• Korean Security Journal
• /
• no.25
• /
• pp.63-87
• /
• 2010

Our society nowadays sees the increase in damage from crime on lives and properties by leaps and bounds in line with the economic take-off, and as a result, the raise of individual income. When considering such a hike in crime, it is desirable that the police framework be enhanced. However, thanks to the failure to correspond to this, it could be safely said that a good portion of accountability was shifted to the private security industry in regard to security for the people. Accordingly, the request for escort security business is on the increase regarding expansion and improvement about this industrial sector. As such, it is necessary to get the related system rearranged for authority on the part of escort guards, who are directly exposed to numerous crimes. On top of this, dispersion is required for the escort security businesses centralized in the metropolitan area. It is also necessary for the security guard system to be strengthened and disintegrated into details so that the escort security services are available to people in more safe and easily manners than ever before. When the qualification regime is operated based on this refreshed system, the efficient escort security work would be realized. The dichotomy into act on Special Security Guard and act on Security Business should be dealt with once again for integration as an issue on the front burner in the academic area, and through which the escort security market could be fit for the globalization as well. This paper would provide the solution that leads to more professional and efficient results from comprehension of progress situations in reality by starting from the concept on private security to the analysis of the conditions in this industrial sector.

• 한국IT서비스학회:학술대회논문집
• /
• 2003.11a
• /
• pp.809-821
• /
• 2003

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.638-640
• /
• 2021

The network separation environment is a network security design system that separates the internal business network from the external Internet network. It separates the internal business network from the external Internet by separating it into a business network that is not connected to the network to which the Internet is connected. The network is separated, and it is a relatively secure network structure compared to Danilman in terms of security. However, there are frequent cases of infecting internal networks by using vulnerabilities in internal systems, network devices, and security devices. In this paper, we analyze the vulnerability of IT security threats in such a network isolation environment and provide technical measures for effective security monitoring.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.147-162
• /
• 2017

With the advent of various services and devices in the change of IT environment, increasing the complexity of the data, and increasing scale of IT, Many organizations are experiencing the difficulty of analyzing and processing with a large amounts of data for security situations awareness. Therefore, propose the enhancement of security situational awareness through visualization in order to solve the problems of slow response and security situational awareness in organizational risk management. In this paper, we selected the evaluation factors and alternatives for effective visualization by considering user type, situational awareness step, and information visualization attributes through various studies on visualization. And established AHP layer model. Based on this, by using the AHP method for solving the problem of multi-criteria decision making, by calculating the factors for effectively visualizing and the importance of alternative by factor, try to propose a visualization method that can improve the effectiveness of the security situational awareness according to the purpose of visualization and the type of user.

• Journal of Digital Convergence
• /
• v.15 no.5
• /
• pp.197-205
• /
• 2017

To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.

• Journal of the Korea Convergence Society
• /
• v.12 no.1
• /
• pp.1-9
• /
• 2021

Recently, new types of security crimes have been steadily occurring in Korea due to environmental changes such as the development of IT technology, and responding to these threats has become a key national task for the establishment of a safe society as well as individuals and businesses. Meanwhile, as the Zero-Contact Era has arrived since the COVID-19 Pandemics, a new convergence security threat that combines the characteristics of the Zero-Contact Era with the existing IT development is threatening our society. Research to prevent and correct these new levels of threats is continuously required in this study. Chapter 1 examined the causes of new convergence security threats and Chapter 2 discussed cybersecurity, fake news, remote voting·work and video security threats as five major threats.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1205-1212
• /
• 2022

Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.109-115
• /
• 2023

The future outlook for defense faces various and challenging environments such as the acceleration of uncertainty in the global security landscape and limitations in domestic social and economic conditions. In response, the Ministry of National Defense seeks to address the problems and threats through defense innovation based on scientific and technological advancements such as artificial intelligence, drones, and robots. To introduce advanced AI-based technology, it is essential to integrate and utilize data on IT environments such as cloud and 5G. However, existing traditional security policies face difficulties in data sharing and utilization due to mainly system-oriented security policies and uniform security measures. This study proposes a paradigm shift to a data value-based security policy based on theoretical background on data valuation and life-cycle management. Through this, it is expected to facilitate the implementation of scientific and technological innovations for national defense based on data-based task activation and new technology introduction.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2117-2120
• /
• 2003

Trusted channel provides a means of secure communication and it includes security services such as confidentiality, authentication, and so on. This paper describes the implementation of trusted channel between secure operating systems that integrates access control mechanisms with FreeBSD kernel code[1]. The trusted channel we developed offers confidentiality an4 message authentication for network traffic based on the destination address. It is implemented in the kernel level of IP layer and transparent to users.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.11 no.4
• /
• pp.229-237
• /
• 2011

As smart phones have become widely adopted, they have brought about changes in individual lifestyles, as well as significant changes in the industry. As the mobile technology of smart phones has become associated with all areas of industry, it is not only accelerating innovation in other industries such as shopping, healthcare service, education, and finance, but is also creating new markets and business opportunities. The preparation of thorough security measures for smart phones is increasing in demand. While offering excellent mobility and convenience, smart phones can be exposed to a range of violation threats. In particular, it is necessary to make efforts to develop a security system that can preemptively cope with potential security threats in the banking service area, which requires a high level of reliability. This paper suggests a security reference model that is considered for the smart phone-based joint mobile banking development project being undertaken by the Bank of Korea in 2010. The purpose of this study is to make a security reference model for a reliable smart phone-based mobile financial service, by recognizing the specific security threats directed toward smart phones, and providing countermeasures to these security threats. The proposed mobile banking security reference model is useful in improving system security by systematically analyzing information security threats to the mobile financial service, and by presenting the guideline for the preparation of countermeasures.