• The KIPS Transactions:PartC
• /
• v.12C no.1 s.97
• /
• pp.1-10
• /
• 2005

Electronic Data Interchange(EDI) between a number of companies goes on increasing on the internet. Although a conventional EDI system reduces business process efforts, time, resources, etc., important information is easily and frequently exposed by well trained hackers and crackers, which inflict a severe loss on the company and even put the company under a crisis. This study integrates the conventional EDI system and Virtual Private Tet(VPN) to maximize an overall efficiency of speed and security in data transferring by the level of importance. The EDI system interfaced to IPSec and L2TP of VPN allows us to select two modes : the one focuses on a high speed with a low or a medium level security or the other does on a high level security with a low or a medium level speed. Both the company and the end users get a lot of tangible and intangible advantages by integrating the EDI system and VPN.

• Journal of Convergence Society for SMB
• /
• v.2 no.2
• /
• pp.43-49
• /
• 2012

Recently, the safety of being processed in a corporate enterprise with a wide range of IT skills applied to the Corporate Affairs information services are increasing requirement. Businesses that are required by various IT corporate information technology services to companies that need to protect information being leaked to other companies, a security incident has been applied and is growing, but is lacking about how to respond to the protection of corporate information services. In this paper, the information that is important in the corporate authority by the user's access control model to reduce the number of security incidents such as information leakage and security services for enterprise informatization is proposed. The proposed model can be used in order to block the access of the users to access information managed by a central administrator role and the rights of users to access information any abnormality has been captured. In addition, the proposed model can take advantage of protecting corporate information from the systematic recovery and operational continuity strategies to build your company's information services.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.5
• /
• pp.762-767
• /
• 2002

In this paper, We suggest Credit Card and On-line Financial Business Method Using on Wireless Terminal. First, wireless mobile terminal of credit card member is received suity code from dealing verification system of credit card company. Second, a credit card member give security code to member store. Third, the security code is compared with security code of the member in dealing verification system of credit card company.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.183-194
• /
• 2010

A company's private network protected by a firewall and NAT(Network Address Translation) is not accessible directly through an external internet. However, as Reverse Connection technology used by NetCat extends to the technologies such as SSH Tunnel or HTTP Tunnel, now anyone can easily access a private network of corporation protected by a firewall and NAT. Furthermore, while these kinds of technologies are commercially stretching out to various services such as a remote control and HTTP Tunnel, security managers in a company or general users are confused under the circumstances of inner or outer regulation which is not allowed to access to an internal system with a remote control. What is more serious is to make a covert channel invading a company's private network through a malicious code and all that technologies. By the way, what matters is that a given security system such as a firewall cannot shield from these perceived dangers. So, we analyze the indirect access of technological methods and the status quo about a company's internal network and find a solution to get rid of the related dangers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.969-976
• /
• 2013

The information protection systems of company are intended to detect all weak points, intrusion, document drain. All actions of people in company are recorded and can check persistently. On the other hand, what analyze security log generated by these systems becomes more difficult. Most staff who manages the security systems, and analyze log is more incomprehensible than a user or a person of drain for an information distribution process of the work-site operations and the management procedure of the critical information. Such a reality say the serious nature of the internal information leakage that can be brought up more. While the research on the big data proceeds actively recently, the successful cases are being announced in the various areas. This research is going to present the improved big data processing technology and case of the security field.

• Information Systems Review
• /
• v.15 no.2
• /
• pp.1-19
• /
• 2013

Smart working sparked by iPhone3 opens a revolution in smart ways of working at any time, regardless of location and environment. Also, It provide real-time information processing and analysis, rapid decision-making and the productivity of businesses, including through the timely response and the opportunity to increase the efficiency. As a result, every company are developing mobile information systems. But company data is accessed from the outside, it has problems to solve like security, hacking and information leakage. Also, Mobile devices such as smart phones belonging to the privately-owned asset can't be always controlled to archive company security policy. In the meantime, public smart phones owned by company was always applied security policy. But it can't not apply to privately-owned smart phones. Thus, this paper is focused to archive company security policy, but also enable the individual's free to use of smart phones when we use mobile information systems. So, when we use smart phone as individual purpose, the normal operation of all smart phone functions. But, when we use smart phone as company purpose like mobile information systems, the smart phone functions are blocked like screen capture, Wi-Fi, camera to protect company data. In this study, we suggest the design and implementation of real time control and management of mobile device using MDM(Mobile Device Management) solution. As a result, we can archive company security policy and individual using of smart phone and it is the optimal solution in the BYOD(Bring Your Own Device) era.

• Convergence Security Journal
• /
• v.13 no.5
• /
• pp.129-135
• /
• 2013

The revised security industry law revised 17 provisions among 31 provisions in order to root out the violent event. The main contents of the revised security industry law is the intensitfication of the required condition of permission, intensitfication of the obligation, management strengthening of the public resentment of group field, official, reason of expansion of the expenses instructor and guard, dress and equipment, vehicle, intensitfication of the managing director, intensitfication of the punishment, and etc. However, there is the problem including the putting under an obligation of the arrangement new appointment education, cause provider punishment of the service company violence, awareness of the police to the security company, excessive regulation, intensification of punishment problem, supervision power intensitfication of the revised security industry law is excessive the police, and etc. The individual responsibility education completion method and public resentment of group field in addition to is thought in order to solve this that exclusion of the prior education obligation, revision of the security industry law, burden on tax payers of the extra charge, punishment of the violence request contract trader, introduction of the guard qualification certificate system, and etc. are needed.

• The Journal of Information Systems
• /
• v.11 no.1
• /
• pp.175-198
• /
• 2002

This paper is to develop a security module for electronic approval systems. Electronic documents are created, transmitted and saved in the company's intranet computer network. Transmitting electronic documents, however, brings us a security problem. Communications among various computer systems are exposed to many security threats. Those threats are eavesdropping, repudiation, replay back etc. The main purpose of this paper is to develop a module which provides the security of electronic documents while they are passed from one place to another This paper applies Multi-Level security to the electronic approval system that guarantees security of electronic documents from many threats. Multi-Level security controls the access to the documents by granting security level to subject users and object electronic documents. To prevent possible replay back attacks, this paper also uses one time password to the system. The security module is composed of client program and server one. The module was developed using Microsoft Visual Basic 6.0 and Microsoft SQL Server 7.0. The code uses Richard Bondi's WCCO(Wiley CryptoAPI COM Objects) library functions which enables Visual Basic to access Microsoft CryptoAPI.

• Journal of the Korea Convergence Society
• /
• v.7 no.6
• /
• pp.237-247
• /
• 2016

This study analyzed quantitative effects of ISMS certification. To measure the company value change the stock data was used and the methodology of event study was also applied. Event study methodology is a method of analyzing the effects of information or public announcement about certain events on the stock market through abnormal return of stock price. First, ISMS certification was acquired followed by the measurement of abnormal excess return of company. Based on the increase or decrease of abnormal excess return, the group was classified. There are 3 types of groups("Increase", "Reduce", "Maintain"). Next, the cluster analysis was performed for each group. Cluster analysis or clustering is the task of grouping a set of objects in such a way that objects in the same group (called a cluster) are more similar (in some sense or another) to each other than to those in other groups(clusters). The purpose of this study is to have a quantitative measurement of performance of ISMS certification. So, the result of this study will be promoted a company's ISMS certification acquisition. And it would further be beneficial to your company's information security activities.

• Journal of Information Technology Applications and Management
• /
• v.16 no.3
• /
• pp.73-86
• /
• 2009

To establish an effective security strategy, business enterprises need a security benchmarking tool. The strategy helps to lessen an impact and a damage in any threat. This study analyses many aspects of information security management and suggests a way to deal with security investments by considering important factors that affect security manager's decision. To address the different threats resulting from a major cause of accidents inside an enterprise, we investigate an approach that followed ISO17799. We unfold a criminology theory that has designated many measures against the threat as suggested by General Deterrence Theory. The study proposes a coherent model of the theory to improve the security measures especially in handling and protecting company assets and human lives as well.