• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.47-58
• /
• 2015

Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 1999.12a
• /
• pp.209-218
• /
• 1999

처방전달시스템은 처방의 수행은 의사가, 그에 따른 의약품조제는 약사가 수행함으로써 의약품의 오․남용을 방지하기 위한 의약분업의 실시에 따른 국민불편의 최소화와 약화사고에 따른 인증문제 등을 지원하기 위한 정보시스템이다. 처방전달시스템은 환자 개인정보의 허용된 범위 내에서의 공유와 공유를 위한 각종 개인정보 보호장치, 처방의 안전한 전달을 위한 내용의 비밀보장과 위변조방지 및 송신자와 수신자의 인증을 위한 장치가 필수적으로 필요하다. 또한 자료의 생명주기 측면에서 본다면, 처방전의 생성은 병․의원에서 이루어지며 소멸은 약국 및 환자에의해 이루어진다. 자료의 유통과정에 살펴보면 처방전달시스템의 주요성공요인은 정보의 생산자인 병․의원(의사)의 적극적인 정보제공의지와 이를 지원하는 편리한 정보시스템의 구축이라고 할 수 있다. 정보의 생산자인 병․의원 정보시스템 환경은 다양하고 복잡하기 때문에 기존의 애플리케이션을 이용하면서 처방의 전송을 위해서는 기존 애플리케이션 및 플랫폼에 독립적이며 자료의 적합한 취합과 통합이 가능하도록 지원하는 시스템이 필요하다. 처방전달 메시징시스템은 이러한 복합적인 정보시스템 환경을 지원하며 동시에 처방정보의 안전한 전달을 위해 플랫폼으로 실행될 수 있는 시스템을 말한다. 또한 처방의 비교적 짧은 생명주기와 지역적 생산, 유통구조를 적합하게 지원하기 위해 지역별 독립시스템의 구축과 공통정보 활용을 위한 중앙시스템과의 역할분담 모델에 근거한 분산시스템의 구축이 요구된다. 본 연구에서의 처방전달 메시징시스템은 일반적인 메시지서비스의 특성을 기본으로 자료전달을 위해 자료 암호화와 복호화, 송신자와 수신자에 대한 인증 및 자료접근 제한기능을 제공하며 각 클라이언트와 서버간의 실시간 연결 혹은 지연연결을 지원하는 독립적인 애플리케이션이다. 이러한 처방전달 메시징시스템을 구성하는 각 요소에 대해 정의하고 개념적 모델을 설계하고자 한다.에게 청구되며, 소비자에게 전송 되는 청구서는 사용자DB를 참조하여 사용자가 미리 정의한 원하는 형태로 변환되어 전달되며, 필요시 암호화 과정을 거치는 것이 가능해야 한다. 전송된 청구서는 전자우편의 경우, 암호해독이 가능한 전용 브라우저를 통해 열람 되며, 이는 다시 전용 브라우저를 통해 지불인증이 승인되어 청구 제시서버에게 전송된다. EBPP 시스템의 제어 흐름은 크게 기업이 청구 정보를 소비자에게 제시하는 흐름과 소비자의 지불 승인으로 인해 기업이 은행에 지불을 요구하는 흐름으로 구분할 수 있다. 본 논문에서는 통합 청구서버 및 정구 제시서버의 역할 및 구성 요소들에 대해 서술하고, EBPP 시스템과 연동하여야 하는 메일 서버와의 상호 작용에 대해 서술할 것이다. 본 시스템을 아직 구현이 되지 않은 관계로 시스템의 성능 등의 수치적 결과를 제시할 수 없는 상태다., 취약계층을 위한 일차의료, 의약관리), ${\circled}2$ 보건소 조직 개편 및 민간의료기관과 협력체계 확립, ${\circled}3$ 전문인력 확보 및 인력구성 조정, 그리고 ${\circled}4$ 방문보건사업의 강화 등이다., 대사(代謝)와 관계(關係)있음을 시사(示唆)해 주고 있다.ble nutrient (TDN) was highest in booting stage (59.7%); however no significant difference was found among other stages. The concentrations of Ca and P were not different among mature stages. According to these results, the yellow ripe period is appropriate to harvest the whole crop rice for forage considering dry matter yields,

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.123-132
• /
• 2019

Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.93-101
• /
• 2008

Side channel attacks are well known as one of the most powerful physical attacks against low-power cryptographic devices and do not take into account of the target's theoretical security. As an important succeeding factor in side channel attacks (specifically in DPAs), exact time-axis alignment methods are used to overcome misalignments caused by trigger jittering, noise and even some countermeasures intentionally applied to defend against side channel attacks such as random clock generation. However, the currently existing alignment methods consider only on the position of signals on time-axis, which is ineffective for certain countermeasures based on time-axis misalignments. This paper proposes a new signal alignment method based on interpolation and decimation techniques. Our proposal can align the size as well as the signals' position on time-axis. The validity of our proposed method is then evaluated experimentally with a smart card chip, and the results demonstrated that the proposed method is more efficient than the existing alignment methods.

• Korean Security Journal
• /
• no.24
• /
• pp.147-170
• /
• 2010

This study is to present a improvement directions for the protection of industrial key technology. For the purpose of the study, the survey was carried out on the administrative security activity of 68 enterprises including Large companies, small-midium companies and public corporations. survey result on the 10 items of security policy, 10 items of personal management and 7 items of the assets management are as follows; First, stable foundation for the efficient implement of security policy is needed. Carrying a security policy into practice and continuous upgrade should be fulfilled with drawing-up of the policy. Also for the vitalization of security activity, arrangement of security organization and security manager are needed with mutual assistance in the company. Periodic security inspection should be practiced for the improvement of security level and security understanding. Second, the increase of investment for security job is needed for security invigoration. Securing cooperation channel with professional security facility such as National Intelligence Service, Korea internet & security agency, Information security consulting company, security research institute is needed, also security outsourcing could be considered as the method of above investment. Especially small-midium company is very vulnerable compared with Large company and public corporation in security management, so increase of government's budget for security support system is necessary. Third, human resource management is important, because the main cause of leak of confidential information is person. Regular education rate for new employee and staff members is relatively high, but the vitalization of security oath for staff members and the third party who access to key technology is necessary. Also access right to key information should be changed whenever access right changes. Reinforcement of management of resigned person such as security oath, the elimination of access right to key information and the deletion of account. is needed. Forth, the control and management of important asset including patent and design should be tightened. Classification of importance of asset and periodic inspection are necessary with the effects evaluation of leak of asset.

• Korean Journal of Heritage: History & Science
• /
• v.43 no.1
• /
• pp.56-85
• /
• 2010

UNESCO World Heritage Programme was introduced following the adoption of Convention Concerning the Protection of the World Cultural and Natural Heritage by the General Conference of UNESCO in 1972 in order to protect cultural and natural heritage with superb value for all mankind. Despite its short history of less than 40 years, it has been evaluated as one of the most successful of the cultural area projects of UNESCO with 890 world heritage registered worldwide. For systematic protection management of World Heritage, UNESCO, through systemization of registration, emphasis on the importance of preservation management plan, institutionalization of monitoring, and operation of World Heritage Fund, has utilized World Heritage Programme not just as a means of listing excellent cultural properties, but as a preservation planning tool, and accordingly, such policies have had a significant influence on the cultural heritage protection legislations of numerous nations. Korea has ratified World Heritage Convention in 1988, and with the registration of the Royal Tombs of the Joseon Dynasty in 2009, it has 9 World Heritage Sites. Twenty years have passed since Korea joined the World Heritage Programme. While World Heritage registration contributed to publicity of the uniqueness and excellence of Korean cultural properties and improvement of Korea's national culture status, it is now time to devise various legislative/systematic improvement means to reconsider the World Heritage registration strategy and establish a systematic preservation management system. While up until now, the Cultural Properties Protection Law has been amended to arrange for basic rules regarding registration and protection of World Heritage Sites, and some local governments have founded bodies exclusive for World Heritage Site management, a more fundamental and macroscopic plan for World Heritage policy improvement must be sought. Projects and programs in each area for reinforcement of World Heritage policy capacity such as: 1) Enactment of a special law for World Heritage Site preservation management; 2) enactment of ordinances for protection of World Heritage Sites per each local government; 3) reinforcement of policies and management functionality of Cultural Heritage Administration and local governments; 4) dramatic increase in the finances of World Heritage Site protection; 5) requirement to establish plan for World Heritage Site preservation protection; 6) increased support for utilization of World Heritage Sites; 7) substantiation and diversification of World Heritage registration; 8) sharing of information and experiences of World Heritage Sites management among local governments; 9) installation of World Heritage Sites integral archive; 10) revitalization of citizen cooperation and resident participation; 11) training specialized resources for World Heritage Sites protection; 12) revitalization of sustainable World Heritage Sites tourism, must be selected and promoted systematically. Regarding how World Heritage Programme should be domestically accepted and developed, the methods for systemization, scientific approach, and specialization of World Heritage policies were suggested per type. In the future, in-depth and specialized researches and studies should follow.

• International Commerce and Information Review
• /
• v.14 no.4
• /
• pp.491-516
• /
• 2012

The purpose of this study is to research the situation of Technical Barriers of Trade(TBT) between Korea and China and analyze a pending issue such as a regular TBT notifications and specific trade concerns informed to WTO/TBT committee by Korea and China and seek the Countermeasures for Technical Barriers of Trade in Korea-China FTA. Generally, in case of a regular TBT notifications, "a protection of human health or safety" and "protection of the environment" are drawn a main articles from TBT committee data. And in case of a specific trade concerns, "international standard" and "transparency" are drawn a important factor from the said data. Henceforth those kinds of articles shall be an issuable matters for negotiation of Technical Barriers of Trade in Korea-China FTA. The results of the study indicate mainly that as Countermeasures of Korea for Technical Barriers of Trade in Korea-China FTA, Korean government level requires to withdraw an exclusive technical regulation of China and supports to improve Chinese technology for safety of products. Korean enterprises should develop products to meet an environment regulation and Korean government should support finance incentive, tax incentive to enterprises. Besides, regarding new international standard it is necessary for Korean side to dominate a relative regulation. First of all, it is important to secure a strength of capability and human resource for international standard activity. For improving a conveyance of notification information and transparency between Korea and China, it is efficient to establish a mutual direct network of notification.

• KDI Journal of Economic Policy
• /
• v.18 no.2
• /
• pp.63-116
• /
• 1996

우리나라 제조업(製造業)의 수직적(垂直的) 구조(構造)는 선진공업국에 비하여 소(小) 영세기업(零細企業)의 비중이 월등히 높은 피라미드형의 형태를 보이며 80년대말 이후 소기업군의 확대는 더욱 두드러지고 있다. 이처럼 소기업의 비중이 높아진 것은 제조업체들이 가격경쟁력(價格競爭力)을 높이기 위하여 생산비용이 높게 드는 자체생산(自體生産)을 가능한 한 줄이고 임금(賃金)이 낮은 중소기업으로 생산공정을 이양해 왔기 때문이다. 소기업 비중이 높은 분업구조는 가격경쟁력이 중시되어 생산을 분업화해야 하는 경제체제에서는 높은 효율성(效率性)을 발휘한다고 평가할 수 있다. 90년대에 이르러 중소기업이 저가(低價)의 생산요소(生産要素)를 조달받기 어려운 경제여건이 조성되면서 중소기업의 경영불안이 높아지는 등 가격경쟁력을 유지하기 위한 생산분업체제(生産分業體制)는 한계(限界)에 도달한 것으로 보인다. 따라서 대기업과 중소기업간 분업도 기술(技術) 중심의 분업관계(分業關係)로 전환되어야 할 단계에 이르렀다고 볼 수 있다. 그러나 종전과 같이 소기업(小企業)에 의존하는 분업구조(分業構造)로는 기술분업(技術分業)이 정착되기 어렵다. 왜냐하면 연구개발, 전문인력의 고용 등 기술개발과 관련된 기업활동에는 생산량에 관계없이 고정비용(固定費用)이 들어서 기술개발 비용과 위험을 분산시키려면 기업의 생산규모가 상당히 커져야 하기 때문이다. 이는 소기업 중심의 분업구조가 중견기업(中堅企業)중심의 구조로 개편(改編)되어야 함을 의미한다. 중견기업이 육성되려면 첫째, 대기업과 직거래하는 중소업체(中小業體)의 수(數)가 축소되어야 한다. 거래업체수의 과다는 기업규모를 영세하게 만드는 가장 직접적 요인이기 때문이다. 그러나 거래업체의 정리과정에서 기존업체들이 중소기업 보호여론을 등에 업고 반발할 수 있고, 대기업이 교섭력을 강화하기 위한 수단으로 악용할 수 있으므로 객관적이고 투명한 정리기준의 제시가 전제되어야 한다. 둘째, 대기업의 중소기업에 대한 대폭적 자본참여(資本參與)가 허용되어야 한다. 대기업의 자본참여는 중소기업 지배를 강화할 것으로 우려되어 현재는 극히 부분적으로 허용하고 있으나, 개방경제하에서는 대기업과 국내 중소기업간의 협력관계를 유지시키는 효과적 수단으로 작용하게 될 것이다. 셋째, 은행 등 금융자본(金融資本)의 중견기업에 대한 투자(投資) 활성화(活性化)가 필요하다. 금융자율화로 금융기관의 수익성이 강조되는 상태에서 금융자본이 거래업체의 주주(株主)로서 참여하면 경영정보를 손쉽게 파악할 수 있어 우량업체의 신속한 육성이 가능해질 수 있다.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.111-120
• /
• 2019

As cyber-attacks become more intelligent and sophisticated, the importance of Security Operations Center(SOC) has increased and the number of SOC has been increasing. In order to cope with cyber threats, institutions and organizations use a variety of cyber security standards to create business procedures. However, SOC often need to be improved in accordance with the SOC environment because they collaborate with managed security service specialists rather than their own personnel. The NIST cyber security framework, information security management system, and managed security service companies were compared and analyzed. As a result, it was found that the NIST CSF is a framework that is easy to apply to managed security service, The content was judged to be insufficient. Therefore, in this study, NIST CSF was used as a reference model to derive the management items required for SOC environment, and the necessity, importance and ease of each item were confirmed through an Delphi technique and an improved cyber security framework was proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.465-479
• /
• 2020

Regardless of the domestic and foreign governments/companies, SOC (Security Operation Center) has operated 24 hours a day for the entire year to ensure the security for their IT infrastructures. However, almost all SOCs have a critical limitation by nature, caused from heavily depending on the manual analysis of human agents with the text-based monitoring architecture. Even though, in order to overcome the drawback, technologies for a comprehensive visualization against complex cyber threats have been studying, most of them are inappropriate for the security monitoring in large-scale networks. In this paper, to solve the problem, we propose a novel visual approach for intuitive threats monitoring b detecting suspicious IP address, which is an ultimate challenge in cyber security monitoring. The approach particularly makes it possible to detect, trace and analysis of suspicious IPs statistically in real-time manner. As a result, the system implemented by the proposed method is suitably applied and utilized to the real-would environment. Moreover, the usability of the approach is verified by successful detecting and analyzing various attack IPs.