• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.397-399
• /
• 2004

오늘날 조직에서 공개된 소프트웨어를 이용한 오픈소스 내포형 정보보호시스템(OSS-embedded Information Security System) 개발이 증가되고 있으며 소스의 상당부분을 오픈소스 소프트웨어(OSS : Open source Software)를 이용함으로써 복잡한 IT환경 속에서 효율성 증대와 고가의 라이센스에 대한 비용 절감 효과 등을 통해 높은 시장성이 예상된다. 그러므로 오픈소스 내포형 정보보호시스템에 대한 평가 제출물 준비 및 평가에 대한 기준을 정의할 필요가 있으며 공통평가기준(CC : Common Criteria)과 공통평가방법론(CEM : Common Evaluation Methodology)에서 유도한 OSS 평가요구사항을 분석하고자 한다.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.1-11
• /
• 2010

The purpose of this study is, by recognizing that recently, as crimes using information and various adverse-effect phenomena such as hacking and virus occur frequently with rapid development of information network such as Internet in every field of industry, the range of security is widening to the field of industrial areas for preventing the leaking of industrial technology and protecting that technology as well as information security only limited to IT area, and by establishing common concept about industrial security through education on the industrial security at the point of increasing importance of industrial security, to prepare the base of comprehensive risk management system for protecting company's assets (physical factor, technical factor and managerial factor) safely from the random threats or attacks inside and outside the company through assessment of important assets of the company, evaluation of threats and weak points, and risk assessment by building industrial security management system in order to protect company's information assets and resources which are connected to the existence of the company safely from the threats or attacks from inside or outside the company and to spread stable business activities.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.11
• /
• pp.148-154
• /
• 2016

Video security has recently emerged as an important issue owing to CCTV video image spill accidents over the Internet. KISA recommends the use of encryption protocols for remote access through its guidelines for CCTV personal video information protection. But still, many products do not adhere to the guidelines, and those products are easily exposed to security threats, such as hacking. To solve these security vulnerabilities, this paper proposes a CCTV system that connects from remote locations, and is implemented by using secure shell (SSH) tunneling techniques. The system enhances security by transmitting encrypted data by using SSH. By using the tunneling technique, it also solves the problem of not being able to access a CCTV recorder located inside a firewall. For evaluation of the system, this paper compares various CCTV remote access schemes and security. Experimental results on the effectiveness of the system show it is possible to obtain remote access without a significant difference in transmission quality and time. Applying the method proposed in this paper, you can configure a system secure from the threats of hacking.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.67-73
• /
• 2006

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. a general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

• Journal of Korea Multimedia Society
• /
• v.16 no.1
• /
• pp.87-99
• /
• 2013

The demands of IC card payment system has been increased according to the rapid advancement of the IT convergence application technologies. Recently IC card payment systems are in demands of the usage space at anytime and anywhere by developing the wireless communication technology and its related multimedia processing technology. Therefore the security of IC card payment system becomes more important and necessary. There are many fault analysis methods to evaluate the security and safety of information systems according to their characteristics and usages. However, the only assessment method to evaluate the security of information systems is not enough to analyse properly on account of the various types and characteristics of information systems by the progress of IT convergence and their applications. Therefore, this paper proposes an integrative method of the Fault Tree Analysis (FTA) and Fault Modes and Effect Analysis/Criticality (FMEA/C) based on criticality to evaluate and improve the security of IC card payment system as an illustration.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1123-1132
• /
• 2012

Many domestic organizations are introducing and operating various information security management systems capable of coping with technical, administrative, and legal issues comprehensively and systematically, in order to prevent various infringement incidents such as personal information disclosure and hacking preemptively and actively. However, empirical analyses regarding the extent to which an information security management system contributes to information security performance have not been fully conducted, even though enterprises and organizations are actively introducing such systems in order to achieve their information security objectives as a part of their organizational management activities in line with their respective business, by investing considerable effort and resources in developing and operating these systems. This approach can be used to apply, develop, and operate the information management system actively within an organization. this study focused on analyzing how each specific phase of the information security management system affects information security performance, compared with previous studies, which generally focus on the information security control item in analyzing information security performance. The information security management system was analyzed empirically to determine how the Security PCDA cycling model affects information security performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.951-960
• /
• 2015

The smart screening in the medical field as diffusion of smart devices and development of communication technologies is emerging some medical security concerns. Among of them its necessary to taking risk management measures to identify, evaluate and control of the security risks that can occur in Telemedicine because of the Medical information interchanges as Doctor to Doctor (D2D), Doctor to Patient (D2P). This research paper studies and suggests the risk analysis and evaluation methods of risk security that can occur in Telemedicine based on the verified results of Telemedicine system and equipment from the direct site which operating in primary clinics, public health centers and it's branches, etc.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.15 no.1
• /
• pp.115-124
• /
• 2020

We studied smart door lock of triple security system that strengthened the security capability as it is thought that the criminal case by security vulnerability of door lock is serious in modern society. Remote locking/unlocking function, voice recognition function through mobile phone application built on Eclipse App and optical fingerprint recognition function are implemented in the door lock. Finally, it was confirmed that the security of the door lock can be strengthened through evaluation results of the app-based operation test, the voice recognition operation test, and the fingerprint recognition operation test on the experiment-made door lock system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.115-137
• /
• 2008

As stock market gets bigger, use of HTS(Home Trading System) is getting increased in stock exchange. HTS provides lots of functions such as inquiry about stock quotations, investment counsel and so on. Thus, despite the fact that the functions fur convenience and usefulness are developed and used, security functions for privacy and trade safety are insufficient. In this paper, we analyze the security system of HTS service through the key-logging and sniffing and suggest that many private information is unintentionally exposed. We also find out a vulnerable point of the system, and show the advisable criteria of secure HTS.

• Journal of Electrical Engineering and Technology
• /
• v.9 no.3
• /
• pp.970-977
• /
• 2014

In this paper, the artificial neural network is used to predict the junction temperature of the IGBT power module, by measuring the temperature sensitive electrical parameters (TSEP) of the module. An experiment circuit is built to measure saturation voltage drop and collector current under different temperature. In order to solve the nonlinear problem of TSEP approach as a junction temperature evaluation method, a Back Propagation (BP) neural network prediction model is established by using the Matlab. With the advantages of non-contact, high sensitivity, and without package open, the proposed method is also potentially promising for on-line junction temperature measurement. The Matlab simulation results show that BP neural network gives a more accuracy results, compared with the method of polynomial fitting.