• 한국디지털정책학회:학술대회논문집
• /
• 2004.11a
• /
• pp.221-229
• /
• 2004

This paper aims at developing communication module and application prcgram for client management module and developing database management module and managing wireless communication facilities for server systems. To construct these aims, we have adapted DES algorithm and researched on encrypting and decrypting module development applicable to SMS Security System and optimize module size and processing speed.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.104-114
• /
• 2006

In order to use an Internet service, it is a general procedure that user subscribes to the service and then registers her or his id(identifier). As Internet has been more widely used, however, user has more and more ids than ever before. In this environments, whenever user uses an Internet service, she or he must authenticate to the service provider, which makes her or him inconvenient. As user's data is scattered and unmanaged on various web sites, user privacy has been revealed more often. This paper specifies e-IDMS which ETRI has been developing to solve such problems. e-IDMS is an Internet ID(IDentity) management system based on ID Federation Mechanism e-IDMS provides ID Federation-based facilities such as composite authentication, Internet SSG, ID information management, privacy protection and interactive query. e-IDMS is used in establishing integrated ill management system for public institutions.

• Management & Information Systems Review
• /
• v.27
• /
• pp.149-172
• /
• 2008

Since the 9/11 terror attack, the event which caused supply chain disruption, supply chain security has becomes more important than ever before. Furthermore, such company's logistics strategies conflicting supply chain security as increased global sourcing, JIT manufacturing are increasing supply chain vulnerability. It could burden for global companies to strengthen supply chain security because not only it requires additional investment cost but also changes of companiy's global logistics strategy. However, on the other hand, supply chain visibility and resilience can be improved through supply chain security. In addition, it allows companies to stabilize supply chain structure as well as rapid and flexible response to market demand. The key issue is balancing between efficiency and supply chain security. To do this, identifying risk elements under the supply chain and assessing vulnerability of each supply chain components should be performed before developing efficient supply chain security management system without obstructing supply chain efficiency.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.485-496
• /
• 2004

The wide spread of Internet makes susceptible to the attacks via communication Web from hackers using the vulnerability of both computer and network systems. In this paper, we design and implement an integrated security system, named as LISS(Linux-based Integrated Security System) in which an integrated security management is possible. This system is based on the open operating system, Linux and consists of open security tools, which is effective in security management of Linux based-servers. We also construct a test-bed in order to testify the performance of the LISS. It is revealed that the implemented system captures all the attack Patterns generated from Network Mapper.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.161-169
• /
• 2006

According to the development of information system, many information system and application soft-ware are develop. However, cyber attack and incident have more increased to the development of them. To defend from cyber attack and incident, many organizations has run information security systems, such as Intrusion Detection System, Firewall, VPN etc, and employed information Security person till now But they have many difficulty in operating these information security component because of the lack of organizational management and analysis of each role. In this paper, We propose the formal Cause-Effect Model related with the information security system and administrative mission per each security. In this model, we regard information system and information system operator as one information component. It is possible to compose the most suitable information component, such as information system, human resource etc., according to the analysis of Cause-Effect Model in this paper. These analysis and approaching methodology can make effective operation of each limited resource in organization and effective defense mechanism against many malicious cyber attack and incident.

• Management & Information Systems Review
• /
• v.4
• /
• pp.309-325
• /
• 2000

Organizations rely on Secure ID resources today to handle vast amounts of information. Because the data can vary widely in type and in degree of sensitivity, employees need to be able to exercise flexibility in handling and protecting it. It would not be practical or cost-effective to require that all data be handled in the same manner or be subject to the same protection requirements. Without some degree of standardization, however inconsistencies can develop at introduce risks. Policy formulation is an important step toward standardization of security activities for ID resources. ID security policy is generally formulated from the input of many members of an organization, including security officials, line managers, and ID resource specialists. However, policy is ultimately approved and issued by the organization's senior management. In environments where employees feel inundated with policies, directives, guidelines and procedures, an ID security policy should be introduced in a manner that ensures that management's unqualified support is clear. The organization's policy is management's vehicle for emphasizing the commitment to ID security and making clear the expectations for employee involvement and accountability. This paper will discuss ID security Policy in terms of the different types (program-level and issue-specific), components, and Implementation of Expert System Simulation based on 4GL, PowerBuilder.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.34 no.4
• /
• pp.72-81
• /
• 2011

In this paper, we propose adaptive convergence security policies and management technologies to improve security assurance in the home networking environment. Many security issues may arise in the home networking environment. Examples of such security issues include the user privacy, the service security, the integrated networking security, the middleware security and the device failure. All these security issues, however, should be fulfilled in phase due to many difficulties including deployment cost and technical complexity. For instance, fundamental security requirements such as authentication, access control and prevention of crime and disaster should be addressed first. Then, supplementary security policies and diverse security management technologies should be fulfilled. In this paper, we classify these requirements into three categories, a service authentication, a user authentication and a device authentication, and propose security policies and management technologies for each requirement. Since the home gateway is responsible for interconnection of many home devices and external network access, a variety of context information could be collected from such devices.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.49-57
• /
• 2013

Power-saving PC software enables the inexpensive power control, but the installation of the power-saving software in all computers in the organization is not an easy task. Computer users in the organization are usually not cooperative as they do not think the power-saving cost is directly related to themselves. The PC power-saving system provides advantage to driving active participation in which users installs the power saving software by restricting IP address through the power management server. However, the problem with this approach is the security vulnerability to IP spoofing attacks, therefore we need to solve the problem that disrupt the entire network system rather than saving electric power. This paper proposes the security authentication system that can implement the efficiency saving power by providing high security for the members' computer system of the public institutions based on the PC power-saving system. Also, by analyzing it in comparison with other method, it is possible to check that the prospects of safety and efficiency are strengthened.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.5
• /
• pp.171-176
• /
• 2015

Because the specific security technology alone can not cope with sophisticated attacks, various security management models are applied. But, they do not focus on the vulnerability of the highest part because they offer so many common security management criteria. By analyzing the main information and confidential leakage cases inflicting enormous damage to our society, we found that attackers are using mainly an interface vulnerabilities - the paths that connect the internal and external of the organization, such as e-mail, web server, portable devices, and subcontractor employees. Considering the reality that time and resources to invest in security domain are limited, we point out the interface security vulnerabilities the possibility of attackers to exploit and present a convergence method of security measures. Finally, based of ROI(Return on Investment), we propose the real-time security management system through the intensive and continuous management.

• 한국디지털정책학회:학술대회논문집
• /
• 2003.12a
• /
• pp.161-170
• /
• 2003

Knowledge management system building knowledge acquisition, knowledge share, and knowledge maintenance for the member of corporation is expanded throughout whole industry to cope with rapid business environment. Electronic document basing knowledge management system can copy, print, and transfer knowledge to another party, so it is being regarded as a essential infrastructure to share knowledge. However, considering most of information leakage is sprung up by insider of organization, it is considered to provide countermeasure to protect illegal use from information leakage. The purpose of this paper is to establish digital information security system through design of document and manage digital information assets safely through electronic document security system protecting illegal leakage of digital information assets.