• 제목/요약/키워드: Security Assesment

Search Result 17, Processing Time 0.028 seconds

Design and implementation on Safety assesment system for security threat analyzing (보안 위험분석을 위한 안정성 평가 시스템 설계 및 구현)

  • Cho, Kyoung-Sik
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.2 s.46
    • /
    • pp.333-339
    • /
    • 2007
  • Risk of damage on information system being grow according to increasing its dependence rate on most of organization. On this work, make planed for a safety assessment system in which information protection management system and threat analyzing method. Also, during threat assesment, we have planned possible an equal-weight applied assesment and considering the characteristics of the organization, an assesment which security factor's weight is variably applied to, and respective organizations to examine its security by itself in order to support the easy findings of the vulnerabilities on the management point of view, and to show the advices to practice.

  • PDF

Evaluation Tool for Analyzing Method of the Information System (정보시스템 위험분석 평가도구)

  • Kim, Kang;Cho, Kyoung-Sik
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2007.06a
    • /
    • pp.773-777
    • /
    • 2007
  • Very various infusion by development of systems that is based on network is spread. Therefore, Evaluation Tool has been an active research area to reduce the risk from intrusion. On this thesis, during threat assesment, we have planned possible an equal-weight applied assesment and considering the characteristics of the organization an assesment which security factor's weight is variably applied to, and respective organizations to examine its security by itself in order to support the easy findings of the vulnerabilities on the management point of view, and to show the advices to practice.

  • PDF

A Framework for Deriving Investment Priority in National Defense R&D - Using DEA based on TRA - (국방연구개발 투자우선순위 도출 프레임워크 - TRA 방법론에 기반한 DEA 중심으로 -)

  • Yu, Donghyun;Lim, Dongil;Seol, Hyeonju
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.21 no.2
    • /
    • pp.217-224
    • /
    • 2018
  • The purpose of this study is to evaluate the future potential value of CTE(Critical Technology Element)s that are evaluated to be low in TRA(Technology Readiness Assesment) and to present investment prioritization technologies in defense R&D(Research and Development) based on them. To do this, we used the DEA(Data Envelopment Analysis) method, which is useful in evaluating the efficiency of the organization. Specifically, we suggest a systematic framework to evaluate the future value of CTEs by setting the CTEs derived from the TRA process to DMU(Decision Making Unit)s, the cost and time required to develop each CTE as the input factor of the DEA and the effects of the development of each CTE as the output factor of the DEA respectively. We also conducted an illustrative case study on radar technologies to demonstrate the usefulness of the proposed approach.

Application of Threat Modeling for Security Risk Analysis in Smart Home Service Environment (스마트홈 서비스 환경에서의 보안 위험 분석을 위한 위협 모델링 적용 방안)

  • Lee, Yun-Hwan;Park, Sang-Gun
    • The Transactions of the Korean Institute of Electrical Engineers P
    • /
    • v.66 no.2
    • /
    • pp.76-81
    • /
    • 2017
  • In this paper, the risk analysis of smart home services was implemented by applying threat modeling. Identified possible threats for safe deployment of smart home services and identified threats through the STRIDE model. Through the creation of the Attack Tree, the attackable risk was analyzed and the risk was measured by applying the DREAD model. The derived results can be used to protect assets and mitigate risk by preventing security vulnerabilities from compromising and identifying threats from adversely affecting services. In addition, the modeled result of the derived threat can be utilized as a basis for performing the security check of the smart home service.

A Study on the Methods of Fault Analysis for Security Improvement of National Education Information System(NEIS) (교육행정정보시스템의 보안성 개선을 위한 결함 분석 방법에 관한 연구)

  • Lyu, Min-Wan;Park, Man-Gon
    • Journal of Korea Multimedia Society
    • /
    • v.20 no.12
    • /
    • pp.1970-1979
    • /
    • 2017
  • Computerization of educational administration following educational informatization of government has been steadily improved for the purpose of teachers' offload and job efficiency, finally resulting that NEIS(National Education Information System) has been completed. The NEIS consists of Nationwide service of NEIS, Business portal system of NEIS, Authentication management system and so on. Students, parents and civil petitioners handle civil affairs through Nationwide service of NEIS and teachers and persons of task conduct theirs business by accessing the Business portal system of NEIS. At this time, users have to obtain their certification from Authentication management system. Previous Studies were mainly focused on the evaluation about its performance according to the introduction of NEIS. But from now on there is a growing interest in security assessment and an efficient method for security improvement to check if NEIS works properly. Therefore, in this thesis, we'll propose an analytic framework in which security assessment is carried out after comprehending the fault structures through performing Fault Fishbone Analysis based on the Fault Tree Analysis. As a result of the system applied, the system had the highest rate of improvement to 47.7 percent.

Korean Security Risk Management Framework for the Application of Defense Acquisition System (국방획득체계 적용 한국형 보안위험관리 프레임워크)

  • Yang, Woo-sung;Cha, Sung-yong;Yoon, Jong-sung;Kwon, Hyeok-joo;Yoo, Jae-won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1183-1192
    • /
    • 2022
  • Information and Information processing systems must maintain a certain level of security during the total life cycle of Information. To maintain a certain level of security, security management processes are applied to software, automobile development, and the U.S. federal government information system over a life cycle, but theme of no similar security management process in Korea. This paper proposes a Korean-style security risk management framework to maintain a certain level of security in the total life cycle of information and information processing system in the defense sector. By applied to the defense field, we intend to present the direction of defense security work in the future and induce an shift in security paradigm.

Analyzing the Practice and Relationship of the onfiguration Management among International Standards (국제 표준간 형상관리 공정의 활동 및 관계 분석)

  • 황선명;김혜미;김태훈;노병규
    • Convergence Security Journal
    • /
    • v.3 no.1
    • /
    • pp.85-94
    • /
    • 2003
  • The Configuration management process is to establish and maintain the integrity of all the work products of a process or project. This paper discusses the similarities and differences between ISO/IEC 12207 and ISO/IEC 15846. The most widely used models for software process assesment, ISO/IEC 15504, CMM and CMMI can rate maturity of processes. We analyze and compare the practices for measuring Configuration process and propose metric for quantitative measure.

  • PDF

Reforms of Social Security System : Social Assistance Programmes in the U.K. (영국 사회보장제도의 개혁 : 사회부조(Social Assistance)를 중심으로)

  • Shin, Dong-Myeon
    • Korean Journal of Social Welfare
    • /
    • v.46
    • /
    • pp.178-209
    • /
    • 2001
  • This paper aims to provide a critical assesment of Conservatives's and new Labour's social assistance reforms in the U.K. and their differential impacts on low income groups. During the period of 18 years in power, the Conservative governments enforced benefit recipients being capable of work to be out of benefits and to get into work. They employed not only 'carrots' to encourage beneficiaries being capable of work to have full-time work, but also 'sticks' to discourage them to depend on benefits. The reforms under the Conservative governments were closer to the workfare model. The new Labour government has continued to emphasize work regarding social security reform. It has raised 'from welfare to work' as the main reform objective. However, it has not necessarily focused on 'carrots and sticks' in order to get beneficiaries into work. Instead, the new Labour government has put its priority regarding social assistance reform on human capital development in order to develop the capability of beneficiaries for work. Britain under the new Labour government seems to be moving from workfare to activation model. These differentials between the Conservative governments and the new Labour government regarding social assistance reforms bring about the different policy outcomes. Under the Conservative government, social assistance programmes were prone to strengthen the state's control over benefit recipients and to increase stigma to them. Punitive, demeaning, stigmatising programmes of work and unending job search activities harm the bases of self-respect. On the contrary, the activation programmes under the new Labour government has contributed positively to both socially significant participation and autonomy of beneficiaries.

  • PDF

Development of Privacy Impact Assessment Tool (개인정보 영향평가 툴 개발)

  • Heo, Jin-Man;Woo, Chang-Woo;Park, Jung-Ho
    • The Journal of Korean Association of Computer Education
    • /
    • v.15 no.2
    • /
    • pp.75-81
    • /
    • 2012
  • As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

  • PDF

Assesment of Domestic Import Risk for Liquefied Natural Gas in Korea (국내 액화천연가스 도입구조의 위험성 평가)

  • Yu, Hyejin;Oh, Keun-Yeob;Cho, Wonjun;Lim, Oktaeck
    • Journal of the Korean Institute of Gas
    • /
    • v.25 no.1
    • /
    • pp.30-39
    • /
    • 2021
  • Natural gas is globally emerging as an important energy source for environmental, political and regional reasons. In Korea, natural gas imported from oversea natural gas resources as a LNG, it is increased for an applications as a fuel and feedstock which replace the coal and nuclear energy. Because it is relied on the import market in Korea, it is very important to analyze the security for supply. Therefore, this study suggested a method for reducing supply risk and for providing stable supply and demand through risk analysis of Korea's import structure. In order to reduce the supply risk, the concentration of importing countries should be lowered and it is necessary to lower the proportion of countries with relatively low GSSI and increase the imports from Russia. Finally increasing the number of importing countries or maintaining friendly relations with countries where the supply is stable could give us the positive impact in terms of total GSSI.