• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.4
• /
• pp.769-774
• /
• 2013

In order to strengthen the protection of information, public institutions have introduced information security governance system. Public institutions recognizes the importance of information security governance system, and have striven to establish information security governance by establishing institutions and making policies. In this paper, in order to investigate ways that will be the basis for the establishment of information security governance in public institutions, we studied the necessity and model of information security governance. Also, by studying the government policies and cases, we proposed the direction of the policy.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.99-106
• /
• 2014

The most significant change and trend in the information security market in the year of 2014 is in relation to the issue and incidents of personal information security, which leads the area of information security to a new phase. With the year of 2011 as the turning point, the security technology advanced based on the policies and conditions that combine personal information and information security in the same category. Such technical changes in information security involve various types of information, rapidly changing security policies in response to emerging illegal techniques, and embracing consistent changes in the network configuration accordingly. This study presents the result of standardization and quantification of external access inference by utilizing the measurements to fathom the access authorization performance in advance for information security in specialized networks designed to carry out certain tasks for a group of clients in the easiest and most simple manner. The findings will provide the realistic data available with the access authorization inference modes to control illegal access to the edge of a client network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4163-4183
• /
• 2021

As measures for protecting users and ensuring security of electronic financial transactions, such as online banking, financial institutions in South Korea have implemented network segregation policies. However, a revision of such domain-centered standardized network segregation policies has been increasingly requested because of: 1) increased demand for remote work due to changes resulting from COVID-19 pandemic; and 2) the difficulty of applying new technologies of fintech companies based on information and communications technologies (ICTs) such as cloud services. Therefore, in this study, problems of the remote work environment arising from the network segregation policy currently applied to the financial sector in South Korea and those from the application of new ICTs such as fintech technology have been investigated. In addition, internal network protection policies of foreign financial sectors, such as those of the United States, United Kingdom, European Union, and Russia, and internal network protection policies of non-financial sectors, such as control systems, have been analyzed. As measures for the effective improvement of the current network segregation policy, we propose a policy change from domain-based to data-centric network segregation. Furthermore, to resolve threats of hacking at remote work, recently emerging as a global problem due to COVID-19 pandemic, a standard model for remote work system development applicable to financial companies and a reinforced terminal security model are presented, and an alternative control method applicable when network segregation is not applied is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.695-706
• /
• 2018

In recent years, industrial convergence centered on ICBM (internet of things (IoT), cloud, big data, mobile) has been experiencing rapid development in various fields such as agriculture and the financial industry. In order to prepare for cyber threats, one of the biggest problems facing the convergence industry in the future, the development of the industry must proceed in tandem with a framework of information security. In this study, we analyze the details of the current industrial development policy and related information protection policies using cross impact analysis and present policy priorities through the expert questionnaire. The aim of the study was to clarify the priorities and interrelationships within information security policy as a first step in suggesting effective policy direction. As a result, all six information security policy tasks derived from this study belong to key drivers. Considering the importance of policies, policies such as improving the constitution of the security industry and strengthening of support, training of information protection talent, and investing in the information security industry need to be implemented relatively first.

• Information Systems Review
• /
• v.18 no.3
• /
• pp.137-153
• /
• 2016

Organizations depend on smart working environments, such as mobile networks. This development motivates companies to focus on information security. Information leakage negatively affects companies. To address this issue, management and information security researchers focus on compliance of employees with information security policies. Countermeasures in information security are known antecedents of intention to comply information security policies. Despite the importance of this topic, research on the antecedents of information security countermeasures is scarce. The present study proposes information security intelligence as an antecedent of information security countermeasures. Information security intelligence adapted the concept of safety intelligence provided by Kirwan (2008). Information security intelligence consists of problem solving skills, social skills, and information security knowledge related to information security. Results show that problem solving skills and information security knowledge have positive effects on the awareness of employees of information security countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1477-1489
• /
• 2019

In this study, we analyzed the privacy policies of 50 Android applications that are on the top chart in EU members to present the methods for enhancing transparency based on GDPR (General Data Protection Regulation). Based on the guidelines in relation to transparency stipulated in WP29, this study extracted factors of transparency in order to ensure transparency of privacy data processing and carried out the verification procedures for each factor. The results revealed that the privacy policies provided in Google Play Store and applications need to be matched, the descriptions of the privacy policies need to be written in clear and plain language for readers to understand easily. and that it is necessary to provide information quickly and improve the descriptions of information which the data controller discloses. The research findings of this study could be used as a preliminary data for proactive responses to the EU's GDPR by substantially complying with the transparency of GDPR.

• The KIPS Transactions:PartC
• /
• v.9C no.5
• /
• pp.775-782
• /
• 2002

This paper introduces Policy Management Tool which was implemented based on Policy Information Model in network suity system. Network security system consists of policy terror managing and sending policies to keep a specific domain from attackers and policy clients detecting and responding intrusion by using policies that policy server sends. Policies exchanged between policy server and policy client are saved in database in the form of directory through LDAP by using Policy Management Tool based on network security policy information model. NSPIM is an extended policy information model of IETF's PCIM and PCIMe, which enables network administrator to describe network security policies. Policy Management Tool based on NSPIM provides not only policy management function but also editing function using reusable object, automatic generation function of object name and blocking policy, and other convenient functions to user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1191-1204
• /
• 2019

In January 2019, the government revised the regulation on electronic financial supervision to revitalize the use of cloud in the financial sector. However, as cloud policies and regulations cloud undermine financial firms' autonomous security activities or restrict some of the people's basic rights, there has been little movement in the financial sector to use important information as the cloud. In addition, the data localization policy, which requires important information to be kept only in Korea, is a representative regulation that prevents the revitalization of cloud use, which also creates discrimination problems for overseas operators. Therefore, policy and regulatory improvements are needed to enable the cloud to provide a foundation for digital financial innovation through data. This study looked into the current status of cloud policies for domestic and foreign financial companies and analyzed policies and regulations for domestic financial companies. Through these efforts, the government aims to draw up limitations and problems in cloud policies for domestic financial companies and propose policy alternatives, such as measures to improve regulations on localizing data for financial companies to revitalize their use of cloud.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.669-679
• /
• 2014

This study introduces server-side security-oriented framework for smart financial service. Most of domestic financial institutions providing e-banking services have employed server-side framework which implement service-oriented architecture. Because such architecture accommodates business and security requirements at the same time, institutions are struggling to cope with the security incidents efficiently. The thesis suggests that separating security areas from business areas in the frameworks makes users to be able to apply security policies in real time without considering how these policies may affect business transactions. Security-oriented frameworks support rapid and effective countermeasures against security threats. Furthermore, plans to avoid significant changes on existing system when institutions implement these frameworks are discussed in the report.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.268-270
• /
• 2021

Since the recent COVID-19 pandemic, Internet usage has increased rapidly and companies have shifted to telecommuting. In addition, as more time at home increases and network traffic through streaming services such as games, the Internet, and Netflix increases, cyberattacks and threats are also increasing. Many countries around the world, including Korea, the US, China, and Japan, have various cloud security policies, but they continue to suffer from various vulnerabilities and cyberattacks. This paper analyzes the current cloud security policies of each country and presents a plan to strengthen the cloud security policies in Korea.