• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.31-37
• /
• 2010

The risks and threats in IT security systems to protect, prevent damage and Risk should be minimized. Context of information security products such as information processing, storage, delivery, and in the process of information system security standards, That is the basic confidentiality, availability, integrity and secondary clarity, potential evidence, detection, warning and defense capabilities, to ensure sufficient and should be. Web services are the most important elements in the security, the web nature of port 80 for the service to keep the door open as a structure, Web applications, web sources and servers, networks, and to hold all the elements are fundamental weaknesses. Accordingly, these elements through a set of Web application development errors and set-up errors and vulnerabilities in Web applications using their own home pages and web servers to prevent hacking and to improve the efficiency of Web services is proposed methodology performs security BMT.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.423-432
• /
• 2003

It is essential suity management and standardized asset analysis for telecommunication networks, however existing risk analysis methods and tools are not enough to give shape of the method to evaluate value and asset. they only support asset classification schemes. Moreover, since the existing asset classification schemes are to evaluate comprehensive general risk, they are not appropriate for being applied telecommunication networks and they can´t offer any solutions to an evaluator´s subjectivity problem. In this paper, to solve these problems, we introduce the standardized definition of asset evaluation model new asset classification scheme, two-dimensional asset process classification scheme to consider business process and asset, various evaluation standards for quantitative value and qualitative evaluation. To settle an valuator´s subjectivity problem, we proposed $\beta$-distribution Delphi method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1261-1266
• /
• 2021

Existing information security risk assessment methods focus on evaluating the vulnerability of information assets. However, when the form of information assets changes and new types of information assets emerge, there is a limitation in that the evaluation standards for them are also added or deleted. Existing methods have insufficient research on the path through which cyber threats are introduced. In particular, there is very little research on blocking the inflow path for web-based information systems with public IPs. Therefore, this paper introduces the main research contents of the BDLA (Blockade and Defense Level Analysis)-based information security risk assessment model. In addition, by applying the BDLA-based information security risk assessment model, the information security risk level was studied by measuring the blockade level and security equipment level of 17 public institutions.

• Journal of Internet Computing and Services
• /
• v.8 no.4
• /
• pp.119-128
• /
• 2007

In this paper, We study on the Data Quality Model of ISO/IEC 25012 among the Software product Quality Requirements and Evaluation(SQuaRE) in ISO/IEC 25000 Series. Because of the increasing data, user require the accuracy data, recent data, suitable data for used tools, complied security and not open to be public. We research the data quality management in the point of application of be affect influenced low quality in business. We propose the testing items and we propose the method of the evaluation proposed testing items. We study on the basis international Standards ISO/IEC 25012 and ISO/IEC 9126-2 and we proposed the testing method quantitatively on the basis of ISO/IEC 25000.

• Korean Security Journal
• /
• no.30
• /
• pp.117-138
• /
• 2012

To cope with rapidly increasing crimes, the Smart-home system has become common to minimize and prevent crimes in the residential space. Accordingly, the interest on the security-related Smart-home system is also increasing. First is the establishment of Smart-home security standard. At present, the Smart-home security systems are implemented by individual policies of construction companies or by the requirement of residents. Each construction company has their own characteristics in the Smart-home security system; while there is no standardized system. Second is the introduction of Smart-home security certificate system. Like people have certificates, now the residential spaces may also need certificates. A certificate system that represents the performance of residential spaces cannot be an absolute criterion in the evaluation of apartment quality, however, it can be a basic requirement for the convenient residential environment and policies being implemented by the government. If a certificate system would be introduced, construction companies will compete with each other to provide with better security system and apartment operation companies will hire more specialized security personnel in order to get higher certificates. Consequently, better security of residential space will be secured. It is also required to develop and establish response measures by studying the key changes and trends of Smart-home security system. The advance in mechanical security devices will bring about more changes in the future. Therefore, more various in-depth studies are required on the basic specifications of security system in the residential spaces.

• The KIPS Transactions:PartC
• /
• v.17C no.5
• /
• pp.407-414
• /
• 2010

A condition access system (CAS) refers to a hardware-based system that allows only authenticated users to have access to contents. The CAS has many disadvantages found in that in the replacement of multiple service operator (MSO) a set-top box should be also changed and the smart-card often causes malfunction. To deal with the problems, exchangeable CAS (XCAS) was developed in 2009. However the standards or evaluation schemes for XCAS are absent. Existing evaluation schemes are not appropriate for evaluating XCAS due to the evaluation standard, the evaluation cost and efficiencies. Therefore, a specific scheme that can evaluate the security and suitability of exchangeable conditional access systems has been requested. In this paper, we propose an appropriate evaluation scheme for XCAS. The evaluation scheme includes an evaluation purpose and four components to evaluate the evaluation target, the evaluation process, the evaluation subject, and the evaluation cost involved.

• Journal of Korean Society of Rural Planning
• /
• v.20 no.1
• /
• pp.1-12
• /
• 2014

Living environments in rural area have become deteriorated rapidly. Increase of aging population, decline in agricultural income, polarization of wealth in rural community due to rural returners have caused severe decline and imbalance of living environments in rural area. Responding to this circumstances, governments currently develop projects for improving living environments focusing on individual housing which were excluded from governmental supports because those had been regarded as private property. Nevertheless, there are still some gaps and problems in evaluating the quality of living environment and suggesting effective solutions. It would be because standards and guidelines of the projects have been based on urban housing system. In order to support the implementation of the projects, this research has developed an index for evaluating and monitoring the quality of living environments in rural area. By applying Delphi method, the index has been created in four categories of 'security', 'convenience', 'comfortability', and 'durability' 'Security' consists of structural safety, crime, disaster, accident prevention. 'Convenience' includes three divisions of living, traffic, farm working. 'Comfortability' is divided into sanitation, indoor environments, and aesthetic appreciation. Lastly, 'durability' has four divisions of energy conservation, environmental friendliness, efficiency, and economics. Each sub-division also has different items from three to twelves. In the case of an index for performance evaluation, items have been derived from energy conservation(6-items), and environmental friendliness(7-items). Items developed as an index for evaluating rural living environments in this research might be good background information for remodeling project in rural housing development.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.23-33
• /
• 2013

Recently in the field of IT, cloud computing technology has been deployed rapidly in the current society because of its flexibility, efficiency and cost savings features. However, cloud computing system has a big problem of vulnerability in security. In order to solve the vulnerability of cloud computing systems security in this study, impact types of virtual machine about the vulnerability were determined and the priorities were determined according to the risk evaluation of virtual machine's vulnerability. For analyzing the vulnerability, risk measurement standards about the vulnerability were defined based on CVSS2.0, which is an open frame work; and the risk measurement was systematized by scoring for relevant vulnerabilities. Vulnerability risk standards are considered to suggest fundamental characteristics of vulnerability and to provide the degree of risks and consequently to be applicable to technical guides to minimize the vulnerability. Additionally, suggested risk standard of vulnerability is meaningful as the study content itself and could be used in technology policy project which is to be conducted in the future.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.49-58
• /
• 2006

Currently there are many standards of network management. They are : SNMP (Simple Network Management Protocol-for Internet management), CMIP (Common Management Information Protocol-standardized by ITU-T and ISO), RMON (Remote network MONitoring-for distributed management of the LAN segment), and so on. Especially RMON has created the many concerns in order to manage subnetworks of a large network, but it has negative aspects. For instance, routers or hubs with RMON capability are expensive to a network manager because of adding heavy management cost. Moreover it imposes a heavier burden on network manager, because it must use a network management tool which will be additionally needed with RMON device. This paper proposes a model of PC based RMON Agent system. The RMON Agent system monitors the traffic on LAN segment through the use of a Virtual Device Driver (VxD), based on PC. In term of cost this model will replace the expensive RMON device, and eventually enable a network manager to manage LAN segment more efficiently, due to reduced cost.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.1-6
• /
• 2007

It is important to manage and correctly evaluate the performance of server in order to improve he performance of server. That is, with the aim of finding whether resources are properly utilized, it is a method to improve both software and hardware aspects. Conventional method in evaluating the server performance involved installing software between server and client and generating the load and by simulating the process, it evaluated the handing efficiency of work load generated per packet volume. Therefore, this paper aims to pro-vide precise measurement method by distinguishing the characteristics of web server and the users' usage pattern and by evaluating the work load management through applying various standards. Specially, it presents the evaluation method from web service of personal and business.