• Journal of Information Processing Systems
• /
• v.16 no.5
• /
• pp.1064-1073
• /
• 2020

The general situation of system composition and safety management of high-speed railway terminal is investigated and a comprehensive evaluation index system of operational security is established on the basis of railway laws and regulations and previous research results to evaluate the operational security management of the high-speed railway terminal objectively and scientifically. Index weight is determined by introducing interval eigenvalue method (IEM), which aims to reduce the dependence of judgment matrix on consistency test and improve judgment accuracy. Operational security status of a high-speed railway terminal in northwest China is analyzed using the traditional model of fuzzy comprehensive evaluation, and a general technique idea and references for the operational security evaluation of the high-speed railway terminal are provided. IEM is introduced to determine the weight of each index, overcomes shortcomings of traditional analytic hierarchy process (AHP) method, and improves the accuracy and scientificity of the comprehensive evaluation. Risk factors, such as terrorist attacks, bad weather, and building fires, are intentionally avoided in the selection of evaluation indicators due to the complexity of risk factors in the operation of high-speed railway passenger stations and limitation of the length of the paper. However, such risk factors should be considered in the follow-up studies.

• Journal of Digital Convergence
• /
• v.15 no.12
• /
• pp.303-311
• /
• 2017

As new information technology emerges, companies are introducing an Enterprise Security Management system to cope with new security threats, reducing redundant investments and waste of resources and counteracting security threats. Therefore, it is necessary to construct a security evaluation metric based on related standards to demonstrate that the Enterprise Security Management(ESM) System meets security. Therefore, in order to construct a metric for evaluating the security of the ESM, this study analyzed the security quality related requirements of the ESM and constructed a metric for measuring the degree of satisfaction. This metric provides synergies through the unification of security assessments that comply with ISO/IEC 15408 and ISO/IEC 25000 standards. It is expected that the evaluation model of the security quality level of ESM will be established and the evaluation method of ESM will be standardized in the future.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• ETRI Journal
• /
• v.31 no.5
• /
• pp.554-564
• /
• 2009

In information security and network management, attacks based on vulnerabilities have grown in importance. Malicious attackers break into hosts using a variety of techniques. The most common method is to exploit known vulnerabilities. Although patches have long been available for vulnerabilities, system administrators have generally been reluctant to patch their hosts immediately because they perceive the patches to be annoying and complex. To solve these problems, we propose a security vulnerability evaluation and patch framework called PKG-VUL, which evaluates the software installed on hosts to decide whether the hosts are vulnerable and then applies patches to vulnerable hosts. All these operations are accomplished by the widely used simple network management protocol (SNMP). Therefore, system administrators can easily manage their vulnerable hosts through PKG-VUL included in the SNMP-based network management systems as a module. The evaluation results demonstrate the applicability of PKG-VUL and its performance in terms of devised criteria.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.669-672
• /
• 2003

Computing and Networking technologies are rapidly developed. A lot of hacking events are occurring. As a result, people have a interesting for security in these days. Network security systems have come to be widely used in our networks. But, objective testing method to evaluate network sorority system is not established. Therefore we have difficulties that select a system. In this paper, we investigate evaluation methods for network sorority systems(Firewall, IDS, IPS etc.) and, design a evaluation tool for network security systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.131-144
• /
• 2010

IT developed countries since the late 1980s are used to develop IT security evaluation criteria to ensure safety and reliability of information protection products. Currently a variety of products used for the evaluation based on CC and it takes a long period of product evaluation is required to reduce the developers and users. In this paper refer to the published standard evaluation schedule for the EAL4 calculation model offers a trial period. In addition, based on this commitment by adjusting the number of evaluaters to evaluate the applicant in the evaluation period to minimize the position offers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1153-1166
• /
• 2015

With the acceleration of information digitization caused by fast growth of Information Technology, the application of digital forensics has increased but it is underestimated because digital evidence is easy to forge. Especially, the evaluation of the reliability of digital forensics organization is judged only by judges domestically because there is no objective verification system or evaluation method of the capability of digital forensics organization. Therefore, the evaluation model and indices of the capability of digital forensics concentrated on the digital forensics organization, personnel, technology, facilities and the procedure in domestic justice system was presented in this research after reviewing the domestic and foreign evaluation method and the standard of the capability of digital forensics and information security. The standard for judicial evaluation of digital evidence and composition, management, evaluation of digital forensics organization would be presented based on this research.

• Convergence Security Journal
• /
• v.3 no.1
• /
• pp.23-30
• /
• 2003

As IT industries grow rapidly, many kinds of problems related to information security have gained force. Demands for information security products such as firewall, Intrusion Detection System have grown and the reliability and the safety of information security products is gathering strength. The evaluation for information security products is putting in operation, but developers have a difficulty in timely presenting their products due to long time for the evaluation. In this paper, we suggest the efficient elevation method for information security product by improving the development process in order to meet the assurance requirements of the Common Criteria.

• Journal of Korean Society for Quality Management
• /
• v.49 no.1
• /
• pp.47-60
• /
• 2021

Purpose: This study proposes methods and procedures for evaluating imaging security systems quality of cabinet x-ray screening system to enhance performance certification technology. Also, conducted a comparative analysis of the literature of test-kit for imaging security quality evaluation. Methods: Comparative analysis of the test-kits and related documents for image quality assessment of cabinet x-ray screening equipment. This allows assessment items were selected and the methods for each assessment item were proposed. In addition, the configuration method of the assessment team was established by applying the technology readiness assessment(TRA). Results: Four of the assessment items were selected when estimate image quality by a comparative analysis of literature. For each assessment item, the evaluation method and minimum level of availability were determined. Finally, this paper proposes an imaging quality assessment of cabinet X-ray imaging security systems. Conclusion: Development of imaging security systems evaluation procedures for cabinet X-ray screening systems can be help improve performance certification of aviation security equipment.

• Journal of Advanced Navigation Technology
• /
• v.12 no.4
• /
• pp.384-391
• /
• 2008

These days, along with the information society, the value of information has emerged as a powerful factor for a company's development and sustainability, and therefore, the importance of the Information Security and Management System (ISMS) has emerged and become an integral part of all areas of business. In this paper, ISMS evaluation methods from around the world are compared and analyzed with the standards of various management guidelines, definitions, management of threats and vulnerability, approaches to result calculations, and the evaluation calculation indexes for domestic to propose the best method to evaluate the Information Security Management System that will fit the domestic environment.