• Journal of Information Technology Services
• /
• v.21 no.1
• /
• pp.81-102
• /
• 2022

Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.

• Proceedings of the IEEK Conference
• /
• 2006.06a
• /
• pp.193-194
• /
• 2006

In this paper, the SPINS, a sensor network security mechanism, was researched to design a system to be applied to home network structure and check the security of which degree was ensured by a virtual network of home networking middleware. Sensor Network security mechanism SPINS provides data confidentiality and authentication by SNEP, and provides authenticated broadcast by ${\mu}TESLA$. We designed the system that applied SPINS to home networking middleware basic structure.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.53-61
• /
• 2019

In this paper, we propose 'a self - conformance system of convergence security provider' to provide basic data for security and reliability of convergence industrial technology, system and service. It is difficult to evaluate convergence security systems, limited to information and communication service providers, unable to check convergence security items, burden of submission documents, difficulty in measuring convergence security service level and we will summarize product and service-based requirements that can be integrated and systematically measure the level of convergence security and define renewed life cycle-based convergence security information and content security and assurance requirements. On the basis of this, each convergence security company declares conformity with the standard itself without the certification of the certification body, and introduces the provider conformity certification system which can manufacture and sell. This will enable the company to strengthen its competitiveness through timely launch and implementation of products and services and cost reduction.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.6
• /
• pp.1192-1213
• /
• 2011

Information security management systems (ISMSs) are used to manage information about their customers and themselves by governments or business organizations following advances in e-commerce, open networks, mobile networks, and Internet banking. This paper explains the existing ISMSs and presents a comparative analysis. The discussion deals with different types of ISMSs. We addressed issues within the existing ISMSs via analysis. Based on these analyses, then we proposes the development of an information security management evaluation system (ISMES). The method can be applied by a self-evaluation of the organization and an evaluation of the organization by the evaluation committee. The contribution of this study enables an organization to refer to and improve its information security levels. The case study can also provide a business organization with an easy method to build ISMS and the reduce cost of information security evaluation.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.101-106
• /
• 2021

To protect financial information, financial companies establish strategies and plans for information security, operate information security management systems, establish and operate information security systems, check vulnerabilities, and secure information. This paper aims to present an information security portal system for financial companies that can gain visibility into various information security activities being undertaken by financial companies and can be integrated and managed. The information security portal system systemizes the activities of the information security department, providing an integrated environment for information security activities to participate from CEOs to executives and employees, not just from the information security department. Through this, it can also be used as information security governance that can be used by top executives to reflect information security in corporate management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.27-40
• /
• 2001

In an offline system, the bank does not participate in payments. As a result, it is difficult to make the refund spendable. Due to this, current offline systems do not provide spendable refunds. In these systems, a check consists of two parts: a spendable part and a refund part. A client uses the spendable part during the payment phase, and uses the refund part to get the refund for the remainder of the check. Therefore, a client cannot reuse the remaining and must always refund it. Moreover, the relationship between the spent amount and the refund amount can be used to guess which check the client used when the client refunds the remaining. To remedy these problems, we propose a new offline system which allow clients to reuse the remaining values of the check. This system provides unlinkability of the payments made by using a single check. It also provides mechanisms to detect and identify clients who perform misconduct such as double spending and over spending. The required overall computational cost to withdraw, spend and refund a check in our system is lower than using several checks in other offline systems.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.19-30
• /
• 2019

Many organizations need to comply with ISMS-P for information systems and personal information management for ISMS-P certification. Organizations should safeguard vulnerablities to information systems. However, as the kinds of information systems are diversified and the number of information systems increases, management of such vulnerabilities manually accompanies with many difficulties. SCAP is a protocol to manage the vulnerabilities of information system automatically with security standards. In this paper, for the introduction of SCAP in domestic domains we verify the applicability of server-oriented system which is one of ISMS-P certification targets. For SCAP applicability, For obtaining this goal, we analyze the structures and functions of SCAP. Then we propose schemes to check vulnerabilities of the server-oriented system. Finally, we implement the proposed schemes with SCAP to show the applicability of SCAP for verifying vulnerabilities of the server-oriented system.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.85-94
• /
• 2014

Information Security Check System was Introduced in 2004, higher than in 2013, the effectiveness of Information Security Management System(ISMS) certification scheme was to unification. This is incident to the Internet affecting people's lives telecommunications service provider to target accountability because, considering the subject's duty selection criteria need to be clarified. however, Obligations under the current legislation, subject selection criteria applying the law itself is ambiguous, the result being a significant problem. Moreover, the regulatory system of certification systems subjects, although selection criteria should be clear and objectively not the obligation not to distrust the system itself and the subject was raised many issues for you. In this study, with SMART Technic in order to improve this certification you can easily determine whether a medical person authorized to develop a model for selection of medical subjects, The developed model is verified through empirical ways to improve the system by presenting the system to help, to secure the effectiveness.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.1
• /
• pp.11-18
• /
• 2011

This study developed a digital security device which power is on/off by the RFID card. This device is based on the wireless data transmit/receive circuits, built in RS-232C chip and applied to computer and other digital devices. We can check whether this device is operated or not by connecting the LED. In this system, 13.56MHz frequency circuit supplies power with ID card, and DC inputs check the proximity operating distance of the card field for verifying the existence of a card. The security level of this system is much stronger than that of a compared system[13]. Anyone cannot use the system without RFID card. All illegal access is prevented except for authorized path.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.107-116
• /
• 2010

To give a solution to solve personal information problems issued in this study, the domestic and overseas cases about information security management system including an authentication technique are analyzed. To preserve the outflow of personal information, which is such a major issue all over the world, a new security audit check list is also proposed. We hope this study to help information system developers construct and operate confidential information systems through the three steps: Analysis of risk factors that expose personal information, Proposal to solve the problem, Verification of audit checking items.