• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.681-694
• /
• 2014

For the continuous financial incidents occurred in 2011, Korean government has announced the amendment on electronic finance supervision regulation including human resources, organization and budget. The major part of the regulation is mainly focused on human resources and budget. It states that company has to employ at least 5 percent of IT staff out of total staff, and at least 5 percent of security staff in IT staff employment number. Budget for security should be at least 7 percent of total IT budgets. This paper studies IT outsourcing policy based on operational risks of financial industries caused by amendment of regulation. This paper provides the policy decision procedure for resolving the 3rd party problems and suggests the effective operation policy to 3rd party for the program quality improvement and case studies at the IT task classification.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.407-415
• /
• 2013

Recently, Interest variety of IT services and computing resources are increasing. As a result, the interest in the security of cloud environments is also increasing. Cloud environment is stored that to provide services to a large amount of IT resources on the Cloud. Therefore, Cloud is integrity of the stored data and resources that such as data leakage, forgery, etc. security incidents that the ability to quickly process is required. However, the existing developed various solutions or studies without considering their cloud environment for development and research to graft in a cloud environment because it has been difficult. Therefore, we proposed wire-wireless integrated Security management Model in cloud environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.115-128
• /
• 2017

The methods of electronic financial fraud continue to evolve. Various research and countermeasures have been proposed to counter this problem, but it is difficult to eradicate it. The purpose of this study is to analyze the risk of electronic financial fraud through MS Threat Risk Modeling and to propose the countermeasures against the electronic financial fraud. As a result of the analysis, it is confirmed that despite the difference of authentication methods, there is a high risk of pharming, and it is difficult to prevent attack by using only additional authentication means, device security or user authentication based security system. Therefore, this study suggests the introduction of preventive measures such as readjustment of transaction limit by security means, account authentication, and additional physical security measures. It also suggests the establishment and implementation of a comprehensive electronic financial fraud prevention policy through linkage of electronic fraud prevention system and improvement of public relations and user awareness.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.101-109
• /
• 2017

The Internet of things is a system that connects and communicates all sorts of things such as people, objects, and data. It's to create and share information by its own each other. It can be used to enhance the function of private security and has brought about innovative development of private security. The Internet of things is a system that allows devices connected to the Internet to communicate independently of people-objects, objects-objects connected to the Internet. That and can be used in many industries, especially in the private security sector, its value is high. The use of the Internet of things to private security sector can reinforce security zones with always-on surveillance systems, also be enhanced by its own preparedness and response to the situation. However, this study will discusse the application and development of private security in the Internet of things. The practical application of the virtual space is an immediate task and it is also an essential factor in securing security.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.187-204
• /
• 2013

In this study, we developed a comprehensive model to measure the National Information Security Level based on PRM framework. The proposed model reflected a rapidly changing technology environments such as social network service, mobile devices, and etc. This new model consists of three layers:Infrastructure Layer, the Action Layer and the Performance Layer, and there are 16 sub-indexes under the 3 layers. To develop new model and sub-indexes for measuring the National Information Security Level, much amounts of documents related to security indexes or deliberation criteria and security guidelines from international organization were reviewed and then most probable index pool were composed. The Index pool were verified by expert group consisting of professors and specialists. Through five times of screening and having an evaluation review, 16 sub-indexes were deduced and then Delphi and AHP have been conducted to obtain validity and objectiveness of the indexes. Thus the new proposed national information security index will show more exact national information security level and we expect that the indexes give much implications for establishing information protection policy.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.7-21
• /
• 2009

Strategies have to be employed in information systems security in order to build and operate systems for information systems security in effective and structured manner. It is also essential for the entire organization to participate for successful implementation of the strategies and making them work. Current researches on information systems security strategy in organizations, however, have mainly been focused on deployment and operation of countermeasures based on strategic thinking and decision. In consequence, it is lack of research on overall frame for containing consideration factors required for moving and leading the whole enterprise for the holistic security purpose. Therefore, this paper proposes a framework for use in establishment of organization-wide information systems security strategies based on the concept of grand strategy from the traditional strategy research and on the four dimensional features of it.

• Journal of the Society of Disaster Information
• /
• v.5 no.2
• /
• pp.88-106
• /
• 2009

The potential risks of Korean public security has been increasing by economic stagnation. As a result of this, a feeling of unrest about our society causes expansion of private security industry as well as necessity of professional education. It has been 15years to produce security expert in colleges which is professional education institute, and academic efforts and contributions to society are shown remarkable results for the period. A private security industry had got public interest as a potential favorable job, because of increasing dependence of public to take care of unrest facts. Many colleges have introduced courses about public security because of facing necessity of professional education system. Then total 59 institutes including 22 universities and 37 colleges introduce courses of public security. Although name of courses are diverse depends on institution, purpose of course or members of course, the ultimate purpose of these courses is preventing public from crimes and managing public security. A fixed and out of date education system of universities in Korea can not produce talent person who people, companies and government want. The institutions have been recruiting many student so far, and it shows growth of the industry in quantity aspects. However quality aspect of the industry has been failed because it is hard to get a job for graduated students. Consequently, to improve quality of the industry people need cooperation of institution, professors and students.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.4
• /
• pp.45-54
• /
• 2001

It is necessary to control security management consistently and respond to an intrusion automatically in order to use the network securely in the single administrative domain. This paper presents a Shadowing Mechanism supporting a dynamic extension of security scheme and proposes an ARTEMIS(Advanced Realtime Emergency Management and Intruder Identification System), which is designed and implemented based on the suggested technique. It is possible for security management system developed on the basis of the Shadowing Mechanism to make all network components working under the same security scheme. It enhances the accuracy of intrusion tracing and automatic response through dynamic extension of space and time for security management.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.1
• /
• pp.8-11
• /
• 2008

There are multiple reasons that caused the present serious status of network security, including Internet itself having a weak basis. However security is usually discarded when it contends with performance. As the world becomes more tightly interconnected, security technology continues to mature, organizations are feeling a greater need to rediscover network security. Network security technology generally concentrates on protection of the network infrastructure and, by implication, the protection of the user. This is a paper, describe current problems of network security and propose solutions.