• Title/Summary/Keyword: ISMS

Search Result 180, Processing Time 0.022 seconds

The Integrated Cyber SRM(Security Risk Monitoring) System Based on the Patterns of Cyber Security Charts

  • Lee, Gang-Soo;Jung, Hyun Mi
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.11
    • /
    • pp.99-107
    • /
    • 2019
  • The "Risk management" and "Security monitoring" activities for cyber security are deeply correlated in that they prepare for future security threats and minimize security incidents. In addition, it is effective to apply a pattern model that visually demonstrates to an administrator the threat to that information asset in both the risk management and the security system areas. Validated pattern models have long-standing "control chart" models in the traditional quality control sector, but lack the use of information systems in cyber risk management and security systems. In this paper, a cyber Security Risk Monitoring (SRM) system that integrates risk management and a security system was designed. The SRM presents a strategy for applying 'security control' using the pattern of 'control charts'. The security measures were integrated with the existing set of standardized security measures, ISMS, NIST SP 800-53 and CC. Using this information, we analyzed the warning trends of the cyber crisis in Korea for four years from 2014 to 2018 and this enables us to establish more flexible security measures in the future.

Security Enhancements for Distributed Ledger Technology Systems Based on Open Source (오픈소스 기반 분산원장기술 시스템을 위한 보안 강화 방안)

  • Park, Keundug;Kim, Dae Kyung;Youm, Heung Youl
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.919-943
    • /
    • 2019
  • Distributed ledger technology, which is attracting attention as an emerging technology related to the 4th Industrial Revolution, is implemented as an open source based distributed ledger technology system and widely used for development with various applications (or services), but the security functions provided by the distributed general ledger system are very insufficient. This paper proposes security enhancements for distributed ledger technology systems based on open source. To do so, potential security threats that may occur under running an open source based distributed ledger technology systems are identified and security functional requirements against the security threats identified are provided by analyzing legislation and security certification criteria (ISMS-P). In addition, it proposes a method to implement the security functions required for an open source based distributed ledger technology systems through analysis of security functional components of Common Criteria (CC), an international standard.

A Study on development of evaluation indicators on the Managed Security Service(MSS) (보안관제 업무에 대한 평가지표 개발 연구)

  • Lee, Hyundo;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1133-1143
    • /
    • 2012
  • Currently, Many Cyber Security Centers(CSC) are established and being operated in our country. But, in the absence of indicators to evaluate activities of the Managed Security Service(MSS), We can't identify the CSC's level of overall job performance. Therefore, we can't derive strengths and weaknesses from the CSC. From these reasons, The purpose of this research is to develop an objective indicator to evaluate activities of the MSS. I studied both international and domestic Information Security Management System(ISMS) as related standards(ISO/IEC 27001, G-ISMS). Moreover, I analysed the NIST Computer Security Incident Handing Guide and the Incident Management Capability Metrics(IMCM) of Carnegie Mellon Software Engineering Institute(SEI). The implications for this analysis and domestic hands-on experience are reflected in the research. So I developed 10 evaluation domains and 62 detail evaluation items. This research will contribute to our understanding the level of the CSC's job performance.

National Institution's Information Security Management on the Smart phone use environment (스마트폰 이용 환경에서 국가기관 정보보호 관리방안)

  • Kim, Ji-Sook;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.6
    • /
    • pp.83-96
    • /
    • 2010
  • The rapid spread of smart phone in recent years changes not only personal life but also work environment of organizations. Moreover, smart phone provoke service combination between industries and transit the digital paradigm in our society because of the character that anyone can develop or use the application of smart phone. Under these circumstances, the government hastens the construction of mobile-government in order to improve national services and communication with people. However, since security threats on smart phone become more critical recently, we should hurry the counter measures against mobile threats or we will face obstacles to the activation of mobile-government. On this article, we suggest the methods of information security and the Mobile-government Information Security Management System(M-ISMS) on the smart phone use environment for building up the secure and convenient mobile system in the national institution.

A study on the Establishment of a Digital Healthcare Next-Generation Information Protection System

  • Kim, Ki-Hwan;Choi, Sung-Soo;Kim, Il-Hwan;Shin, Yong-Tae
    • Journal of the Korea Society of Computer and Information
    • /
    • v.27 no.7
    • /
    • pp.57-64
    • /
    • 2022
  • In this paper, the definition and overview of digital health care that has emerged recently, core technology, and We would like to propose a plan to establish a next-generation information protection system that can protect digital healthcare devices and data from cyber attacks. Various vulnerabilities exist for digital healthcare devices and data, and cyber attacks are possible for those vulnerabilities. Through an attack on digital health care devices and information and communication networks, it can directly adversely affect human life and health, Since digital healthcare data contains sensitive and personal information, it is essential to safely protect it from cyber attacks. In the case of this proposal, for continuous safe management of data and cyber attacks on equipment and communication networks for digital health devices, It is expected to be able to respond more effectively and continuously through the establishment of the next-generation information protection system.

A Study on a Smart City Supply Chain Security Model Based on Zero-Trust (제로 트러스트(Zero-Trust) 기반의 스마트시티 공급망 보안모델 연구)

  • Lee, Hyun-jin;Son, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.1
    • /
    • pp.123-140
    • /
    • 2022
  • Recently, research on solving problems that have introduced the concept of smart city in countries and companies around the world is in progress due to various urban problems. A smart city converges the city's ICT, connects all the city's components with a network, collects and delivers data, and consists of a supply chain composed of various IoT products and services. The increase in various cyber security threats and supply chain threats in smart cities is inevitable, in addition to establishing a framework such as supply chain security policy, authentication of each data provider and service according to data linkage and appropriate access control are required in a Zero-Trust point of view. To this end, a smart city security model has been developed for smart city security threats in Korea, but security requirements related to supply chain security and zero trust are insufficient. This paper examines overseas smart city security trends, presents international standard security requirements related to ISMS-P and supply chain security, as well as security requirements for applying zero trust related technologies to domestic smart city security models.

ISO에서의 정보보호관리 국제 표준화 동향

  • 홍기향;김정덕
    • Review of KIISC
    • /
    • v.14 no.2
    • /
    • pp.1-5
    • /
    • 2004
  • ISO의 정보보호관리 표준은 ISO/IEC JTC1/SC27 WG1에서 표준화를 진행하고 있으며, 현재까지 제정된 정보보호관리 표준으로는 ISO 13335 MICTS와 ISO 17799 Code of practices for information security management 등이 있다. ISO 13335는 정보보호관리 모델 및 기술에 대한 가이드를 제공하는 표준이고, ISO 17799는 정보보호관리 통제에 대한 가이드를 제공하는 표준이다. 최근 동향으로는 ISMS(Information Security Management Systems)국제표준화 작업이 시작될 것으로 예상되며, WG1에서 작업 중인 정보보호관리 표준 간 유사성을 배제하고 통합된 체제를 만들기 위한 로드맵 작성 작업이 진행 중에 있다. 인터넷의 확산과 정보화의 역기능 증가에 따라 능동적인 정보보호관리체계의 수립을 위하여, 우리나라도 정보보호관리 표준의 제정 과정에 적극적으로 참여할 뿐 아니라 국내 많은 조직에서 정보보호관리 표준이 적용되어 국가적인 정보보호관리 수준이 향상될 수 있도록 할 필요가 있다.

모바일 클라우드시스템 보안요구사항명세서 개발지원도구

  • Bang, Yeong-Hwan;Jeong, Seong-Jae;Hwang, Seon-Myeong
    • Information and Communications Magazine
    • /
    • v.28 no.10
    • /
    • pp.19-29
    • /
    • 2011
  • 최근 클라우드컴퓨팅은 국내외 많은 IT서비스 패러다임의 변화를 주도하고 있고, 제2의 디지털 시대를 주도할 핵심 서비스중의하나로정보혁명에커다란변화를가져오고 있다. 특히, 클라우드 컴퓨팅은 무선 네트워크 기술이 고도화되고 모바일 단말 시장이 성장함에 따라, 모바일과 결합하면서 IT분야의 신 패러다임으로 부각되고 있으며, 이는 클라우드 컴퓨팅의 경제성과 우수성이 모바일의 이동성과 합쳐져 서로 시너지 효과를 거두고 있기 때문이다 [1]. 이처럼 클라우드컴퓨팅 기술 분야가 확대됨에 따라서 해결해야 할 첫 번째 문제는 보안이다. 특히, 모바일 클라우드시스템은 이동성, 휴대편의성, IT자원을 소유하지 않고 정보활동이 기능한 형태이므로 필연적으로 보안문제에 대한 중요성이 강조된다. 이에 따라서, 본고에서는 모바일 클라우드시스템의 정보보호를 위해 특성과 유형을 파악하고 정보보로분야에서 정보보증(Information Assurance, IA)방법, 여러 정보보증제도(CC, ISMS, CMVP등)를 조사 분석하여 모바일 클라우드시스템 보안기능개발을 위한 보안요구사항병세서 지원도구를 제시하고자 한다.

Genetic Analysis of Kallikrein-Kinin System in the Korean Hypertensives

  • Kang, ByungYong;Bae, Joon Seol;Lee, Kang Oh
    • Animal cells and systems
    • /
    • v.8 no.1
    • /
    • pp.41-47
    • /
    • 2004
  • The kallikrein-kinin system affects regulation of blood pressure, and genes encoding for the components of this system have been considered as good candidates for hypertension. To evaluate the relationship between genetic polymorphisms of candidate genes involved in this system and hypertension, we performed case-control studies using genetic markers in Korean normotensives and hypertensives, respectively. By association study, there was a marginal association with hypertension in AA genotype distribution of A1789G polymorphism in the hKLK1 gene (P=0.0754). Thus, this genetic polymorphism may weakly contribute to the susceptibility to hypertension in Koreans. We also observed that significant linkage disequilibrium exists among three polymorphic sites in the hKLK1 gene studied, suggesting that the three genetic polymorph isms can be useful as genetic markers in clinical association studies. Further studies using larger sample sizes and more genetic markers will be needed to clarify genetic influence of kallikrein-kinin system for hypertension.

Plasticitic Characteristics of Hypertext in Costume (복식에 나타난 하이퍼텍스트의 조형적 특성)

  • Kwon, Jung-Sook
    • Journal of the Korean Society of Clothing and Textiles
    • /
    • v.30 no.2 s.150
    • /
    • pp.198-206
    • /
    • 2006
  • Hypertext is a web form consisted of HTML(hypertext markup language) which is used in Internet. Hypertext in costume is the product of modem industrial society. Hypertext is not a mechanical technique that enlarges external capacity of human beings. It is rather a motif that extends the internal ability of human beings. It brings about the social innovation by extending the expression realm of costume and providing the various views of recognition. This study regards costume not as an artistic work but as a text which interacts in the open relationship of human body, society and culture and causes dynamic generation of meaning. This study distinguishes Plasticitic Characteristics of Hypertext in Costume with intertextuality, rhizome, interactivity in the structural characteristics of hypertext which is a typical trait of digital culture of openness and variousness. In conclusion, this study clarified plasticitic value of modem costume, which expresses vague isms and the pargidm of multi-typed culture most sensitively and condretley, and expressional forms in relation with the structural characteristics of hypertext.