• Title/Summary/Keyword: Data Security Policy

Search Result 668, Processing Time 0.03 seconds

The big data analysis framework of information security policy based on security incidents

  • Jeong, Seong Hoon;Kim, Huy Kang;Woo, Jiyoung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.10
    • /
    • pp.73-81
    • /
    • 2017
  • In this paper, we propose an analysis framework to capture the trends of information security incidents and evaluate the security policy based on the incident analysis. We build a big data from news media collecting security incidents news and policy news, identify key trends in information security from this, and present an analytical method for evaluating policies from the point of view of incidents. In more specific, we propose a network-based analysis model that allows us to easily identify the trends of information security incidents and policy at a glance, and a cosine similarity measure to find important events from incidents and policy announcements.

A Study on the Factors for Violation of Information Security Policy in Financial Companies : Moderating Effects of Perceived Customer Information Sensitivity (금융회사 정보보안정책의 위반에 영향을 주는 요인 연구 : 지각된 고객정보 민감도에 따른 조절효과)

  • Lee, Jeong-Ha;Lee, Sang-Yong Tom
    • Journal of Information Technology Applications and Management
    • /
    • v.22 no.4
    • /
    • pp.225-251
    • /
    • 2015
  • This paper analyzed factors for employees to violate information security policy in financial companies based on the theory of reasoned action (TRA), general deterrence theory (GDT), and information security awareness and moderating effects of perceived sensitivity of customer information. Using the 376 samples that were collected through both online and offline surveys, statistical tests were performed. We found that the perceived severity of sanction and information security policy support to information policy violation attitude and subjective norm but the perceived certainty of sanction and general information security awareness support to only subjective norm. Also, the moderating effects of perceived sensitivity of customer information against information policy violation attitude and subjective norm were supported. Academic implications of this study are expected to be the basis for future research on information security policy violations of financial companies; Employees' perceived sanctions and information security policy awareness have an impact on the subjective norm significantly. Practical implications are that it can provide a guide to establish information security management strategies for information security compliance; when implementing information security awareness training for employees to deter violations by emphasizing the sensitivity of customer information, a company should make their employees recognize that the customer information is very sensitive data.

A Study on Security Threat Elements Analysis and Security Architecture in Satellite Communication Network (위성 통신망 보안 위협요소 분석 및 보안망 구조에 관한 연구)

  • 손태식;최홍민;채송화;서정택;유승화;김동규
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.11 no.4
    • /
    • pp.15-31
    • /
    • 2001
  • In this paper we classify security threat elements of satellite communication into four parts; Level-0(satellite propagation signal), Level-1(satellite control data), Level-2(satellite application data) and ground network security level according to the personality and data of the satellite communication network. And we analyze each security levels. Using analyzed security threat elements, we divide security requirements into signal security level and information security level separately. And then above the existent signal security level countermeasure, we establish the countermeasure on the basis of information security policy such as satellite network security policy, satellite system security policy and satellite data security policy in information security level. In this paper we propose secure satellite communication network through the countermeasure based on information security policy.

Implementation of Data Mining Engine for Analyzing Alert Data of Security Policy Server (보안정책 서버의 경보데이터 분석을 위한 데이터마이닝 엔진의 구현)

  • 정경자;신문선
    • Journal of the Korea Society of Computer and Information
    • /
    • v.7 no.4
    • /
    • pp.141-149
    • /
    • 2002
  • Recently, a number of network systems are developed rapidly and network architectures are more complex than before, and a policy-based network management should be used in network system. Especially, a new paradigm that policy-based network management can be applied for the network security is raised. A security policy server in the management layer can generate new policy, delete. update the existing policy and decide the policy when security policy is requested. The security server needs to analyze and manage the alert message received from server Policy enforcement system in the enforcement layer for the available information. In this paper, we implement an alert analyzer that analyze the stored alert data for making of security policy efficiently in framework of the policy-based network security management. We also propose a data mining system for the analysis of alert data The implemented mining system supports alert analyzer and the high level analyzer efficiently for the security.

  • PDF

Kerberos Authentication Deployment Policy of US in Big data Environment (빅데이터 환경에서 미국 커버로스 인증 적용 정책)

  • Hong, Jinkeun
    • Journal of Digital Convergence
    • /
    • v.11 no.11
    • /
    • pp.435-441
    • /
    • 2013
  • This paper review about kerberos security authentication scheme and policy for big data service. It analyzed problem for security technology based on Hadoop framework in big data service environment. Also when it consider applying problem of kerberos security authentication system, it analyzed deployment policy in center of main contents, which is occurred in commercial business. About the related applied Kerberos policy in US, it is researched about application such as cross platform interoperability support, automated Kerberos set up, integration issue, OPT authentication, SSO, ID, and so on.

Implementation of Analyzer of the Alert Data using Data Mining (데이타마이닝 기법을 이용한 경보데이타 분석기 구현)

  • 신문선;김은희;문호성;류근호;김기영
    • Journal of KIISE:Databases
    • /
    • v.31 no.1
    • /
    • pp.1-12
    • /
    • 2004
  • As network systems are developed rapidly and network architectures are more complex than before, it needs to use PBNM(Policy-Based Network Management) in network system. Generally, architecture of the PBNM consists of two hierarchical layers: management layer and enforcement layer. A security policy server in the management layer should be able to generate new policy, delete, update the existing policy and decide the policy when security policy is requested. And the security policy server should be able to analyze and manage the alert messages received from Policy enforcement system in the enforcement layer for the available information. In this paper, we propose an alert analyzer using data mining. First, in the framework of the policy-based network security management, we design and implement an alert analyzes that analyzes alert data stored in DBMS. The alert analyzer is a helpful system to manage the fault users or hosts. Second, we implement a data mining system for analyzing alert data. The implemented mining system can support alert analyzer and the high level analyzer efficiently for the security policy management. Finally, the proposed system is evaluated with performance parameter, and is able to find out new alert sequences and similar alert patterns.

The Security Policy for Big data of US Government (미정부의 빅데이터를 위한 보안정책)

  • Hong, Jinkeun
    • Journal of Digital Convergence
    • /
    • v.11 no.10
    • /
    • pp.403-409
    • /
    • 2013
  • This paper review about big data policy and security issue of US government. It is introduced Big data R&D initiative strategy and plan, NITRD program, and big data strategy of government. It is presented operation environment of big data in US government, big data information for military operation, major research organization and topic, security guideline and so on.

Reinforcing Financial Data Exchange Security Policy with Information Security Issues of Data Broker (금융데이터거래 정보보호 강화방안: 데이터브로커 보안이슈를 중심으로)

  • Kim, Su-bong;Kwon, Hun-yeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.1
    • /
    • pp.141-154
    • /
    • 2022
  • In the data economy era, various policies are being implemented to create an active data distribution environment. In South Korea, the formation of a big data distribution platform and data trading began with the launch of the Financial Data Exchange under public data governance. In the case of major advanced countries in the data field, they have built a data distribution environment based on the data broker industry for decades and have strengthened national data competitiveness through added values generated from the industry. However, behind the active data distribution through data brokers, there are numerous information security issues, which have resulted in various privacy issues and national security threats. These problems can occur sufficiently in the process of domestic financial data exchange. In our study, we analyzed various information security issues of data trading caused by data brokers and derived information security requirements to be considered when trading data. We verified whether information security requirements are well reflected in the information security policy for each transaction stage of the domestic financial data exchange. Based on the verification, measurements to strengthen information security for financial data exchange are presented in our paper.

Implementation of Expert System Simulation based on 2th Security of Network (네트워크 2중 보안을 위한 전문가시스템 시뮬레이션의 구현)

  • Lee Chang-Jo
    • Management & Information Systems Review
    • /
    • v.4
    • /
    • pp.309-325
    • /
    • 2000
  • Organizations rely on Secure ID resources today to handle vast amounts of information. Because the data can vary widely in type and in degree of sensitivity, employees need to be able to exercise flexibility in handling and protecting it. It would not be practical or cost-effective to require that all data be handled in the same manner or be subject to the same protection requirements. Without some degree of standardization, however inconsistencies can develop at introduce risks. Policy formulation is an important step toward standardization of security activities for ID resources. ID security policy is generally formulated from the input of many members of an organization, including security officials, line managers, and ID resource specialists. However, policy is ultimately approved and issued by the organization's senior management. In environments where employees feel inundated with policies, directives, guidelines and procedures, an ID security policy should be introduced in a manner that ensures that management's unqualified support is clear. The organization's policy is management's vehicle for emphasizing the commitment to ID security and making clear the expectations for employee involvement and accountability. This paper will discuss ID security Policy in terms of the different types (program-level and issue-specific), components, and Implementation of Expert System Simulation based on 4GL, PowerBuilder.

  • PDF

A Study on the Information Security Measures Influencing Information Security Policy Compliance Intentions of IT Personnel of Banks (은행 IT 인력의 정보보호 정책 준수에 영향을 미치는 정보보호 대책에 관한 연구)

  • Shim, Joonbo;Hwang, K.T.
    • Journal of Information Technology Applications and Management
    • /
    • v.22 no.2
    • /
    • pp.171-199
    • /
    • 2015
  • This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.