• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.547-560
• /
• 2014

Smart Grid, which maximize the efficiency of energic utilization by applying Information and Communication Technology to Power Grid, requires high availability. Attacks, such as DDoS, which cause suspension of service and lead to social disruptions have recently been increasing so that systematic management over availability becomes more important. In this paper, we presents a new evaluation criteria of Korean Smart Grid by comparing availability assessment items of international standards specified in management system and then overcome the limitations of availability evaluation of existing information security management system.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.39 no.4
• /
• pp.97-105
• /
• 2016

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.31-40
• /
• 2010

The evolution of internet have opened the world of IPTV. With internet protocol, IPTV broadcasts contents stream. The IP protocol doesn't provide secure service due to IP characteristics. So, it is important to provide both connect and secure service. Conditional Access System and/or Digital Right Management are being used to protect IPTV contents. However, there exist restrictions in the view of security. In this paper, we analyse existing security technologies for IPTV and propose a novel method to enforce security efficiently. In the proposed method, OTP is used for encryption/decryption contents and CAS controls key for encryption/decryption and the right of user. With this scheme, it reduces the load of the system and provides more security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1123-1132
• /
• 2012

Many domestic organizations are introducing and operating various information security management systems capable of coping with technical, administrative, and legal issues comprehensively and systematically, in order to prevent various infringement incidents such as personal information disclosure and hacking preemptively and actively. However, empirical analyses regarding the extent to which an information security management system contributes to information security performance have not been fully conducted, even though enterprises and organizations are actively introducing such systems in order to achieve their information security objectives as a part of their organizational management activities in line with their respective business, by investing considerable effort and resources in developing and operating these systems. This approach can be used to apply, develop, and operate the information management system actively within an organization. this study focused on analyzing how each specific phase of the information security management system affects information security performance, compared with previous studies, which generally focus on the information security control item in analyzing information security performance. The information security management system was analyzed empirically to determine how the Security PCDA cycling model affects information security performance.

• Asia pacific journal of information systems
• /
• v.23 no.4
• /
• pp.129-149
• /
• 2013

According to the development of new Information Technologies, firms consistently invest a significant amount of money in IT activities, such as establishing internal and external information systems. However, several anti-Information activities-such as hacking, leakage of information and system destruction-are also rapidly increasing, thus many firms are exposed to direct and indirect threats. Therefore, firms try to establish information security systems and manage these systems more effectively via an enterprise perspective. However, stakeholders or some managers have negative opinions about information security systems. Therefore, in this research, we study the relationship between multibusiness firms' performance and information security systems. Information security indicates physical and logical correspondence of information system department against threats and disaster. Studies on information security systems suggested frameworks such as IT Governance Cube and COBIT Framework to identify information security systems. Thus, this study define that information security systems is a controlled system on enterprise IT process and resource on IT Governance perspective rather than independent domain of IT. Thus, Information Security Systems should be understood as a subordinate concept of IT and business processes. In addition, this study incorporates information capability to information security system literature to show the positive relationship between Information Security Systems and Corporate Performance. The concept of information capability suggested that an interaction of human, information, technical and an effect on corporate performance using three types of capability (IT Practice, Information Management Practice, Information Behaviors and Values). Information capability is about firms' capability to manage IT infrastructure and information as well as individual employees who use IT infrastructure and information. Thus, this study uses information capability as a mediating variable for the relationship between information security systems and firms' performance. To investigate the relationship between Information Security Systems and multibusiness firms' performance, this study extends the IT relatedness concept into Information Security Systems. IT relatedness provides understanding of how corporations cope with conflicts between headquarters and business units to create a synergy effect and achieve high performance using IT resources. Based on the previous literature, this study develops the IT Security Relatedness model. IT Security Relatedness is our main independent variable, while Information Capability and Information Security Performance are mediating variables. To control for the common method bias, we collect each multibusiness firm's financial performance and use it as our dependent variable. We find that Information Security Systems influence Information Capability and Information Security Performance positively, and these two variables consequently influence Corporate Performance positively. In addition, this result indirectly shows that corporations under a multibusiness environment can obtain synergy effects using the integrated Information Security Systems. This positive impact of Information Security Systems on multibusiness firms' performance has an important implication to various stakeholders. Therefore, multibusiness firms need to establish Information Security Systems to achieve better financial performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.117-125
• /
• 2009

In this paper, we analyze the Contact Center's specific-security characteristics, including the threat model and weakness and study effective security measures focussing on protecting customer's personal information. Also, we establish the information security management system to reduce the possibility of information leakage from the internal employee in advance. As a result, we propose the "Security management model for protecting personal information for customer Contact Center" that complies with current ISO/IEC JTC 1 ISMS 27000 series standards.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.117-129
• /
• 2010

To support the establishment of Information Security Management System, the private sector and the public sector have taken some measures. In the private sector, KISA(Korea Internet & Security Agency) has certified ISMS system based on "The Act on Communication Network Use Promotion and Information Security etc.". In the public sector, No authentication system has been established. Instead, NIS(National Intelligence Service) has enforced 'Information Security Management Condition Evaluation' based on "Electronic Government Act". This article compared ISMS control parts of the private sector with that of the public sector and analyzed the non-enforcement parts of ISMS implementing two sectors for years. Based on this, I would like to consider the method of establishment for efficient ISMS.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.32 no.2
• /
• pp.149-162
• /
• 2007

In the era of the internet and ubiquitous computing, IS users are still facing a variety of threats. Therefore, a need of more tightened information security service increases unprecedentedly. In this sense, this study is aimed at proposing a new research model in which IT assets (i.e., network, system, and information influence) Security and Information Security Service (i.e., confidentiality, integrity, nonrepudiation, authentication) affect information security quality positively, leading to users' satisfaction eventually. To prove the validity of the proposed research model, PLS analysis is applied with valid 177 questionnaires. Results reveal that both IT assets Security and Information Security Service influence informations security qualify positively, and user satisfaction as well. From the results, it can be concluded that Korean government's recent orchestrated efforts to boost the IT assets Security and Information Security Service helped great improve the information security quality and user satisfaction.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.153-160
• /
• 2007

Recently, the demand against the system risk analysis and security management from the enterprises or the agencies which operate a information system is increasing even from domestic. The international against the standardization trend of information protection management system it investigates from the dissertation which it sees. It analyzed and against information property information protection management system integrated it will be able to manage a danger modeling it did it proposed. Having analyzed as well as compared the matureness of security-measurement models in regard to the global standard of proposal system, the administrative presentation for various IT technology resources. which have been managed singly so far, is now well applied under the united control of the company itself, and enabled the automated management of authentication support and renewal for ISO 27001, ISO 9000, ISO 14000, resulting in much advanced operation for both material and human resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.341-353
• /
• 2022

Conglomerates are strengthening cooperative relations by sharing information and dispatching manpower with each other to improve the overall competitiveness and technology of the group, including affiliates, and to enhance synergy. As a result, we are making every effort to increase the level of information protection of the entire group, but information leakage accidents that bypass affiliates and partner companies continue to occur. In addition, the results of the evaluation of the security management system of affiliates conducted by the parent company and the effectiveness of the actual security level have been raised. In addition, each company has limited resources that can be put into security management, so it is time for an more efficient security management system than ever before. In this study, the efficiency of operating the security management system of affiliates of steel companies is reviewed using the DEA-SBM model, and based on the analysis results, improvement measures to improve the level of security management are suggested.