• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.425-433
• /
• 2016

In smart grid, enhancement of efficiency and interoperability of electric power system is achieved through the connection with outer network, and this induces that power grid system is threatened increasingly, becomes the main target of cyber terrorism, and is sincerely required to design the secure power system. Although SSDLC(Secure System Development Life Cycle) is used for risk management from the design phase, traditional development life cycle is somewhat limited for satisfaction of information security indicator of power control system. Despite that power control system should reflect control entities of information security considering its own characteristics, validation elements are insufficient to apply into real tasks based on existing compliance. To make design of diagnostic model and assessment process for power control system possible and to give a direction for information security and present related indicator, we propose the new risk management framework of power control system which is applied operational security controls and standard architecture presented by IEC 62351 TC 57 with enterprise risk management framework.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.227-230
• /
• 2013

Financial transactions using a mobile terminal and the Internet is activated, it is a stock exchange enabled using mobile devices and the Internet. Koscom in charge of IT operations of securities transaction-related in (securities ISAC), to analyze the vulnerability of information security related to securities transactions, which corresponds to running the integrated security control system. Online stock trading is a subject to the Personal Information Protection Act, electronic systems of related, has been designated as the main information and communication infrastructure to, damage financial carelessness of the user, such as by hacking is expected to are. As a result, research on the key vulnerabilities of information security fields related to securities business cancer decoding of the Securities and Exchange packet, through the analysis of security events and integrated security control is needed.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.4
• /
• pp.788-794
• /
• 2007

The policy of US DoD is moving towards implementation of Network Centric Warfare(NCW) concepts. NCW is commonly described as the integration and synchronization of four key interdependent elements such as command and control, sensor system, engagement systems and the network. Therefore the military policy of Korea military is needed to access and examine the policy of NCW communication environment and crypto communication, which is able to apply it. In this case study, We are reviewed the security framework of the concept of network centric warfare in the centering around the US. It is introduced the core technology in the network centric warfare, and it is reviewed the security framework such as, the requirements of security, the characteristics security of global information grid, joint tactical radion system, net centric enterprise services, transformational communication satellite, in the basis of core technology, and analysis the effect of crypto communication relay between command node and surbornate node in NCW environment. This report support the assistance, which is considered the elements of surrounding effects in the varied crypto communication research area of NCW.

• Journal of Information Technology Services
• /
• v.23 no.1
• /
• pp.1-10
• /
• 2024

The IT environment is changing due to the acceleration of digital transformation in enterprises and organizations. This expansion of the digital space makes centralized cybersecurity controls more difficult. For this reason, cyberattacks are increasing in frequency and severity and are becoming more sophisticated, such as ransomware and digital supply chain attacks. Even in large organizations with numerous security personnel and systems, security incidents continue to occur due to unmanaged and unknown threats and vulnerabilities to IT assets. It's time to move beyond the current focus on detecting and responding to security threats to managing the full range of cyber risks. This requires the implementation of asset Inventory for comprehensive management by collecting and integrating all IT assets of the enterprise and organization in a wide range. IT Asset Management(ITAM) systems exist to identify and manage various assets from a financial and administrative perspective. However, the asset information managed in this way is not complete, and there are problems with duplication of data. Also, it is insufficient to update of data-set, including Network Infrastructure, Active Directory, Virtualization Management, and Cloud Platforms. In this study, we, the researcher group propose a new framework for automated 'Comprehensive IT Asset Management(CITAM)' required for security operations by designing a process to automatically collect asset data-set. Such as the Hostname, IP, MAC address, Serial, OS, installed software information, last seen time, those are already distributed and stored in operating IT security systems. CITAM framwork could classify them into unique device units through analysis processes in term of aggregation, normalization, deduplication, validation, and integration.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.237-244
• /
• 2005

IP-Internet Telephony Service has not vet been achieved that of operating an IP-PBX service and a consumer Internet telephone services using VoIP technologies. In this paper, i suggest that the technologies of the VoIP Secure Gateway have connecting and securing for IP-Internet Telephony Service which makes If telephony protocols, firewall VPN tunneling, using Application Level Gateway, connection of the VoIP Secure Gateway. I suggest of telecommunication technologies that are enables an enterprise If-PBX service to interoperate with a consumer IP telephony service through a firewall. Also, I have proposed the solutions of security problems which was the security for VoIP Secure Gateway.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.171-177
• /
• 2006

The hacking aspect of recent times is changing, the phishing attack which uses a social engineering technique is becoming the threat which is serious in Information Security. It cheats the user and it acquires a password or financial information of the individual and organization. The phishing attack uses the home page which is fabrication and E-mail and acquires personal information which is sensitive and financial information. This study proposes the establishment of National Fishing Response Center, complement of relation legal system Critical intelligence distribution channel of individual and enterprise.

• Journal of National Security and Military Science
• /
• s.3
• /
• pp.73-120
• /
• 2005

Today's world is generation of Transformation. The Term "Transformation" is widely used in many nations and international organizations such as U.S. and NATO to describe the course of change undertaken by militaries to respond to the new and emerging security environment. Transformation involves all elements of the defense enterprise including Operational Environment, Operational Concepts, Doctrine, Structure and Technologies, within a supportive Cultures context. An Operational Environment is defined as "a composite of conditions, circumstances, and influences that affect the employment of military forces and bear on the decisions of the unit commander." The context for developing future military concept and capability lies essentially within the anticipated boundaries of the operational environment in a collective sense. The joint operational environment is essential to the nation's defense. It describes volatile, complex, and dangerous environment in which the military personnel. organizations, and material will operate. Implications coming forth from joint Operational Environment are but a starting point - many others exist. More and better Implications will come forth as people think about massages of Operational Environment, experiment its characteristics, learn to deal with its threats and scenarios, apply their experience and judgement, and then consider what is required of Korean military doctrine, organizations, training and education, material development, and leadership for operations in the joint Operational Environment.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.71-78
• /
• 2008

This research is on the study of integrating internet and intranet that was built for their own enterprise into one network system that promises a more economic and secure use. Compared to this system, the traditional network conversion device not only has its mechanical limits, but also requires a separate network set up. This raises both interoperability and security problems and results in a higher cost. Therefore, I propose dual defence system based on the inverse multiplexing of ATM Forum and IPSec to improve network ability and deliver enhanced system reliability while reducing cost. Furthermore, I also addressed some of the weaknesses of the Scanning Attacking Method, SNMP and Spooler Port and proposed counter measures that will deal with these weakness at the dual defence system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.4
• /
• pp.824-831
• /
• 2005

Past corporaion's network security system is single security solution, or mixed several ways, but there was inefficient system because doing not get into organic link But, constructed more strong security system by ESM enterance on. ESM uses way to integrate of each agent to manage easily various kinds security solution. That is, it is system that connect system of existent VPN, FireWall, IDS and so on configurationally depending on security policy and manage. ESM is security system that is developed more than existent security system. But, practical use of network and the development speed of technology being increasing with the mon faster speed, is heightening the level more as well as dysfunction of information crime and so on. Many improvements are required at ESM system, this research wished to make up for the weak-point in the ESM system about interior security. Studied on structure of security solution that is basis of security policy. VPN, Firewall, IDS's link that is main composition of existing security system analysis, reconstructed. And supplemented security of ESM system itself. Establish imaginary intrusion and comparative analysis access data that apply each Telnet Log analysys IDS existent ESM system and proposed ESM system comparative analysis. Confirm the importance of interior security and inspected security of proposed system.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.27-36
• /
• 2015

Current leakage of industrial technologies with revealing state secret against nation is gradually increasing and scope of the spill is diversified from technology-oriented leakage to new economic security sector like information and communication, electrical and electronic, defense industry, illegal export of strategic material, economic order disturbance by foreign country, infringement of intellectual property, etc. So the spill damage can affect not only leaked company but also national interests and entire domestic industry. According to statistics from National Industrial Security Center of National Intelligence Service, a major cause of technology leakage is not only by external things about hacking and malignant code, but internal leakage of former and current employees account for about 80%. And technology leakage due to temptation of money and personal interests followed by technology leakage of subcontractor is steadily increased. Most studies in the field of security have tended to focus on measuring security capability of company in order to prevent leakage core assets or developing measurement Indicators for management rather than security activities of the company members that is most important. Therefore, this study analyzes the effect of most underlying security education in security activities on security capabilities of enterprise. As a result, it indicates that security education have a positive(+) correlation with security capabilities.