• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1133-1143
• /
• 2012

Currently, Many Cyber Security Centers(CSC) are established and being operated in our country. But, in the absence of indicators to evaluate activities of the Managed Security Service(MSS), We can't identify the CSC's level of overall job performance. Therefore, we can't derive strengths and weaknesses from the CSC. From these reasons, The purpose of this research is to develop an objective indicator to evaluate activities of the MSS. I studied both international and domestic Information Security Management System(ISMS) as related standards(ISO/IEC 27001, G-ISMS). Moreover, I analysed the NIST Computer Security Incident Handing Guide and the Incident Management Capability Metrics(IMCM) of Carnegie Mellon Software Engineering Institute(SEI). The implications for this analysis and domestic hands-on experience are reflected in the research. So I developed 10 evaluation domains and 62 detail evaluation items. This research will contribute to our understanding the level of the CSC's job performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1069-1086
• /
• 2013

Nowadays, web defacement becomes the utmost threat which can harm the target organization's image and reputation. These defacement activities reflect the hacker's political motivation or his tendency. Therefore, the analysis of the hacker's activities can give the decisive clue to pursue criminals. A specific message or photo or music on the defaced web site and the outcome of analysis will be supplying some decisive clues to track down criminals. The encoding method or used fonts of the remained hacker's messages, and hacker's SNS ID such as Twitter or Facebook ID also can help for tracking hackers information. In this paper, we implemented the web defacement analysis system by applying CBR algorithm. The implemented system extracts the features from the web defacement cases on zone-h.org. This paper will be useful to understand the hacker's purpose and to plan countermeasures as a IDSS(Investigation Detection Support System).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.57-67
• /
• 2013

Lately, intrusive incidents (including system hacking, viruses, worms, homepage alterations, and data leaks) have not involved the distribution of an virus or worm, but have been designed to acquire private information or trade secrets. Because an attacker uses advanced intelligence and attack techniques that conceal and alter data in a computer, the collector cannot trace the digital evidence of the attack. In an initial incident response first responser deals with the suspect or crime scene data that needs investigative leads quickly, in accordance with forensic process methodology that provides the identification of digital evidence in a systematic approach. In order to an effective initial response to first responders, this paper analyzes the collection data such as user usage profiles, chronology timeline, and internet data according to CFFPM(computer forensics field triage process model), proceeds to design, and implements a collection application to deploy the client/server architecture on the Windows based computer.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.1-7
• /
• 2019

There are various cyber attacks on business PCs. In order to reduce the threat of PC security, we are preventing the vulnerability from being diagnosed beforehand. However, this guideline is difficult to cope with because the domestic vulnerability guide does not update the diagnostic items. In this paper, we examine the cyber infringement cases of PCs and the diagnostic items of foreign technical vulnerabilities in order to cope with security threats. In addition, an improved guide is provided by comparing the differences in the diagnostic items of technical vulnerability from abroad and domestic. Through 41 proposed technical vulnerability improvement items, it was found that various security threats can be coped with. Currently, it is mainly able to respond to only known vulnerabilities, but we hope that applying this guideline will reduce unknown security threats.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.27-34
• /
• 2024

Network separation is an important policy that Cyber Incident prevent cyber and protect data. Recently, the IT environment is changing in software development, such as remote work, using the cloud, and using open sources. Due to these changes, fintech companies' development productivity and efficiency are lowering due to network separation regulations, and the demand for easing network separation continued. The government revised the regulations electronic financial supervision(hereafter EFS) in response to needs for mitigation of network separation in the IT environment and fintech companies. Some amendments to the EFS, which took effect on 01/01/2023, mitigate network separation only for research and development purposes in cloud environments. If software developed in a cloud development environment is applied to an operating system through a distribution system the existing perimeter-based security model will not satisfaction the network separation conditions. In this Study, we would like to propose a way to maintain the DevOps system in a network separation environment by Using the zero trust security system.

• Research in Community and Public Health Nursing
• /
• v.13 no.4
• /
• pp.595-607
• /
• 2002

The objectives of this study were to identify the phenomena of school health nursing at schools in Korea and to contribute to building a school health domain of International Classification for Nursing Practice. A retrospective method was used in this study to develop ICNP during the period from July to October 200l. The procedure of the study involved choosing nursing phenomena using preliminary terms from the reports on the field of school health nursing practice documented by nursing students in 10 different nursing colleges. The detail procedures of the study were as follows. 1) Choosing nursing phenomena by using preliminary terms 2) Choosing the characteristics of school health nursing practice from the selected nursing phenomena 3) In order to make a consensus regarding the appropriate characteristics of phenomena. 15 study group members re-categorized the nursing phenomena through 5 times of cyber meetings and 3 times of formal meetings. 4) To verify each characteristic, 5 community nursing faculties and 25 school health nurses participated in the procedure to give scores on nursing characteristics. 5) Classification of the definite nursing phenomena and characteristics. Following the 5 step procedures, school health nursing phenomena were categorized into human and environmental domains. Human domains were classified into human behavioral and functional domains. Environmental domains were classified into physical and psychosocial domains. The essential characteristics of each phenomena were selected when it obtains the mean score of 3.0 or over at the related characteristics. The human behavioral domain consisted of 7 phenomena including risk for spinal disorder, inadequate dietary habit, inadequate weight control, smoking and substance abuse, inadequate stress management, inadequate sex related coping strategies and inadequate accident management. The human functional domain consisted of 6 phenomena including inadequate eye care and visual management, risk for respiratory disorder, inadequate dental health care, inappropriate infectious disease control, risk for gastrointestinal disorder, and lack of sexual identity. The physical environmental domain consisted of 6 phenomena including risk for incident at inside classroom, risk for incident at outside classroom, risk for incident around school, risk for exposure to hazardous facilities around school. inadequate garbage and disposal management, and inadequate physical environment for learning. The psychosocial domain included impaired social interaction at school. Each phenomenon was composed of 2 to 8 characteristics and all phenomena will include a total number of 85 characteristics. The phenomena of school health nursing in Korea partially confirmed school health architecture of ICNP. Further study on verification of school health nursing phenomena in Korea needs to be done to support the findings of this study through review of literature on nursing classifications or field studies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1607-1620
• /
• 2015

The server privilege account must be operated through law and regulation. However, due to regulation non-compliance and inadequate operation on financial company server privilege, an incident that every server data being deleted by hacker occur which is later being named as 'NH Bank Cyber Attack'. In this paper, the current operation status on financial company privilege accounts is being analysed to elicit problems and improvement. From the analysis, important evaluation factors will be also selected and applied generating the decision making model for financial company server privilege account operation. The evaluation factor deducted from privilege account status analysis will be used to present and verify the decision making model and formula through AHP(Analytic Hierarchy process).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.123-126
• /
• 2013

Access control system, when operating the infrastructure manager and the permissions for the user to clearly define the terminology that is. Various IT incidents still happening frequently occur, and these incidents in order to prevent the situation of access control is needed. In this study, the Copy command by hackers hacking incidents, such as walking dangerous limits for instructions attacks in advance, and also the internal administrator accident accidental limit command to walk off the risk in advance and even if the incident occurred access to the command history log and post it as evidence through the analysis techniques that can be utilized are described.

• Journal of Internet Computing and Services
• /
• v.18 no.1
• /
• pp.65-75
• /
• 2017

The Detection Model is the model to find the result of a certain purpose using artificial intelligent, data mining, intelligent algorithms In Cyber Security, it usually uses to detect intrusion, malwares, cyber incident, and attacks etc. There are an amount of unlabeled data that are collected in a real environment such as security data. Since the most of data are not defined the class labels, it is difficult to know type of data. Therefore, the label determination process is required to detect and analysis with accuracy. In this paper, we proposed a KDFL(K-means and D-S Fusion based Labeling) method using D-S inference and k-means(unsupervised) algorithms to decide label of data records by fusion, and a detection model architecture using a proposed labeling method. A proposed method has shown better performance on detection rate, accuracy, F1-measure index than other methods. In addition, since it has shown the improved results in error rate, we have verified good performance of our proposed method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.107-115
• /
• 2012

The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.