• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.61-74
• /
• 2004

Risk analysis model is systematic and structural process that considers internal security problems and threat factors of the information systems to find optimal level of security control. But, the risk analysis model is just only defined conceptually and there are not so many empirical studies. This research used structural equation modeling(SEM) research methodology with rigorously validated research instrument. Based on results of this study, risk analysis methodology was proved to be practically useful in e-commerce environment. Factors like threat and control were significantly related to risk. In conclusion, the results of this study can be applied to general situation or environment of information security for analyzing and managing the risk and providing new approach to comprehend concept of risk in e-commerce environment.

• 한국디지털정책학회:학술대회논문집
• /
• 2003.12a
• /
• pp.535-549
• /
• 2003

우리가 살아가는 21 세기는 산업화시대와는 달리 급격한 경영환경의 변화 기술융합을 통한 끊임없는 신기술의 등장, 가치사슬의 변화, 프로세스(process)의 통합과 자동화로 인한 가격 등이 파괴되면서 생존을 위한 치열한 경쟁의 시대로 접어들고 있다. 이러한 사회환경의 변화에 따라 지식의 창출 못지 않게 지석의 보호도 중요하게 되었다. 그러나 공공기관의 지식은 체계적인 관리 체계가 이루어지지 않아 담당자의 인사.이동 혹은 퇴직 등으로 인하여 축적된 업무지식이 개인과 함께 그 조직에서 사라져 지식경쟁력이 약화되는 현상을 초래하고 있다. 따라서 본 연구에서는 기존의 단위업무시스템을 통합하여 새롭게 구축된 지식관리시스템을 조기에 정착시키고 이를 활용하여 무형자산의 가치를 극대화하기 위한 방안으로 $2002.12.01{\sim}2003.05.31$ 까지 6 개월 동안 지식관리시스템에 등록된 지식을 분석하여 지식경영을 활성화할 수 있는 방안과 미래사회의 핵심이 될 지석근로자를 양성할 수 있는 방안으로 자신의 능력을 극대화할 수 있는 3 가지 원리와 5 차원 전면교육학습법에 대하여 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.637-659
• /
• 2021

Since the creation of the first Bitcoin blockchain in 2009, the number of cryptocurrency users has steadily increased. However, the number of hacking attacks targeting assets stored in these users' cryptocurrency wallets is also increasing. Therefore, we evaluate the security of the wallets currently on the market to ensure that they are safe. We first conduct threat modeling to identify threats to cryptocurrency wallets and identify the security requirements. Second, based on the derived security requirements, we utilize attack trees and Bayesian network analysis to quantitatively measure the risks inherent in each wallet and compare them. According to the results, the average total risk in software wallets is 1.22 times greater than that in hardware wallets. In the comparison of different hardware wallets, we found that the total risk inherent to the Trezor One wallet, which has a general-purpose MCU, is 1.11 times greater than that of the Ledger Nano S wallet, which has a secure element. However, use of a secure element in a cryptocurrency wallet has been shown to be less effective at reducing risks.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.153-160
• /
• 2007

Recently, the demand against the system risk analysis and security management from the enterprises or the agencies which operate a information system is increasing even from domestic. The international against the standardization trend of information protection management system it investigates from the dissertation which it sees. It analyzed and against information property information protection management system integrated it will be able to manage a danger modeling it did it proposed. Having analyzed as well as compared the matureness of security-measurement models in regard to the global standard of proposal system, the administrative presentation for various IT technology resources. which have been managed singly so far, is now well applied under the united control of the company itself, and enabled the automated management of authentication support and renewal for ISO 27001, ISO 9000, ISO 14000, resulting in much advanced operation for both material and human resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.353-371
• /
• 2014

We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.11-18
• /
• 2021

To protect tangible and intangible assets, most of the companies are conducting information protection monitoring by using various security equipment in the IT service network. As the security equipment that needs to be protected increases in the process of upgrading and expanding the service network, it is difficult to monitor the possible exposure to the attack for the entire service network. As a countermeasure to this, various studies have been conducted to detect external attacks and illegal communication of equipment, but studies on effective monitoring of the open service ports and construction of illegal communication monitoring system for large-scale service networks are insufficient. In this study, we propose a framework that can monitor information leakage and illegal communication attempts in a wide range of service networks without large-scale investment by analyzing 'Netflow statistical information' of backbone network equipment, which is the gateway to the entire data flow of the IT service network. By using machine learning algorithms to the Netfllow data, we could obtain the high classification accuracy of 94% in identifying whether the Telnet service port of operating equipment is open or not, and we could track the illegal communication of the damaged equipment by using the illegal communication history of the damaged equipment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.748-750
• /
• 2015

지식 정보화 사회의 진입으로 인해 다양한 분야에 걸쳐 핵심기술을 보유하게 됨에 따라 국가경쟁력이 강화되어지고 있다. 국가경쟁력이 강회되어짐에 따라 중요 산업정보나 핵심기술이 발생하였으며 이러한 핵심 산업정보를 지키는 것이 매우 중요해졌다. 이에 따라 정부에서 이러한 산업자산을 보호하기 위해 산업보안 관련 부서를 구성하여 다양한 산업보안활동을 수행하고 있다. 하지만 아직 산업보안의 개념 및 학문의 정체성이 확립되어지지 않아 제대로 된 산업보안 활동이 수행되어지지 않고 있다. 본 연구에서는 정부기관의 산업보안활동을 비교/분석하려고 한다. 그리고 산업보안 개념 분석을 통해 정부기관의 올바른 산업보안활동 방향성을 제언하려고 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.51-60
• /
• 2005

The riles or intellectual property on computer systems have increasingly been exposed to such threats that they can be flowed out by internal users or outer attacks through the network. The File Outflow Monitoring System monitors file outflows at server by making the toe when users copy files on client computers into storage devices or print them, The monitoring system filters I/O Request packet by I/O Manager in kernel level if files are flowed out by copying, while it uses Win32 API hooking if printed. As a result, it has exactly made the log and monitored file outflows, which is proved through testing in Windows 2000 and XP.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.13 no.3
• /
• pp.601-608
• /
• 2018

While the legislation on the protection of personal information in public institutions was enacted and amended, the guidelines and laws on information security were focused, contracted and realized with focus on specific institutions. Mutual laws and guidelines have been applied and realized for the dual purpose of securing both the asset of macroscopic information and the asset of personally identification information, which are mutually different media information. However, in a bid to present the definition and direction of the fourth industrial revolution in 2017, a variety of products and solutions for security designed to ensure the best safety line of the 21st century, and the third technology with the comprehensive coverage for all these fields, a number of solutions and technologies, including IOT(: Internet of Things), ICT Internet of Things(: ICT), ICT Cloud, and AI (: Artificial Intelligence) are pouring into the security market as if plastic doll toys were manufactured in massive scale into the market. With the rising need for guaranteeing the interrelation for securities with dualistic physical, administrative, logical and psychological differences, that is, information security and personal information security that are classified into two main categories and for the enhanced security for integrated management and technical application, the study aims to acquire the optimal security by analyzing the interrelationship between the two cases and applying it to the study results.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.1677-1680
• /
• 2003

기존의 보안 관리 수준을 측정하기 위한 방법들이 다양하지만 IT 자산을 중심으로 한 평가만이 이루어지고 있는 관계로 조직 전반에 걸친 분석이 이루어지지 못했다. 따라서 본 논문에서는 보안 관리 수준 점검을 손쉽게 할 수 있도록 웹 기반 보안 관리 수준 분석 도구에 대해 제시한다. 본 도구의 경우는 전사적 정보 보호 관리 방법론인 BS7799의 보안통제 항목들을 기반으로 설문 내용을 구성하였다.