• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.39-44
• /
• 2017

The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.193-201
• /
• 2017

Financial firms strengthen to protect personal information from the leakage, introducing various security solutions such as print output security, internet network Isolation system, isolationg strorage of customer information, encrypting personal information, personal information detecting system, data loss prevention, personal information monitoring system, and so on. Financial companies are also entering the era of cutthroat competition due to accept of the new channels and the paradigm shift of financial instruments. Accordingly, The needs for security for customer information held by financial firms are keep growing. The large security accidents from the three card companies on January 2014 were happened, the case in which one of the outsourcing personnel seized customer personal information from the system of the thress card companies and sold them illegally to a loan publisher and lender. Three years after the large security accidents had been passed, nevertheless the security threat of the IT outsourcing workforce still exists. The governments including the regulatory agency realted to the financail firms are conducting a review efforts to prevent the leakage of personal information as well as strengthening the extent of the sanction. Through the analysis on the application of security policy for outsourcing personnel in case of large-scale Financial IT projects and the case study of appropriate security policies for security compliance, the theis is proposing a solution for both successfully completing large-scale financial IT Project and so far as possible minizing the risk from the security accidents by the outsouring personnel.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.6
• /
• pp.219-224
• /
• 2020

The purpose of this study is mainly to provide theoretical basis of private security industry by analyzing the perception and flow of private security from the press-released materials according to periodic classification and duties through 'Big Kinds', a website of analyzing news big data. The research method has been changed to structured data to allow an analysis of various scattered unstructured data, and the keywords trend and related words by duties of private security were analyzed in growth period of private security. The perception of private security based on the results of the study was exposed a lot by the media through various crimes, accidents and incidents, and the issues related permanent position. Also, it tended to be perceived as a simple security guard, not recognized as the area of private security, and judging from the high correlation between private security and police, it was recognized not only as a role to assist the police force, but also as a common agent in charge of the public peace. Therefore, it should objectively judge the perception of private security, and through this, it is believed that it should be a foundation for recognizing private security as a main agent responsible for the safety of the nation and maintaining social orders.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.63-72
• /
• 2016

Critical infrastructure has been operating in a closed environment with a completely separate information system and in the private area. However, with the current ICT environment changes due to convergence and open platforms it has increased the threats and risks to critical infrastructure. The importance of cyber security is increasing in the infrastructure control system, such as the outbreak of Ukraine blackout in 2015 by a malicious code called 'black energy'. This thesis aims to recognize the importance and necessity of protecting the critical infrastructure service, designing a security framework reflecting environmental and characteristic changes, and analyzing the management system suitable for a security framework. We also propose a theoretical basis for constructing a new security framework by comparing and analyzing seven international security management system standards, such as NIST 800-82 and IEC 62443-2-1, which are used in the control system. As a result, the environment surrounding critical infrastructure changes with the characteristics of connectivity, openness, and finality was studied, and as a response to this, many scholars and institutions present critical infrastructure security frameworks as cycle enhancement type structures, risk management structures, and management domain expansion structures. In response, the security framework encompassing these structures, CISF (Critical Infrastructure Security Framework), was designed. Additionally, through the security related international standard and criterion analysis, as a newly designed security standard suitable for CISF, IEC 62443-2-1 is reviewed and suggestions are made.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1335-1348
• /
• 2016

Smart factory of Manufacturing sector is rapidly spreading, globally. In case of domestic, it is on going based on KOSF. It is neither lack of invest nor security of information due to it has been spread from manufacturing sector. Hence, that's very difficult to efficiency prevent from new type of intimidation and security accident happened sometimes from this situation. According to research information security condition with recognized new menace, there is a most efficient way is provide education of information security without any extra budget to safely spread smart factory. Thus, this study of research has developed security awareness training curriculum from international standard, requirement of the industry, and curriculum of educational institution based on NCS (National Competency Standard). It is be very helpful to spread smart factory safely due to expert group has been test of validity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1563-1583
• /
• 2018

With the deregulation of electronic finance, FinTech has been revitalized. The discussion on artificial intelligence is active in the financial industry. However, there is a problem of increasing security threats behind new technologies. Security vulnerabilities have increased because we are more connected than before, and the channels and entities of the financial industry have diversified. Although there are technical and policy discussions on security, the essence of all discussions is human. Fundamentals of finance are trust and security, and attention to human factors is important. This study presents the role of human and artificial intelligence for financial security, respectively. Furthermore, this derives a collaborative model in which human and artificial intelligence complement each other's limitations. To support this, it first discusses the development of finance and IT, AI, human factors, and financial security threats. This study suggests that the security threats will intensify in the era of new technology, but it can overcome them by using machinery and technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.133-138
• /
• 2007

As a formal document that expresses a set of security requirements for IT products that meets specific consumer needs in the ISO/IEC 15408(CC, Common Criteria) evaluation, protection profiles are developing by many national agencies and companies recently. Since a protection profile is a criteria for security evaluation when the IT systems and products are introduced, the importance of the protection profile is increasing. However, developing protection profiles are still difficult due to lack of detailed methodology and guidance to analyze security environments or to derive security requirements. In this paper, we analyze foreign instances of developing protection profiles and propose a methodology for deriving security requirements through analyzing the TOE security environment.

• Korean Security Journal
• /
• no.36
• /
• pp.349-386
• /
• 2013

This research analyzes and evaluates The Korean Security Industry Law(TKSIL) putting the regulation of the present government about the private security industry. It nowadays becomes the important axis of the police services offered in the aspect of 'the national life safety' in connection with 'the materialization of society which is safe from the crime'. TKSIL is one of the national administration strategies which Park Gun-hye government aims on supervision policy. After seeking out the core values of the private security industrial policy which sets up in order to approach the national life safety which Park Gun-hye government aims, we make some assessments of this revised security industry law systematically. Particularly all keynote of policy about the private security of the police tried to be confirmed and the desirable direction of policy tries to be presented as to the security industry law application and real operation. In the site of organized civil complaint, the revised security industry law was revised as the direction which intensifies the administrative regulation as to the partial regulation such as it established the reason of the introduction of the arrangement license system. And grounds for disqualification of security instructor and guard, and rules of punishment is intensified order to intercept previously illegal and violent act of the security company etc. However it has the feature that it accomplishes 'the law principle(principle of statute)' the substantial portion through the effort of them changing a lot the content for the form of the law when being the clauses of the fundamental human rights limit, although it has been prescribed in "the security industry law enforcement ordinance" or "the security industry law enforced regulation". The security industry law revised this time brought from the change of the sharp policy through the revision of 17 clauses or new establishment. It can divide into 4 categorizes. (1) strictness of punishment in the site of organized civil complaint (2) Intensification of throwing out for the violation person in the private security business market time-limitedly (3) Intensification of the legal guide supervision power of police (4) upstream of the capital, name tag attachment under compulsion and the limit about other equipment use etc. Essentially "the security industry law" cannot help regulating the national interference of the private security and regulation with this content. However as to this interference and regulation, the limit has to be possible within reasonable range. As the history proved, excessive regulation by the country is not only due to bring the distortion of the security system of nation but also provoke national social cost. It can't be disregards ever that it premises the harmony which appropriate as well as reasonable in the socio-economic dimension for drawing the best combination that all things which get the compulsory education, it limits the person providing the private security service to the corporation, or it limits to the certificate of qualification holder are the ultimate for 'the safety of the national life'.

• Korean Security Journal
• /
• no.6
• /
• pp.273-289
• /
• 2003

The purpose of this study is to explore the underlying causes of the development of private security in the United States. These include the increasing crime rates and fear of crime, the poor performance of public policing, the decentralization of political authority, the increase of mass private property, economic growth and increase of personal income, commodification of security, insurance companies' demand for tighter security and fear of litigation, and historical events such as World War I & II. Based on the findings of this study, it is suggested that no single factor would account for the growth of private security in the United States. In other words, the rapid growth of private security in the United States should be attributed to the interrelated influences of the factors given above. Finally, it might be the contribution of this study that the future development of private security in Korea would be guided by understanding the case of the United States because of the similarities of the developmental process in private security industry of two countries.

• Korean Security Journal
• /
• no.7
• /
• pp.191-212
• /
• 2004

According to current record of private security in Korea, more than 107,963 private security guards are employed by 2,051 security guard association. However, it is obvious that there is lack of any kinds of professional license. To ensure the profession of Private Security industry and at the same time to improve the quality of private guard duty, it is necessary to introduce professional license system which is specialized and developed. The kinds of license anticipated are security guards services, armored car services, alarm services, proprietary security services, special guards services, terror, security consultants services, and private investigators. To settle those license system, there should be not only exertion of academic society but also administrative support of government and research of legal office th arrange legal and official structure.