• Agribusiness and Information Management
• /
• v.2 no.1
• /
• pp.117-128
• /
• 2010

Coordination has been identified as a concern in the cross-cutting issues of food security and nutrition (FSN) in Cambodia. Food Security and Nutrition Information System (FSNIS) in Cambodia is the only "entry portal" to support policy formulation and decision-making with regard to FSN. While this knowledge and information management system has earned a respectful reputation, Council for Agricultural and Rural Development (CARD) faces many challenges in the implementation of the system. This paper will present how FSNIS has been developed and impacts on policy or strategy related to FSN. In addition, sustainability of the system is a key challenge for FSNIS; yet it is interesting to see how it works. Along with a success story, FSNIS is recognized by its stakeholders as the most successful knowledge and information management system in the field of FSN in Cambodia.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2768-2780
• /
• 2019

Ciphertext-policy attribute-based encryption (CP-ABE) is one of the practical technologies to share data over cloud since it can protect data confidentiality and support fine-grained access control on the encrypted data. However, most of the previous schemes only focus on data confidentiality without considering data receiver privacy preserving. Recently, Li et al.(in TIIS, 10(7), 2016.7) proposed a CP-ABE with hidden access policy and testing, where they declare their scheme achieves privacy preserving for the encryptor and decryptor, and also has high decryption efficiency. Unfortunately, in this paper, we show that their scheme fails to achieve hidden access policy at first. It means that any adversary can obtain access policy information by a simple decisional Diffie-Hellman test (DDH-test) attack. Then we give a method to overcome this shortcoming. Security and performance analyses show that the proposed scheme not only achieves the privacy protection for users, but also has higher efficiency than the original one.

• The Journal of Society for e-Business Studies
• /
• v.25 no.4
• /
• pp.15-32
• /
• 2020

Increasing uncertainties in the technological innovation environment and increasing technology competition also present new challenges in terms of industrial technology security. Therefore, the purpose of this study was to identify the direction of policy change necessary for the improvement of related policies in the future by examining the importance and implementation of the government's industrial technology security support policies for small and medium-sized enterprises engaged in industrial technology innovation activities. As a result of the analysis, first of all, small and medium-sized enterprises that responded to the government's industrial technology security support policy were perceived to be less performing than the importance of the program. These results can be said to mean that selective budget expansion for related policy programs may be necessary, along with efforts to improve the quality of each program. Second, an analysis of the differences in group recognition between new technology certification firms and industrial technology verification(certification) companies showed that significant differences exist between groups for the program. These results suggest that more effective operation of the relevant policies may require policy enforcement in consideration of the level of security and will of each company in industrial technology, as much as the quantitative characteristics of the entity. This study is meaningful in providing the necessary policy directional basic information for the design and execution of more specific and effective industrial technology security policies by presenting empirical research results that domestic small and medium-sized enterprises are aware of about the government's industrial technology security policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.131-138
• /
• 2003

With the Internet winning a huge popularity, there rise urgent problems which are related to Network Security Managements such as Protecting Network and Communication from un-authorized user. Accordingly, Using Security equipments have been common lately such as Intrusion Detection Systems, Firewalls and VPNs. Those systems. however, operate in individual system which are independent to me another. Their usage are so limited according to their vendors that they can not provide a corporate Security Solution. In this paper, we present a Hierarchical Security Management Model which can be applicable to a Network Security Policies consistently. We also propose a Policy Negotiation Mechanism and a Prototype which help us to manage Security Policies and Negotiations easier. The results of this research also can be one of the useful guides to developing a Security Policy Server or Security Techniques which can be useful in different environments. This study also shows that it is also possible to improve a Security Characteristics as a whole network and also to support Policy Associations among hosts using our mechanisms.

• International Journal of Computer Science & Network Security
• /
• v.21 no.3
• /
• pp.134-140
• /
• 2021

The development of technology speeds up the process of obtaining information and its analysis to track the level of corruption in different countries and develop countermeasures. This study examines the role of information and analytical support of anti-corruption policy as a tool for government accountability and analysis, evaluation, combating corruption in Eastern Europe. The purpose of the article is to identify the components of the information-analytical system that help reduce the level of corruption. The research methodology is based on a qualitative content analysis of the functioning of information and analytical systems of Ukraine used by anti-corruption bodies. A quantitative analysis of the CPI score was conducted, according to Transparency International, to identify the effectiveness of anti-corruption policies in developing countries. The results show similar trends in countries developing on the effect of the use of information and analytical systems in the implementation of anti-corruption policies, strategies and measures. The strategy to combat corruption mainly involves increasing the independence and powers of anti-corruption bodies. Therefore, the development of information and analytical support is aimed at automating the processes of pre-trial investigations and criminal proceedings, information protection. As a tool for accountability, information and analytical systems may be ineffective due to the abuse of power by higher anti-corruption bodies due to political pressure from elite structures. Restrictions on political will are a major problem for the effectiveness of anti-corruption policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.91-103
• /
• 2004

The survey of network firewall system has been focused on the deny policy that protects information from the unlicensed and the intrusion detection system. Government has solved several firewall problems as building the intranet separated from the intranet. However, the new firewall system would been satisfied both the denialpolicy and information share with the public, according as government recently emphasizes electronic service. Namely, it has to provide the functions such as the information exchange among divisions, partial share of information with the public, network connection and the interception of illegal access. Also, it considers the solution that protects system from hacking by inner user and damage of virus such as Worm. This Paper suggests the protects information system using the intrusion prevention system and role-based security policy to support the partial opennessand the security that satisfied information share among governments and public service.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.93-98
• /
• 2022

Information service technology continues to develop, and information service continues to expand based on the IT convergence trend. The premeter-based security model chosen by many organizations can increase the effectiveness of security technologies. However, in the premeter-based security model, it is very difficult to deny security threats that occur from within. To solve this problem, a zero trust model has been proposed. The zero trust model requires authentication for user and terminal environments, device security environment verification, and real-time monitoring and control functions. The operating environment of the information service may vary. Information security management should be able to response effectively when security threats occur in various systems at the same time. In this study, we proposed a security policy distribution system in the object reference method that can effectively distribute security policies to many systems. It was confirmed that the object reference type security policy distribution system proposed in this study can support all of the operating environments of the system constituting the information service. Since the policy distribution performance was confirmed to be similar to that of other security systems, it was verified that it was sufficiently effective. However, since this study assumed that the security threat target was predefined, additional research is needed on the identification method of the breach target for each security threat.

• Journal of Internet Computing and Services
• /
• v.8 no.6
• /
• pp.29-42
• /
• 2007

This paper describes a security object designed to support a dynamic security service for application services in u-healthcare computing environments in which domains are used to object groups for specifying security policies, In particular, we focus on security object for distributed framework support for u-healthcare including policy, role for security and operations use to access control. And then, by using the DPD-Tool. we showed the access right grant procedure of objects which are server programs, the developing process of client program. Also, we verified the executablility of security service supporting by distributed framework support for u-healthcare use to the mobile monitoring application developing procedure implemented through DPD-Tools.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.155-166
• /
• 2016

In accordance with the increase of the importance of information security, organizations are making continuous investments to develop policies and adapt technology for information security. Organization should provide systemized support to enhance employees' security compliance intention in order to increase the degree of organization's internal security. This research suggests security policy goal setting and sanction enforcement as a method to improve employees' security compliance in planning and enforcing organization's security policy, and verifies the influencing relationship of Theory of Planned Behavior which explains employee's security compliance intention. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. We verified the hypotheses based on 346 responses. The result shows that the degree of goal setting and sanction enforcement has positive influence on self-efficacy and coping efficacy which are antecedents that influence employees' compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

• Journal of KIISE:Databases
• /
• v.31 no.1
• /
• pp.1-12
• /
• 2004

As network systems are developed rapidly and network architectures are more complex than before, it needs to use PBNM(Policy-Based Network Management) in network system. Generally, architecture of the PBNM consists of two hierarchical layers: management layer and enforcement layer. A security policy server in the management layer should be able to generate new policy, delete, update the existing policy and decide the policy when security policy is requested. And the security policy server should be able to analyze and manage the alert messages received from Policy enforcement system in the enforcement layer for the available information. In this paper, we propose an alert analyzer using data mining. First, in the framework of the policy-based network security management, we design and implement an alert analyzes that analyzes alert data stored in DBMS. The alert analyzer is a helpful system to manage the fault users or hosts. Second, we implement a data mining system for analyzing alert data. The implemented mining system can support alert analyzer and the high level analyzer efficiently for the security policy management. Finally, the proposed system is evaluated with performance parameter, and is able to find out new alert sequences and similar alert patterns.