• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.961-968
• /
• 2014

In order to prevent leakage of personal information by insiders a large number of companies install pc security solutions like DRM(Digital Right Management), DLP(Data Loss Prevention), Personal information filtering software steadily. However, despite these investments anomalies personal information occurred. To establish proper security policy before implementing pc security solutions, companies can prevent personal information leakage. Furthermore by analyzing the log from the solutions, companies verify the policies implemented effectively and modify security policies. In this paper, we define the required security solutions installed on PC to prevent disclosure of personal information in a variety of PC security solution, plan to integrate operations of the solutions in the blocking personal information leakage point of view and propose security policies through PC security solution log analysis.

• Korean Security Journal
• /
• no.33
• /
• pp.163-195
• /
• 2012

Various kinds of performances and events have been held by local governments along with the worldwide popularity of K-pop, and there is a growing concern about possible accidents. Actually, a large-scale of accident took place during the MBC pop song concert in Sangju Sports Stadium in October 3, 2005. And another great safety accident occurred during an open event in the Lotte World in Seoul in March 26, 2006. The purpose of this study is to propose improvement of security company that carry out security activity through the analysis of the cases of accidents and common causes in the event sites. The improvement of safety management for large-scale event site by the study are as followings; First, institutional measures should be taken to extend the size of private security companies. Second, more education and training should be provided for security personnels who work for the event. Third, private security companies should prepare for the security measures more thoroughly in advance. Fourth, private security companies should make every possible effort to maintain order in the event site. Fifth, private security companies should bolster their collaboration with relevant organizations. Sixth, security companies should take actions to make themselves completely ready for any possible unexpected situations.

• Korean Security Journal
• /
• no.13
• /
• pp.487-505
• /
• 2007

This study is to examine relations between the number of occurrence of big five critical crimes that consist of homicide, robbery, rape, theft, violence and the number of the security companies and the security guards, and between the number of the security companies, the security guards and the number of arrests from the big five critical crimes. To achieve this objective, this research selects a subject of study, the number of the security companies and security guards, and the number of occurrences of the big five critical crimes and arrests of the big five crimes from 1990 to 2005. The selected data are then analyzed according to the variables using SPSS 12.0. Each hypothesis is verified with the level of significance ${\alpha}$=.05 using the statistical techniques such as Correlation Analysis, Regression Analysis, etc. The following is the result of the study: First, the number of occurrences of the big five critical crimes affects the number of the security companies at a significant level. Second, the number of the security companies affects the number of arrests of the big five crime at a significant level.

• The Journal of the Korea Contents Association
• /
• v.19 no.7
• /
• pp.13-21
• /
• 2019

Because security of Internet of Things(IoT) products and others is poor, there are many hacking incidents To prevent security threats, it is important for companies to first make products with high security levels and choose products that are safe for users. In response, the Korea Internet & Security Agency is testing the security of IoT products and linked mobile apps to impose ratings. Security certification service is a service that tests IoT products and linked mobile apps to ensure certain levels of security and issues certificates when they meet the criteria. It can induce autonomous security enhancement of IoT products, contribute to strengthening security capabilities of IoT companies in Korea and vitalizing their overseas advancement, and have the expected effect of resolving public anxiety over IoT products. In this study, the criteria for IoT security certification are presented, but the importance priority is sought to be derived for assessment items that need to be strengthened. This will help to provide guidelines that can contribute to strengthening the security capabilities of domestic Internet companies and boosting their overseas advancement.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.199-208
• /
• 2021

This is an era of technology and with the rapid growth of the Internet, networks are continuously growing. Companies are shifting from simple to more complex networks. Since networks are responsible to transmit huge data which is often sensitive and a point of concern for hackers. Despite the sizes of the networks, all networks are subject to several threats. Companies deploy several security measures to protect their networks from unauthorized access. These security measures are implemented from the device level to the network level. Every security layer adds more to the security of the company's network. Firewalls are the piece of software that provides internal and external security of the network. Firewalls aim to enhance the device level as well as network-level security. This paper aims to investigate the different types of firewalls, their architecture, and vulnerabilities of the firewall. This paper improves the understanding of firewall and its various types of architecture.

• Journal of Information Technology Applications and Management
• /
• v.18 no.2
• /
• pp.91-108
• /
• 2011

Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

• Information Systems Review
• /
• v.14 no.3
• /
• pp.131-141
• /
• 2012

Depending on the sophistication of IT, it is increasing more and more information leaks and breaches. Accordingly the majority of companies have expand investment protection for the information. However, companies still have been exposed the vulnerability of information leakage. Especially, small IT service businesses than large corporations relatively have some limitations in the points of resources and manpower business activities. For studies on information security for small IT service companies so far, however, there have been insufficient studies considering small business scales and business characteristics of IT services. In this study, we made to design an information security management model for establishing security measures of small IT service companies which are classified SI/SM, DB, IR and IP industry that depending on how the value creation of the business. In detail, we performed an empirical analysis for small IT service business to consider business characteristics and we proposed security implementation strategies based on the analysis results.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.109-123
• /
• 2011

The maintenance prices in information security industry between Korean companies and foreign companies have been a big difference. Korea Information Security SW maintenance standards were not adequate for the rate, and there was disagreement between domestic companies and governments. This research, therefore, surveyed a standard of information SW and the status of maintenance payment rates. The study suggests an estimation method and verifies the method and an appropriate maintenance cost rate. According to the results of the study, the current maintenance cost should be increased or decreased independent with a kind of information security systems. Based on the study, Korea government is able to change the maintenance policy in information security. And the domestic companies get a theoretical ground for improving the rates of maintenance costs in information security systems and are able to allot the resources effectively.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.3-13
• /
• 2017

In the knowledge-information society, many domestic companies put lots of investment in technical development to possess core technologies and intellectual property. However, in the results of passive investment in security to protect their technologies compared to the active investment in technical development, the technology leaks from many companies and research institutes are rapidly increasing. Such increase of technology leaks not only causes damage to companies, but also has harmful effects on national economy directly and indirectly. Even though it has been perceived that a lot of industrial technology leak crimes are committed by former/current workers of small and medium-sized businesses, it is hard to find researches that mainly compare and analyze them. Therefore, this study aimed to understand the actual status of industrial technology leaks by analyzing cases of industrial technology leaks from 2014 to 2016 based on the type of victimized companies, corporate internal leakers' positions, matter of complicity, tools used for technology leaks, and motivation for technology leaks. Through the analysis in each type, the patterns and characteristics of industrial technology leaks were researched, and also the exploratory research on industrial security for the prevention of industrial technology leaks was conducted.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.27-34
• /
• 2017

In recent years, major security data such as research data and confidential documents have been leaked to the outside due to the carelessness of the companies and research institutes performing IT related services such as information technology projects and research and development of financial institutions, companies and public institutions is. Leakage cases are caused by leakage of personal information due to lack of security management of information system maintenance companies, such as unauthorized leakage or storage of related materials in outsourcing service process. In this paper, we analyzed the types and management status of service business through the environmental survey of corporate informatization business and analyzed the problems in development and maintenance using external service companies. Furthermore, in this paper, we provide an information system service that focuses on the business activities based on the items considered, and at the same time, it provides the informatization service for companies that can prevent infiltration of viruses and hacking from the outside. This paper presents a methodology for enhancing security for the system construction.