• Convergence Security Journal
• /
• v.15 no.2
• /
• pp.33-41
• /
• 2015

A safe Linux system for security enhancement should have an audit ability that prohibits an illegal access and alternation of data as well as trace ability of illegal activities. In addition, construction of the log management and monitoring system is a necessity to clearly categorize the responsibility of the system manager or administrator and the users' activities. In this paper, the Linux system's Security Log is analyzed to utilize it on prohibition and detection of an illegal protrusion converting the analyzed security log into a database. The proposed analysis allows a safe management of the security log. This system will contribute to the enhancement of the system reliability by allowing quick response to the system malfunctions.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.9
• /
• pp.3451-3457
• /
• 2010

Cyber security assessment is the process of determining how effectively an entity being assessed meets specific cyber security objectives. Cyber security assessment helps to measure the degree of confidence one has and to identify that the managerial, technical and operational measures work as intended to protect the I&C systems and the information it processes. Recently, needs for cyber security on digitalized nuclear I&C systems are increased. However the overall cyber security program, including cyber security assessment, is not established on those systems. This paper presents the methodology of cyber security assessment which is appropriate for nuclear I&C systems. This methodology provides the qualitative assessments that may formulate recommendations to bridge the security risk gap through the incorporated criteria. This methodology may be useful to the nuclear organizations for assessing the weakness and strength of cyber security on nuclear I&C systems. It may be useful as an index to the developers, auditors, and regulators for reviewing the managerial, operational and technical cyber security controls, also.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.51-59
• /
• 2016

An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.3-9
• /
• 2022

Recently, as the environment of the 4th industrial revolution has arrived, the opening, sharing and convergence of data are actively being achieved in any organization. However, the opening and sharing of data inevitably leads to security vulnerability and there is ambivalence that is a threat that can affect the existence of an organization operated in the 4th industrial revolution environment. Especially security issues in the organization of the military can be a threat to the state, not the military itself, so it is always necessary to maintain a high level of security discipline. In this paper, 14 variables were selected through structural equation model applying theory of planned behavior, deterrence and protection motivation to find out the security level development measures by extracting factors that can affect security level. As a result, the theory of planned behavior that the security knowledge embodied through the usual security regulation education and evaluation affects the behavior was adopted, and the theory of deterrence and protection motivation showed the significance of the rejection level. In addition, it was confirmed that the variables that have the greatest impact on the military security level through the measured values of the three-year security audit were commanders and mental security. In conclusion, in order to improve the security level, it is suggested that security education, definite reward and punishment, and security system upgrading should be firmly established and mental security posture should be secured.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.99-107
• /
• 2022

The use of smart home appliances and Internet of Things (IoT) devices is growing, enabling new interactions and automation in the home. This technology relies heavily on mobile services which leaves it vulnerable to the increasing threat of hacking, identity theft, information leakage, serious infringement of personal privacy, abnormal access, and erroneous operation. Confirming or proving such security breaches have occurred is also currently insufficient. Furthermore, due to the restricted nature of IoT devices, such as their specifications and operating environments, it is difficult to provide the same level of internet security as personal computers. Therefore, to increase the security on smart home IoT devices, attention is needed on (1) preventing hacking and user authority theft; (2) disabling abnormal manipulation; and (3) strengthening audit records for device operation. In response to this, we present a plan to build a cloud security authentication platform which features security authentication management functionality between mobile terminals and IoT devices.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.121-127
• /
• 2022

Recently, social issues related to cryptocurrency mining are continuously occurring at the same time as cryptocurrency prices are rapidly increasing. In particular, since cryptocurrency can be acquired through cryptographic operation, anyone with a computer can easily try mining, and as the asset value of major cryptocurrencies such as Bitcoin and Ethereum in creases, public interest is increasing. In addition, the number of cases where individuals who own high-spec computers mine cryptocurrencies in various places such as homes and businesses are increasing. Some miners are mining at companies or public places, not at home, due to the heat problem of computers that consume a lot of electrical energy, causing various problems in companies as well as personal moral problems. Therefore, this study studies the technology to obtain evidence for the traces of mining attempts using the Windows artifacts of the computers that mined cryptocurrency. Through this, it is expected that it can be used for internal audit to strengthen corporate security.

• The Journal of Society for e-Business Studies
• /
• v.19 no.2
• /
• pp.109-124
• /
• 2014

As the emerged importance and awareness for information security, It is being implemented by each industrial sector to protect information assets. In this paper, we analyze the information security checklists or security ratings criteria to derive similarity and difference in context which used to knowledge network analysis method. The analyzed results of all checklists (ISMS, PIMS, 'FSS', 'FISS', 'G') are as follows : First, It is common factors that the protection of information systems and information assets, incident response, operations management. Second, It deals with relatively important factors that IT management, the adequacy of audit activities in the financial IT sector including common factors. Third, the criteria of ISMS contains the majority of the contents among PIMS, 'FSS', 'FISS'and 'G'.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.39-44
• /
• 2017

The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.33-38
• /
• 2013

Security between mobile nodes and efficient communication is one of the most important parts of the MANET. In particular, the wireless network is significantly higher for the attack threats because of collaborative structure for open communication media and communication. However, application of existing security mechanisms and intrusion detection system is not easy due to the characteristics of MANET. It is because collection and integration of adult data by the dynamic topology due to the mobility of nodes and many network sensors is difficult. In this study, we propose cooperative security system technique that can improve the reliability based on authentication assessing confidence about the whole nodes which joins to network and detect effectively this when intrusion occurs. Cluster head which manages the cluster performs CA role for the certificate issue and the gateway node performs role of intrusion detection system. Intrusion detection is performed by cooperating with neighboring nodes when attack is not detected in one intrusion detection node. The performance of the proposed method was confirmed through experiments comparing with the SRP technique.

• The Journal of the Korea Contents Association
• /
• v.11 no.2
• /
• pp.61-68
• /
• 2011

Due to the rapid development of the Internet, many companies in a variety of applications to users open an unspecified number of the current business environment, security of personal information about recent issues are often mentioned in terms of its importance may be the company's top priority. The government recently on personal information strengthening measures on information communications network law enacted into law which is applicable to various industries. Companies to protect the personal information of various measures to comply with these regulations, and arrange your personal information for internal management to enhance security fast security solution has been introduced. The number of used data is stored in the DBMS in terms of compliance with these regulations at the same time effectively to ensure data security and encryption measures, access control, audit, each separated by an implementation of the solution and how it compares with the best Database security plan allows you to explore as a this paper's security checklist.