• Proceedings of the Korea Contents Association Conference
• /
• 2019.05a
• /
• pp.311-312
• /
• 2019

최근 기업의 클라우드 도입 확산으로 인해 정보자산이 분산됨에 따라 보호해야 하는 접점이 점차 증가 되고 있다. 또한, 모바일의 업무 활용 증가, 망 분리 및 내부 사설 클라우드의 도입 등 기업 내 변화된 IT 환경으로 인해 네트워크 구성이 더욱 더 복잡해지고 있으며, 이로 인해 보안 수준 유지가 어려워지고 있다. 특히, 클라우드 컴퓨팅에서는 보호해야 하는 자원이 기업 외부에 분산되어 있어 기존처럼 경계를 구축하는 것은 어려운 일이다. 본 논문에서는 CSA가 주도하는 SDP 표준화 동향 및 SDP의 구성요소와 동작 원리에 대한 연구를 진행하고, 핵심 기술인 SPA 및 Dynamic Firewall 기술을 활용하여 기존 접근통제 방식의 문제점을 개선하기 위한 방안을 제시하고자 한다.

• The Journal of the Korea Contents Association
• /
• v.6 no.8
• /
• pp.157-164
• /
• 2006

According to the IT839 strategy which was announced by the Ministry of Information and Communication(MIC) in 2004, the convergence trend of the broadcasting and the communication would be much more promoted. Thus, the methods for protecting the broadcasting contents will be indispensible elements for the successful IPTV service achievement. This paper describes the characteristics of IPTV and the related contents protection techniques. To evaluate several security issues, we suggest a security model for IPTV, and speculate the most widespread, two security technologies for IPTV such as CAS and DRM. Moreover, candidate models of IPTV protection system are suggested based on these technologies.

• The Journal of the Korea Contents Association
• /
• v.11 no.2
• /
• pp.61-68
• /
• 2011

Due to the rapid development of the Internet, many companies in a variety of applications to users open an unspecified number of the current business environment, security of personal information about recent issues are often mentioned in terms of its importance may be the company's top priority. The government recently on personal information strengthening measures on information communications network law enacted into law which is applicable to various industries. Companies to protect the personal information of various measures to comply with these regulations, and arrange your personal information for internal management to enhance security fast security solution has been introduced. The number of used data is stored in the DBMS in terms of compliance with these regulations at the same time effectively to ensure data security and encryption measures, access control, audit, each separated by an implementation of the solution and how it compares with the best Database security plan allows you to explore as a this paper's security checklist.

• The Journal of the Korea Contents Association
• /
• v.22 no.9
• /
• pp.104-112
• /
• 2022

The pandemic caused by the COVID-19 virus, which has lasted for the past three years, has changed society and the way people live in many ways. These changes also affect cyberspace, so the pre-pandemic information security model and standards have limitations when applied to the current situation. In this paper, a new method to improve the information security model of public institutions was proposed in consideration of various situations in the new normal era. In other words, through the proposed information security model, the possibility of external intrusion is blocked in advance through the policy and technical supplementation of remote work, which is a weakness of the existing information security operation of public institutions. Also, how to prevent abnormal authentication attempts by building a secure VPN environment, how to prevent social engineering cyber attacks targeting fear and uncertainty caused by COVID-19, and how to use a smooth network and create a remote work environment. For this purpose, methods for securing service availability were additionally presented.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.6
• /
• pp.43-50
• /
• 2015

In order to protect important information of smart phone from these security threats, this paper has studied a mechanism for protecting information from the leakage of various information and personal information stored in the smart phone. This paper has configured the basic protection scope for the information protection and applied real time encodement when new contents were created. Also, this paper has applied a security function so that the content of the protected scope can be managed and erased remotely in preparation for loss and burglary.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.1
• /
• pp.169-176
• /
• 2014

According to explosion of smart-devices, demands on N-screen services based on cooperation of multiple screens are rapidly increasing. These N-screen services can provide new user-experience (UX) to users. That is, it can provide technical advances to users. On the other hand, it causes new security problems. In this paper, we analyze conventional web-security attacks, and we propose and analyze new security requirements for migration, combination, and separation of web-contents based on N-screen service scenarios. Also, we develop N-screen cooperation service framework in order to ensure user security.

• Journal of Information Technology Applications and Management
• /
• v.26 no.5
• /
• pp.13-25
• /
• 2019

Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.7
• /
• pp.321-328
• /
• 2017

As the cyber threats become more sophisticated and intelligent, the cases of cyber-infringement accidents are rapidly increasing. As a result, awareness of the importance of cyber security professionals has led to many cyber security-related educational programs. These programs provided with education curriculum aimed because cyber security workforce and job-based cyber security education research are not properly done. In this study, we developed a new cyber security education curriculum that defines and reflects cyber security personnel and knowledge system. In this study is not composed solely of the education contents related to the defenses emphasized in the existing education curriculum, but developed education curriculum to train a professional and balanced cyber security manpower by adding education contents in the attack field.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.599-603
• /
• 2006

Korea Information Security Agency has executed the certification system for the information security management since 2002 and examines the conformance of the IDCs'total management system including the technical and the physical protection measure. However, this certification system has the standard only for the IDC in the wire/wireless segregated and the evaluation method for the wire/wireless integrated has not been suggested yet. This paper is on the basis of "Accumulation Information Communication Facility Secure Principle", guidelines of Wireless LAN security operation, the existing principles and recommendations of the information security and the data on IDC environment. And the paper suggests the IDC network model in the wire/wireless integrated and the IDC evaluation method.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.107-114
• /
• 2005

This paper proposes to analyze a security level about information property systems. This method uses objective and quantitative risk level assessment. The method analyzes administrative, physical and technical aspects of information property system commonly. This method also uses administrative, physical and technical weights. Individually according to requirements security assessment purpose. And it shows risks weighting mean and importance of information property by graph. The most right and up systems in maps is prior to other systems. Also, Quantitative analysis presents more objective and efficient results for security level assessment of information system.