• 제목/요약/키워드: Security Department

검색결과 4,701건 처리시간 0.033초

A Coherent Model in Upholding General Deterrence Theory and Impact to Information Security Management

  • Choi, Myeong-Gil;Ramos, Edwin R.;Kim, Man-Sig;Kim, Jin-Soo;Whang, Jae-Hoon;Kim, Ki-Joo
    • Journal of Information Technology Applications and Management
    • /
    • 제16권3호
    • /
    • pp.73-86
    • /
    • 2009
  • To establish an effective security strategy, business enterprises need a security benchmarking tool. The strategy helps to lessen an impact and a damage in any threat. This study analyses many aspects of information security management and suggests a way to deal with security investments by considering important factors that affect security manager's decision. To address the different threats resulting from a major cause of accidents inside an enterprise, we investigate an approach that followed ISO17799. We unfold a criminology theory that has designated many measures against the threat as suggested by General Deterrence Theory. The study proposes a coherent model of the theory to improve the security measures especially in handling and protecting company assets and human lives as well.

  • PDF

SIP 호 설정 메시지기반 서비스 거부 공격패턴 및 분석시스템에 관한 연구 (A Study on Attack Pattern and Analysis System against SIP Signaling Message-based DoS)

  • 하도윤;김환국;고경희;이창용;김정욱;정현철
    • 한국정보처리학회:학술대회논문집
    • /
    • 한국정보처리학회 2009년도 추계학술발표대회
    • /
    • pp.653-654
    • /
    • 2009
  • 인터넷전화의 활성화와 더불어 SIP 프로토콜의 사용이 증가하고 있다. 최근 DDoS 공격이 주요위협으로 이슈가 되고 있으며, 향후 SIP관련 서비스 대상 서비스 거부 공격 위협도 증가할 것으로 예상된다. 본 논문에서는 SIP 프로토콜의 특성을 이용한 SIP서비스 거부 공격들의 유형을 살펴보고, SIP 프로토콜의 특성을 이용한 서비스거부 공격 탐지를 위한 고려사항을 바탕으로 분석시스템 아키텍처를 제안한다. SIP서비스 거부공격의 유형은 분류 기준에 따라 다양할 수 있으나, 본 논문에서는 SIP 프로토콜의 특성을 이용한 공격 기법을 대상으로 한다. SIP서비스 거부 공격 트래픽 분석을 위해 정보수집, 정보분석, 정보관리 기능을 고려한다.

국내 산업보안 유관기관 조사를 통한 산업보안 전담부서 필요성 제고 (A Study for Enhancing Necessity of Certain Industrial Security Charge Department through Investigating Domestic Industrial Security Organization)

  • 이효직;류보라;김화영;이재균;김예인;장항배
    • 한국전자거래학회지
    • /
    • 제21권2호
    • /
    • pp.121-133
    • /
    • 2016
  • 모든 산업은 ICT 기술의 적용 및 산업기술의 급속한 발전에 따라 신기술 개발 및 확보를 위한 연구 투자가 확대되고 있으며, 이러한 신기술을 보호하려는 노력도 동시에 강화되고 있다. 하지만 이러한 기술보호에 대한 노력은 단순히 기업에서 이루어져야 하는 것이 아니라 국가 경쟁력 차원에서 여러 정부기관이 관심을 가지고 다양한 산업보안 활동을 수행해야 한다. 본 논문에서는 산업자산 보호 및 기술유출 방지를 위해 산업보안 활동을 수행하고 있는 산업보안 유관기관에 대해 조사해보고 각 기관의 산업보안 업무에 대해서 알아보고자 한다. 또한 본 논문에서는 산업보안 유관기관 조사 및 비교를 통해 현재 정부기관의 산업보안 운영에 대한 문제점을 논의해보고 산업보안 발전 및 효율적 업무를 위한 정부 내 산업보안 담당부서의 필요성에 대해 제고해보려고 한다.

기업 보안 유형에 따른 보안사고 대응역량 : 사회기술시스템 이론 관점에서 (Incident Response Competence by The Security Types of Firms:Socio-Technical System Perspective)

  • 이정환;정병호;김병초
    • 한국IT서비스학회지
    • /
    • 제12권1호
    • /
    • pp.289-308
    • /
    • 2013
  • This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

A study on classification of the security controls for the effective implementation to nuclear power plant

  • Han, Sang Min;Lee, Chanyoung;Chae, Young Ho;Seong, Poong Hyun
    • Nuclear Engineering and Technology
    • /
    • 제54권4호
    • /
    • pp.1245-1252
    • /
    • 2022
  • As regulatory bodies require full implementation of security controls in nuclear power plants (NPPs), security functions for critical digital assets are currently being developed. For the ultimate introduction of security controls, not alternative measures, it is important to understand the relationship between possible cyber threats to NPPs and security controls to prevent them. To address the effectiveness of the security control implementation, this study investigated the types of cyber threats that can be prevented when the security controls are implemented through the mapping of the reorganized security controls in RS-015 to cyber threats on NPPs. Through this work, the cyber threat that each security control can prevent was confirmed, and the effectiveness of several strategies for implementing the security controls were compared. This study will be a useful reference for utilities or researchers who cannot use design basis threat (DBT) directly and be helpful when introducing security controls to NPPs that do not have actual security functions.

lwEPSep: A Lightweight End-to-end Privacy-preserving Security Protocol for CTI Sharing in IoT Environments

  • Hoonyong Park;Jiyoon Kim;Sangmin Lee;Daniel Gerbi Duguma;Ilsun You
    • Journal of Internet Technology
    • /
    • 제22권5호
    • /
    • pp.1069-1082
    • /
    • 2021
  • The Internet of Things (IoT) is vulnerable to a wide range of security risks, which can be effectively mitigated by applying Cyber Threat Intelligence (CTI) sharing as a proactive mitigation approach. In realizing CTI sharing, it is of paramount importance to guarantee end-to-end protection of the shared information as unauthorized disclosure of CTI is disastrous for organizations using IoT. Furthermore, resource-constrained devices should be supported through lightweight operations. Unfortunately, the aforementioned are not satisfied by the Hypertext Transfer Protocol Secure (HTTPS), which state-of-the-art CTI sharing systems mainly depends on. As a promising alternative to HTTPS, Ephemeral Diffie-Hellman over COSE (EDHOC) can be considered because it meets the above requirements. However, EDHOC in its current version contains several security flaws, most notably due to the unprotected initial message. Consequently, we propose a lightweight end-to-end privacy-preserving security protocol that improves the existing draft EDHOC protocol by utilizing previously shared keys and keying materials while providing ticket-based optimized reauthentication. The proposed protocol is not only formally validated through BAN-logic and AVISPA, but also proved to fulfill essential security properties such as mutual authentication, secure key exchange, perfect forward secrecy, anonymity, confidentiality, and integrity. Also, comparing the protocol's performance to that of the EDHOC protocol reveals a substantial improvement with a single roundtrip to allow frequent CTI sharing.

Access Policy Transfer Between Active Nodes Using Identities

  • Kim, Young-Soo;Han, Jong-Wook;Seo, Dong-Il;Sohn, Seung-Won
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 제어로봇시스템학회 2003년도 ICCAS
    • /
    • pp.2178-2181
    • /
    • 2003
  • Active networks allow active node’s functionality to be extended dynamically through the use of active extensions. This flexible architecture facilitates the deployment of new network protocols and services. However, the active nature of a network also raises serious safety and security concerns. These concerns must be addressed before active networks can be deployed. In this paper we look at how we can control active extension’s access to different active nodes. Specifically, the authentication between active nodes is very important in this case. We use unique identity each node has for transferring access policies between active nodes. In this paper, we suggest a new method of transferring access policies performing authentications using identities between active nodes.

  • PDF

Access Control Models for XML Databases in the Cloud

  • Alfaqir, Shumukh;Hendaoui, Saloua;Alhablani, Fatimah;Alenzi, Wesam
    • International Journal of Computer Science & Network Security
    • /
    • 제22권5호
    • /
    • pp.89-96
    • /
    • 2022
  • Security is still a great concern to this day, albeit we have come a long way to mitigate its numerous threats. No-SQL databases are rapidly becoming the new database de-facto, as more and more apps are being developed every day. However, No-SQL databases security could be improved. In this paper, we discuss a way to improve the security of XML-based databases with the use of trust labels to be used as an access control model.

산업융합환경을 위한 보안 거버넌스 프레임워크 설계 (A Design on Security Governance Framework for Industry Convergence Environment)

  • 이효직;나원철;성소영;장항배
    • 한국융합학회논문지
    • /
    • 제6권4호
    • /
    • pp.33-40
    • /
    • 2015
  • 산업과 ICT 기술간의 융합으로 새로운 부가가치를 창출할 수 있는 융합환경이 도래되어짐에 따라 경제성장과 더불어 우리의 삶의 질이 향상 되고 있지만 이러한 융합환경은 다수의 이익만을 제공하는 것이 아니라 융복합적인 보안 위협이 발생됨에 따라 다양한 보안문제를 발생시켰다. 이러한 보안 문제를 해결하기 위해서는 기존의 기술적인 접근으로 단편적인 보안 문제 해결방식이 아닌 통합적인 관점에서 보안문제를 접근할 필요가 있다. 그래서 본 연구에서는 전략적 관점, 관리적/운영적관점, 기술적 관점 등 다차원적인 관점에서 신뢰성 있는 보안 거버넌스 관리를 할 수 있도록 인적측면이 고려되어진 보안 거버넌스 프레임워크를 개발하였다. 그래서 이 프레임워크를 통해 보안 관리에 대한 단일 기준을 제시함으로서 최고 경영진들의 직접적인 관여가 가능하고 조직구성원들이 스스로 보안활동을 수행하고 책임 질수 있는 신뢰성 있는 보안관리체계를 구축할 수 있을 것이다.

Big Data Security and Privacy: A Taxonomy with Some HPC and Blockchain Perspectives

  • Alsulbi, Khalil;Khemakhem, Maher;Basuhail, Abdullah;Eassa, Fathy;Jambi, Kamal Mansur;Almarhabi, Khalid
    • International Journal of Computer Science & Network Security
    • /
    • 제21권7호
    • /
    • pp.43-55
    • /
    • 2021
  • The amount of Big Data generated from multiple sources is continuously increasing. Traditional storage methods lack the capacity for such massive amounts of data. Consequently, most organizations have shifted to the use of cloud storage as an alternative option to store Big Data. Despite the significant developments in cloud storage, it still faces many challenges, such as privacy and security concerns. This paper discusses Big Data, its challenges, and different classifications of security and privacy challenges. Furthermore, it proposes a new classification of Big Data security and privacy challenges and offers some perspectives to provide solutions to these challenges.