ISMS control parts of the private sector with that of the public sector and analyzed the non-enforcement parts of ISMS implementing two sectors for years. Based on this, I would like to consider the method of establishment for efficient ISMS.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.2
• /
• pp.60-69
• /
• 2013

Highlighted by recent security breaches including Google, Western Energy Company, and the Stuxnet infiltration of Iranian nuclear sites, Cyber warfare attacks pose a threat to national and global security. In particular, targeted attacks such as APT exploiting a high degree of stealthiness over a long period, has extended their victims from PCs and enterprise servers to government organizations and critical national infrastructure whereas the existing security measures exhibited limited capabilities in detecting and countermeasuring them. As a solution to fight against such attacks, we designed and implemented a security monitoring system, which shares security information and helps cooperative countermeasure. The proposed security monitoring system collects security event logs from heterogeneous security devices, analyses them, and visualizes the security status using 3D technology. The capability of the proposed system was evaluated and demonstrated throughly by deploying it under real network in a ISP for a week.

• Convergence Security Journal
• /
• v.9 no.1
• /
• pp.29-37
• /
• 2009

According to Homeland Security Act of 2002, DHS in USA is comprehensively responsible for execution of protection methods on the public and private sectors against cyber attack for USA cyber crisis management. There are different laws and organizations according to the sector that is the public, the private, CII(Critical Information Infrastructure, or Non-CII in Korea. In this paper, we show the unified cyber crisis management of USA makes korea realize the importance to integration and systematization for the national cyber crisis management system.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.27-34
• /
• 2020

Recently, the fourth industrial revolution technology has not only changed everyday life greatly through technological development, but has also become a major keyword in the establishment of defense policy. In particular, Internet of Things, cloud, big data, mobile and cybersecurity technologies, called ICBMS, were selected as core leading technologies in defense information policy along with artificial intelligence. Amid the growing importance of the fourth industrial revolution technology, research is being carried out to develop the C4I system, which is currently operated separately by the Joint Chiefs of Staff and each military, including the KJCCS, ATCIS, KNCCS and AFCCS, into an integrated system in preparation for future warfare. This is to solve the problem of reduced interoperability for joint operations, such as information exchange, by operating the C4I system for each domain. In addition, systems such as the establishment of an integrated C4I system and the U.S. military's Risk Management Framework (RMF) are essential for efficient control and safe operation of weapons systems as they are being developed into super-connected and super-intelligent systems. Therefore, in this paper, the intelligent cyber threat detection, management of users' access to information, and intelligent management and visualization of cyber threat are presented in the future C4I system based on big data/cloud.

• KIISE Transactions on Computing Practices
• /
• v.23 no.3
• /
• pp.177-182
• /
• 2017

To develop computer and communication in the information society, difficulties exist in managing the enormous data manually. Also, loss of data due to natural disasters or hacker attacks, generate a variety of disasters in the IT securities. Hence, there is an urgent need for an information protection management system in order to mitigate these incidents. Information Security Management System has various existing frameworks for IT disaster management. These include Cyber Security Framework, Risk Management Framework, ISO / IEC 27001: 2013, and COBIT 5.0. Each framework analyses and compares the entry for IT disaster recovery from among the various available data. In this paper, we describe a single integrated management scheme for fast resolution of IT disasters.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2016.01a
• /
• pp.311-314
• /
• 2016

지난 5년간 대표적인 산업제어시스템(Industrial Control System)인 국내 원자력 발전소에 대한 해킹 시도는 총 1,843회로 사이버공격에 대한 위험은 날로 높아지고 있다. 이러한 공격은 사이버전, 테러, 사이버범죄자들에 의해 실행되고 있다. 이러한 위험을 통제하기 위해서는 산업제어시스템이 일반적인 IT시스템과 다른 운영체제, 네트워크 등 시스템 환경을 고려하여야 한다. 본 논문에서는 기존의 IT보안 대책과 산업제어시스템 보안 대책을 비교 분석하고, 국내외에서 발생하고 있는 산업제어시스템에 대한 공격 사례를 비교 분석하여 산업제어시스템 인프라에서 고려하고 통제해야 할 정보보호 요소들을 제언한다.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.161-169
• /
• 2006

According to the development of information system, many information system and application soft-ware are develop. However, cyber attack and incident have more increased to the development of them. To defend from cyber attack and incident, many organizations has run information security systems, such as Intrusion Detection System, Firewall, VPN etc, and employed information Security person till now But they have many difficulty in operating these information security component because of the lack of organizational management and analysis of each role. In this paper, We propose the formal Cause-Effect Model related with the information security system and administrative mission per each security. In this model, we regard information system and information system operator as one information component. It is possible to compose the most suitable information component, such as information system, human resource etc., according to the analysis of Cause-Effect Model in this paper. These analysis and approaching methodology can make effective operation of each limited resource in organization and effective defense mechanism against many malicious cyber attack and incident.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.53-68
• /
• 2017

Today, information sharing is recognized as a means to effectively prevent cyber attacks, which are becoming more intelligent and advanced, so that many countries such as U.S., EU, UK, Japan, etc. are establishing cyber threat information sharing system at national level. In particular, the United States has enacted the "Cyber Threat Information Sharing Act (CISA)" in December 2015, and has been promoting the establishment of a legal and institutional basis for sharing threat information and the implementation of the system. Korea is sharing cyber threat information in public and private sectors mainly through the National Cyber Security Center(NCSC) and the Korea Internet & Security Agency(KISA). In addition, Korean government is attempting to strengthen and make legal basis for unified cyber threat information sharing system through establishing policies. However, there are also concerns about issues such as leakage of sensitive information of companies or individuals including personal identifiable information that may produced during the cyber threat information sharing process, reliability and efficiency issues of the main agents who gather and manage information. In this paper, we try to derive improvement plans and implications by comparing and analyzing cyber threat information sharing status between U.S. and Korea.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.133-145
• /
• 2014

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

• Korean Journal of Construction Engineering and Management
• /
• v.15 no.5
• /
• pp.115-126
• /
• 2014

Although various IT-based services including PMIS are used at construction field, there have been limits on communications, such as fast reaction, information loss, and information security in the real world. Therefore, this paper proposes to adapt a social network service (SNS) that has already been used for information management and sharing information at the company level in other industries in order to support construction information management and communication in a fast and accurate manner. Following the requirement analysis through literature review and site interviews, the paper presents an SNS-based construction information communication and sharing system named PMIS+. PMIS+ was tested and validated for its feasibility at construction sites and it was proved that the proposed system and information management framework using the system could be helpful for effective information management at construction fields.