• Title/Summary/Keyword: Administrative Security

Search Result 289, Processing Time 0.022 seconds

Incident Response Competence by The Security Types of Firms:Socio-Technical System Perspective (기업 보안 유형에 따른 보안사고 대응역량 : 사회기술시스템 이론 관점에서)

  • Lee, Jeonghwan;Jung, Byungho;Kim, Byungcho
    • Journal of Information Technology Services
    • /
    • v.12 no.1
    • /
    • pp.289-308
    • /
    • 2013
  • This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

How Do We Manage the Information Security Workforce of the Administrative Agencies? (행정기관의 정보보호 담당인력을 어떻게 관리할 것인가?)

  • Jun, Hyo-Jung;Kim, Tae-Sung;Park, Ki Tae
    • Journal of Information Technology Services
    • /
    • v.18 no.4
    • /
    • pp.55-66
    • /
    • 2019
  • The career development of information security workforce affiliated in administrative department is very different from workforce affiliated in private companies. Their career development attempts are made not by voluntary motivation but by involuntary job movement by the principle of internal relocation. So they are not directly linked to monetary compensation or advancement. Due to the nature of the organization, their work attitude is very passive and there is little intention to turnover. They do not need professionalism, but they must be retrained according to the law. In this paper, we investigate and analyze the roles and responsibilities of information security workforce of each administrative department. And we do questionnaire survey to find out current roles and responsibilities of them will not affect the demand for retraining. Through these research, we would like to discuss how to manage information security workforce affiliated in administrative departments.

A Study on Voice over Internet Protocol Security Response Model for Administrative Agency (행정기관 인터넷전화 보안 대응 모델 개발 연구)

  • Park, Dea-Woo;Yang, Jong-Han
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2011.10a
    • /
    • pp.237-240
    • /
    • 2011
  • Voice over Internet Protocol calls using administrative agency to build a national information and communication service, 'C' group, providers, the KT, SK Broadband, LG U+, Samsung SDS, as there are four operators. To prepare for an attack on Voice over Internet Protocol for administrative agency, security is a need for research to support the model. In this paper, the Internet telephone business of Administrative Agency to investigate and analyze the specific security measures to respond. Should set priorities around confidentiality about five security threats from NIS to Study of Voice over Internet Protocol Security Response Model for Administrative Agency. (1) Illegal wiretapping, (2) call interception, (3) service misuse, (4) denial of service attacks, (5) spam attacks, write about and analyze attack scenarios. In this paper, an analysis of protection by security threats and security breaches through a step-by-step system to address the research study is a step-by-step development of the corresponding model.

  • PDF

Design and Load Map of the Next Generation Convergence Security Framework for Advanced Persistent Threat Attacks

  • Lee, Moongoo
    • IEIE Transactions on Smart Processing and Computing
    • /
    • v.3 no.2
    • /
    • pp.65-73
    • /
    • 2014
  • An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

On the administrative security approaches against spear phishing attacks (스피어 피싱 대응을 위한 관리적 보안대책에 의한 접근)

  • Sohn, Yu-Seung;Nam, Kil-Hyun;Goh, Sung-Cheol
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.17 no.12
    • /
    • pp.2753-2762
    • /
    • 2013
  • Recently the paradigm of cyber attacks is changing due to the information security technology improvement. The cyber attack that uses the social engineering and targets the end users has been increasing as the organization's systems and networks security controls have been tightened. The 91% of APT(Advanced Persistent Threat) which targets an enterprise or a government agency to get the important data and disable the critical service starts with the spear phishing email. In this paper, we analysed the security threats and characteristics of the spear phishing in detail and explained why the technical solutions are not enough to prevent spear phishing attacks. Therefore, we proposed the administrative prevention methods for the spear phishing attack.

Features of Administrative Liability for Offenses in the Informational Sphere

  • Iasechko, Svitlana;Kuryliuk, Yurii;Nikiforenko, Volodymyr;Mota, Andrii;Demchyk, Nadiia;Berizko, Volodymyr
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.8
    • /
    • pp.51-54
    • /
    • 2021
  • The article is devoted to the study of the features of administrative liability for offenses in the informational sphere, the definition of the concept and features. Based on the examples of implementation of instruments of European legislation into the national legal system and examples of national legal practice, the authors have identified the features of informational and legal sanctions aimed at restricting the rights of access of subjects to information, prohibiting them to disseminate certain information, restricting the rights to disseminate certain information, and suspending informational activities. It has been substantiated that the administrative liability for informational offenses as a protective legal institution is created to contribute to the solution of such acute problems of legal support of human and society interests in the new informational dimensions.

Normative Legal Aspects of Information Support for the Provision of Administrative Services in the Field of Public Administration

  • Radanovych, Nataliia;Kaplenko, Halyna;Burak, Volodymyr;Hirnyk, Oksana;Havryliuk, Yuliia
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.9
    • /
    • pp.244-250
    • /
    • 2022
  • Reforming social relations requires changing the system of relations between state executive bodies, institutions subordinate to them and a citizen, which is characteristic for most of the country, in which the latter is a petitioner even if his indisputable rights and legitimate interests are satisfied. One of the most important areas of public administration reform is the formation and development of a system of administrative services and appropriate information support. The result of the implementation of this direction should be the creation of such a legal framework and its real implementation in administrative and legal practice, in which consumers of administrative services will have broad rights and powers and will not be passive subjects manipulated by civil servants.Thus, the main task of the study is to analyze the normative legal aspects of information support for the provision of administrative services in the field of public administration. As a result of the study, the main aspects of normative legal aspects of information support for the provision of administrative services in the field of public administration were investigated.

A Development of the Model for Evaluating the Security of Information Systems in Health Care Organizations (의료기관의 정보보안 수준 측정을 위한 평가모형 개발)

  • Ahn, Sun-Ju;Kwon, Soon-Man
    • Korea Journal of Hospital Management
    • /
    • v.10 no.4
    • /
    • pp.98-112
    • /
    • 2005
  • The purpose of this study is to develop a framework for evaluating security levels in hospitals. We classify security indicators into administrative, technical and physical safeguards. The security evaluation model for hospital information systems was applied to three general hospitals. The analysis of the results showed a low security level in information systems. In particular, requirements for administrative and physical safeguards were very low. Hospitals need strict security policies more than other organizations because their information systems contain patients' highly confidential data. The evaluation model developed in this study can be used for guidelines and as a checklist for hospitals. The security evaluation in hospital informational systems needs to be an essential element of hospital evaluation.

  • PDF

Delimitation of Jurisdiction of Commercial, Civil and Administrative Courts: IT Challenges

  • Baranenko, Dmytro;Stepanova, Tetiana;Pillai, Aneesh V.;Kostruba, Anatolii;Akimenko, Yuliia
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.7
    • /
    • pp.85-90
    • /
    • 2022
  • In modern conditions of the development of public relations, there is a continuous development of technologies. This not only reflects the convenience of service users, and new technology but also contributes to the emergence of new disputes to protect the rights of stakeholders. Therefore, it is urgent to study the distinctions between the jurisdiction of commercial, civil and administrative courts in resolving IT disputes. The work aims to study the peculiarities of delimitation of the jurisdiction of commercial, civil, and administrative courts through the prism of IT measurement. The research methodology consists of such methods as a historical, comparative-legal, formal-logical, empirical, method of analogy, method of synthesis, method of analysis, and systematic method. Examining the specifics of delimiting the jurisdiction of commercial, civil, and administrative courts through the IT dimension, it was concluded that there is a problem in determining the jurisdiction of the court. In addition, the judicial practice on this issue is quite variable, which negatively affects the predictability of technology in resolving potential disputes. In this regard, the criterion models for distinguishing between commercial, administrative, and civil proceedings according to the legal classification of the parties, as well as the nature of the claim are identified. This separation will contribute to a more accurate application of legal norms and methods of application of administrative norms and reduce the number of cases of improper proceedings.

Future of Maritime Sefety and Security Administration in Korea

  • 이상집
    • Journal of the Korean Society of Marine Environment & Safety
    • /
    • v.4 no.1
    • /
    • pp.1-12
    • /
    • 1998
  • The Ministry of Maritime Affairs and Fisheries embarked on Oct. 8, 1996, incorporating most of the previously fragmented maritime administrations into one single organization But the maritime administrative functions related to safely and security missions have not yet been merged into a synergetic whole, with versatile multi-functional systems working so effectively that better services to the public might be expected. Enhancing administrative capabilities requires that these missions be integrated into one institution and an enterprising management system be adopted to overcome bureaupathologies, such as complacency and inertness of administration.

  • PDF