• 제목/요약/키워드: Administrative Security

검색결과 289건 처리시간 0.025초

기업 보안 유형에 따른 보안사고 대응역량 : 사회기술시스템 이론 관점에서 (Incident Response Competence by The Security Types of Firms:Socio-Technical System Perspective)

  • 이정환;정병호;김병초
    • 한국IT서비스학회지
    • /
    • 제12권1호
    • /
    • pp.289-308
    • /
    • 2013
  • This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

행정기관의 정보보호 담당인력을 어떻게 관리할 것인가? (How Do We Manage the Information Security Workforce of the Administrative Agencies?)

  • 전효정;김태성;박기태
    • 한국IT서비스학회지
    • /
    • 제18권4호
    • /
    • pp.55-66
    • /
    • 2019
  • The career development of information security workforce affiliated in administrative department is very different from workforce affiliated in private companies. Their career development attempts are made not by voluntary motivation but by involuntary job movement by the principle of internal relocation. So they are not directly linked to monetary compensation or advancement. Due to the nature of the organization, their work attitude is very passive and there is little intention to turnover. They do not need professionalism, but they must be retrained according to the law. In this paper, we investigate and analyze the roles and responsibilities of information security workforce of each administrative department. And we do questionnaire survey to find out current roles and responsibilities of them will not affect the demand for retraining. Through these research, we would like to discuss how to manage information security workforce affiliated in administrative departments.

행정기관 인터넷전화 보안 대응 모델 개발 연구 (A Study on Voice over Internet Protocol Security Response Model for Administrative Agency)

  • 박대우;양종한
    • 한국정보통신학회:학술대회논문집
    • /
    • 한국해양정보통신학회 2011년도 추계학술대회
    • /
    • pp.237-240
    • /
    • 2011
  • 행정기관 인터넷전화를 구축하여 사용하는 국가정보통신서비스 'C'그룹 사업자에는 KT, SK브로드밴드, LG유플러스, 삼성SDS 4개 사업자가 있다. 행정기관 인터넷전화에 대한 공격을 대비하여 보안 대응 모델에 대한 연구가 필요하다. 본 논문에서는 행정기관 인터넷전화 사업자 별로 보안 대응 대책을 내용으로 조사 분석한다. 행정기관 인터넷전화 보안 침해 모델 개발 연구를 위해 국정원의 5가지 보안 위협에 대해 기밀성을 중심으로 우선순위를 설정하여 (1)불법 도청 (2)호 가로채기 (3)서비스 오용 (4)서비스거부 공격 (5)인터넷전화 스팸 공격에 대한 공격 시나리오 작성하여 분석한다. 행정기관 인터넷전화 보안 대응 모델 개발 연구는 보안 위협별 보호 기술 분석과 보안 침해 단계별 대응 체계 연구를 통해 단계별 대응 모델 개발 연구를 한다.

  • PDF

Design and Load Map of the Next Generation Convergence Security Framework for Advanced Persistent Threat Attacks

  • Lee, Moongoo
    • IEIE Transactions on Smart Processing and Computing
    • /
    • 제3권2호
    • /
    • pp.65-73
    • /
    • 2014
  • An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

스피어 피싱 대응을 위한 관리적 보안대책에 의한 접근 (On the administrative security approaches against spear phishing attacks)

  • 손유승;남길현;고승철
    • 한국정보통신학회논문지
    • /
    • 제17권12호
    • /
    • pp.2753-2762
    • /
    • 2013
  • 최근 정보보호 기술의 발전으로 사이버 공격의 패러다임이 변화하고 있다. 조직의 시스템이나 네트워크에 대한 보호 대책이 강화되면서 최종 사용자를 대상으로 사회공학적 기법을 이용하는 사이버 공격이 증가하고 있다. 기업이나 정부기관을 대상으로 중요한 기밀 데이터를 절취하거나 중요 서비스를 무력화하는 지능형지속위협(APT, Advanced Persistent Threat) 공격의 약 91%가 스피어 피싱 이메일을 사용하는 것으로 알려졌다. 본 논문에서는 스피어 피싱 공격의 특성과 보안 위협을 자세히 분석하여 기술적인 통제항목만으로 스피어 피싱 공격에 대응하는 것에 한계가 있음을 설명하고 이를 보완할 수 있는 스피어 피싱 공격에 대한 관리적 대응방안을 제안하였다.

Features of Administrative Liability for Offenses in the Informational Sphere

  • Iasechko, Svitlana;Kuryliuk, Yurii;Nikiforenko, Volodymyr;Mota, Andrii;Demchyk, Nadiia;Berizko, Volodymyr
    • International Journal of Computer Science & Network Security
    • /
    • 제21권8호
    • /
    • pp.51-54
    • /
    • 2021
  • The article is devoted to the study of the features of administrative liability for offenses in the informational sphere, the definition of the concept and features. Based on the examples of implementation of instruments of European legislation into the national legal system and examples of national legal practice, the authors have identified the features of informational and legal sanctions aimed at restricting the rights of access of subjects to information, prohibiting them to disseminate certain information, restricting the rights to disseminate certain information, and suspending informational activities. It has been substantiated that the administrative liability for informational offenses as a protective legal institution is created to contribute to the solution of such acute problems of legal support of human and society interests in the new informational dimensions.

Normative Legal Aspects of Information Support for the Provision of Administrative Services in the Field of Public Administration

  • Radanovych, Nataliia;Kaplenko, Halyna;Burak, Volodymyr;Hirnyk, Oksana;Havryliuk, Yuliia
    • International Journal of Computer Science & Network Security
    • /
    • 제22권9호
    • /
    • pp.244-250
    • /
    • 2022
  • Reforming social relations requires changing the system of relations between state executive bodies, institutions subordinate to them and a citizen, which is characteristic for most of the country, in which the latter is a petitioner even if his indisputable rights and legitimate interests are satisfied. One of the most important areas of public administration reform is the formation and development of a system of administrative services and appropriate information support. The result of the implementation of this direction should be the creation of such a legal framework and its real implementation in administrative and legal practice, in which consumers of administrative services will have broad rights and powers and will not be passive subjects manipulated by civil servants.Thus, the main task of the study is to analyze the normative legal aspects of information support for the provision of administrative services in the field of public administration. As a result of the study, the main aspects of normative legal aspects of information support for the provision of administrative services in the field of public administration were investigated.

의료기관의 정보보안 수준 측정을 위한 평가모형 개발 (A Development of the Model for Evaluating the Security of Information Systems in Health Care Organizations)

  • 안선주;권순만
    • 한국병원경영학회지
    • /
    • 제10권4호
    • /
    • pp.98-112
    • /
    • 2005
  • The purpose of this study is to develop a framework for evaluating security levels in hospitals. We classify security indicators into administrative, technical and physical safeguards. The security evaluation model for hospital information systems was applied to three general hospitals. The analysis of the results showed a low security level in information systems. In particular, requirements for administrative and physical safeguards were very low. Hospitals need strict security policies more than other organizations because their information systems contain patients' highly confidential data. The evaluation model developed in this study can be used for guidelines and as a checklist for hospitals. The security evaluation in hospital informational systems needs to be an essential element of hospital evaluation.

  • PDF

Delimitation of Jurisdiction of Commercial, Civil and Administrative Courts: IT Challenges

  • Baranenko, Dmytro;Stepanova, Tetiana;Pillai, Aneesh V.;Kostruba, Anatolii;Akimenko, Yuliia
    • International Journal of Computer Science & Network Security
    • /
    • 제22권7호
    • /
    • pp.85-90
    • /
    • 2022
  • In modern conditions of the development of public relations, there is a continuous development of technologies. This not only reflects the convenience of service users, and new technology but also contributes to the emergence of new disputes to protect the rights of stakeholders. Therefore, it is urgent to study the distinctions between the jurisdiction of commercial, civil and administrative courts in resolving IT disputes. The work aims to study the peculiarities of delimitation of the jurisdiction of commercial, civil, and administrative courts through the prism of IT measurement. The research methodology consists of such methods as a historical, comparative-legal, formal-logical, empirical, method of analogy, method of synthesis, method of analysis, and systematic method. Examining the specifics of delimiting the jurisdiction of commercial, civil, and administrative courts through the IT dimension, it was concluded that there is a problem in determining the jurisdiction of the court. In addition, the judicial practice on this issue is quite variable, which negatively affects the predictability of technology in resolving potential disputes. In this regard, the criterion models for distinguishing between commercial, administrative, and civil proceedings according to the legal classification of the parties, as well as the nature of the claim are identified. This separation will contribute to a more accurate application of legal norms and methods of application of administrative norms and reduce the number of cases of improper proceedings.

Future of Maritime Sefety and Security Administration in Korea

  • 이상집
    • 해양환경안전학회지
    • /
    • 제4권1호
    • /
    • pp.1-12
    • /
    • 1998
  • The Ministry of Maritime Affairs and Fisheries embarked on Oct. 8, 1996, incorporating most of the previously fragmented maritime administrations into one single organization But the maritime administrative functions related to safely and security missions have not yet been merged into a synergetic whole, with versatile multi-functional systems working so effectively that better services to the public might be expected. Enhancing administrative capabilities requires that these missions be integrated into one institution and an enterprising management system be adopted to overcome bureaupathologies, such as complacency and inertness of administration.

  • PDF