• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.969-974
• /
• 2014

CC (Common Criteria) requires collecting vulnerability information and analyzing them by using penetration testing for evaluating IT security products. Under the time limited circumstance, developers cannot help but apply vulnerability analysis at random to the products. Without the systematic vulnerability analysis, it is inevitable to get the diverse vulnerability analysis results depending on competence in vulnerability analysis of developers. It causes that the security quality of the products are different despite of the same level of security assurance. It is even worse for the other IT products that are not obliged to get the CC evaluation to be applied the vulnerability analysis. This study describes not only how to apply vulnerability taxonomy to IT security vulnerability but also how to manage security quality of IT security products practically.

• Journal of Information Technology Services
• /
• v.21 no.1
• /
• pp.81-102
• /
• 2022

Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1541-1547
• /
• 2015

In the recent IT industry, security has established itself as the factor to be considered the most in the software development. It goes without saying that security is the critical factor for the development of information security products. In the evaluation of the information security products, the security is assured by the security architecture requirement (ADV_ARC). However, the Absence of the systematic software security architecture process makes it difficult to guarantee the security quality consistently even though they are evaluated based on common criteria. In this paper, we propose a way to ensure a consistent security quality applying the software security framework in BSIMM.

• Proceedings of the KIEE Conference
• /
• 2008.07a
• /
• pp.203-204
• /
• 2008

Power IT is very important infrastructure in the country. In general, Power IT is disclosed to cyber attacks. To enhance cyber security in Power IT area, first of all, vulnerability in the area should be defined. In this paper, we consider the cyber security vulnerability in Power IT and introduce the vulnerability. Also, we suggest the research areas for enhancing cyber security in Power IT.

• Journal of Information Technology Services
• /
• v.13 no.2
• /
• pp.1-17
• /
• 2014

Social networking service (SNS) is a service that allows people to share information, manage relationships with others, and express themselves on the Internet. The number of SNS users have increased explosively with the growth of mobile devices such as smartphones. As the influence of SNS has grown extensively, potential threats to privacy have also become pervasive. The purpose of this study is to empirically examine the main factors that affect users' intentions to use security functions provided by their SNS. The main theories for this study include the rational choice theory and the theory of planned behavior. This study has identified the factors that affect intention to use security functions. In addition, security function awareness and information security awareness are found to be important antecedents for intention to use security functions. The results of this study implies that when SNS providers develop security policies, they should consider the ways to improve users information security awareness and security function awareness simultaneously.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1225-1241
• /
• 2014

Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1279-1294
• /
• 2016

Information security to use information technology(IT) in safety and reliability environment is becoming of great importance. In advanced countries including United States and United Kingdom are consistently expanding budget for information security. Korea also has been a growing interest in information security and Korea government announced plan to develop information security into next-generation growth engine. However, information security budget has increased slightly in recent years, so many national institutions and state governments have budget shortfall to perform information security work. Moreover budget items do not include generic contents about information security and there are confined to some security SW, HW and services. It is necessary to expand information security budget for enhancement national capabilities of information security. In this paper, we analyze the IT and information security budget situation for Korea and United States and propose effective budget expansion and improvement approaches for Korea.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.81-86
• /
• 2016

Recently, increasing security threats are not only interfering with business continuity of companies but they are al so causing serious problems on social and national levels. As violation of intellectual property rights increases due to growing competition between different companies and countries, companies are now required to follow various IT compliance regulations, under relevant legal obligations. This study proposed a model of convergence security compliance management by using machine learning, in order to help companies actively utilize IT compliance.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.29-36
• /
• 2022

Smart grid (SG) software platforms and communication networks that run and manage the entire grid are increasingly concerned about cyber security. Characteristics of the smart grid networks, including heterogeneity, time restrictions, bandwidth, scalability, and other factors make it difficult to secure. The age-old strategy of "building bigger walls" is no longer sufficient given the rise in the quantity and size of cyberattacks as well as the sophisticated methods threat actor uses to hide their actions. Cyber security experts utilize technologies and procedures to defend IT systems and data from intruders. The primary objective of every organization's cybersecurity team is to safeguard data and information technology (IT) infrastructure. Consequently, further research is required to create guidelines and methods that are compatible with smart grid security. In this study, we have discussed objectives of of smart grid security, challenges of smart grid security, defensive cybersecurity techniques, offensive cybersecurity techniques and open research challenges of cybersecurity.