• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12B
• /
• pp.1489-1497
• /
• 2011

As a way for defending against cyber security threats, there has been a research on cybersecurity information exchange between security management domains in order to raise security performance of the whole network. One of the hottest issues in exchanging cybersecurity information between security management domains is that the requirements of those domains on information sharing are different with each other because each is autonomous domain. This paper proposes a mechanism for effective cybersecurity Information exchange between independent security management domains, which can satisfy their requirements on information sharing through sharing policy and sharing policy control protocol, proposed in this paper. In this paper we have developed an integrated security control system that supports the proposed mechanism. Through the system the performance of the proposed mechanism is measured and evaluated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.703-713
• /
• 2015

The linking system between the control system and the field devices in the existing EMS/SCADA, in order to increase the reliability of the data, and access control through the separation of external network. Currently, There is a tendency that the need for connection to an external network that takes into account the economic aspect, systematic management and efficiency of operations is increasing. Such is evolved linkage section, is to have more security vulnerabilities than in the past, Eventually communication EMS/SCADA linkage section requires special management method. In this paper, taking into account the domestic environment, were presented the security Certification and Accreditation technology that was applied to serial DNP3 and TCP/IP based DNP3 that are mainly used in EMS/SCADA linkage section. Presented to security of Certification and Accreditation technology, divided into Resource Robustness Test and Malicious Packet Test for evaluate the safety. Each of the security requirements and evaluation method in proposed technology, is an attempt to present the differentiation of the existing Certification and Accreditation technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1319-1328
• /
• 2014

While the recent advance in network system has made it easier to collect and process personal information, the loss of customers, financial companies and even nations is getting bigger due to the leakage of personal information. Therefore, it is required to take a measure to prevent additional damage from the illegal use of leakaged personal information. Currently, financial companies use access control in accordance with job title or position on general documents as well as important documents including personal information. Therefore, even if a documents is confidential, it is possible for a person of the same job title or position to access the document properly. This paper propose setting up security grade of documents to improve current access control system. It will help preventing the leakage of personal information.

• Journal of Radiation Industry
• /
• v.12 no.4
• /
• pp.303-310
• /
• 2018

Since Roentgen discovered X-rays, radiation sources have been utilized for many areas such as agriculture, industry, medicine and fundamental chemical research. As a result, human society has gained lots of benefits. However, if a radioactive material is used for the malicious purpose, it causes serious consequences to humanity and environment. Consequently, international organizations including International Atomic energy Agency (IAEA) have been emphasizing establishment and implementation of security management to prevent sabotage and illicit trafficking of radioactive materials. For this reason, the rule of technical standards of radiation safety management was revised and the public notice of security management regarding radioisotope was legislated in 2015 by Nuclear Safety and Security Commission (NSSC). Several radioactive sources which have to be regulated under the above rule and the public notice have been utilized in Advanced Radiation Technology Institute (ARTI) of Korea Atomic Energy Research Institute (KAERI). In order to control them properly, security management system such as access control and physical protection has been adapted since 2015. In this paper, we have analyzed the public notice of NSSC and its field application case. Based on the results, we are going to draw improvement on the public notice of NSSC and security system.

• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.153-169
• /
• 2018

Previous e-financial anomalies analysis and detection technology collects large amounts of electronic financial transaction logs generated from electronic financial business systems into big-data-based storage space. And it detects abnormal transactions in real time using detection rules that analyze transaction pattern profiling of existing customers and various accident transactions. However, deep analysis such as attempts to access e-finance by insiders of financial institutions with large scale of damages and social ripple effects and stealing important information from e-financial users through bypass of internal control environments is not conducted. This paper analyzes the management status of e-financial security programs of financial companies and draws the possibility that they are allies in security control of insiders who exploit vulnerability in management. In order to efficiently respond to this problem, it will present a comprehensive e-financial security management environment linked to insider threat monitoring as well as the existing e-financial transaction detection system.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.298-301
• /
• 2002

다중레벨보안은 하나의 시스템 내에 여러 보안등급의 데이터와 사용자를 수용하여 효율성을 높이기 위한 것이다. 본 논문에서는 네트워크를 통해서 여러 보안등급의 데이터가 저장된 디렉토리 서버에 다중레벨의 사용자들의 접근을 통제하기위한 방안을 제시하고 구현한다. 보안과 무결성 모두를 보장해주기 위해서 보안 모델과 무결성 모델을 결합한 새로운 형태의 모델을 정의한다. 이 모델을 OpenLDAP의 ACL(Access Control List)을 사용하여 구현하고 사용자의 등급에 따른 시스템의 접근통제를 가능하게 한다.

• Journal of Multimedia Information System
• /
• v.2 no.3
• /
• pp.281-286
• /
• 2015

This article considers Honeywell solutions in the branch of integration of subsystems of industrial safety and security for industrial enterprises with the creation of a unified Human-machine interface for centralized management and control of safety at the plant.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.33-38
• /
• 2001

역할기반 접근제어(RBAC : Role Based Access Control)는 임의적 접근제어와 강제적 접근제어에 비해 견고함과 유연성을 제공한다. 따라서 RBAC은 최근 금융시스템 및 병원시스템 등에서 많은 관심의 대상이 되고 있다. 본 논문에서는 안전성이 인증된 다중등급보안(MLS : Multi-Level Security) 리눅스를 이용하여 인터넷상에서 가상은행의 금융업무를 안전하게 처리할 수 있는 다중등급기반의 RBAC 시스템을 구현함을 보인다.

• Proceedings of the KIEE Conference
• /
• 1993.07a
• /
• pp.515-517
• /
• 1993

Dispatcher's Training simulation function are network analysis, power system modeling, supervisory control, and system security assessment. This function provides hand-on training for power dispatchers for operation of the nation control center in the future, it needs interface between simulator and expert system. This paper introduces DTS function which is adopted in the Central Load Dispatching Office.

• Korean Security Journal
• /
• no.7
• /
• pp.125-154
• /
• 2004

Capitalism is based on a material desire of the human being. the social control of capital value and the management of capital ability reflects the actual condition of the capitalism well. The unconstrained growing and the expansion of capitalism, it finally lost social meaning and an importance of human being element and the safety of the civilian life, began to threat the security of citizen by forming over the material center structure of society. Improving human life quality and material richness on their life leads positive factor of capitalism whereas is causing several crimes through the society which is being threatened around a human being life for a negative factor of the capitalism. Therefore capitalistic social system has offered both a positive factor 'growing' and 'richness' and that of a negative 'structural poverty' and 'lack of security' and they have been remaining the assignment of capitalism 'poverty' and 'security' by settlement in the society for a extremely phenomenon of both sides. The objective of this research is to build its study theory and establish its causal relation by illuminating for the social environment of capitalism for a private guard or a development background of the civil security contributing for citizen security, as well as gets the clue of the development possibility of the civil guard and escort field and the development of capitalism. In Korea because their recognition of the study approach and the social safety for social security control function is still staying first step and our daily life is annoying from various threat of the society, many studies and the realistic necessity of experience related with social security is being studied. In addition, The development possibility of the civil guard and defense at the civil field which will be keep the social security has a wide position but its study approach and realistic comprehension is still in insufficient condition. Consequently, this research is started to grasp the security of civil fiend and to grope a development possibility through the research of capitalism.