• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2067-2072
• /
• 2016

Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.379-390
• /
• 2012

This study is to consider political implication of indicators to measure personal information security in public sector studied by Ministry of Public Adminstration and Security from 2008 to 2011. The study analyzed the priority of personal information security policy dividing into personal information security infrastructure, personal information management with life cycle, correspondence of information infringement by scholars, experts, and chargers. As the results, to progress personal information security policy is important to management of personal identification information on web site; specially institutional infrastructure as responsible organization, exclusive manpower, and security budget; personal information security infrastructure. As like the results, it would be reflected in the progress of personal information security policy and tried to provide systematic management program with improving safe information distribution and usefulness.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.437-438
• /
• 2020

국내 실감형 콘텐츠 시장은 전년도비 42.9%의 연평균 성장률을 보이며 2020년에는 약 5조 7,271억원의 규모에 이를 것으로 전망된다. 특히 2018년 기점으로 하드웨어보다는 콘텐츠 시장이 확대되었다. 최근 실감형 콘텐츠의 유통이 본격적으로 시작됨에 따라 저작권 침해 사례들이 나타나고 있으나 시장의 저변확대 측면에서 그렇게 주목받지 못하고 있다. 실감형 저작물을 제작하는 업체가 주로 소기업이고, 제작하는 비용이 고비용인 점을 고려할 때 저작권 보호 기술인 필터링 기술이 절대적으로 요구되고 있다. 필터링 기술의 성능 평가할 기준인 강인성 지표가 미정립 된 상태이다. 따라서 본 논문에서는 특정 기술에 종속되지 않는 실감형 360도 영상 콘텐츠 강인성 지표를 제안한다.

• Informatization Policy
• /
• v.25 no.3
• /
• pp.29-51
• /
• 2018

As the core technology of the Fourth Industrial Revolution, the Internet of Things has been developed and has enabled various services, and personal information has been handled freely in the process. However, the infringement threat of personal information is increasing as more convenient services are provided and more information devices including smart devices are connected to the network. Therefore, this study is to analyze prioritizing personal information protection policy indicators in order to provide IoT services by constructing secure environment for implementing the Internet of things as the core technology of the 4th Industrial Revolution. This study reviewed personal information protection policy indicators based on the literature survey, and identified 3 fields, 9 areas, and 25 indicators through Delphi analysis for experts. The weights were calculated based on the AHP survey for 66 experts and the results were used to present the relative importance and priority of the policy indexes. The results of this study found the policy field was the most important, followed by the technical field, and the administrative field. Of the three areas of the policy field, strengthening the personal information protection laws related to IoT is the most important, while among the indicators, promoting and revising the personal information protection law related to IoT is the most important. Comparisons of the fields, areas, and indicators of IoT-related personal information protection policies found consistent values. The personal information protection policy indicators derived this way will contribute to the nation's competitiveness by expanding secure IoT policies in the future.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.277-280
• /
• 2015

Smishing, Phishing personal privacy caused by Incident accidents such as Phishing information security has become a hot topic. Such incidents have privacy in personal information management occurs due to a lack of user awareness. This paper is based on the existing structure of the XML Tag question bank used a different Key-Value Structure-based JSON. JSON is an advantage that does not depend on the language in the text-based interchange format. The proposed system is divided into information security sector High, Middle and Low grade. and Provides service to the user through the free space and the smart device and the PC to the constraints of time. The use of open source Apache Load Balancing technology for reliable service. It also handles the user's web page without any training sessions Require server verification result of the training(training server). The result is sent to the training server using jQuery Ajax. and The resulting data are stored in the database based on the user ID. Also to be used as a training statistical indicators. In this paper, we design a level training system to enhance the user's information security awareness.

• Proceedings of the Korea Society for Simulation Conference
• /
• 2003.06a
• /
• pp.9-14
• /
• 2003

최근의 일상 생활들은 정보통신 네트워크를 기반으로 제공되는 서비스와 밀접하게 연관되어 있다. 지난 1.25 인터넷 대란을 통해서 볼 수 있듯이, 네트워크 침해사고로 인해 네트워크 필수 서비스가 중단되었을 때 사용자를 위해 네트워크 기반으로 제공되는 주요한 서비스에 막대한 피해가 발생한다는 것을 직접 확인하였다. 컴퓨터 네트워크에서 필수 서비스의 가장 중요한 특성 중 하나는 서비스의 연속성이다. 필수 서비스의 연속성이 보장되지 못하게 되면 네트웍의 정상적인 동작에 큰 문제를 야기한다. 따라서 대상이 되는 네트워크가 필수 서비스를 보장하는 능력을 평가하여 안전하고 신뢰성 있는 네트워크 서비스를 제공하기 위한 연구가 필요하다. 본 논문에서는 시뮬레이션 기반 필수서비스의 연속성 평가 방법론을 제안한다. 이를 위해 평가 모델의 구성, 실행, 분석 등의 단계를 가지는 평가 절차를 제시한다. 또한 평가 프레임을 제시하고 프레임의 구조 및 동적 특성을 살펴본다. 마지막으로 서비스 연속성의 정도를 평가하기 위한 평가 지표를 가용성, 권한보호성, 정보비밀성, 복구가능성 등 4가지로 분류하고 각각에 대해 살펴본다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2021.07a
• /
• pp.213-214
• /
• 2021

최근 4차 산업혁명으로 인해 사용자와 단말과의 연결이 증가하면서 악성코드에 의한 침해사고가 증가하였고, 이에 따라, 파일의 상세한 정보인 메타 데이터를 추출하여 악성코드를 탐지하는 파일 스캐닝 도구의 필요성이 요구된다. 본 논문에서는 대표적인 오픈소스 기반의 파일 스캐닝 도구인 Strelka, File Scanning Framework (FSF), Laika BOSS를 대상으로 파일 스캐닝 기술에서 주요한 성능 지표인 스캐닝 속도를 비교함으로써 각 도구의 성능을 평가하였다. 다양한 파일 종류를 선정한 테스트 셋을 기반으로 파일의 개수에 따른 속도를 비교하였으며, Laika BOSS, FSF, Strelka 순으로 성능이 높은 것으로 평가되었다. 결과적으로, 악의적인 파일을 빠르게 탐지하기 위한 파일 스캐닝 도구로 Laika BOSS가 가장 적합한 것으로 평가되었다.

• Journal of Korean Society of Disaster and Security
• /
• v.6 no.1
• /
• pp.79-86
• /
• 2013

As car-oriented road policies have been made forward so far, relatively pedestrians' walking conditions are so in poor environments that more than two thousand pedestrians die from car accidents every year. Pedestrians' walking right has been severely invaded like that. Pedestrians' walking right is a right that people are able to walk safely and comfortably in pleasant surroundings as long as they don't threaten the public safety, order maintenance, and welfare. The government has an obligation to provide safe, comfortable, and pleasant environments to pedestrians. Recently interests in pedestrians' safety are increasing, government-driven supports have been made to make safe, pleasant, and healthy walking surroundings. As poor walking condition improvement projects cost high, they should be progressed to accomplish maximal effects using finite finances efficiently, and post feasibility evaluations of the projects should be severely estimated. However site selecting indicators which satisfy with the goal for composing safe working surroundings have not been decided yet, though currently it has a legal basis to specify walking condition improvement sites by the Law for Pedestrians' safety and Comfort Increasement. Therefore this study focuses on suggesting improved ways for selecting sites where pedestrians' safe environment project by reviewing previous research. When project sites are selected, evaluation indicators related to awareness survey of residents and history should be excluded, and disaster safety assessments for walking safety facilities, latent human hazards and natural disasters like a strong wind are proposed besides evaluations on pedestrians' safety and walking environment for matching with the purpose of the project to make safe working surroundings.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.2
• /
• pp.75-81
• /
• 2012

As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.617-636
• /
• 2017

Many businesses have adopted the standard security management structure such as ISO27001 and K-ISMS for strengthening business's security management structure to protect their core information assets and have acquired partial output from such effort. However, many risk factors such as recent advances in Information Technology and evolution of intrusion methods have increased exponentially requiring the businesses to response even more quickly with better accuracy. For such purpose, a study of 'Real Time Security Management Structure for Business' based on security management process optimization, defining a set of security index for managing core security area and calculation of risk indices for precognition of intrusion risk area has been made. Also, a survey on opinions of an expert panel has been conducted. The effectiveness of studied structure was analyzed using AHP method as well. Using this study, security personnels of a company can improve efficiency of the preemptive responsive and quicker measure from the current security management structure.