• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.759-761
• /
• 2016

Recent changes in the information security environment have led to persistent attacks on intelligent assets such as cyber security breaches, leakage of confidential information, and global security threats. Since existing information security systems are not adequate for Advanced Persistent Threat; APT attacks, bypassing attacks, and attacks on encryption packets, therefore, continuous monitoring is required to detect and protect against such attacks. Accordingly, this paper suggests an operation plan for managing an information security system to block the attack routes of advanced persistent threats. This is achieved with identifying the valuable assets for prevention control by establishing information control policies through analyzing the vulnerability and risks to remove potential hazard, as well as constructing detection control through controlling access to servers and conducting surveillance on encrypted communication, and enabling intelligent violation of response by having corrective control through packet tagging, platform security, system backups, and recovery.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2067-2072
• /
• 2016

Recently, due to the development of attack techniques that can circumvent existing information protection systems, continuous threats in a form unrecognized by the user have threatened information assets. Therefore, it is necessary to support the prompt responses to anticipated attempts of APT attacks, bypass access attacks, and encryption packet attacks, which the existing systems have difficulty defending against through a single response, and to continuously monitor information protection systems with a defense strategy based on Indicators of Attack (IOA). In this paper, I suggest a centralized intelligent information protection system to support the intelligent response to a violation by discerning important assets through prevention control in a performance impact assessment about information properties in order to block the attack routes of APT; establishing information control policies through weakness/risk analyses in order to remove the risks in advance; establishing detection control by restricting interior/exterior bypass networks to server access and monitoring encrypted communications; and lastly, performing related corrective control through backup/restoration.