• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.926-930
• /
• 2010

This paper is about a development framework, which is required to develop of security system is based on component. With applying of SDLC(system development life cycle) of information system, the application of information security products DLC is required at this point of time. In this paper, we review NIST requirement specification of development method, requirement criteria of SDLC in each stage, and major security guidelines of risk assessment. Also we are reviewed major security element of SDLC, and to aid understanding of security framework based on component, present the relationship fo security design and DFD in respect of spoofing for the outside entity based on threat tree STRIDE.

• Journal of Agricultural Extension & Community Development
• /
• v.10 no.1
• /
• pp.1-14
• /
• 2003

This study proposes strategies for information requirements analysis (IRA) for successful agricultural management information system (MIS) development. The study frist defines IRA based on literature review and emphasizes the importance of IRA by its position in SDLC (System Developments Life Cycle). Then, the study reviews fifteen cases of agricultural MIS development projects appeared in the report of all the MIS related ARPC(Agricultural R&D Promotion Center) projects from 1995 to 1998 and finds that IRA is not properly performed in most of the projects. Finally, this study proposes seven strategies for IRA for successful agricultural MIS development based on the finding of this study and those from the literature related to IRA methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.9
• /
• pp.4555-4571
• /
• 2019

Due to increasing interest in distributed agile software development, there is a need to systematically review the literature on challenges encountered in the agile software development environment. Using the Systematic Literature Review (SLR) approach, 32 relevant publications, dated between 2013 and 2018 were selected from four electronic databases. Data from these publications were extracted to identify the key challenges across the system development life cycle (SDLC) phases, which essentially are short phases in each agile-based iteration. 5 types of key challenges were identified as impacting the SDLC phases; these challenges are Communication, Coordination, Cooperation, Collaboration and Control. In the context of the SLDC phases, the Communication challenge was discussed the most often (79 times, 33%). The least discussed challenges were Cooperation and Collaboration (26 times, 11% each). The 5 challenges occur because of distances which occur in distributed environment. This SLR identified 4 types of distances which contribute to the occurrence of these key challenges - physical, temporal, social-cultural and knowledge/experience. Of the 32 publications, only 4 included research which proposed new solutions to address challenges in agile distributed software development. The authors of this article believe that the findings in this SLR are a resource for future research work to deepen the understanding of and to develop additional solutions to address the challenges in distributed agile software development.

• The Journal of Bigdata
• /
• v.4 no.2
• /
• pp.47-59
• /
• 2019

Recently, the RPA (Robotic Process Automation) solution, which has been spreading in Korea and overseas, allows users to easily automate their tasks with the application GUI (Graphic User Interface), and the number of Korean financial companies which Implemented for automating their business is increasing now. However, as the major supervisory regulations that financial institutions must comply with are based on the existing traditional SDLC (Software Development Life Cycle), it is not proper to be directly applied to RPA that automates end-user works on the level of user's system interface. Therefore, in this paper, we organized the important financial supervisory rules and control items that should be considered for RPA implementation, then surveyed 24 financial companies which have implemented RPA for checking how they applied them. Finally, we would like to present the necessity of revision of related compliance.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.191-204
• /
• 2021

The software development life cycle (SDLC) is a procedure used to develop a software system that meets both the customer's needs and real-world requirements. The first phase of the SDLC involves creating a conceptual model that represents the involved domain in reality. In requirements engineering, building such a model is considered a bridge to the design and construction phases. However, this type of model can also serve as a basic model for identifying business processes and how these processes are interconnected to achieve the final result. This paper focuses on process modeling in organizations, per se, beyond its application in the SDLC when an organization needs further documentation to meet its growth needs and address regular changes over time. The resultant process documentation is created alongside the daily operations of the business process. The model provides visualization and documentation of processes to assist in defining work patterns, avoiding redundancy, or even designing new processes. In this paper, a proposed diagrammatic representation models each process using one diagram comprising five actions and two types of relations to build three levels of depiction. These levels consist of a static description, events, and the behavior of the modeled process. The viability of a thinging machine is demonstrated by re-modeling some examples from the literature.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.11
• /
• pp.79-83
• /
• 2016

In this paper, we define four levels of analysis, design, implementation, and testing of the configuration of the development phase by S/W development life cycle. In particular, it dealt with the stage of the analysis phase to prepare an information system developed intensively. Details of the derivation of the information security requirements, it can be seen that comes from the perspective of confidentiality, integrity, availability and accountability, etc. It dealt with from the first manifestations of the projects planning to final planning to establish information security in activities of the Information Security requirements. As an example exhibited by assessing the information security analysis phase activities of S corporations, it can be seen that the improved sales rise in information security activities.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.121-134
• /
• 2017

With rapid increasing the development and use of IoT Devices, requirements for safe IoT devices and services such as reliability, security are also increasing. In Security engineering, SDLC (Secure Development Life Cycle) is applied to make the trustworthy system. Secure Development Life Cycle has 4 big steps, Security requirements, Design, Implementation and Operation and each step has own goals and activities. Deriving security requirements, the first step of SDLC, must be accurate and objective because it affect the rest of the SDLC. For accurate and objective security requirements, Threat modeling is used. And the results of the threat modeling can satisfy the completeness of scope of analysis and the traceability of threats. In many countries, academic and IT company, a lot of researches about drawing security requirements systematically are being done. But in domestic, awareness and researches about deriving security requirements systematically are lacking. So in this paper, I described about method and process to drawing security requirements systematically by using threat modeling including DFD, STRIDE, Attack Library and Attack Tree. And also security requirements are described via Common Criteria for delivering objective meaning and broad use of them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1183-1192
• /
• 2022

Information and Information processing systems must maintain a certain level of security during the total life cycle of Information. To maintain a certain level of security, security management processes are applied to software, automobile development, and the U.S. federal government information system over a life cycle, but theme of no similar security management process in Korea. This paper proposes a Korean-style security risk management framework to maintain a certain level of security in the total life cycle of information and information processing system in the defense sector. By applied to the defense field, we intend to present the direction of defense security work in the future and induce an shift in security paradigm.

• Journal of Korean Public Health Nursing
• /
• v.20 no.2
• /
• pp.195-206
• /
• 2006

Purpose: As Koryo Hand Therapy is generally referenced by a manual, we made a database system to ease. Method: Using the basic theory of Koryo Hand Therapy with the System Development Life Cycle (SDLC), we tested, analyzed, designed and implemented the system and constructed a database system with MS Access according to the symptoms. Results: We constructed the database system of Handing and the symptoms of Koryo Hand Therapy in 3 parts (Basic Data Management, Disorder Therapy Management, Report) for easy management. This database system will be useful for general users to protect, promote and measure their health. The structured database system was valued on the basis of the students basic knowledge of Koryo Hand Therapy. As a result, 80% of the respondents answered that the "system is well structured", 78% that "it's convenient to search", and 87% that "it's helpful for self health management". Conclusion: These study results provides people with information on the basic treatment of symptoms for the self health protection and promotion with Koryo Hand Therapy by constructing a database.