• 한국정보통신학회논문지
• /
• 제26권2호
• /
• pp.265-270
• /
• 2022

4차 산업혁명 시대가 도래하면서 보안의 패러다임도 바뀌고 있다. 클라우드 컴퓨팅과 코로나바이러스로 인해 원격근무가 활발해지면서 업무 환경이 변화하고 동시에 공격기법들도 지능화·고도화되는 현 상황에서기업에서는 새로운 보안 모델을 도입해 현재 보안시스템을 더 강화해야 한다. 제로 트러스트 보안은 모든 것을 의심하고 신뢰하지 않는다는 핵심 개념을 기반으로 모든 네트워크를 감시하고 접근 요청자에 대한 엄격한 인증과 최소한의 접근 권한을 허용함으로써 보안성을 높인다. 또한, 접근제어 강화를 위한 제로 트러스트 기반 보안시스템을 위해 식별 주체 및 데이터에 대한 NAC와 EDR 활용과 MFA를 통한 엄격한 신원 인증에 대해 설명 한다. 본 논문은 기존 보안시스템의 한계점을 극복하는 제로 트러스트 보안시스템을 소개하고, 접근제어를 강화하는 방안을 제안한다.

• 한국멀티미디어학회논문지
• /
• 제20권12호
• /
• pp.1940-1950
• /
• 2017

The security threat types in underwater communication networks environment are almost the same as the terrestrial, but the security of mechanisms the terrestrial RF-based networks environment can not be directly applied due to not only the limited resources of each node but also unsafe channel such as low propagation delay, high bit error rate etc. Nevertheless there has not been much research on the security of underwater acoustic communication networks. Therefore, in this paper analyzes the differences between the terrestrial communication networks and underwater acoustic communication networks, and identifies issues that are the starting points of underwater communication networks security research.

• 한국경영과학회:학술대회논문집
• /
• 한국경영과학회 2004년도 추계학술대회 및 정기총회
• /
• pp.147-157
• /
• 2004

Enterprises and governments currently utilize COTS based information systems which are a kind of component based systems. Especially, COTS are widely utilized as information security systems and information systems including information security functions. This paper suggests an appropriate adaptation level of security functional components and a cost effective priority among them. To make a cost effective decision on adapting security functional components, this paper develops a hierarchical model of information security technologies and analyzes findings through multiple decision-making criteria.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권3호
• /
• pp.1611-1625
• /
• 2019

The emergence of new technologies and devices brings a new environment in the field of cyber security. It is not easy to predict possible security threats about new environment every time without special criteria. In other words, most malicious codes often reuse malicious code that has occurred in the past, such as bypassing detection from anti-virus or including additional functions. Therefore, we are predicting the security threats that can arise in a new environment based on the history of repeated malicious code. In this paper, we classify and define not only the internal information obtained from malicious code analysis but also the features that occur during infection and attack. We propose a method to predict and manage security threats in new environment by continuously managing and extending.

• International Journal of Computer Science & Network Security
• /
• 제21권4호
• /
• pp.199-208
• /
• 2021

This is an era of technology and with the rapid growth of the Internet, networks are continuously growing. Companies are shifting from simple to more complex networks. Since networks are responsible to transmit huge data which is often sensitive and a point of concern for hackers. Despite the sizes of the networks, all networks are subject to several threats. Companies deploy several security measures to protect their networks from unauthorized access. These security measures are implemented from the device level to the network level. Every security layer adds more to the security of the company's network. Firewalls are the piece of software that provides internal and external security of the network. Firewalls aim to enhance the device level as well as network-level security. This paper aims to investigate the different types of firewalls, their architecture, and vulnerabilities of the firewall. This paper improves the understanding of firewall and its various types of architecture.

• International Journal of Contents
• /
• 제7권3호
• /
• pp.71-81
• /
• 2011

This paper is mainly associated with setting out an agenda for the transformation of security by creating a new framework for a security system, which can maximise its effectiveness. Noticeably, this research shows empirically that crimes are getting a major cost to organisations, which if reduced by security and investigations could reap substantial rewards to the finances of an organisation. However, the problem is that the delivery of security is frequently delegated to personnel (e.g. security guards) with limited training, inadequate education, and no real commitment to professionalism - 'sub-prime' security, finally causing security failures. Therefore, if security can be enhanced to reduce the crime cost, this will produce financial benefits to business, and consequently could produce a competitive advantage. For this, the paper basically draws upon Luke's theoretical framework for deconstructing 'power' into three dimensions. Using this three-dimensional approach, the paper further sets out a model of how security can be enhanced, utilising a new Security Risk Management (SRM) model, and how can this SRM model create competitive advantage in business. Finally, this paper ends with the six strategies needed to enhance the quality of security: refiguring as SRM, Professional Staff, Accurate Measurement, Prevention, Cultural Change, and Metrics.

• Nuclear Engineering and Technology
• /
• 제54권7호
• /
• pp.2467-2474
• /
• 2022

Nuclear Power Plants (NPPs) are the most protected facilities among all critical infrastructures (CIs). In addition to physical security, cyber security becomes a significant concern for NPPs since swift digitalization and overreliance on computer-based systems in the facility operations transformed NPPs into targets for cyber/physical attacks. Despite technical competencies, humans are still the central component of a resilient NPP to develop an effective nuclear security culture. Turkey is one of the newcomers in the nuclear energy industry, and Turkish Akkuyu NPP has a unique model owned by an international consortium. Since Turkey has limited experience in nuclear energy industry, specific multinational and multicultural characteristics of Turkish Akkuyu NPP also requires further research in terms of the Facility's prospective nuclear security. Yet, the link between "national cultures" and "nuclear security" is underestimated in nuclear security studies. By relying on Hofstede's national culture framework, our research aims to address this gap and explore possible implications of cross-national cultural differences on nuclear security. To cope with security challenges in the age of hybrid threats, we propose a security management model which addresses the need for cyber-physical security integration to cultivate a robust nuclear security culture in a multicultural working environment.

• 한국항행학회논문지
• /
• 제25권6호
• /
• pp.492-497
• /
• 2021

Smart Security는 국제공항협의회가 전 세계 공항, 항공사, 정부 기관과 협력하여 시작한 글로벌 이니셔티브이다. 이 계획의 주요 목적은 승객과 휴대수하물의 검색에 있어 큰 변화(step change), 증가하는 보안 비용, 지속적으로 진화하는 위협 등에 대응하기 위한 것이다. 인천공항은 미래형 보안검색 구현을 위해 스마트 보안검색장비 도입을 추진하여 보안성 강화, 승객편의 및 운영효율성 향상 도모함으로 최고의 보안환경을 구축하여 테러 및 불법방해행위 방지를 위해 최선을 다 하여야한다.

• International Journal of Computer Science & Network Security
• /
• 제24권1호
• /
• pp.196-204
• /
• 2024

The security of data and information using encryption algorithms is becoming increasingly important in today's world of digital data transmission over unsecured wired and wireless communication channels. Hybrid encryption techniques combine both symmetric and asymmetric encryption methods and provide more security than public or private key encryption models. Currently, there are many techniques on the market that use a combination of cryptographic algorithms and claim to provide higher data security. Many hybrid algorithms have failed to satisfy customers in securing data and cannot prevent all types of security threats. To improve the security of digital data, it is essential to develop novel and resilient security systems as it is inevitable in the digital era. The proposed hybrid algorithm is a combination of the well-known RSA algorithm and a simple symmetric key (SSK) algorithm. The aim of this study is to develop a better encryption method using RSA and a newly proposed symmetric SSK algorithm. We believe that the proposed hybrid cryptographic algorithm provides more security and privacy.

• 전자통신동향분석
• /
• 제14권6호통권60호
• /
• pp.51-63
• /
• 1999

IPSEC (Internet Protocol Security) is a network layer security protocol that is designed to support secure TCP/IP environment over the Internet considering flexibility, scalability, and interoperability. IPSEC primarily supports security among hosts rather than users unlike the other security protocols. Recently, IPSEC is emphasized as one of the important security infrastructures in the NGI (Next Generation Internet). It also has suitable features to implement VPN (Virtual Private Network) efficiently and its application areas are expected to grow rapidly. In this paper, the basic concepts and related standard documents of IPSEC will be introduced.