• Review of KIISC
• /
• v.12 no.6
• /
• pp.54-57
• /
• 2002

인터넷 인구 2천 5백만, 초고속 전산망 가입자 1천만명을 돌파하고 사회전반의 정보시스템 의존도가 더욱 심화되고 있는 현시점에서 우리나라가 선진국 대열에 동참하기 위해서는 정보화 역기능에 대한 대비책 마련이 필수적인 요소이다. 특히 국가안보와 관련된 정보전과 사이버전, 사이버테러에 대한 개념을 정립하고 군 뿐만 아니라 범국가적 대응책을 마련하여야 한다. 전문인력 양성과 국민의식 홍보, 범국가적 협력체계 구축, 정보보호 시스템 구축 및 보안관리 강화등 기본적인 추진 방안을 제시하면서 이 분야 전문가 집단인 한국정보보호학회의 역할을 강조한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.3
• /
• pp.609-618
• /
• 2024

The escalating demand for organized information resource management within organizations necessitates increased investment in information security (IS), as a single error can lead to information exposure incidents, underscoring the importance of IS compliance by insiders. The research aims to elevate IS compliance within the organization by examining the influence of the shared goal of information security policy (ISP), perceived ISP value and individual's fits on an insider's intention to comply with the ISP. Antecedent research in organizational behavior and IS led to a proposed hypothesis, tested using 366 obtained samples. The ISP shared goal's positive influence on ISP compliance intentions was evident from the test results, primarily through the perceived ISP value. Furthermore, the person-organization and demand-ability fit moderated the antecedent factors associated with ISP compliance intentions. Our findings suggest the methods for sustaining organizational IS levels by examining the requisite conditions from the viewpoints of the organizational environment, ISP values, and fits.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1231-1238
• /
• 2013

In the background of rapidly increasing domestic cloud service demand, worries about security and privacy incidents can hinder the promotion of cloud service industry. Thus, it is crucial that the independent 3rd party assures the reliability for using the cloud service. This paper compares several external and internal cloud service certification cases, for example CSA certification, FedRAMP certification, KCSA certification, and concludes that insufficient security and privacy controls are prevailing. As a consequence, several enhanced countermeasures by using ISO/IEC 27017, KISA's ISMS considering manageability and expertise are proposed in the cloud service certification system.

• Review of KIISC
• /
• v.12 no.6
• /
• pp.68-80
• /
• 2002

세계 각국에서는 산업 및 정보의 의존성에 의해 전세계의 모든 정보를 한눈에 볼 수 있는 시대가 도래하였으며, 사이버 공간 그 자체가 정치, 경제사회, 문화 등의 기본적인 생활 공간으로 자리매김 하고 있다. 따라서 이를 보호하지 않을 경우 안정된 정보사회 구축은 불가능하다. 특히, 정보보호의 대상이 특정 국가적인 정보 보안에 국한되지 않고 기업 및 사회의 정보등으로 확대되고 있어, 국가적으로 국가 안보 뿐만 아니라 개인의 정보보호를 위한 새로운 제도와 조치가 절실히 요구되는 시점이다. 본 고에서는 정보보호 제품을 평가하기 위해 단일화된 국가 평가 기준을 기반으로한 국외 평가 스킴 중에서 미국의 평가 스킴을 예로 들어 그에 대한 분석하고자 한다. 분석된 내용은 국내 정보보호 관리체계를 위한 국내 평가 스킴 개발을 위한 바람직한 추진 방향과 향후 발전방향에 대하여 살펴보고자한다

• Journal of Convergence Society for SMB
• /
• v.2 no.2
• /
• pp.43-49
• /
• 2012

Recently, the safety of being processed in a corporate enterprise with a wide range of IT skills applied to the Corporate Affairs information services are increasing requirement. Businesses that are required by various IT corporate information technology services to companies that need to protect information being leaked to other companies, a security incident has been applied and is growing, but is lacking about how to respond to the protection of corporate information services. In this paper, the information that is important in the corporate authority by the user's access control model to reduce the number of security incidents such as information leakage and security services for enterprise informatization is proposed. The proposed model can be used in order to block the access of the users to access information managed by a central administrator role and the rights of users to access information any abnormality has been captured. In addition, the proposed model can take advantage of protecting corporate information from the systematic recovery and operational continuity strategies to build your company's information services.

• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.105-112
• /
• 2022

The national defense requires uninterrupted decision-making, even under direct or indirect impacts on non-traditional threats such as infectious diseases. Since all work utilizes the information system, it is very important to ensure the availability of the information system. In particular, in terms of security management, defense work is being performed by dividing the network into a national defense network and a commercial Internet network. This study suggests a work execution plan that takes into account the efficiency of work performed on the Internet and the effectiveness of security through effective defense information system operation. It is necessary to minimize the network contact point between the national defense network and the commercial Internet, and to select a high-priority one among various tasks and operate it efficiently. For this purpose, actual cases were investigated for "A" institution and characteristics were presented. Through the targeted tasks and operation plans to improve the effectiveness of defense tasks and ensure security, presented in this paper, it will be possible to increase the availability of task performance even in non-traditional threats such as infectious diseases.

• Journal of the Society of Disaster Information
• /
• v.10 no.4
• /
• pp.536-547
• /
• 2014

With the changing safety services and social order systems accompanied by the economic development and changing public security environment since the Chinese economic reform, the security service industry in China is growing daily and related problems are increasing. For the Chinese security service market to be activated, the monopoly of security services by the public security agencies must be removed. In addition, the research and development, expansion, and applications of safety and crime prevention technologies regarding the safety and protection of exhibition, sales, culture, sports, commerce activities, combinations of safety technologies and crime prevention processes, the provision of relevant technical operations, and the expansion of security service areas are required. Furthermore, the administration rights, property rights, and business management rights of security companies must be separated, the security headquarters must be integrated and coordinated for optimization of various resources solely by market needs, and their rights and affiliation relations must be clear. Besides, the competitiveness of security companies in the security service market must be enhanced by unifying the business management, and optimizing and sharing their resources. The security service ordinances of China that have been implemented now must be applied realistically, methods to activate the true market economy for security services must be researched, and various ordinances related to security services must be realigned in line with the characteristics of security services. Finally, for the mutual cooperation system between public and private security services, the public security agencies must acknowledge the importance of private security services and the status of security service providers in crime prevention and social order maintenance. They must establish partnership relations with each other beyond the unilateral direction and management system for security services and drive with positive attitudes the security service industry which is still in its infancy.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06d
• /
• pp.5-9
• /
• 2008

최근 RFID(Radio Frequency Identification)이 기술의 비약적인 발전과 확산으로 관심이 집중되고 있으며, 특히 군에서는 RFID를 활용하여 탄약관리체계, 공군 F-15K 자산관리체계 시범사업을 실시한 바 있고, 2007년부터는 국방부와 정보통신부 협약에 의해 U-Defense 구현의 일환으로 U-Army 실험사업을 추진 중에 있다. 이처럼 군에서 RFID 기술은 다양한 분야에서 활용된다. 그러나 최근 연구에서 RFID가 공격에 취약한 것으로 증명되었다. 이 논문에서는 군에서의 RFID 활용사례와 RFID 공격방법과 대책, 그리고 군에서 RFID 기술을 활용함에 있어 적 위험분석과 대책을 설명한다. 논문의 목적은 U-Defense 구현의 핵심인 RFID 기술의 적 위협들을 인식하고 대응책을 제시하기 위함이다.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.39-48
• /
• 2011

QoS(Quality of Service) is defined "The collective effect of service performance which determines the degree of satisfaction of a user of the service" by ITU-T Rec. E.800. The final goal of information system is to secure the performance efficiency within the required time. The security QoS framework is the modeling of the QoS measurement metrics, the measurement time schedule, instrument, method of measurement and the series of methodology about analysis of the result of measurement. This paper relates to implementing issue and performance measuring about blended mechanism between networking technology and security technology. We got more effectiveness in overall network security, when applying and composing amalgamated security mechanism between network technology and security technology. In this paper, we suggest techniques being used on infrastructure system and also offers a security QoS methodology as a model of more effective way. Methodology proposed in this research has proven that it is possible to measure response time through the scheduled method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1259-1277
• /
• 2018

This study analyzes cyber security strategies, laws, organizations, and the roles of the ministries in the US, Germany, UK, Japan, China, and Korea and draws implications for establishing a practical and efficient next generation national cyber security governance. Under this goal, this study analyzes cyber security strategies, laws, organizations, and the roles of the ministries in the US, Germany, UK, Japan, China, and Korea and draws implications for establishing a practical and efficient next generation national cyber security governance. Based on the results of this analysis, this study suggests suggestions and directions for improvement of domestic cyber security governance.