• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.1
• /
• pp.634-640
• /
• 2020

The information security management system (ISMS) and the personal information management system (PIMS) have been integrated into a personal information & information security management system (ISMS-P) certification scheme in response to requests to reduce the time and cost to prepare certification schemes. Integration of the certification system has made it possible for the system operator to gain the advantage of easy management of the ISMS-P certification system, and the certification target organization can enjoy the advantage of easy acquisition and maintenance of certification. However, ambiguity in the application criteria of the target organization, and ambiguity in the certification criteria control items require the target organization to operate an excessive management system, and the legal basis to be applied to the certification target organization is ambiguous. In order to improve these problems, this paper uses case studies to identify the types of certification bodies that apply the certification criteria, and to change the control items applied during certification audits based on the types of certification bodies. Institutions that wish to obtain only ISMS certification have proposed three solutions, excluding controls covered by the ISMS-P. This paper suggests ways to operate an efficient certification system, and can be used as a basis for improving problems in the ISMS-P certification system.

• The Journal of Korean Association of Computer Education
• /
• v.10 no.3
• /
• pp.57-66
• /
• 2007

E-mail system is considered as a most important communication media, which can be used to transmit personal information by internet. But e-mail attack also has been increased by spoofing e-mail sender address. Therefore, this work proposes sender verification faculty for spam mail protection at sender's MTA by using security card for protection forged sender and also for authenticating legal sender. Sender's mail MT A requests security card's code number to sender. Then sender input code number and generate session key after sender verification. Session key is used to encrypt sender's signature and secure message transmission. This work can provide efficient and secure e-mail sender authentication with sender verification and message encryption.

• Korean Security Journal
• /
• no.36
• /
• pp.493-523
• /
• 2013

The purpose of this research is to deduce the frailties of the operating condition of Korea's national crisis management system through a comprehensive perspective analysis. It is then to present efficient measures through the enhancement of these infirmities. For this, after examining the fundamental theory, we presented a development direction based on the current status of the 6 key systems composing the national crisis management system. We also included items regarding each of the policy proposal in our conclusion. The fundamental theory of Korea's national crisis management system has been integrated based on a comprehensive security concept. However, the system development which drives the integrated structure still remains solely as a legal and structural category. Thus, operating, informing-oriented, supporting management, and rearing professional manpower systems have yet to be cultivated with efficiency. In conclusion, this research is to present a development direction from a conceptual dimension and to analyze the current status of the 6 key systems which are law, organization, operation, information-oriented, support management, training, and education. Finally, this research highlights the policy measures to fully maximize system efficiency.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.531-540
• /
• 2021

As cyber attacks and crimes increase exponentially and hacking attacks become more intelligent and advanced, hacking attack methods and routes are evolving unpredictably and in real time. In order to reinforce the enemy's responsiveness, this study aims to propose a method for developing an artificial intelligence-based security control platform by building a next-generation security system using artificial intelligence to respond by self-learning, monitoring abnormal signs and blocking attacks.The artificial intelligence-based security control platform should be developed as the basis for data collection, data analysis, next-generation security system operation, and security system management. Big data base and control system, data collection step through external threat information, data analysis step of pre-processing and formalizing the collected data to perform positive/false detection and abnormal behavior analysis through deep learning-based algorithm, and analyzed data Through the operation of a security system of prevention, control, response, analysis, and organic circulation structure, the next generation security system to increase the scope and speed of handling new threats and to reinforce the identification of normal and abnormal behaviors, and management of the security threat response system, Harmful IP management, detection policy management, security business legal system management. Through this, we are trying to find a way to comprehensively analyze vast amounts of data and to respond preemptively in a short time.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.215-216
• /
• 2014

This paper emphasizes the control of access and authorization based on the roles and the data using activities of users as task performers. Also, it requires to gain the necessary approval in advance for important tasks such as mass inquiry and change on important information to influence the very existence of the whole organization.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.173-180
• /
• 2008

Certified e-Document Authority keep it with protection legal as a system a guarantee and identifies originality of an e-Record, It presume to be authenticity e-Records and contents of an e-Record prove what was not changed. But, e-Records has high medium degree of dependence and loss danger of information has very high problems. In addition, Because correction(attachment and deletion) and a revision of information are easy, a problem for integrity and the originality of an e-Record is caused. Existing system show the following inefficient. For the originality guarantee, an existing e-Documents encryption method accomplishes a encrypted process of a whole document with a symmetric key, if the information revised midway, the whole documents content must accomplish re-scanning and re-encryption process again. To get over such inefficient, this paper maximize efficiency which occurred at the time of partial information revision request by encryption and managing using the link information based on the linkage characteristics of the each page on the registered requested e-Documents, It was able to increase security configuration by minimizing problems on an information exposure through increasing complicated of the key management.

• Korean Security Journal
• /
• no.25
• /
• pp.27-61
• /
• 2010

This study looks at plans for the efficient functions of the current terror response system in Korea. The results are derived from by comparing and analyzing American, British, German, Japanese, and Korean terror response systems. It focuses especially on addressing some problems with Korea's terror response system and how to operate it effectively. The study will systematically compare and analyze each nation's terror countermeasure studying organizational, functional, and legal aspects as standards. This study shows that there is not an exclusive terror response center in Korea compared with other nations such as America, the United Kingdom, Germany, and Japan. Also it is difficult to expect effective and vigorous operations due to weak cooperation across the relevant organizations. The presidential directive of the state's anti-terrorism action guidelines is legally ineffective. This means that on legal grounds, it is difficult to take actions to prevent the terrorism. Therefore, keys to counteracting terrorism derived from this study are summarized below. In the first place, an integrated terror response system should be set up for expansion of information sharing which leads to emergence effect. In the second place, the superior legislative systems should be made for the cleardefinition and extent of what the terror is, rigid enforcement of investigation, immigration, and keeping an eye on the funds raised by terrorists and tracking down the terrorists, the plan for eco-terrorism. In the third place, to augment security of vital facilities and peoples' awareness of terrorism safety should be emphasized and a cooperative system between civil and government organizations need to be built. In the fourth place, system for crisis management must be provided in an effort to maximize management system of terrorism and unify a decentralized emergency countermeasures effectively.

• Korean Security Journal
• /
• no.51
• /
• pp.153-170
• /
• 2017

The purpose of this study is to rediscover the operation of anti-terrorism system focusing on the system approach and crisis management approach for counter terrorism in Korea. According to the results of this study, it is required to establish a link between open systems and integrative system focusing on functional linkage of counter-terrorism systems, and cooperative measures with private sectors in the dimension of governance activation. Further, it is necessary to prepare legal foundations for the cooperation with private sectors and then promote open consciousness transformation through the partnership with private security for anti-terrorism activities. In addition, in its preventive stage, it is required to prepare legal systems related to biochemical terrorism for stronger regulations through crisis-managerial approach. Next, in its preparatory stage, it is necessary to prepare education and enact named Terror Prevention Day for increasing terror safety consciousness, and then extend citizen reporting reward systems to enable citizens to participate and become interested voluntarily in terror prevention. Also, it is essential to establish the substantial training system for preparing for terror occurrence. Moreover, in its response stage, it is urgent to construct networks between related institutions to manage field and spot responses with integrative management systems through information sharing. Furthermore, in its restoration stage, it is indispensible to prepare long-term management systems for injured persons and families of the deceased from terror incidents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.801-809
• /
• 2024

In the digital age, the importance of personal information has magnified, underscoring the need for enhanced personal information protection, especially within public institutions. Despite ongoing efforts since 2007, significant breaches in public sector information underline persistent vulnerabilities. This study advocates for a transition from a diagnostic to an assessment framework to fortify privacy management in public institutions, as mandated by recent legislative revisions. The amended Personal Information Protection Act introduces an assessment approach, aiming to comprehensively assess and mitigate risks by expanding the scope of evaluation and implementing robust regulatory measures. This study examines the limitations of the current diagnostic practices through literature review and case analysis and proposes a systematic approach to adopting the new assesment system. By enhancing the assessment framework, the study expects to improve the effectiveness of personal information management in public institutions, thereby restoring public trust and ensuring a stable progression into a more secure digital era. The transition to an assessment system is designed not only to address the gaps in the current framework but also to provide a methodical assessment that supports ongoing improvement and compliance with enhanced legal standards.

• The Journal of Information Technology
• /
• v.6 no.1
• /
• pp.85-105
• /
• 2003

The study revealed that the companies are still reluctant to stop using document-based payment methods although they are aware the use of electronic payment system would reduce express and save time. Considering problems that are suggested in the conventional payment method, more companies will introduce and utilize the electronic payment system. Moreover, as the refined electronic payment system is essential in electronic trade, active studies on this field would greatly contribute to the development of electronic payment system. The prevailing settlement of international trade still relies on trading documents while the legal issues are not finalized for electronic bill of lading (B/L) and electronic bill. This research purpose on comparing some e-trading models in character and presenting the obstacles of e-trading activation and the solutions. e-trading models this research has studied are BOLERO, TradeCard, electronic L/C etc. Comparing characteristic points of the e-trading model in this article are as follows; 1)Access ways as a global e-trading model, 2)Structural and Functional characteristic, 3)Role as a global e-trading model, 5)Legal and Application issues in practice, 6)Security issues for Technology. But Further studies on this subject would be needed.