• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1079-1090
• /
• 2012

As the number of information asset and their vulnerabilities are increasing, it becomes more difficult for network security administrators to assess security vulnerability of their system and network. There are several researches for vulnerability analysis based on quantitative approach. However, most of them are based on experts' subjective evaluation or they require a lot of manual input for deriving quantitative assessment results. In this paper, we propose HRMS(Hacking and Response Measurement System) for enumerating attack path using automated vulnerability measurement automatically. HRMS can estimate exploitability of systems or applications based on their known vulnerability assessment metric, and enumerate attack path even though system, network and application's information are not fully given for vulnerability assessment. With this proposed method, system administrators can do proactive security vulnerability assessment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2121-2124
• /
• 2003

정보보호시스템의 국제공통평가기준인 CC(또는 ISO/IEC 1540B)에서는 평가용 문서(즉, 제출물)에 대한 세부지침을 포함하지 않고 있으므로, CC기반 평가체계를 구축하기 위해서는 문서 스키마(즉, 목차와 내용요구사항)를 개발해야 한다. 본 논문에서는 CC기반 평가체계에서 활용할 수 있는 문서 스키마를 개발하였다. CC내의 보증클래스로부터 Weakest precondition함수, 문서량 축소규칙, 문서 종속성 분석방법을 적용하여 문서스키마와 DTD를 개발하였다. 본 연구의 접근방법은 소프트웨어 품질의 평가체계에서 사용할 문서스키마 또는 DTD를 개발하는데 응용될 수 있다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.6
• /
• pp.1320-1326
• /
• 2011

National institutions on the importance of information security is being recognized, information security laws are being discussed in Congress 3.4 DDoS incident and Nonghyup hacking, etc. However, National Assembly Secretariat when the results of the Information Security Consulting has been assessed very low 61.2 points, evaluation of hardware and software in secure areas were vulnerable. This paper, the legislative support agencies National Assembly and National Assembly Secretariat on the network and computer systems, and managerial, technical and physical security elements are analyzed for the status. And network should have the legislative support agencies and system for the physical network separation, DDoS attack response, Virus attack response, hacking attacks response, and Cyber Emergency Response Team/Coordination Center for Cyber infringing design and research through the confidentiality, integrity, availability, access control, authentication and security analysis is based on the evaluation criteria. Through this study, the legislative support agencies to strengthen the security of data and security laws enacted to provide the basis for.

• The Journal of Society for e-Business Studies
• /
• v.7 no.1
• /
• pp.167-186
• /
• 2002

The encryption of a file on a PC before saving can maintain security of the file. However, if the key for the encrypted file is lost or damaged, the encrypted file can not be decrypted, resulting in serious economical loss to the user or the user group. In order to minimize the economical loss a secure and reliable key recovery technology is required. Presented in this paper is the development and evaluation of PKRS (PC based Key Recovery System) which supports encryption and decryption of file and recovery of the encrypted file in emergency. The encapsulating method, which attaches key recovery information to encrypted file, is applied to the PKRS. In addition, the PKRS is developed and evaluated according to the requirements of Requirements for Key Recovery Products proposed by NIST and requirements of Common Criteria 2.0 to prove the safety and reliability of the information security system. This system is applicable to a PC and can be further extended to internet or intranet environment information system where in encryption and recovery of file is possible.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.471-484
• /
• 2004

Recently. many projects have been actively implementing IPsec on the various Operating Systems for security of IPv6 network. But there is no existing tool that checks the IPsec-based systems, which provide IPsec services, work Properly and provide their network security services well In the IPv6 network. In this paper, we design SERDL(Security Evaluation Rule Description Language) and rule execution tool for evaluating security of the IPv6 network, and we provide implementation details. The system Is divided into following parts : User Interface part, Rule Execution Module part, DBMS part and agent that gathering information needed for security test.

• Convergence Security Journal
• /
• v.15 no.1
• /
• pp.105-113
• /
• 2015

This study is improvement plan to the Certification System thorough awareness analysis of the Private Security Guard Certification. It's understanding what problems of Private Security Guard Certification by making a qualitative analysis. The findings of the study were as follows: First. skill upgrade who evaluation committee's, Second, introduction of technology what imagery interpretation system, Third, a public offering of examination result and a formal objection.

• Journal of Digital Convergence
• /
• v.15 no.11
• /
• pp.251-259
• /
• 2017

Recently, the smart healthcare industry that grafted the Internet of Things (IoT) onto the healthcare and medical services is being highlighted. Smart healthcare refers to the healthcare and medical services offered on the basis of information communication technologies including application, wearable devices and platforms, etc. The number of next generation smart healthcare devices are increasing in the smart healthcare industry through the combination of information technology (IT) and Bio Technology (BT), which are the most active areas among the 6T, which are the areas of the next generation industry. With the emergence of a diverse range of smart healthcare systems or devices, whether the smart healthcare system can be linked with other systems organically and the security and quality of the system have become important elements of evaluation. In this Study, the characteristics and service types of smart healthcare systems were examined, and the trends in the technology and industry of the smart healthcare system were analyzed. Moreover, this Study aims to develop the evaluation method for security and standards for quality evaluation by deducing the factors for the evaluation of smart healthcare system on the basis of the results of aforementioned examination. It is anticipated that this can induce improvement of quality and development of highly reliable products of a smart healthcare system, and will become the core technology to substitute the technology protection barrier.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.599-603
• /
• 2006

Korea Information Security Agency has executed the certification system for the information security management since 2002 and examines the conformance of the IDCs'total management system including the technical and the physical protection measure. However, this certification system has the standard only for the IDC in the wire/wireless segregated and the evaluation method for the wire/wireless integrated has not been suggested yet. This paper is on the basis of "Accumulation Information Communication Facility Secure Principle", guidelines of Wireless LAN security operation, the existing principles and recommendations of the information security and the data on IDC environment. And the paper suggests the IDC network model in the wire/wireless integrated and the IDC evaluation method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.777-785
• /
• 2016

Engineering education accreditation addresses evaluation for program outcomes according to educational objectives and assessment process, which students are expected to obtain by the time of graduation in order to train international competitive engineers with continuous quality improvement in engineering programs. This paper shows a case study of a program outcomes assessment system including performance criteria, evaluation process, document system and continuous quality improvement process and an achievement evaluation by the assessment system for program outcomes in Information Security Program of Hoseo university.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1055-1062
• /
• 2021

As face-to-face education becomes difficult due to the spread of COVID-19, the use of e-learning content and virtual training is increasing. In the case of information security education, practice to learn response techniques is important, so simulation hacking and vulnerability analysis activities have been supported as virtual training for a long time. In order to increase the educational effect, contents should be designed similar to real situation, and learning activities to achieve the learning goals should be designed. In addition, excellent functions and scalability of the system supporting learning activities are required. The researcher developed an LMS evaluation index that supports non-face-to-face education by considering the key elements of non-face-to-face education and training. The developed evaluation index was applied to the information security education platform to verify its practical utility.