• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1585-1594
• /
• 2018

In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.5
• /
• pp.1125-1130
• /
• 2015

In this paper, a method to identify components per unit task system is expressed with node, module, and interface. We define security subject per unit task system and explain node, module, and interface per component. According to the defined security standard in design phase, we also perform to design and elaborate security attributes for node and module as identified security subjects in their defined tables. And then we describe the composition standard for security attribute design with some examples, after classifying it into security subject, access subject, access control area, identification or verification area, and encryption.

• Korean Security Journal
• /
• no.2
• /
• pp.5-32
• /
• 1999

Private security will be of great importance in the coming 21st century. In the future, most of the crimes will be violent and frequent. In order to prevent crimes private security must be dealt with in public service area and private area. For this reason, nowadays studies on private security is going on actively. But in reality, serious studies on theoretical backgrounds of private security has not been made yet. Currently, almost all of the theories propose various grounds, such as administrative, economic, and social grounds. And they are based on five backgrounds, that is, profit-oriented enterprise theory, economic reduction theory, vacuum theory, interest group theory, and private management theory. The article furnishes several grounds in addition to these. They are local self-government, management of local self-government, and task-force of guard enterprise. In this article, I am going to present some perspectives in classifying the theories. They are administrative, economic, and social perspective. They are shown as follows by figure. In conclusion, based on theoretical backgrounds mentioned above, private security will be advanced constantly in the future. But in carrying out studies on private security, approaching method of proposing the developmental model is more important than theoretical approaching method.

• Journal of Information Technology Services
• /
• v.14 no.4
• /
• pp.81-104
• /
• 2015

Intentional information systems (IS) misuse is a serious problem in many organizations. This study aims at developing the theoretical framework of deterring IS misuse on the basis of Nagin's General Deterrence Theory (GDT) which is very famous in the area of socio-criminology. Applying GDT to the IS misuse situation could be reasoned that the perceived certainty and the perceived severity of sanctions associated with committing IS misuse have positive impact on deterring the deviant behaviors. Also, these two constructs (certainty of sanctions and severity of sanctions) could be inferred to be influenced by the four types of IS security countermeasures (security policies, security awareness program, monitoring practices and preventive security software) derived through critically reviewing IS security-relevant literature. The proposed research model and ten hypotheses were empirically analysed using structural equation modelling with the data collected by conducting a questionnaire survey of staff members in business organizations in Korea. As a result, it was found that five ones of ten hypotheses were supported. It is thought that this study makes theoretical contribution to expanding research area of IS security and also has strong implications for IS security management practices within organizations.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.360-365
• /
• 2003

무선 단말기를 통한 멀티미디어 데이터의 이용증가로 인해 무선 단말기의 저장 용량 한계에 대한 문제가 제기되었다. 지속적으로 성장하고 있는 무선 인프라 상에서 사용자의 중요한 데이터를 완벽하게 보호하고 시스템 장애 시간을 최소화하여 사용자가 언제든 원하는 데이터를 저장하고, 제공받기 위해 SAN 보안 인프라 연구는 필수적이다.

• Korean Security Journal
• /
• no.25
• /
• pp.63-87
• /
• 2010

Our society nowadays sees the increase in damage from crime on lives and properties by leaps and bounds in line with the economic take-off, and as a result, the raise of individual income. When considering such a hike in crime, it is desirable that the police framework be enhanced. However, thanks to the failure to correspond to this, it could be safely said that a good portion of accountability was shifted to the private security industry in regard to security for the people. Accordingly, the request for escort security business is on the increase regarding expansion and improvement about this industrial sector. As such, it is necessary to get the related system rearranged for authority on the part of escort guards, who are directly exposed to numerous crimes. On top of this, dispersion is required for the escort security businesses centralized in the metropolitan area. It is also necessary for the security guard system to be strengthened and disintegrated into details so that the escort security services are available to people in more safe and easily manners than ever before. When the qualification regime is operated based on this refreshed system, the efficient escort security work would be realized. The dichotomy into act on Special Security Guard and act on Security Business should be dealt with once again for integration as an issue on the front burner in the academic area, and through which the escort security market could be fit for the globalization as well. This paper would provide the solution that leads to more professional and efficient results from comprehension of progress situations in reality by starting from the concept on private security to the analysis of the conditions in this industrial sector.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.16 no.3
• /
• pp.293-299
• /
• 2016

Recently, as IoT (Internet of Things) becomes more important, low cost implementation of sensor nodes also becomes critical issues for two well-known standards, IEEE 802.15.4 and IEEE 802.15.6 which stands for WPAN (Wireless Personal Area Network) and WBAN (Wireless Body Area Network), respectively. This paper presents the area-optimized AES-CCM (Advanced Encryption Standard - Counter with CBC-MAC) hardware security engine which can support both IEEE 802.15.4 and IEEE 802.15.6 standards. First, for the low cost design, we propose the 8-bit AES encryption core with the S-box that consists of fully combinational logic based on composite field arithmetic. We also exploit the toggle method to reduce the complexity of design further by reusing the AES core for performing two operation mode of AES-CCM. The implementation results show that the total gate count of proposed AES-CCM security engine can be reduced by up to 42.5% compared to the conventional design.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1271-1284
• /
• 2014

This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a administrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.7 no.1
• /
• pp.99-104
• /
• 2012

In this paper, implementation of a wireless video security system relates to a situation outside of using infrared sensors to detect changes when using Zigbee network security in the area of the sensor sends information to the server. The server can judge the situation if an emergency situation through the IP network security camera shot of the area to be transferred command to pantilte. The camera images and information in the security area, sent to administrator's smartphone users to control the camera can see the situation and More than a small video security system was designed so that user can monitor the security zone. Finally, for real-time to identify and respond to emergency situations based on the available wireless networks for video surveillance systems were verified through research and implementation.

• International Journal of Contents
• /
• v.1 no.2
• /
• pp.22-25
• /
• 2005

Enterprise security management system: Enterprise Security Management (EMS) is centralized integrated management of other kind of security solutions such as intrusion cutoff system, intrusion detection system and virtual private network. With the system, it is possible to establish security policies for entire IT system through interlocking of solutions. A security system of company network is progressing as a ESM(Enterprise Security Management) in existing security solution foundation. The establishment of the security policy is occupying very important area in ESM of the security system. We tried to analyze existing ESM system for this and designed security solution structure for enhancing the inside security. We applied implementing directly IDS system and tested. This test set the focus about inside security