• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• Asia pacific journal of information systems
• /
• v.14 no.4
• /
• pp.71-85
• /
• 2004

Due to exponentially growing threats of cyber attacks, many organizations have begun to recognize the importance of information security. There is an explosion in demand for experienced ISMs(Information Security Managers) and ISSDs(Information Security System Developers). To educate ISMs and ISSDs, identifying the specific knowledge and skill for information security professional is critical. This paper identifies 15 items of knowledge and skill for ISMs and ISSDs using a simplified Delphi technique and categories them. The results of this paper could be used in determining what kinds of knowledge and skill should be included in the curriculum of information security programs.

• The KIPS Transactions:PartD
• /
• v.11D no.4
• /
• pp.917-928
• /
• 2004

Common Criteria as ISO/IEC 15408 is used to assure and evaluate IT system security. As the Prime class of security assurance requirement, CM Configuration Management needs the more principled quality activities and practices for developer must be supported. So in this paper, we propose the well-defined CM method as guideline for TOE developer based on Process model including common criteria and develop the CMPET a quantitative process evaluating tool for CM using checklist. It can support useful process analyzing data to developer, evaluator and user.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.3
• /
• pp.641-653
• /
• 1999

The paper is design and implementation of the system to support security communication between a Web Browser and a CGI program by a Web Server using PKI(Public Key Infrastructure. This system uses GSS(Generic Security Service)-API to communicate with PKI, offers a Web user a Client Proxy, and offers a CGI developer there library functions related with security. TLS(Transport Layer Security) supports security communication between a Web Browser and a Web Server, but the system supports security communication between a Web Browser and a CGI program as the protected data received from a Client Proxy are sent to a CGI program, and the CGI program decrypts the data using the library functions supported by this system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.109-113
• /
• 2007

With increasing the mont of processed information over the network, the importance of database system increases rapidly. There are two types of security system for database, access control and data encryption. However, it is hard to evaluate security of database systems using the Common Criteria(CC) as there is no protection profile(PP) for these systems. In this paper, we propose a protection profile for secure database systems which can be used in formal evaluation using the Common Criteria. The proposed protection profile can be used by both developer and consumer to evaluate security of database systems.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.317-320
• /
• 2016

In embedded system, if firmware code is opened by other company, must devise hardware copy prevention. That guard valuable product. Not used security IC, Suggested platform is source code open method that prevent core code and hardware copy. And that open firmware code for other company programmer. Suggest system security platform based on Corex-M3. that consist of IAP(In-application programing) and APP(Applicataion). IAP contain core code and security confirm code. APP is implement by other company developer using core function prototype.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.157-164
• /
• 2006

Information is playing a key role in sufficing the needs of individual members of the society in today's rapidly changing environment. Especially, the cases of illegal gathering of privacy information will increase and the leakage of privacy information will grow as the individual activities in the ubiquitous computing environment. In this paper, we suggested the privacy framework in order to make design and implementation of secure and effective privacy management system. Ant we also introduced the methodology which is represent to 5 specific stages in order to suggest to the privacy system development guideline from the standpoints of the privacy system operator or developer. Especially, we tried to determine whether the suggested methodology can be effectively used in the real computing environment or not by making necessary investments in management (privacy policy) and technical (system architecture) sides. We believe that the privacy framework and methodology introduced in this research can be utilized to suggest new approach for showing direction from the privacy protection perspective, which is becoming more important in ubiquitous environments, and practical application rather than providing conceptual explanation from the views of engineer or developer.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.2 s.34
• /
• pp.11-19
• /
• 2005

The importance of this Paper is to develop a standard Performance evaluation model and scenario for the secure OS. According to the scenario that was conducted for Performance evaluation, benchmarking was Performed. All the benchmarking result was thoroughly analyzed. Our result contribute to evaluating Secure 05 that contains various security policy affecting system Performance. In this paper, it is expected to Provide guidelines of secure operating system for the consumer, developer and evaluator. It will also contribute to the systematic basis for evaluation of security 05 and the promotion of domestic information security industry by retaining basic technology for international trends.

• The Journal of Information Systems
• /
• v.14 no.1
• /
• pp.19-40
• /
• 2005

The history of computer virus comes along with that of computer. Computer virus han surfaced as a serious problem in information age. The advent of open network and widespread use of Internet made the problem even more urgent. As a method of defense for computer virus most companies use anti-virus software. Selecting appropriate anti-virus software involves various criteria and thus it is a multiple-attribute decision making problem. The purpose of this study is to prioritize anti-virus software evaluation factors. To do that, first of all, important evaluation factors are selected based on previous research on anti-virus software as well as general software evaluation models. Then, a questionnaire survey was conducted on end-users, system administrators and anti-virus software developers. The survey result was analyzed with ExpertChoice 2000 which is based on Analytic hierarchy Process technique. This study found that there are clear differences among three survey groups regarding the relative importance of overall evaluation factors. End-user group ranked "cost" first, but it was the least important factor to developer group. Developers pointed out "operational support" ad the most important factor. There were also obvious differences in the relative importance of detail evaluation items. Both end-users and system administrators shared 7 common items among top 10 most important items. Moreover, neither of the two groups ranked any of the items in the "operational support" factor in top 10, whereas all 4 items in the factor were included in top 10 by developer group.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.164-177
• /
• 2018

As the market for IoT devices grows, it is expected that the scale of malware attack will be considerable. Accordingly, the improvement of related legislation has been actively promoted, the recently strengthened Information and Communication Network Act was enforced. Because IoT related accidents can lead to not only financial damages but also human accidents, IoT device Security has been attracted a great deal of attention. In this paper, IoT devices provide essential security functions through legal and technical perspectives, and analyze related technologies. This can be used to a reference for the Start-up developer and IoT device designer.