• 시큐리티연구
• /
• 제29호
• /
• pp.163-191
• /
• 2011

최근 들어 학교폭력문제는 학교 내에서의 구성원간의 범죄양상에서 그치지 않고 외부인의 학교 내 침입범죄로까지 비화되어 학교가 이제는 더 이상 교육만이 이루어지는 범죄로부터의 안전지대는 아니게 되었다. 특히 초등학교의 경우에는 외부 침입자에게 대항하여 이를 제압할 수 있는 사람들이 거의 없기 때문에 침입범죄에 취약한 장소이다. 서울특별시는 2011년 3월 1일부터 관내 국 공립초등학교를 대상으로 학교보안관제도를 시행하고 있다. 하지만 학교보안관 사업이 사실상 경비업법상의 경비업무를 주 내용으로 하고 있음에도 불구하고, 경비업법의 적용을 배제한 채, 서울시와 운영업자의 도급계약에 의한 사법상 계약(私法上 契約)의 한 형태로 운영하고 있어 여러 가지 문제를 야기하고 있다. 첫째, 학교보안관 관련 손해발생 시, 경비업무가 아니므로 원칙적으로는 운영사업자가 가입하고 있는 경비업자 영업배상책임보험 적용이 배제되어, 피해자의 손해보전을 위한 담보가 취약하게 된다. 둘째, 학교보안관의 임무를 계약서에 개별약정하고 있으나, 이것만으로는 부족하고, 경비업법상의 경비원의 의무 등의 관련의무 등의 일반규정 적용이 요구된다. 셋째, 학교보안관의 교육은 상대적으로 보다 체계화된 경비업법상의 교육 프로그램과 연계하도록 하고, 학교폭력예방을 위하여 특별히 필요한 관련 전문교육은 부가 편성 운영하도록 하는 것이 타당하다. 넷째, 서울시의 여론조사결과에도 불구하고, 시민들은 여전히 경찰관 등 학교주변의 순찰강화를 요구하고 있으므로, 경찰과의 적극적인 협력관계를 경비업법의 적용으로 법적 제도적으로 뒷받침할 필요가 있다. 다섯째, 경비업법의 적용으로 인한 경비지도사 제도 운영이나 경찰의 지도 감독, 그리고 각종 행정처분 등으로 학교보안관 사업의 성공을 담보해 낼 수 있다. 따라서 이 연구는 이제부터라도 경비업법을 적용하여 학교보안관 사업이 관리 운영면에서 보다 내실 있고 지속적인 확대 발전이 가능하도록 할 것을 제시하고 있다.

• 한국시스템다이내믹스연구
• /
• 제4권2호
• /
• pp.5-44
• /
• 2003

The focus of this paper is comparing relative effects of government policies for upbringing information security industry from the dynamic point of view. For the purpose of simplicity, these policies are classified into three groups, and then the relative effectiveness of these policy groups is examined using System Dynamics. The three policy groups are composed of technology development policies (TDP), human resource development policies (HDP), and direct supporting policies for overseas expansion (DSP). From the result of the analysis, DSP appears to be the most effective and HDP is the second-best group. By the way, for successful carrying into effect of DSP, marketing manpower should be strengthen. However, current HDP has been focusing on the bringing up technical experts. Therefore, overseas marketing manpower should be reared as well as technicians. Also, the existing infrastructure for overseas expansion for other industries should be shared for DSP of information security industry, because this is essential for success of DSP in terms of timing and costing. Finally, in spite of its low effect, TDP should be maintained continuously. The importance of information security technology is increasing and some countries have already considered these technologies as a core of future national defense. Therefore, we should acquire the competitiveness for a few technologies through continuous development of selected technologies at least.

• 시큐리티연구
• /
• 제47호
• /
• pp.139-165
• /
• 2016

몽골에서 민간경비와 관련된 법제정은 비교적 최근의 일로, 2000년에 몽골국회가 계약경비서비스에 관한 법을 통과시킴으로써 몽골에서 민간경비가 법적으로 탄생하게 되었다. 그러나 아직까지 몽골의 계약경비서비스에 관한 법은 국제기준에 미치지 못하며 따라서 이를 개정해야 할 필요성이 존재한다. 본 연구에서는 한국의 경비업법과 몽골의 계약경비서비스에 관한 법을 비교 분석하여 몽골 관련법의 문제점을 파악하고, 그에 따른 개선방안을 제시하고자 하였다. 분석결과, 몽골의 계약경비서비스에 관한 법은 법령의 명칭과 용어, 경비업체의 등록과 영업행위에 관한 절차규정, 경비업체의 대표 및 경비원의 자격요건과 책임성 확보, 경비업무의 범위 등에 문제점이 있다는 사실이 파악되었다. 이러한 문제점들을 개선하고 또 앞으로 몽골의 민간경비산업의 발전을 촉진하기 위하여 본 연구에서는 계약경비서비스에 관한 법의 개선방안을 제시하였다.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.33-54
• /
• 2016

In the modern society based on information and communication, which is exposed to the risks of a lot of information security breaches, corporate information assets may be an economical scale in a country. Most of damages derived from corporate technological information leak often occur in small and medium corporations. Although many information security managers in corporations have focused on certification systems such as information security management system, small and medium corporations are poorly aware of the information security, and their environments surrounding it should be also improved. In addition, it is difficult to expect spontaneous participations in it, since the sustainable information security management systems are often not forced to be certified. Thus, the purpose of this study is to examine plans to improve small and medium corporations' technological protections by using some component of the information security management system. On the basis of this examination, it also attempts to discuss some methods for effective and efficient information security in the small and medium corporations' technological protections.

• 디지털산업정보학회논문지
• /
• 제11권1호
• /
• pp.69-78
• /
• 2015

Internet of Things(IoT) is electronic devices and household appliances use wireless sensor network in environment of high speed wireless network and LTE mobile service. The combination of the development of Internet and wireless network led to development of new forms of service such as electronic devices and household appliances can connect to the Internet through various sensors and online servers such as a Home Network. Even though Internet of Things is useful, there are problems in Internet of Things. In environment of Internet of Things, information leakage could happens by illegal eavesdropping and spoofing. Also illegal devices of wireless communication interference can cause interfere in Internet of things service, physical damage and denial of service by modulation of data and sensor. In this thesis, it will analyze security threats and security vulnerability in environment of mobile services and smart household appliances, then it will suggest plan. To solve security issues, it is important that IT and RFID sensor related companies realize importance of security environment rather than focus on making profit. It is important to develop the standardized security model that applies to the Internet of Things by security-related packages, standard certification system and strong encrypted authentication.

• 디지털산업정보학회논문지
• /
• 제12권4호
• /
• pp.59-69
• /
• 2016

We proposed a specialized model of performance measurement to measure the training performance of the trainees in cyber practical training. Cyber security professionals are cultivating their expertise, skills, and competencies through cyber practical training in specialized education and training institutions. The our proposed process of trainee evaluation is consisted of an evaluation component discovery, evaluation item selection, evaluation index catalog, ratings and criteria decision, and calculation formula. The trainee evaluation is consisted of a formative evaluation during the training and an overall evaluation after finished training. Formative evaluation includes progress evaluation and participation evaluation, and overall evaluation includes practice evaluation and learning evaluation. The evaluation is weighted according to the importance of evaluation type. Because it is evaluated actual skills and abilities, competencies are assigned a high weight, while knowledge and attitudes are assigned a low weight. If cyber security trainees are evaluated by the proposed evaluation model, cyber security professionals can be cultivated by each skill and knowledge level and can be deployed by importance of security task.

• 디지털산업정보학회논문지
• /
• 제11권2호
• /
• pp.47-54
• /
• 2015

The popularity and adoption of smart-phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. The fluidity of application markets complicate smart-phone security. There is a pressing need to develop effective solutions. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smart-phone application. Now, the analytical methods used mainly are the reverse engineering-based analysis and the sandbox-based analysis. Such methods are can be analyzed in detail. but, they take a lot of time and have a one-time payout. In this study, we develop a system to monitor that mobile application permissions at application update. We had to overcome a one-time analysis. This study is a service-based malware analysis, It will be based will be based on the mobile security study.

• 디지털산업정보학회논문지
• /
• 제13권1호
• /
• pp.103-111
• /
• 2017

Recently, new variants of Ransomware are becoming a new security issue. Ransomware continues to evolve to avoid network of security solutions and extort users' information to demand Bitcoin using social engineering technique. Ransomware is damaging to users not only in Korea but also in all around the world. In this thesis, it will present research solution to prevent and cope from damage by new variants Ransomware, by studying on the types and damage cases of Ransomware that cause social problems. Ransomware which introduced in this paper, is the most issued malicious code in 2016, so it will evolve to a new and more powerful Ransomware which security officers cannot predict to gain profit. In this thesis, it proposes 4 methods to prevent the damage from the new variants of Ransomware to minimize the damage and infection from Ransomware. Most importantly, if user infected from Ransomware, it is very hard to recover. Thus, it is important that users understand the basic security rules and effort to prevent them from infection.

• 디지털산업정보학회논문지
• /
• 제16권1호
• /
• pp.67-78
• /
• 2020

Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

• 디지털산업정보학회논문지
• /
• 제10권1호
• /
• pp.89-97
• /
• 2014

Recently, spread of Smartphones caused activation of mobile services, because of that Big Data such as clouding service able to proceed with large amount of data which are hard to collect, save, search and analyze. Many companies collected variety of private and personal information without users' agreement for their business strategy and marketing. This situation raised social issues. As companies use Big Data, numbers of damage cases are growing. In this Thesis, when Big Data process, methods of analyze and research of data are very important. This thesis will suggest that choices of security levels and algorithms are important for security of private informations. To use Big Data, it has to encrypt the personal data to emphasize the importance of security level and selection of algorithm. Thesis will also suggest that research of utilization of Big Data and protection of private informations and making guidelines for users are require for security of private information and activation of Big Data industries.