• Title/Summary/Keyword: Information Security Index

Search Result 201, Processing Time 0.028 seconds

A Study on Developing of Performance Evaluation Index and Method of Measurement for Information Security Outcomes applying BSC (균형성과표(BSC) 기반의 정보보호 성과 지표 개발 및 측정 방법에 관한 연구)

  • Jang, Sang Soo
    • Convergence Security Journal
    • /
    • v.14 no.4
    • /
    • pp.41-53
    • /
    • 2014
  • In order to achieve efficient and effective organizational information security objectives, for the level of information security to accurately evaluation and direction for improving that performance evaluation index and method of measurement for information security outcomes are needed. For information security activities of domestic companies to measure the performance or effectiveness, that standard method of measuring and the available evaluation Index are insufficient. company is difficult to investment for information security budget. Therefore, the purpose of this study was developing of performance evaluation index and method of measurement for information security outcomes applying BSC available in the company. The results of this study that companies can determine the level of information security itself. Analysis of the information security status and the strategy establishment of the information security investment can be applied.

A Development of a Framework for the Measuring National Information Security Level (국가정보보호수준 평가지표 개선 및 지수 산출에 관한 연구)

  • Lim, Gyoo Gun;Bae, Soon Han;Lee, Dae Chul;Ji, Sang-Ho;Baek, Seung Ik
    • Journal of Information Technology Services
    • /
    • v.12 no.4
    • /
    • pp.187-204
    • /
    • 2013
  • In this study, we developed a comprehensive model to measure the National Information Security Level based on PRM framework. The proposed model reflected a rapidly changing technology environments such as social network service, mobile devices, and etc. This new model consists of three layers:Infrastructure Layer, the Action Layer and the Performance Layer, and there are 16 sub-indexes under the 3 layers. To develop new model and sub-indexes for measuring the National Information Security Level, much amounts of documents related to security indexes or deliberation criteria and security guidelines from international organization were reviewed and then most probable index pool were composed. The Index pool were verified by expert group consisting of professors and specialists. Through five times of screening and having an evaluation review, 16 sub-indexes were deduced and then Delphi and AHP have been conducted to obtain validity and objectiveness of the indexes. Thus the new proposed national information security index will show more exact national information security level and we expect that the indexes give much implications for establishing information protection policy.

Multi-Attribute Threat Index for Information Security : Simulation and AHP Approach (정보보호를 위한 다속성 위협지수 : 시뮬레이션과 AHP 접근방법)

  • Lee, Kang-Soo;Kim, Ki-Yoon;Na, Kwan-Sik
    • Journal of Information Technology Services
    • /
    • v.7 no.1
    • /
    • pp.117-130
    • /
    • 2008
  • Multi-attribute risk assessments provide a useful framework for systematic quantitative risk assessment that the security manager can use to prioritize security requirements and threats. In the first step, the security managers identify the four significant outcome attributes(lost revenue, lost productivity, lost customer, and recovery cost). Next. the security manager estimates the frequency and severity(three points estimates for outcome attribute values) for each threat and rank the outcome attributes according to AHP(Analytic Hierarchy Process). Finally, we generate the threat index by using muiti-attribute function and make sensitivity analysis with simulation package(Crystal Ball). In this paper, we show how multi-attribute risk analysis techniques from the field of security risk management can be used by security managers to prioritize their organization's threats and their security requirements, eventually they can derive threat index. This threat index can help security managers to decide whether their security investment is consistent with the expected risks. In addition, sensitivity analysis allows the security manager to explore the estimates to understand how they affect the selection.

A Study on the Information Security Plan for Network Centric Warfare : Development of Information Security Governance Assessment Index (네트워크 중심전(NCW)하의 정보보호체계 구축방안 연구 : 정보보호체계 평가지표 개발을 중심으로)

  • Kwon, Moon-Taek
    • Convergence Security Journal
    • /
    • v.7 no.4
    • /
    • pp.83-91
    • /
    • 2007
  • Information security is a critical issue for network centric warfare(NCW). This paper provides a information security governance index for NCW, which is a result of the research through a group decision making process. The purpose of the research is to intended to help military organization's planners determine the degree to which they have implemented an information systems governance framework at the strategic and tactical level within their organization.

  • PDF

Developing the information security risk index using network gathering data (네트워크 수집정보를 이용한 정보보호 위험도 예측지수 개발)

  • Park, Jin Woo;Yun, Seokhoon;Kim, Jinheum;Jeong, Hyeong Chul
    • The Korean Journal of Applied Statistics
    • /
    • v.29 no.7
    • /
    • pp.1173-1183
    • /
    • 2016
  • In this paper, we proposed an information security risk index to diagnose users' malware infection situations (such as computer virus and adware) by gathering data from KT network systems. To develop the information security risk index, we used the analytic hierarchy process methodology and estimated the risk weights of malware code types using the judgments of experts. The control chart could be used effectively to forecast the information security risk for the proposed information security risk index data.

A Study on the Capability of Cyber Security Education and Training Professional Personnel (사이버보안 교육훈련 전문 인력의 역량에 관한 연구)

  • Eom, Jungho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.15 no.1
    • /
    • pp.43-51
    • /
    • 2019
  • This research proposed the necessary capability of cyber security professional personnel for cyber security education and training. Cyber security professional personnel were required specialized capability because the curriculum of cyber security education and training is structured around practice and training. Based on the knowledge, skills, and attitudes of professors, we derive candidate capabilities and index through the results of precedent research. As a result, we derived capability such the candidate capability group as teaching qualification, expert knowledge, practical ability, lecture ability, and research ability, and detailed capability index was derived accordingly. Finally, based on the questionnaire results of the professors related to the information security, it was determined that the capability required for the cyber security education and training professional personnel were expert knowledge, practical ability, and lecture ability. Among the capabilities, executive ability means that they have to fulfil abundant executive experience due to the high proportion of practical training due to the characteristics of cyber security education and training.

Development of LMS Evaluation Index for Non-Face-to-Face Information Security Education (비대면 정보보호 교육을 위한 LMS 평가지표 개발)

  • Lee, Ji-Eun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.5
    • /
    • pp.1055-1062
    • /
    • 2021
  • As face-to-face education becomes difficult due to the spread of COVID-19, the use of e-learning content and virtual training is increasing. In the case of information security education, practice to learn response techniques is important, so simulation hacking and vulnerability analysis activities have been supported as virtual training for a long time. In order to increase the educational effect, contents should be designed similar to real situation, and learning activities to achieve the learning goals should be designed. In addition, excellent functions and scalability of the system supporting learning activities are required. The researcher developed an LMS evaluation index that supports non-face-to-face education by considering the key elements of non-face-to-face education and training. The developed evaluation index was applied to the information security education platform to verify its practical utility.

A Study on the Quantification of Information Security Level (정보보안수준 계량화 연구)

  • Kim, Hyun-Soo
    • Asia pacific journal of information systems
    • /
    • v.9 no.4
    • /
    • pp.181-201
    • /
    • 1999
  • This study presents an information security level index and a quantification scheme. A comprehensive survey on previous researches in information security checklists has been performed. A candidate indicator list for information security level has been developed, Desirability of each indicator has been tested by 4 criteria, They are general validity, relative importance, probability of accident and impact of accident. 67 experts' opinion has been collected and analysed. The result shows that selected indicators are a very good candidate set for the determination of information security level. A factor analysis shows indicators are well structured. There exists strong correlation between validity and probability, validity and impact, and importance and probability. A quantification scheme of information security index has been developed by experts' judgement and statistical tests.

  • PDF

A Study on Automatic Security Diagnostic Evaluation System for Security Assurance (보안 안전성을 위한 자동화 보안진단평가 시스템에 관한 연구)

  • Eom, Jung Ho;Park, Seon Ho;Chung, Tai M.
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.5 no.4
    • /
    • pp.109-116
    • /
    • 2009
  • In the paper, we designed an automatic security diagnostic evaluation System(SeDES) based on a security diagnostic evaluation model(SeDEM) for an organization's security assurance. The SeDEM evaluates a security level of an organization quantitatively by a security evaluation formula which is composed of security variables and security index as applying the statistical CAEL model for evaluate risk level of banks. The SeDES has a good expandability as changing security variables according to an organization scale, characteristics and so on. And it also has a excellent usage because it inputs only numeric data got from statistical technique to security index. We can understand more a security level correctly than the existent risk assessment system because it is possible to assess quantitatively with an security grade as well as score. analysis.

Secure Index Searching Schemes for Groups (그룹 환경을 위한 안전한 인덱스 검색 스킴)

  • Park Hyun-A;Byun Jin-Uk;Lee Hyun-Suk;Lee Dong-Hun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.1
    • /
    • pp.87-97
    • /
    • 2005
  • A secure index search protocol let us search the index of encrypted documents using the trapdoor for a keyword. It enables an untrusted server to learn nothing more than the search result about the documents without revealing the keyword. A lot of secure search protocols have been suggested but they only considered the search between a single-user and a server. In real organizations such as government offices or enterprises where exist many hierarchical departments, the search system for groups is arisen more often. In this paper, we construct secure index search protocols for hierarchical group settings without re-encryption of the old encrypted documents when group keys are re-keyed newly.