• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.769-776
• /
• 2016

Recently, cyber attacks are continuously threatening the cyberspace of the state across the border. Such cyber attacks show a surface which is intelligent and sophisticated level that can paralyze key infrastructure in the country. It can be seen well in cases, such as hacking threat of nuclear power plant, 3.20 cyber terrorism. Especially in public institutions of the country in which there is important information of the country, advanced prevention is important because the large-scale damage is expected to such cyber attacks. Technical support is also important, but by improving the cyber security awareness and security expert knowledge through the cyber security education to the country's public institutions workers is important to raise the security level. This paper suggest education courses for the rise of the best security effect through a short-term course for the country's public institutions workers.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.9
• /
• pp.1666-1673
• /
• 2017

Republic of Korea is divided into South Korea and North Korea, creating military conflicts and social conflicts. North Korea is conducting cyberattacks against South Korea and has hacked South Korea's defense network. In the world of cyberspace, the boundaries of the borders are becoming obscured, and cyberattacks and cyberterrorism for cyberwarfare operate with digital computing connected to points, time and space. Agenda and manual are needed for national cybersecurity. Also, it is necessary to study national cybersecurity laws and policies that can create and implement nationalcyber security policy. This paper investigates cyberterrorism situation in North and South Korean confrontation situation and damage to cyberwarfare in the world. We also study cybersecurity activities and cyberwarfare response agendas, manuals and new technologies at home and abroad. And propose national cybersecurity policy and propose policies so that '(tentative) The National Cybersecurity Law' is established. This study will be used as basic data of national cybersecurity law and policy.

• Journal of Convergence Society for SMB
• /
• v.6 no.3
• /
• pp.13-19
• /
• 2016

In various ICBM (IoT, Bigdata, Cloud, Mobile) IT convergence environments, IT technologies have been evolved, new information security threats have been occurred. As information security incidents in major public agencies, financial institutions and companies occurred, it was emphasized that the importance of human security was disclosed. Thus, implementing of information security management system could protect hacks and security breaches and respond quickly to accidents so it minimized the sized of loss. In this paper, comparison of human security controls shown in ISO27001, COBIT, NIST 800-53, K-ISMS, Cyber Security Framework such as the main information security management systems was analyzed, and proposed of the security implications about effective controls of human resources security issues.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.87-95
• /
• 2015

Recently, The cloud computing technology is emerging as an important issue in the world, and In technology and services, has attracted much attention. Cloud services have evolved from simple forms to complex forms(using multiple mobile devices and communication services(Kakao talk, Facebook, etc.). In particular, as the cloud is especially facilitated the collection of user information, it can now be analyzed with the user's taste and preference. And many of the benefits of the cloud became increasingly closely with our lives. However, the positive aspects of cloud computing unlike the includes several vulnerabilities. For this reason, the Hacking techniques according to the evolution of a variety of attacks and damages is expected. Therefore, this paper will be analyzed through case studies of attack and vulnerability to the privacy threats factors of the cloud computing services. and In the future, this is expected to be utilized as a basis for the Privacy security and Response.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.705-715
• /
• 2017

Today, the world is evolving into a huge community that can communicate with real-time information sharing and communication based on the rapid advancement of scientific technology and information. Behind this information, the adverse effects of information assets, such as hacking, viruses, information assets, and unauthorized disclosure of information assets, are continually increasing as a serious social problem. Each time an infringement of the invasion and personal information leaks occur, many regulatory policies have been announced, including stricter regulations for protecting the privacy of the government and establishing comprehensive countermeasures. Also, companies are making various efforts to increase awareness of the importance of information security. Nevertheless, information security accidents like the leaks of industrial secrets are continuously occurring and the frequency is not lessening. In this thesis, I proposed a customized security policy methodology that supports users with various business circumstances and service and also enables them to respond to the security threats more confidently and effectively through not a monotonous and technical but user-centered security policy.

• Information and Communications Magazine
• /
• v.31 no.5
• /
• pp.39-45
• /
• 2014

기업활동에서 IT에 대한 의존도가 증가함에 따라 기업들은 다양한 소프트웨어 및 하드웨어 플랫폼에서 제공되는 서비스들을 운영하고 있다. 서비스들이 보급, 확대되는 과정에서 새로운 보안 취약점들이 나타나고, 이들 취약점을 악용한 기업정보의 유출 및 해킹 등 보안사고의 발생도 비례하여 증가하고 있다[1]. 특히 다양한 유형의 사업을 운영하는 지주회사 또는 대기업 그룹사의 경우, 사업영역별로 운영 중인 IT 인프라의 보안 취약점이 네트워크로 연결된 타 사업용 IT 인프라에 대한 사이버 침해의 통로로 악용될 가능성이 있다. 이 같은 문제의 해결을 위해 기업들은 사업영역 별로 보유한 IT 인프라의 보안 취약점 진단과 대응을 위한 솔루션들을 도입, 운영해 오고 있다. 하지만 기업의 보안 거버넌스 관점에서 보안 취약점 관리도 전사적인 보안 정책과의 연계 강화, 투자 중복의 방지, 효과적인 관리와 통제에 대한 필요성이 대두되기 시작했다. 보안 거버넌스 체계 강화에 대한 기업의 요구변화에 맞춰 보안 취약점의 통합관리를 지원하는 상용 솔루션들이 일부 출시되고 있으나 기업들이 기 운영하고 있는 개별 취약점 진단 솔루션과의 연동, 로그관리 및 기업이 요구하는 특화된 기능 구현 등의 어려움이 도입에 장애가 되고 있다. 따라서, 대기업을 중심으로 개별 보안 취약점 진단 솔루션들을 연동하여 기업보안 거버넌스를 효과적으로 지원할 수 있도록 취약점 관리업무 프로세스의 재설계와 함께 취약점 진단 통합관리 체계를 구축하고 있다[2][3][4]. 본고는 보안 취약점 관리업무의 문제점을 소개하고, 최근 대 기업을 중심으로 활발히 구축이 추진되고 있는 웹 기반의 취약 점 진단 통합관리 체계의 개념, 기능 및 운영 프로세스를 소개한다. 아울러, 기업 IT 인프라에 대한 보안 취약점 진단 데이터를 축적하여 기업 내부의 보안위험 요소를 사전예측하고, 정보보호의 투자 대비 효과(ROSI: Security Return on Investment)를 효과적으로 산정하는 인프라로서 활용 가치를 소개한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.285-288
• /
• 2010

Chinese hackers hack the e-commerce site by bypass South Korea IP to connect to the third country, finance damaging a violation incident that fake account. 7.7.DDoS attack was the case of a hacker attack that paralyzed the country's main site. In this paper, the analysis is about vulnerabilities that breaches by hackers and DDoS attacks. Hacker's attacks and attacks on the sign of correlation analysis is share the risk rating for in real time, Red, Orange, Yellow, Green. Create a blacklist of hackers and real-time attack will be studied security and air conditioning systems that attacks and defend. By studying generate forensic data and confirmed in court as evidence of accountability through IP traceback and detection about packet after Incident, contribute to the national incident response and development of forensic techniques.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.195-200
• /
• 2019

The role of the Internet of Things in the Fourth Industrial Revolution is in the era of collecting data at the end and analyzing big data through technology to analyze the future or behavior. Therefore, due to the nature of the IoT, it is vulnerable to security and requires a lightweight security protocol. The spread of things Internet technology is changing our lives a lot. IT companies all over the world are already focusing on products and services based on things Internet, and they are going to the era of all things internet that can communicate not only with electronic devices but also with common objects. People, people, people and objects, things and things interact without limitation of time and space, collecting, analyzing and applying information. Life becomes more and more smart, but on the other hand, the possibility of leakage of personal information becomes greater. Therefore, this study proposed security threats that threaten the protection of personal information and countermeasures, and suggested countermeasures for building a secure IoT environment suitable for the Fourth Industrial Revolution.

• The Journal of the Convergence on Culture Technology
• /
• v.5 no.3
• /
• pp.55-60
• /
• 2019

It is true that Blockchain has been known as a core technology for cryptocurrency like bitcoin (BTC). It is caused by its rapid value rises. Now, one BTC is trading around 10,000 US dollars while it bought just less than one dollar at its first trading in May, 2010. Blockchain makes on-line transactions possible by the safe cryptocurrency swiftly based on P2P network and distributed public ledger while its on-line traffic is rapidly increasing. However, this technology has bigger potential in the fourth industrial revolution era and its application areas will be varied. The evolving intelligent information society needs to make new added value through utilizing, sharing and processing of useful digital information. Obstacles such as hacking and fraud often exist when transactions of digital properties, right transfers, etc. are done through digital network specialized with anonymity. It is expected that blockchain will be a definite solution in this regard. This paper addresses useful development directions and countermeasures for blokchain in the digital economy by analysis of its current status and issues.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.79-92
• /
• 2021

In a society where ICT technology is converged, the use of various network-connected devices such as IoT is spreading. Network-connected devices are inevitably exposed to the threat of hacking such as information leakage, and countermeasures need to be prepared to respond. Security certification system for IoT devices has been introduced to promote security of IoT products, and for this purpose, legalization and standardization of certification standards and methods are in progress. In line with this, in Korea, as the Information and Communication Network Act was revised in 2020, ICT convergence devices connected to the network were newly defined as "information and communication network connected devices," and the basis for the security certification system is being established. We summarized related domestic and foreign trends and suggest specific considerations for implementing the security certification system for IoT devices in South Korea.