• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.50-53
• /
• 2022

Recently, there have been cases in which counterfeit foreign ships have entered and left domestic ports several times. Vessels have a ship-specific serial number given by the International Maritime Organization (IMO) to identify the vessel, and IMO marking is mandatory on all ships built since 2004. In the case of airports and ports, which are representative logistics platforms, a security system is essential, but it is difficult to establish a security system at a port and there are many blind spots, which can cause security problems due to insufficient security systems. In this paper, a port security system is designed using deep learning object recognition and OpenCV. The security system process extracts the IMO number of the ship after recognizing the object when entering the ship, determines whether it is the same ship through feature point matching for ships with entry records, and stores the ship image and IMO number in the entry/exit DB for the first arrival vessel. Through the system of this paper, port security can be strengthened by improving the efficiency and system of port logistics by increasing the efficiency of port management personnel and reducing incidental costs caused by unauthorized entry.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1123-1132
• /
• 2012

Many domestic organizations are introducing and operating various information security management systems capable of coping with technical, administrative, and legal issues comprehensively and systematically, in order to prevent various infringement incidents such as personal information disclosure and hacking preemptively and actively. However, empirical analyses regarding the extent to which an information security management system contributes to information security performance have not been fully conducted, even though enterprises and organizations are actively introducing such systems in order to achieve their information security objectives as a part of their organizational management activities in line with their respective business, by investing considerable effort and resources in developing and operating these systems. This approach can be used to apply, develop, and operate the information management system actively within an organization. this study focused on analyzing how each specific phase of the information security management system affects information security performance, compared with previous studies, which generally focus on the information security control item in analyzing information security performance. The information security management system was analyzed empirically to determine how the Security PCDA cycling model affects information security performance.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.9
• /
• pp.92-99
• /
• 2013

As a recent cyber attack has a characteristic that is intellectual, advanced, and complicated attack against precise purpose and specified object, it becomes extremely hard to recognize or respond when accidents happen. Since a scale of damage is very large, a corresponding system about this situation is urgent in national aspect. Existing data center or integration security framework of computer lab is evaluated to be a behind system when it corresponds to cyber attack. Therefore, this study suggests a better sophisticated next generation convergence security framework in order to prevent from attacks based on advanced persistent threat. Suggested next generation convergence security framework is designed to have preemptive responses possibly against APT attack consisting of five hierarchical steps in domain security layer, domain connection layer, action visibility layer, action control layer and convergence correspondence layer. In domain connection layer suggests security instruction and direction in domain of administration, physical and technical security. Domain security layer have consistency of status information among security domain. A visibility layer of Intellectual attack action consists of data gathering, comparison, decision, lifespan cycle. Action visibility layer is a layer to control visibility action. Lastly, convergence correspond layer suggests a corresponding system of before and after APT attack. An introduction of suggested next generation convergence security framework will execute a better improved security control about continuous, intellectual security threat.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.2
• /
• pp.75-81
• /
• 2012

As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.2
• /
• pp.337-348
• /
• 2023

As protecting organizations' information assets affects their substantiality, they are increasing their investments in policies, regulations, and technologies for systematic information asset management and protection. This study confirms the impact on information security(IS) compliance from the perspective of employees who apply IS policies to actual work. In particular, this study identifies mechanisms linked to IS policy awareness, sanction, justice, and IS compliance from the perspective of expanding deterrence theory. We applied 316 samples obtained from workers of organizations that applied IS policies and regulations to work and verified the relationship between mechanisms by using AMOS and SPSS packages. As a result of the verification, IS policy awareness had a positive effect on organization justice and compliance intention through the severity and clarity of sanctions. Individual justice sensitivity had a moderating effect on the cause and outcome of justice. The sanction-related mechanism presented in this study provides strategic implications for organizations that require active IS activities by insiders.

• Convergence Security Journal
• /
• v.14 no.5
• /
• pp.57-64
• /
• 2014

Beginning in 2000, domestic large hospital based integrated health information system has been developed from order communication system to electronic medical record system. However, today's advanced medical information system is integrated with unit of the system because user needs is complex and various. And, the problem is authority management of health information system in complex systems of large size hospital. It is also a serious problem of private information exposure because of user's authority management defect. In this paper, we analyze the problems of past hospital information system and propose an efficient and appropriate management authority in operating environment. It also introduces the instances applied into a large hospital EMR system, developing proper authority management to match the characteristics of the integrated medical information system. The proposed system is based on solutions of authority management system suitable for integrated health information system, as well as the next generation of EMR.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.123-140
• /
• 2022

Recently, research on solving problems that have introduced the concept of smart city in countries and companies around the world is in progress due to various urban problems. A smart city converges the city's ICT, connects all the city's components with a network, collects and delivers data, and consists of a supply chain composed of various IoT products and services. The increase in various cyber security threats and supply chain threats in smart cities is inevitable, in addition to establishing a framework such as supply chain security policy, authentication of each data provider and service according to data linkage and appropriate access control are required in a Zero-Trust point of view. To this end, a smart city security model has been developed for smart city security threats in Korea, but security requirements related to supply chain security and zero trust are insufficient. This paper examines overseas smart city security trends, presents international standard security requirements related to ISMS-P and supply chain security, as well as security requirements for applying zero trust related technologies to domestic smart city security models.

• Convergence Security Journal
• /
• v.15 no.1
• /
• pp.69-82
• /
• 2015

This dissertation introduce how to react against the cybercrime and analysis of malware detection. Also this dissertation emphasize the importance about efficient control of correspond process for the information security. Cybercrime and cyber breach are becoming increasingly intelligent and sophisticated. To correspond those crimes, the strategy of defense need change soft kill to hard kill. So this dissertation includes the study of weak point about OS, Application system. Also this dissertation suggest that API structure for handling and analyzing big data forensic.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.75-83
• /
• 2012

Recent science technology research network moves to establish logical private network among specific research groups such as high energy physics and climate, requiring to implement private network by group for each purpose. Up to now, national research networks such as KREONET service high capacity logical private networks. Therefore standardized configuration and management scheme is essential for the deployment of logical private network. In this study, we propose the core service element and protocols for the logical networks over Layer 2 networks. We also propose system architecture that make monitoring and management easier. After that we design and implement monitoring map for logical network based on scheme. For this purpose, we also propose the description system for logical research network to provide data such as operation information, formation information, performance information and failure information of network infrastructure resource.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.645-654
• /
• 2012

The South Korean Defense Ministry is planning and pushing forward to conduct a cloud computing pilot project in 2012. Taking into consideration the high-level security necessary in the military as well as wartime duties, if not designed properly, this project may anticipate severe damage to national security and interest. In particular, despite the fact that vulnerability due to inter-Korean confrontation and regular security-related incidents have been triggered, unconditionally conducting a cloud computing pilot project without reviewing not only violates security regulations but also causes various security-related side effects in and outside South Korea. Therefore, this thesis found conditions for conduct of this project by suggesting duties that can apply cloud computing as well as security technology, administration, post-accident matters and conditions for legally solving cloud computing in the military.