• Journal of Information Technology and Architecture
• /
• v.9 no.4
• /
• pp.401-411
• /
• 2012

There has been increased interest for cloud computing services that can promote cost savings while increasing investment in information resources. Cloud computing, however, has a disadvantage physically located in the external information resources to take advantage of the economic benefits, the advantages and increase the vulnerability of information protection and control of information assets. In this study, due to the unique properties of the new services, including vulnerability, the vulnerability of cloud computing derive the vulnerability of cloud computing and control items were derived through the mapping between vulnerability and control items, that are not being managed to identify vulnerabilities Cloud computing risk factors are presented.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.428-430
• /
• 2015

보안은 오직 기술을 관리하는 것이 아닌 사람관리, 조직관리, 경영관리이다. 그 중에서도 인적자원은 모든 산업에서 가장 중요한 자원임과 동시에 보안의 측면에서 볼 때 가장 통제해야 하는 존재이다. 이는 산업보안에서 가장 큰 이슈인 산업기술 기밀 유출이 주로 전 현직 임직원 및 협력업체 직원 등 인적자원을 통했기 때문이다. 미래 산업의 중심이 될 IoT환경에서는 산업기술이 핵심자산이므로 이에 더 주목해야 할 필요가 있다. 이처럼 인적자원에 대한 통제와 관리가 산업보안에서 중요한 의미를 갖는 것에 비해 기존의 보안관리체계의 통제항목은 대부분 IT적인 부분에 치중되어있다. 또한, 체계적인 운영이 부족하고, 산업스파이, 정보절취 등 다양한 위험요소가 존재한다. 특히, 인적자원은 완벽한 예측이 불가능하므로 위험을 최소화하는 방법을 고안해 대는 것에 유념하여 IoT환경에서의 인간중심적인 보안관리체계 구축해야한다. 이를 위해 기존의 정보보호 관리체계 분석을 통하여, 기존의 인적보안 지침들의 적합성을 따져 우선순위를 적용하여 효율적인 인적자원관리 방법론을 설계하였다. 본 연구결과는 보유자원을 가장 효율적으로 활용하여, 그 조직에 적합한 보안체계를 구축하는데 도움이 될 것으로 기대된다.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.4
• /
• pp.239-248
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element, response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management way that propose executing Security incident response experiment on the basis of this way. This study which provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.6
• /
• pp.155-164
• /
• 2011

APP based on the smart phone is being utilized to various scopes such as medical services in hospitals, financing services at banks and credit card companies, and ubiquitous technologies in companies and homes etc. In this service environment, exposures of smart phones cause loss of assets including leaks of official/private information by outsiders. Though secret keys, pattern recognition technologies, and single image authentication techniques are being applied as protective methods, but they have problems in that accesses are possible by utilizing static key values or images like pictures. Therefore, this study proposes a face authentication technology for protecting smart phones from these dangerous factors and problems. The proposed technology authenticates users by extracting key frames of user's facial images by real time, and also controls accesses to the smart phone. Authentication information is composed of multiple key frames, and the user' access is controlled by distinction algorism of similarity utilizing DC values of image's pixel and luminance.

• KSCI Review
• /
• v.15 no.1
• /
• pp.141-150
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element. response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management wav that propose executing Security incident response experiment on the basis of this way. This study which Provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.181-185
• /
• 2004

In these days, many reports noticed that the Internet worms spread out and have done considerable damage to all over the world network within a few days. The worms, which is infected from various route such as e-mail, can spread very fast with common property, self replication. But, there is not prepare for the way effectively to interrupt internet worm. Therefore, to prevent our network resource, internet hosts and user clients, the systemic categorization and automatic defense mechanism is required in the Internet worm research. Hence, in this paper, we describe internet worm propagation and defense model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.181-195
• /
• 2015

Financial industries have operated internal and external network with an unified system for continual business process of customers and other organizations in the past. The financial supervising authority requires more technical and managerial protecting policy to financial industries related to the exposure as danger of external attacks or information leakage. Financial industries performed network separation into internal business and external internet networks for protecting IT assets from malware infection accessing internet or hacking attacks and prohibiting leakage of customers' personal and financial information following financial supervising authority and redefine security policy to fit on network separated-condition. In this study, effectiveness for network separation policy was examined on malware inflow and verified that malware inflow in all routes can be blocked by the policy with analyzing operration data of a financial company, estimating network separation. Result of this study proves that malware infection route by portable storages was not completely blocked even on adapting network-separated condition. As a solution for this, efficient security policy would be suggested in this paper as controlling portable storages for maximizing effectiveness of network separation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.498-500
• /
• 2022

CCTV protects people and assets safely by identifying dangerous situations and responding promptly. However, it is difficult to continuously monitor the increasing number of CCTV images. For this reason, there is a need for a device that continuously monitors CCTV images and notifies when abnormal behavior occurs. Recently, many studies using artificial intelligence models for image data analysis have been conducted. This study simultaneously learns spatial and temporal characteristic information between image data to classify various abnormal behaviors that can be observed in CCTV images. As an artificial intelligence model used for learning, we propose a multi-classification deep learning model that combines an end-to-end 3D convolutional neural network(CNN) and ResNet.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.1
• /
• pp.747-754
• /
• 2023

With the development of information and communication technology, online fractional investment platforms have emerged through the convergence of online platform technology and new investment techniques for asset-backed derivatives. In this study, the concept and previous studies of the online fractional investment platform business, commercialization models and service processes, market status, and pending discussions and alternatives were presented. Recently, the Securities and Futures Commission's decision on securitization of split ownership has become an important guide to the stable business sustainability of platform operators, but academic research is needed according to the current status and case analysis. To identify specific market issues, examples of representative online fractional investment securitization platform businesses such as "MusiCow" for music copyright, "Tessa" based on art, "Kasa" for real estate, "Piece" based on real assets, and "BangCow" for Korean beef shipments were analyzed. Through the case analysis of this study, the characteristics of the business model according to the basic assets of the online fractional investment platform were compared and presented. Since most business models are judged to be securitic, they must comply with the provisions of the Capital Markets Act or be recognized as the target of innovative financial services. From a practical point of view, it is meaningful in that it presented improvement directions that online fractional securitization platform operators should consider and organized institutional considerations for investor protection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1027-1041
• /
• 2015

Recently, there are rapidly increasing cases of APT (Advanced Persistent Threat) attacks such as Verizon(2010), Nonghyup(2011), SK Communications(2011), and 3.20 Cyber Terror(2013), which cause leak of confidential information and tremendous damage to valuable assets without being noticed. Several anomaly detection technologies were studied to defend the APT attacks, mostly focusing on detection of obvious anomalies based on known malicious codes' signature. However, they are limited in detecting APT attacks and suffering from high false-negative detection accuracy because APT attacks consistently use zero-day vulnerabilities and have long latent period. Detecting APT attacks requires long-term analysis of data from a diverse set of sources collected over the long time, real-time analysis of the ingested data, and correlation analysis of individual attacks. However, traditional security systems lack sophisticated analytic capabilities, compute power, and agility. In this paper, we propose a Fast Data based real-time abnormal behavior detection system to overcome the traditional systems' real-time processing and analysis limitation.