• Review of KIISC
• /
• v.30 no.1
• /
• pp.7-12
• /
• 2020

비침투보안은 암호모듈 검증제도와 CC 평가 등에서 암호 시스템이 만족해야 하는 보안 요구사항 중 하나이다. 최근 미국 CMVP 제도는 기존 FIPS 140-2 기반의 시험기준을 ISO/IEC 19790, 24759 기반의 FIPS 140-3으로 변경하고 있으며, 2020년 9월 22일부터 실제 시험에 적용할 예정이다. 이러한 변화와 더불어 ISO/IEC 19790, 24759의 비침투공격 보안 요구사항에 대한 구체적인 시험 방법, 시험 도구 요구사항, 시험 도구 설정 방식 등에 관한 표준이 ISO/IEC JTC 1/SC 27에 의해 ISO/IEC 17825와 20085-1, 2으로 각각 발간 혹은 표준 제정 진행중에 있다. 본 논문에서는 비침투보안 시험방법론과 관련된 ISO 표준인 ISO/IEC 17825와 20085-1, 2를 통해 비침투공격 시험방법론 표준화 동향에 대해 살펴보고자 한다.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.405-414
• /
• 2014

It is very important to IT users that the Cloud service provides dynamic extension of IT resources and cost-saving. However, the reliability for Cloud service hinders utilizing Cloud service actively. Existing studies on assessment program for Cloud Service are executed by extracting information security assessment articles and adding features of cloud services by referencing ISO/IEC 27001:2005. This paper will review the recently released ISO/IEC 27001:2013 for the addition, reduction, and changing of articles for Controls and Control objectives. Comparative analysis for the Controls of ISO/IEC 27001:2013 with those of CSA CCMv.3, FedRAMP which is an assessment program for Cloud service will suggest Control Objects of Information Security Management System for related Cloud service. The suggestion of Controls will be an important reference index for the security policy of companies which manage the information security management system based on Cloud service.

• Journal of Korean Society for Quality Management
• /
• v.44 no.3
• /
• pp.541-552
• /
• 2016

Purpose: In this study, we propose that how to approach a effective system engineering and optimize system engineering management process for the mass production weapon system parts localization development process and success in DTaQ. Methods: To approach a effective system engineering for the mass production weapon system parts localization, we analyze a weapon system acquisition process and system engineering process of Republic of Korea and DTaQ parts localization business regulations in advance. after results of analysis of them, we implement a optimized parts localization development system engineering based on ISO/IEC/IEEE 15288. Results: In order to apply International Standard ISO/IEC/IEEE 15288 to the mass production weapon system parts localization development process, we compare the mass production weapon system parts localization acquisition environment with ISO/IEC/IEEE 15288 and analyze them. therefore, It is possible to implement a part of concept stage and development stage of ISO/IEC/IEEE total life cycle stage for the mass production weapon system parts localization development process. To achieve the technical review milestones of DTaQ parts localization business regulations in the selected stages of ISO/IEC/IEEE, the development and management agency perform 2 high rank process and 19 low rank process specified in ISO/IEC/IEEE. Conclusion: When the development and management agency perform the mass production weapon system parts localization development using the proposed system engineering approach, they should easily meet milestone through the clarified requirement and simplified System Engineering output documents in limited development period.

• Information Systems Review
• /
• v.25 no.4
• /
• pp.205-231
• /
• 2023

The Information Security Management System (ISMS) is a protection procedure and process that keeps information assets confidential, flawless, and available at any time. ISMS-P in Korea and ISO/IEC 27001 overseas are the most representative ISMS certification systems. In this paper, in order to understand the relationship between ISMS certification and organizational characteristics, data were collected from Korea Internet & Security Agency (KISA), Ministry of Science and ICT, Information Security Disclosure System (ISDS), Financial Supervisory Service, Data Analysis, Retrieval and Transfer System (DART), and probit regression analysis was performed. In the probit analysis, the relationship with four independent variables was confirmed for three cases: ISMS-P acquisition, ISO/IEC 27001 acquisition, and both ISMS-P and ISO/IEC 27001 acquisition. As a result of the analysis, it was found that companies that acquired both ISMS-P and ISO/IEC 27001 had a positive correlation with the total number of employees and a negative correlation with business history. In addition, the improvement direction of the ISMS-P certification system and information security disclosure system could also be confirmed.

• Journal of Applied Reliability
• /
• v.16 no.2
• /
• pp.134-146
• /
• 2016

Purpose: Many domestic companies have to make out quantitative evaluation table in their proposal when they conduct the software R&D project. However, most of companies have a difficulty to select the evaluation items and criteria, also to derive a quantitative results. Therefore, we propose a method to derive the quantitative evaluation index by utilizing the ISO/IEC 9126-2. Methods: Analyzing ISO/IEC 9126-2, and we classify the quality metrics as high-classification and sub-classification for Web/App software, Embedded software and Installation software. Next, Conduct the metrics selection survey depending on importance and necessity. Then, carry out the case study. Verify the correspondence between evaluation items and criteria from original suggestion of company and from outcome by utilizing the ISO/IEC 9126-2 quality metrics. Results: It is possible to classify into two metrics, one for common software or one another for only special software. Furthermore, there is quality metrics that is more important and more necessary depending upon characteristics of the software. Conclusion: ISO/IEC 9126-2 quality metrics can be used to make an evaluation items and criteria for quantitative evaluation table of software product.

• Journal of KIISE:Databases
• /
• v.36 no.5
• /
• pp.386-398
• /
• 2009

This paper proposes an ontology population model based on ISO/IEC 11179. Much research has recently been done on harmonizing Web 2.0 and the Semantic Web, and the harmonization is defined as Web 3.0. The most important issues for realizing Web 3.0 include defining ontology schemas and populating instances for ontologies. To resolve the issue, Web ontology schemas should be precisely defined, and a method for populating Web ontology from Web resources should be developed. This paper proposes a Web ontology population model based on ISO/IEC 11179 - Metadata Registry (MDR), which is the international standard, developed to manage and use common standard concepts.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.5C
• /
• pp.540-547
• /
• 2006

This paper proposes a novel anti-collision method for the ISO/IEC 18000-6 type B protocol which is the standard protocol of the 900 MHz RFID system. We improve the anti-collision performance by reducing the transmission number of commands and the length of bits required for multi-tag identification in the ISO/IEC 18000-6 type B protocol. Simulation results show that the proposed method improves the multi-tag identification time by 21.7% over the conventional method, irrespective of number of tags.

• ETRI Journal
• /
• v.36 no.1
• /
• pp.141-150
• /
• 2014

A fully integrated CMOS security-enhanced passive (SEP) tag that compensates the security weakness of ISO/IEC 18000-6C is presented in this paper. For this purpose, we propose a security-enhanced protocol that provides mutual authentication between tag and reader. We show that the proposed protocol meets the security demands of the ongoing international standard for RFID secure systems, ISO/IEC 29167-6. This paper fabricates the SEP tag with a 0.18-${\mu}m$ CMOS technology and suggests the optimal operating frequency of the CMOS SEP tag to comply with ISO/IEC 18000-6C. Furthermore, we measure the SEP tag under a wireless environment. The measured results show that communications between the SEP tag and reader are successfully executed in both conventional passive and SEP modes, which follow ISO/IEC 18000-6C and the proposed security enhanced protocol, respectively. In particular, this paper shows that the SEP tag satisfies the timing link requirement specified in ISO/IEC 18000-6C.

• Journal of IKEEE
• /
• v.27 no.3
• /
• pp.350-354
• /
• 2023

This paper describes ISO/IEC TR 24029-1, an international standard to evaluate the performance of artificial intelligence systems. ISO/IEC TR 24029-1 defines the performance measures of artificial intelligence systems in two categories, i.e. interpolation and classificiation. Performance measures in the interpolation categories mean how much the predicted values of the artificial intelligence system is close to the real values. Performance measures in the classification categories mean how much the predicted classes of the artificial intelligence system is equal to the real classes. Based on these performance measures, performance of artificial intelligence systems can be evaluated and performance of different artificial intelligence systems can be compared.

• The Journal of Society for e-Business Studies
• /
• v.12 no.1
• /
• pp.25-40
• /
• 2007

As memory-extended RFID tags are recently developed, various types of item identification structures can be stored in the tags. In this paper, we propose a new national product identifier(NPI) which accepts not only ISO item identification standards but also the memory capacity of ISO tags. First of all, item identification structures of ISO/IEC 15459 and EPC, and memory structures of ISO/IEC 18000-6C and EPC tags are analyzed. Based on these analyses, the NPI currently used is analyzed and its problems are described from the viewpoint of standardization. To overcome the problems, a new NPI structure suitable for ISO/IEC 15459 is proposed. Finally, data related to the NPI is designed for encoding to tags.