• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1169-1172
• /
• 2005

컴퓨터 포렌식절차에서 증거물 획득은 중요한 부분이다. 컴퓨터 포렌식의 여러 원칙 중 신속성의 원칙은 휘발성 정보의 획득유무와 관계가 있다. 기존 통합보안관리시스템(ESM: Enterprise Security Management) 은 보안이벤트중심으로 정보를 수집한다. 컴퓨터 포렌식에서 중요한 휘발성 시스템 포렌식 정보와 네트웍 포렌식 정보는 수집하지 않는다. 본 논문에서는 통합보안관리시스템에 Pre-Forensic 정책을 도입하여 기존 보안경보기능에 포렌식 데이터 수집 대응방안을 추가한 새로운 통합 보안관리시스템 모델을 제안한다. 제안 시스템은 무결성이 보장되는 많은 증거를 수집할 수 있으며 향상된 컴퓨터 포렌식 증거물 획득 방법을 제시한다.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.43 no.1
• /
• pp.50-60
• /
• 2020

The omni-channel customer system is the communication system between enterprise and customer via multiple channels such as mail, email, SMS, and mobile. The omni-channel customer system complements each other channel through the integration of each channel. The purpose of this research is to derive key factors and calculate the weights that a financial enterprise considers when adopting the omni-channel customer system. For this research, we analyzed the request for proposal documents used for the omni-channel customer system implementation projects in the financial enterprise. Also, we derived, classified, and stratified the key factors to be considered for the introduction of the omni-channel customer system in the financial enterprise. As a result of analyzing the key factors, customer experience, operations, and security were identified as the components of the top category in introducing the omni-channel customer system in the financial sector. Furthermore, the weight for each key factor was calculated by using ANP. As a result of ANP, operations, customer experience, and security were important in order. Also, the degree of easiness for connecting with other systems and the various abilities for representing the contents of the omni-channels were derived as the important key factors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.637-644
• /
• 2012

In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.635-637
• /
• 2021

Cybersecurity assessment is the process of assessing the risk level of a system through threat and vulnerability analysis to take appropriate security measures. Accurate security evaluation models are needed to prepare for the recent increase in cyberattacks and the ever-developing intelligent security threats. Therefore, we present a risk assessment model through a matrix-based security assessment model analysis that scores by assigning weights across security equipment, intervals, and vulnerabilities. The factors necessary for cybersecurity evaluation can be simplified and evaluated according to the corporate environment. It is expected that the evaluation will be more appropriate for the enterprise environment through evaluation by security equipment, which will help the cyber security evaluation research in the future.

• Journal of Information Technology Services
• /
• v.12 no.2
• /
• pp.291-300
• /
• 2013

In this study, divide by a private enterprise and army, 2 organizations about observed priority item among administrator, service provider, user viewpoint about the information security item for smartwork activation and in 3 steps hierarchic according to AHP technique analyzed and decided priority for information security observance item. As a result, importance difference could confirm identified by administrator, service provider, user viewpoint period of about information security observance item recognizing in a private enterprise and army.

• Journal of National Security and Military Science
• /
• s.8
• /
• pp.421-465
• /
• 2010

Passwords are used in many ways to protect data, systems, and networks. Passwords are also used to protect files and other stored information. In addition, passwords are often used in less visible ways for authentication. In this article, We provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems. Organizations need to protect the confidentiality, integrity, and availability of passwords so that all authorized users - and no unauthorized users - can use passwords successfully as needed. Integrity and availability should be ensured by typical data security controls, such as using access control lists to prevent attackers from overwriting passwords and having secured backups of password files. Ensuring the confidentiality of passwords is considerably more challenging and involves a number of security controls along with decisions involving the characteristics of the passwords themselves.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.409-412
• /
• 2009

통합보안관리시스템(Enterprise Security Management)은 기업의 보안 정책을 기반으로 다수의 보안시스템을 중앙에서 통합관제, 운영, 관리를 지원하는 시스템이다. 국내의 경우 정보보호시스템에 대한 보안성 평가는 국제공통평가기준을 근거로 평가 및 인증이 이루어지고 있는 반면, SW 품질관점에서의 ESM에 대한 평가 방안에 대한 연구는 미미한 실정이다. 이에 따라 본 논문에서는 SW 품질관점에서 ESM에 대한 평가항목을 제안하고자 한다.

• Korean Security Journal
• /
• no.2
• /
• pp.5-32
• /
• 1999

Private security will be of great importance in the coming 21st century. In the future, most of the crimes will be violent and frequent. In order to prevent crimes private security must be dealt with in public service area and private area. For this reason, nowadays studies on private security is going on actively. But in reality, serious studies on theoretical backgrounds of private security has not been made yet. Currently, almost all of the theories propose various grounds, such as administrative, economic, and social grounds. And they are based on five backgrounds, that is, profit-oriented enterprise theory, economic reduction theory, vacuum theory, interest group theory, and private management theory. The article furnishes several grounds in addition to these. They are local self-government, management of local self-government, and task-force of guard enterprise. In this article, I am going to present some perspectives in classifying the theories. They are administrative, economic, and social perspective. They are shown as follows by figure. In conclusion, based on theoretical backgrounds mentioned above, private security will be advanced constantly in the future. But in carrying out studies on private security, approaching method of proposing the developmental model is more important than theoretical approaching method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.55-63
• /
• 2001

There are many information objects and users in a large company. It is important issue how to control users access in order that only authorized user can access information objects, Traditional access control models do not properly reflect the characteristics of enterprise environment. This paper proposes an improved access control model for enterprise environment. The characteristics of access control in an enterprise are examined and a task role-based access control(T-RBAC) model founded on concept of classification of tasks is introduced. T-RBAC deals with each task differently according to its class, and supports task level access control and supervision role hierarchy.