• The KIPS Transactions:PartD
• /
• v.17D no.3
• /
• pp.223-232
• /
• 2010

This study was carried out for the purpose of inquiring into the effect of composition and security activities for information security architecture on information asset protection and organizational performance in terms of general information security. This study made a survey on 300 workers in the government, public institutions and private companies, which it showed that management factors of risk identification and risk analysis, in general, have an usefulness to composition and security activities for information security architecture to prevent inside information leakage. And the understanding and training factors of IT architecture and its component were rejected, requiring the limited composition and security activities for information security architecture. In other words, from the reality, which most institutions and organizations are introducing and operating the information security architecture, and restrictively carrying out the training in this, the training for a new understanding of architecture and its component as an independent variable made so much importance, or it did not greatly contribute to the control or management activities for information security as the generalized process, but strict security activities through the generalization of risk identification and risk analysis management had a so much big effect on the significant organizational performance.

• The Journal of Society for e-Business Studies
• /
• v.15 no.4
• /
• pp.143-163
• /
• 2010

The purpose of this study is to investigate the user's perception of security risk and examine its impact on the usage of Knowledge Management Systems(KMS). The findings of this study are three-fold. First, the overall user's perception of security risk is not high. However, there is a considerably big difference in the perception of security risk among users. This finding means that user's perception of a security risk is not based on the actual security effects but one's individual perception. Another finding is that user's perception of a security risk has a negative impact on the usage of KMS through "trust", which is a mediating variable in our study. This finding corresponds with the existing theory that security risk is oneof the critical sources of trust, and trust is a critical factor of user's acceptance of KMS. Finally, the result of this study reveals that activities devoted to security do not decrease the effectiveness and productivity of KMS. Our long-held cognition that security activity hinders the effectiveness and productivity of an information system is not particularly applied to the KMS.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.6 s.44
• /
• pp.157-164
• /
• 2006

From the hazard which it prepares in the hazards increase which it follows in information demand augmentation of information technical development and the consumer from inside systematizing integrity and solubility of information technological resources. inside against a confidentiality. The control against information and a system and a data outside is demanded. From the dissertation which it sees demand function and the structure which do information technical risk management system development it will be able to manage the danger which it infiltrates with the root which is various overview in hazard necessity it investigated the inside and outside of the country instance in the center and it analyzed. And it plans the dangerous civil official integrated process model ultimately as against a hazards it will be able to prepare in the dictionary in order, it put the place objective which it induces.

• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.137-152
• /
• 2018

It is a measure to overcome limitations that occur in the activity of detecting and blocking abnormal information leakage activity by collecting the activity log generated by the security solution to detect the leakage of existing financial information and analyzing it by pattern analysis. First, it monitors real-time execution programs in PC that are used as information leakage path (read from the outside, save to the outside, transfer to the outside, etc.) in the PC. Second, it determines whether it is a normal controlled exception control circumvention by interacting with the related security control process at the time the program is executed. Finally, we propose a risk management model that can control the risk of financial information leakage through the process procedure created on the basis of scenario.

• Review of KIISC
• /
• v.25 no.5
• /
• pp.45-52
• /
• 2015

최근 산업제어시스템에 대한 중요성이 강조되는 반면 사이버 보안 위협은 증가하고 있다. 전 세계적으로 제어시스템에 대한 보안 표준 개발에 집중하고 있으며 미국을 비롯한 나라에서는 산업제어시스템에 대한 표준 및 가이드라인을 공개하고 있다. 본 논문에서는 산업제어시스템에 대한 특징을 알아보고 관련 보안 표준 및 가이드라인을 분석하여 우리나라의 산업제어시스템을 보호하기 위해 나아가야 할 개선 방향에 대해 논하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.4 s.36
• /
• pp.375-384
• /
• 2005

As the development of information communication technology and thus the growth of security incidents, there has been increasing demand on developing methodologies and tools for measuring the information security level of organizations for the efficient security management. However, most works from foreign countries are not realistic in constructing the checklists, moreover their tools provide neither the ease of use nor the inexpensiveness, and most domestic works are not properly considering the characteristics of the organizations when measuring the information security level. In this study, an efficient information security levelling tool is suggested, which applies the multiple variable weights for security levelling according to the characteristics of organizations and the fuzzy technique to reduce the user's subjectivity and the genetic algorithm to establish the security countermeasure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.617-636
• /
• 2017

Many businesses have adopted the standard security management structure such as ISO27001 and K-ISMS for strengthening business's security management structure to protect their core information assets and have acquired partial output from such effort. However, many risk factors such as recent advances in Information Technology and evolution of intrusion methods have increased exponentially requiring the businesses to response even more quickly with better accuracy. For such purpose, a study of 'Real Time Security Management Structure for Business' based on security management process optimization, defining a set of security index for managing core security area and calculation of risk indices for precognition of intrusion risk area has been made. Also, a survey on opinions of an expert panel has been conducted. The effectiveness of studied structure was analyzed using AHP method as well. Using this study, security personnels of a company can improve efficiency of the preemptive responsive and quicker measure from the current security management structure.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.05d
• /
• pp.959-964
• /
• 2002

본 논문에서는 정보보호관리체계와 위험분석방법을 적용한 안전성 평가 도구를 설계하였다. 또한, 위험평가시 동일한 가중치를 적용한 평가와 조직의 특성에 따라 보안요소의 가중치를 가변적으로 적용한 평가를 할 수 있도록 하였으며, 각 조직이 자체적으로 보안 점검을 할 수 있도록 설계함으로서 관리적 측면에서 취약점을 쉽게 찾을 수 있도록 지원하며, 수행해야 할 권고를 제시한다.

• Review of KIISC
• /
• v.13 no.3
• /
• pp.38-49
• /
• 2003

보안관리, 위험분석 및 PP의 개발 방법(또는 지침, 표준)을 개발하기 위해서는 공통적으로 자산, 위협 및 취약성의 분류체계, 평가기준 및 평가스케일을 정의해야한다. 본 논문에서는 이 분야의 각종 방법들로부터 분류체계, 평가기준 및 평가스케일을 조사 연구하였다. 본 결과는 새로운 방법을 개발할 때 활용될 수 있을 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.135-141
• /
• 2008

The risk enlargement of cyber infringement and hacking is one of the latest hot issues. To solve the problem, the research for Security Risk Analysis, one of Information Security Technique, has been activating. However, the evaluation for Security Risk Analysis has many burdens; evaluation cost, long period of the performing time, participants’ working delay, countermeasure cost, Security Management cost, etc. In addition, pre-existing methods have only treated Analyzing Standard and Analyzing Method, even though their scale is so large that seems like a project. the Analyzing Method have no option but to include assessors’ projective opinion due to the mixture using that both qualitative and quantitative method are used for. Consequently, in this paper, we propose the Security Risk Analysis Methodology which manage the quantitative evaluation as a project and use Case-Based Reasoning Algorithm for define the period of the performing time and for select participants.