• Journal of Convergence for Information Technology
• /
• v.7 no.3
• /
• pp.83-90
• /
• 2017

The purpose of this study is to solve the limitations that the information security manager of company should recognize the personal information of all employees. In this study, we propose efficient personal information retention status management system to minimize information retention status of personal information and department by information security manager and departmental information security officer. To do this, we study the method of transferring the check result from the PVA system to the efficient personal information retention management system, also study ways to minimize the amount of personal information we hold. It is possible to minimize the possession of personal information by changing the one channel method managed by the information security administrator of the existing PVA system to the two channel method so that the information security manager and the information security officer can manage it.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.26 no.3
• /
• pp.55-65
• /
• 2018

The SBD systems have made it possible that all boarding procedures are completed by passengers. With the SBD, air tickets can be issued and baggage can be consigned without the help of airline officers. This way, the SBD can improve the passenger circulation speed as well as decrease the time for passengers to wait for check-in, which is connected to the reduction of airlines' operaitonal costs. However, given that the SBD is a new technology, it has potentials to be used as a tool for air terrorism. This study purposes to determine methods to enhance the security and operation of SBD systems. With the aim, this paper investigated the existing literature on SBDs, self-check-in, airport security, air terrorism, risk management, aviation accidents, and information security. In order to compile real-time information about the SBD operations, twelve airports in North America, Europe, and Asia were analyzed based on existing studies on international SBD trends.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1293-1308
• /
• 2014

The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.87-96
• /
• 2011

The importance of the security management system for the aviation infrastructure cannot be overemphasized. What is especially important on the security management system for it is the assessment that is detaild and systematic. This article presents a framework based on a Hanulcha-type security management system model for a Information security of the Aviation infrastructure. This system checks, estimates and analyzes the goal of security with effect, especially in case of the security-accident on the aviation infrastructure because this system model gives the integrated security assessment method.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Knowledge Management Research
• /
• v.22 no.1
• /
• pp.309-330
• /
• 2021

The information security disclosure system (ISDS) has been implemented since 2016 to ensure the protection of stakeholders and the right to know, and to promote voluntary investment in information protection by companies. Regarding the information security disclosure system, there have been studies that urge the implementation of the system, but studies that analyze the contents disclosed after the implementation of the system or suggest improvement directions are few. In this study, the contents of the information security disclosure system that had been announced on the information security industry promotion portal until 2019 were analyzed, the current status was summarized, and the direction of system improvement was suggested. In some cases, companies that disclosed information through the disclosure system increased the number of personnel in charge and obtained certifications related to information security, but did not find any effect on the increase/decrease in investment. The current disclosure system has not been activated because it has difficulty in giving individual companies incentives to disclose. Thus, this study suggests the inclusion of ISDS to information security management system (ISMS), which is currently mandatory for certain companies. In the current disclosure system, it is difficult for the company's stakeholders or customers to check the contents of the disclosure. As a way to do this, a method of including in the contents of the personal information processing policy or the notification of the use of personal information was suggested.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.10
• /
• pp.512-519
• /
• 2005

E-BLP security model considers the reliability of the processes that are real subjects in systems. This paper deals with the implementation of the E-BLP model for secure embedded systems. Implemented EBSM(E-BLP Based Security Module) consists of three components: identification and authentication, access control and BRC(Dynamic Reliability Check) that checks the process behavior dynamically. Access Control of EBSM ensures unreliable processes not to access the sensitive objects and the DRC detects the buffer overflow attack by normal user. Besides, the performance overhead of the embedded system applying the EBSM is introduced.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1154-1157
• /
• 2007

최근 몇 년 동안 피싱, 파밍, 크라임웨어에 의한 피해 사례 발생이 증가되고 있다. 현재까지의 피싱 관련 솔루션이 대부분 블랙리스트 방식이고 아직까지 피싱 사이트 판단 기준이 없으며 사람들이 이에 대한 인식의 부족으로 인해 이러한 위협을 대처하는데 많은 한계를 가지고 있다. 이에 본 연구에서는 화이트 리스트 기반 웹사이트 보안수준 확인 시스템을 설계하고 이의 파일럿 시스템을 개발하였다. 각 사이트에 대해 피싱 관련 보안수준을 확인하여 신뢰할 수 있는 사이트들을 선별하고 보안수준 정보를 제공함으로써 안전한 인터넷 이용 기반을 제공할 수 있는 방안이 마련될 것으로 기대한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.6
• /
• pp.1423-1428
• /
• 2010

This paper designs file security function on Windows O.S. Whenever you use Windows O.S, you need to protect some file data. This paper designs these security protection functions. This paper proposes two security functions on Windows O.S. One is file security. the other is directory access protection. To check the proposed functions well, I experiment the above functions on the Windows O.S. By this experiment, I confirmed that the proposed function worked well.

• The Journal of Information Technology
• /
• v.2 no.2
• /
• pp.89-105
• /
• 1999

In this paper, we present a countermeasure for a various trouble occurred in secure communication of document image. We Propose a security system for transmission of document image using mixing algorithm that the third party cannot conceive secure transmission of information instead of existing scheme which depend on crypto-degree of security algorithm, itself. For this, RM, DM and RDM algorithm for mixing of secure bits are proposed and applied to digital signature for mixing for secure document and mixing for non-secure document by secure document. Security system for document image involves not only security scheme for document image transmission itself, but also digital signature scheme. The transmitter embeds secretly the signatures onto secure document, embeds it to non-secure document and transfers it to the receiver. The receiver makes a check of any forgery on the signature and the document. Because the total amount of transmitted data and the image quality are about the same to those of the original document image, respectively, the third party cannot notice the fact that signatures and secure document are embedded on the document image. Thus, the probability of attack will be reduced.