• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.358-360
• /
• 2004

환자의 의료 및 질환정보는 개인의 프라이버시에 관련되므로 민감하게 취급되어야 하는 정보이다. 이러한 의료 및 질환정보의 유출은 환자의 사회적인 고립뿐 아니라 환자의 생명도 위협하게 되므로 철저한 보안이 필요하다. 따라서, 의료진, 환자, 일반인 등의 사용자 식별을 통한 진료 기록의 접근 통제 및 사용 권한에 따른 정보의 암호화 수준과 해당 정보에 대한 역할 기반의 접근 제어(Role-Based Access Control)를 제공해야 한다. 또한, 환자 자신으로 하여금 자신의 의료 및 질환정보에 대한 다른 사람의 접근권한을 줄 수 있으며, 그 외의 대부분의 접근 권한들은 Role-Permission Broker를 통해서 제어될 수 있다. 본 논문은 RBAC 모델을 현재의 의료 및 질환 정보 관리에 적용시켜 각 정보 개체들과 사용자간의 효율적인 역할 분담과 정보 보호를 추구한다. 이러한 방식은 현재의 의료 및 질환정보 관리 체계를 개선할 것으로 기대한다.

• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.19-24
• /
• 2016

A Study on the Information Security System of Fin-Tech Business In traditional electronic commerce, there have not been severe issues of trading information through documents in paper or the closed EDI. The scale of e-commerce has increased as internet develops, however, turning to the online e-commerce, which caused a number of issues such as authentication, information forgery, and non-repudiation between the parties. To prevent conflicts from such troubles and perform the post management, security technologies are applied throughout the process of e-commerce, certificates intervening. Lately, meanwhile, FinTech has been creating a sensation around the mobile payment service. Incidents of information leakage from card corporations and hackings imply the need of securing safety of the financial service. Development and evolution of FinTech industry must be accompanied by information protection. Therefore, this research aims to inquire into the information security system of leading FinTech company in a foreign country.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.49-58
• /
• 2006

Currently there are many standards of network management. They are : SNMP (Simple Network Management Protocol-for Internet management), CMIP (Common Management Information Protocol-standardized by ITU-T and ISO), RMON (Remote network MONitoring-for distributed management of the LAN segment), and so on. Especially RMON has created the many concerns in order to manage subnetworks of a large network, but it has negative aspects. For instance, routers or hubs with RMON capability are expensive to a network manager because of adding heavy management cost. Moreover it imposes a heavier burden on network manager, because it must use a network management tool which will be additionally needed with RMON device. This paper proposes a model of PC based RMON Agent system. The RMON Agent system monitors the traffic on LAN segment through the use of a Virtual Device Driver (VxD), based on PC. In term of cost this model will replace the expensive RMON device, and eventually enable a network manager to manage LAN segment more efficiently, due to reduced cost.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.79-92
• /
• 2021

In a society where ICT technology is converged, the use of various network-connected devices such as IoT is spreading. Network-connected devices are inevitably exposed to the threat of hacking such as information leakage, and countermeasures need to be prepared to respond. Security certification system for IoT devices has been introduced to promote security of IoT products, and for this purpose, legalization and standardization of certification standards and methods are in progress. In line with this, in Korea, as the Information and Communication Network Act was revised in 2020, ICT convergence devices connected to the network were newly defined as "information and communication network connected devices," and the basis for the security certification system is being established. We summarized related domestic and foreign trends and suggest specific considerations for implementing the security certification system for IoT devices in South Korea.

• Korean Security Journal
• /
• no.24
• /
• pp.147-170
• /
• 2010

This study is to present a improvement directions for the protection of industrial key technology. For the purpose of the study, the survey was carried out on the administrative security activity of 68 enterprises including Large companies, small-midium companies and public corporations. survey result on the 10 items of security policy, 10 items of personal management and 7 items of the assets management are as follows; First, stable foundation for the efficient implement of security policy is needed. Carrying a security policy into practice and continuous upgrade should be fulfilled with drawing-up of the policy. Also for the vitalization of security activity, arrangement of security organization and security manager are needed with mutual assistance in the company. Periodic security inspection should be practiced for the improvement of security level and security understanding. Second, the increase of investment for security job is needed for security invigoration. Securing cooperation channel with professional security facility such as National Intelligence Service, Korea internet & security agency, Information security consulting company, security research institute is needed, also security outsourcing could be considered as the method of above investment. Especially small-midium company is very vulnerable compared with Large company and public corporation in security management, so increase of government's budget for security support system is necessary. Third, human resource management is important, because the main cause of leak of confidential information is person. Regular education rate for new employee and staff members is relatively high, but the vitalization of security oath for staff members and the third party who access to key technology is necessary. Also access right to key information should be changed whenever access right changes. Reinforcement of management of resigned person such as security oath, the elimination of access right to key information and the deletion of account. is needed. Forth, the control and management of important asset including patent and design should be tightened. Classification of importance of asset and periodic inspection are necessary with the effects evaluation of leak of asset.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.15-24
• /
• 2020

Cyber terror and cyberwarfare are no longer virtual, but real, and as an actual security situation, it is necessary to have new understanding through expanding the concept of war to neutralize not only the other country's military command system, but also the country's main functions such as telecommunications, energy, finance, and transport systems, and it also needs to establish the future development strategy of cyber terror response at the national level. Through analysis of cyberwarfare trends in each country and current status of cyberwarfare in Korea, it will systematically explore the demand of new policy based on laws and systems, including the strategies of cyber security technology development, industry promotion, and manpower training and existing information protection policies. through this, it effectively manages a sustainable national crisis, and it suggests to establish a future strategy for the medium and long term cyber security that can effectively and actively respond to cyberwarfare.

• Review of KIISC
• /
• v.11 no.5
• /
• pp.26-34
• /
• 2001

DRM은 디지털 창작물에 대한 저작권을 보호하기 위한 기술로서, 컨텐츠가 출판되어 유통되고 사용되기까지의 전과정에 대한 일련의 보호 및 관리 체계를 의미한다. 컨텐츠 시장이 활성화되기 시작함에 따라 DRM 기술에 많은 관심이 집중되고 있으며 IBM, Microsoft 등의 거대기업들도 시장에 진입하고 있다. 본 논문은 컨텐츠를 \`보호\`하는 보안기술의 측면에 입각하여 DRM 기술에 관하여 개략적으로 설명하고, 국내·외 시장에 제품을 출시한 업체들을 소개한다. 또한 DRM 시스템이 제공해야 하는 기능 요구사항들을 요약하고, 지금까지 출시된 국내·외 주요 제품들의 특성을 간략히 분석해 본다.

• The Journal of Society for e-Business Studies
• /
• v.15 no.4
• /
• pp.143-163
• /
• 2010

The purpose of this study is to investigate the user's perception of security risk and examine its impact on the usage of Knowledge Management Systems(KMS). The findings of this study are three-fold. First, the overall user's perception of security risk is not high. However, there is a considerably big difference in the perception of security risk among users. This finding means that user's perception of a security risk is not based on the actual security effects but one's individual perception. Another finding is that user's perception of a security risk has a negative impact on the usage of KMS through "trust", which is a mediating variable in our study. This finding corresponds with the existing theory that security risk is oneof the critical sources of trust, and trust is a critical factor of user's acceptance of KMS. Finally, the result of this study reveals that activities devoted to security do not decrease the effectiveness and productivity of KMS. Our long-held cognition that security activity hinders the effectiveness and productivity of an information system is not particularly applied to the KMS.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.29-41
• /
• 2010

Survelliance and Reconnaissance Sensor Network(SRSN) which can collect various tactical information within battlefield in real time plays an important role in NCW environment, of sensor to shooter architecture. However, due to the resource-limited characteristics of sensor nodes and the intrinsic attributes of sensor network such as wireless communication, the SRSN may be vulnerable to various attacks compared to traditional networks. Therefore, in this paper, we propose a new group key management scheme to guarantee confidentiality, integrity, availability, and authentication during the operation of the SRSN. Proposed scheme generates and distributes the group key based on the topological characteristic of the SRSN and the probabilistic key sharing. The communication cost for distributing the group key is O(logn).

• Korean Security Journal
• /
• no.61
• /
• pp.203-234
• /
• 2019

The damages from security accidents continue to increase as technology leaks from suppliers cause risks to the management of large companies, which are their customers, and their image and reliability to fall. However, the current industrial structure is practically impossible for large companies to form their own businesses and strategic alliances with business partners are essential, but it is changing into an industrial structure where the exchange of information is increased and the dependence of the information system is maximized, as well as legal demands and demands from stakeholders are increasing due to the complexity of the work process and the strengthening of security-related laws. The status of technology protection of small and medium-sized enterprises shows that they are not equipped with a security system due to relatively poor environment and financial difficulties compared to large enterprises, whereas the industrial structure between large and small business partners is indispensable for sharing the IT system, and the security system of large business, which is a customer company, should be improved by considering the fact that it is impossible to maintain security system between large businesses. Thus, the government intends to examine the system for shared growth of small businesses and the model for evaluating the capabilities of various agencies for information protection, and propose measures to introduce the certification system for small business partners.