• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.815-824
• /
• 2003

Many organizations operate security systems and manage them using the intergrated secutity management (ISM) dechnology to secyre their network environment effectively. But current ISM is passive and behaves post-event manner. To reduce cost and resource for managing security and to remove possbility of succeeding in attacks by intruder, the perventive security management technology is required. In this paper, we propose PRISM model that performs preventative security management with evaluating the security level of host or network and the sensitivity level of information asset from potential risks before security incidents occur. The PRISM can give concrete and effective security management in managing the current complex networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.107-117
• /
• 2009

Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.303-314
• /
• 2018

In the past few years, government agencies and corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Security Information and Event Management (SIEM) is useful tool for cyberattacks. SIEM solutions are available in the market but they are too expensive and difficult to use. Then we implemented basic SIEM functions to research and development for future security solutions. We focus on collection, aggregation and analysis of real-time logs from host. This tool allows parsing and search of log data for forensics. Beyond just log management it uses intrusion detection and prioritize of security events inform and support alerting to user. We select Elastic Stack to process and visualization of these security informations. Elastic Stack is a very useful tool for finding information from large data, identifying correlations and creating rich visualizations for monitoring. We suggested using vulnerability check results on our SIEM. We have attacked to the host and got real time user activity for monitoring, alerting and security auditing based this security information management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.45-54
• /
• 2011

Corporations use e-mail as their primary method for internal communication and business processes. By their nature, the e-mails are in general used for major business processes that contain large amounts of business information. When there is a critical event, such as Technology leakage, an e-mail message can become important evidence. However, as there is a high likelihood that a suspect will intentionally erase an e-mail message, the ability to recover deleted e-mail is very important. This pater analyzes the deleted e-mail item structure in files of various e-mail clients, and explains the possibility and methods of recovery.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.43-50
• /
• 2013

Recently, Cyber threats that is doing intelligence and sophistication from the organization's information assets to secure order technical disciplines, as well as managerial and environmental sectors, such as mind-response system is must established. In this paper, possible to analyze the case for the theory in network security, such as the logical network and physical network separation suitable for the corporate environment and constantly respond and manage the Information Security Management Model A secure network design is proposed. In particular, the proposed model improvements derived from the existing network, network improvements have been made in order to design improved ability to respond to real-time security and central manageability, security threats, pre-emptive detection and proactive coping, critical equipment in the event of a dual hwalreu through applied features such as high-availability, high-performance, high-reliability, ensuring separation of individual network security policy integrated management of individual network, network security directional.

• Journal of the Society of Disaster Information
• /
• v.3 no.2
• /
• pp.55-78
• /
• 2007

Currently, the departments related to security and secretary service exist in 18 universities and 30 colleges in Korea in order to raise professional security and secretary personnel. Among the 18 four-year colleges in Korea, only two of them have the ethics course include in their curriculum. Also, among the 31 two-year colleges, only three of them have the ethics course included in their curriculum. Besides, as some private security and guardian companies were recently utilized in illegal actions of the rich and ruling class, contradicting their original purpose of existence, many people point out their downfall as a ?forced private army.? As a professional job, if security secretaries take advantage of the knowledge and top-secret technologies and use them for non-ethical purposes, the effect of the damage is far more serious than other fields of jobs. Therefore, taking this event as a turning point, the contract contents and the task area between the client and the security and secretary company must become more transparent in order to prevent illegal actions, and also for the people working in the security and secretary service area, it is necessary to establish a firm ethical consciousness in order to behave appropriately in their working environment. Therefore, this study examines the proper direction of work ethics of the people working in the security and secretary service according to the professionalization of their field, and also aims to propose an appropriate work ethic system such that they will not become an unfortunate victim of various scandals anymore. To do so, the concept of work ethics in professional jobs was examined; and after the code of ethics that reflect the ethical value system of each professional job was reviewed, the study suggested a specific solution for establishing the codes of ethics for security and secretary service.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.21-28
• /
• 2006

Beginning flag security it was limited in Firewall but currently many information security solutions like Anti-virus, IDS, Firewall are come to be many. For efficiently managing different kinds of information security products ESM (Enterprise Security management) are developed and operated. Recently over the integrated security management system, TMS (Threat Management System) is rising in new area of interest. It follows in change of like this information security product and also collection information is being turning out diversification. For managing cyber threats, we have to analysis qualitative information (like vulnerabilities and malware codes, security news) as well as the quantity event logs which are from information security products of past. Information Threats and Vulnerability Auto Collector raises the accuracy of cyber threat judgement and can be utilized to respond the cyber threat which does not occur still by gathering qualitative information as well as quantity information.

• The Journal of Society for e-Business Studies
• /
• v.25 no.2
• /
• pp.99-108
• /
• 2020

Unlike a general IT environment, an industrial control system is an environment where stability and continuity are more important than security. In the event of a security accident in the industrial control system, physical motion can be controlled, so physical damage can occur and physical damage can even result in personal injury. Cyber attacks on industrial control systems are not simply cyber damage, but terrorism. However, the security of industrial control systems has not been strengthened yet, and many vulnerabilities are actually occurring. This paper shows that the PLC can be remotely controlled by analyzing the connection process and packets for the PLC protocol used in the industrial control system and bypassing the security mechanism existing in the protocol. Through this, we intend to raise the security awareness of the industrial control system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.603-613
• /
• 2015

Smart-phone Applications are consists of UI(User Interface). During using applications, UI events such as button click and scroll down are transmitted to Smart-phone system with many changes of UI. In these UI events, various information including user-input data are also involved. While Keylogging, which is a well-known user-input data acquisition technique, is needed a restrictive condition like rooting to obtain the user-input data in android environment, UI events have advantage which can be easily accessible to user-input data on user privileges. Although security solutions based keypad in several applications are applied, we demonstrate that these were exposed to vulnerability of application security and could be obtained user-input data using UI events regardless of presence of any security system. In this paper, we show the security threats related information disclosure using UI events and suggest the alternative countermeasures by showing the replay-attack example based scenarios.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.17 no.2
• /
• pp.31-40
• /
• 2009

South Korea opened Incheon international airport(IIA) in march 29, 2001, with high expectations of becoming the distribution hub of Northeast Asia and aiming at a world best air hub. IIA compares quite well with any other leading airports in the world in it's facilities for the movement of people and vehicles. However, with the sequence of events following the September, 2001. terrorist attack and the war in Iraq, South Korea, an ally of the US, cannot be considered a safe haven from terrorism. At a point in time when national security is given utmost importance, it is necessary to reevaluate the security of airports, because international terrorism can only occur via air and seaports. Nowadays all the countries of the world have entered into competition for their national interests and innovation of their images. with the increasing role of international airports also comes an increased likelihood as a terrorist target, because it can affect so many people and countries. From the condition of current international terrorism, we can realize that our IIA is not completely safe from a terrorist attack. The major part of counterterrorism is event control process. It's very important for quickly saves an accident and rescues a life of person, In addition for the normalization which the airport operation is prompt. In conclusion, we should secure the legal responsibility and establish and establish a system under which we can work actively in order to implement counter terror activities from being taken an airport.