• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.143-153
• /
• 2013

The objective of this study is to present improvement of Weapon System T&E(Test and Evaluation) correspond to future environment by analyzing restrictions such as change of future weapon system procurement environment, and present T&E management system, organization and resource etc. The results of this study will be aid of produ ction dicision making by timely risk management through early identification of deficiency on the process of weapon system development, and suitability of combat determination.

• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.63-74
• /
• 2005

Security products were developed and diffused for defense all emergency on cyberspace on E-commerce, but it requires special technique of information security in maintenance. The operation and need of security system was required in a public corporation and company, but it isn't provided in an appropriate time. Therefore, the domestic sites were vulnerable by security vulnerability. In this paper, we propose on the design and implementation of the data integrity analysis system that a novice manage usefully and automatically for management of E-commerce security products.

• The Journal of the Korea Contents Association
• /
• v.10 no.6
• /
• pp.156-165
• /
• 2010

ESM(Enterprise Security Management) is representing domestic security management, and there is requirement to enhance it. This paper will evaluate quality of ESM products, understand its quality level, and derive method to improvement so as to develop security evaluation model and test methodology which can support quality enhancement. In addition, it presented the performance test cases and evaluation method to measure product's security quality, and to perform research on the judgement method for the results based on appropriate criteria. Developed quality evaluation model is expected perform important role in evaluating and enhancing the quality of intrusion prevention system.

• Nuclear Engineering and Technology
• /
• v.49 no.3
• /
• pp.517-524
• /
• 2017

Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.763-777
• /
• 2021

Information security started as an IT operation process and is now recognized as an important issue of information technology, and each international organization is newly defining the concept. Information security itself is a new combination of IT technologies, a set of technologies and a technology area. As IT outsourcing becomes common in many public sectors, SLAs are introduced to evaluate the level of IT services. In the area of information security, many studies have been conducted on the derivation and selection of SLA performance indicators, but it is difficult to find a way to apply the performance indicators to service level evaluation and performance systems. This thesis conducted a study on the application of a service evaluation system for information security performance indicators based on the public sector and a performance system including compensation regulations. It presents standards and rewards(incentive and penalty) that define expectation and targets of performance indicators that take into account the environment and characteristics of a specific public sector, and defines appropriate SLA costs. It proposes a change plan for the organizational structure for practical SLA application and service level improvement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.117-129
• /
• 2010

To support the establishment of Information Security Management System, the private sector and the public sector have taken some measures. In the private sector, KISA(Korea Internet & Security Agency) has certified ISMS system based on "The Act on Communication Network Use Promotion and Information Security etc.". In the public sector, No authentication system has been established. Instead, NIS(National Intelligence Service) has enforced 'Information Security Management Condition Evaluation' based on "Electronic Government Act". This article compared ISMS control parts of the private sector with that of the public sector and analyzed the non-enforcement parts of ISMS implementing two sectors for years. Based on this, I would like to consider the method of establishment for efficient ISMS.

• Journal of Platform Technology
• /
• v.9 no.2
• /
• pp.10-25
• /
• 2021

Although many studies have been conducted on risk analysis and evaluation in the on-premises environment in information security, studies on effective methodologies of risk analysis and evaluation for cloud computing systems are lacking. In 2015, the Cloud Computing Development Act was enacted, which served as an opportunity to promote the introduction of cloud computing. However, due to the increase in security incidents in the cloud computing system, activation is insufficient. In addition, the cloud computing system is not being actively introduced because of the difficulty in understanding the cloud computing system technology of the person in charge who intends to introduce the cloud computing system. In this regard, this study presented an effective risk analysis and evaluation method by examining the characteristics, concepts, and models of cloud computing systems and analyzing how these characteristics affect risk analysis and evaluation.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.137-142
• /
• 2002

When the Common Criteria(CC) for security system evaluation was put up, and the coming into the CCRA is promoted, the interest to the Evaluation Assurance Level(EAL) is greatly increasing. In this paper, via the comparison between the evaluation level of the exiting process evaluation criteria and the EAL of CC, the characteristics of the EAL of the CC are noted.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• Journal of Korean Society for Quality Management
• /
• v.51 no.4
• /
• pp.677-689
• /
• 2023

Purpose: The purpose of this study is to design a x-ray screening rating system to improve X-ray screening ability, which is a core job competency of security screener at Incheon International Airport, and to verify its effectiveness through empirical analysis to suggest ways to improve the level management system. Methods: In this study, the effectiveness of the research model was analyzed using T-test tests for effect analysis based on the empirical analysis results derived through the competency evaluation model, the screening rating system. Results: The results of this study are as follows. The average score for regular education before the implementation of the x-ray screening rating system was 94.1 points, but after the implementation of the x-ray screening rating system, the average score for regular education was 95.5 points, an average of 1.4 points increased. In addition, the proportion of those with 95 or more points classified as high scorers also increased significantly from 51.1% to 69.3%. Conclusion: The X-ray screening rating system of security inspectors will systematically manage the level of screening ability, which is a key job competency, and play a strong role in improving competency, while preventing security accidents through early identification and intensive training of level-lowers.