• Journal of the Korea Society of Computer and Information
• /
• v.20 no.5
• /
• pp.113-121
• /
• 2015

This research suggests construction processes and security solutions for security control center as management measures for security management improvement in domestic electronic security companies. Security control center (SCC) is the central nerve of electronic security service, and no matter how well the on-site response system has been built, if SCC ceases to work due to an incident or disaster or security control personnel are harmed, the electronic security system cannot perform its proper functions. It is divided to a spatial structure, the infrastructure, control equipment, control solutions and operating structure in a construction process in the security control center. And a solution can be presented for physical security, information security, and personnel security in the way to security solutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.471-478
• /
• 2013

Industrial control system was designed mainly in the form of analog in early days. However, necessity of digital system engineering is increasing recently because systems become complicated. Consequently, stability of digital systems is improved so most industrial control systems are designed with digital. Because Using digital design of Industrial control system is expanded, various threatening possibilities such as penetration or destruction of systems are increasing enormously. Domestic and overseas researchers accordingly make a multilateral effort into risk analysis and preparing countermeasures. In this paper, this report chooses common security requirement in industrial control system and nuclear control system through relevant guidelines analysis. In addition, this report suggests the development plan of nuclear cyber security system which will be an essential ingredient of planning approvals.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.39-45
• /
• 2024

The purpose of security control in the public sector is to secure the safety of administrative services for the public by preventing resource loss or information infringement in information systems and information and communication networks. The security control system is a process that performs real-time detection, analysis, response, and reporting through system vulnerability analysis and security system detection pattern optimization. This study aims to objectively identify the current situation of the mismatch between the supply and demand of cyber security control centers currently in operation and specialized security control companies that can be entrusted to operate them, and to derive and propose practical and institutional improvement measures. Considering that the operation of security control centers in the public sector is expected to increase in the future, research on the practical supplementation required for the operation process of security control centers and the improvement of the designation system of security control specialized organizations has fundamental and timely significance, and it is an area that requires continuous research in terms of strategic industrialization.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2022

Recently, the concept of zero trust has been introduced, and it is necessary to strengthen the security elements required for the next-generation security control system. Also, the security paradigm in the era of the 4th industrial revolution is changing. Cloud computing and the cybersecurity problems caused by the dramatic changes in the work environment due to the corona 19 virus continue to occur. And at the same time, new cyber attack techniques are becoming more intelligent and advanced, so a future security control system is needed to strengthen security. Based on the core concept of doubting and trusting everything, Zero Trust Security increases security by monitoring all communications and allowing strict authentication and minimal access rights for access requesters. In this paper, we propose a security enhancement plan in the security control field through a zero trust security model that can understand the problems of the existing security control system and solve them.

• Journal of Digital Contents Society
• /
• v.18 no.5
• /
• pp.1001-1008
• /
• 2017

Because cyber attacks on industrial control systems can lead to massive financial loss or loss of lives, the standardization and the research on cyber security of industrial control systems are actively under way. As a related system, the industrial control system of social infrastructures must be equipped with the verified cryptographic module according to the e-government law and appropriate security control should be implemented in accordance with the security requirements of the industrial control system. However, the industrial control system consisting of the operation layer, the control layer, and the field device layer may cause a problem in performing the main function in each layer due to the security control implementation. In this paper, we propose things to check when performing security control in accordance with the security control requirements for each layer of the industrial control system and proper application.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.81-90
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, they possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance suppers and emergency measures. In order to solve these deficiencies, Wireless Remote Control System was designed and implemented. Wireless Remote Control System is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of Wireless Remote Control System leads to these security Problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to Wireless Remote Control System. The designed security functions include mobile device user authentication and target system access control. For security verification of these security functions introduced CPN(Coloured Petri Nets) which is capable of expressing every possible state for each stage. And then in this paper was verified its security through PI(Place Invariant) based on CPN(Coloured Petri Nets). The CPN expression and analysis method of the proposed security function can also be a useful method for analyzing other services in the future.

• The Journal of Information Systems
• /
• v.19 no.3
• /
• pp.1-12
• /
• 2010

Personality is comprehensive nature of the mood and attitude of people, most clearly revealed in the interaction with other people. This study is a analysis on personality type to information system security and control from financial institute employee. Based on 'The Big Five' personality model, this study develops hypothetical causal relationships of potential organization member's personality and their information system security and control. Research hypotheses are empirically tested with data collected from 901 employees. Results show that employees of high level security mind are the owner of conscientious and emotional stable personality and the employees of high level control mind are the owner of agreeable and emotional stable personality. Therefore the owner of agreeable and stable personality is higher security and control than others.

• 제어로봇시스템학회:학술대회논문집
• /
• 1994.10a
• /
• pp.218-223
• /
• 1994

On the satellite communication system, conventional key issues of control have been focused on the attitude and orbit control, monitoring and control of communication payload such as IOT(In-Orbit-Test) and CSM(Communication System Monitoring) and so on. As the vulnerabilities are being increased on the satellite communication network, security services are required to protect it against security violated attacks. In this paper, a security architecture for satellite communication network is presented in order to provide security services and mechanisms. Authentication protocol and encryption scheme are also proposed for spacecraft command authentication and confidentiality.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.645-656
• /
• 2019

As the number of cyber threats to control systems increases, the need for control system cyber security is also increasing. Currently, various cyber security related education and control system education are being conducted. However, it does not fully reflect the characteristics of the control system and the characteristics of the participants. In this paper, we propose a training system and technique to enhance the control system cyber security capability. To this end, we analyze the limitations of existing security education. Based on the results, we develop a control system training environment model based on the IEC62443 Standard and develop an ARCH based training method.