• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.197-209
• /
• 2015

The issue of information security within an organization began to be recognized as risk of the organization. Because of this, not only ISO(Information Security Officer) but an executive or CEO were forced to resign. In addition, it brought about heavy financial damage to the company and made the company difficult to restore trust to customers. At a time when inadvertent disclosure of personal information has become accepted as a matter of survival because of having a bad effect within an organization, how the information security specialist causes influence on information protection level of the organization. For these reasons, targeting the information security specialists of various industry sectors, we'll analyse how task performance rate of the information security specialist within an organization cause influence to the information security level. The goal of this study is for the company to raise the task proportion of information security specialist and to improve the information protection level of the organization.

• Korean Security Journal
• /
• no.45
• /
• pp.191-220
• /
• 2015

The purpose of this study is to analysis on status and trends of supply & demand and need of job level of security manpower from recognizing need for studies on supply and demand status of security manpower. The results were as follows. First, the shortage percentage of total security manpower was 1.2% ~ 1.6% from the first half of 2009 to the first half of 2015 as the result of analyzing status and trends of supply & demand of security manpower. Second, the need of job level of total security manpower was 785 ~ 2,557 people at the job level 1 from the second half of 2009 from the first half of 2013 as the result of analyzing status and trends of need of job level of security manpower. So, we should have interests such as (1) positivity of security manpower from trends and prediction of supply & demand of manpower, (2) Ensuring professionalism of security manpower considering the job level, (3) training of security manpower utilizing national competency standards(NCS), etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.71-81
• /
• 2008

In the paper, we designed a context aware task-role based access control system(CAT-RACS) which can control access and prevent illegal access efficiently for various information systems in ubiquitous computing environment. CAT-RACS applied CA-TRBAC, which adds context-role concept for achieve policy composition by context information and security level attribute to be kept confidentiality of information. CA-TRBAC doesn't permit access when context isn't coincident with access control conditions, or role and task's security level aren't accord with object's security level or their level is a lower level, even if user's role and task are coincident with access control conditions. It provides security services of user authentication and access control, etc. by a context-aware security manager, and provides context-aware security services and manages context information needed in security policy configuration by a context information fusion manager. Also, it manages CA-TRBAC policy, user authentication policy, and security domain management policy by a security policy manager.

• Proceedings of the CALSEC Conference
• /
• 1999.07b
• /
• pp.491-500
• /
• 1999

Recent increase of commercial network Integration to World Wide Web(WWW) shifts an ordinary commerce to electronic environment. This draws more people to examine re-assurance of their secure transaction. This study investigates current status of security methodology for Electronic Payment System and extracts important axis of security level for electronic payment. Using these axis as security evaluation criteria, the research proposes a security matrix which consists of four different level of security granularity, hence allowing evaluation of a nation-wide credit card based payment system. Feasible usage of this matrix contributes to security analysis of the electronic system as whole, hence providing better secured electronic environment.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.187-204
• /
• 2013

In this study, we developed a comprehensive model to measure the National Information Security Level based on PRM framework. The proposed model reflected a rapidly changing technology environments such as social network service, mobile devices, and etc. This new model consists of three layers:Infrastructure Layer, the Action Layer and the Performance Layer, and there are 16 sub-indexes under the 3 layers. To develop new model and sub-indexes for measuring the National Information Security Level, much amounts of documents related to security indexes or deliberation criteria and security guidelines from international organization were reviewed and then most probable index pool were composed. The Index pool were verified by expert group consisting of professors and specialists. Through five times of screening and having an evaluation review, 16 sub-indexes were deduced and then Delphi and AHP have been conducted to obtain validity and objectiveness of the indexes. Thus the new proposed national information security index will show more exact national information security level and we expect that the indexes give much implications for establishing information protection policy.

• Asia pacific journal of information systems
• /
• v.9 no.4
• /
• pp.181-201
• /
• 1999

This study presents an information security level index and a quantification scheme. A comprehensive survey on previous researches in information security checklists has been performed. A candidate indicator list for information security level has been developed, Desirability of each indicator has been tested by 4 criteria, They are general validity, relative importance, probability of accident and impact of accident. 67 experts' opinion has been collected and analysed. The result shows that selected indicators are a very good candidate set for the determination of information security level. A factor analysis shows indicators are well structured. There exists strong correlation between validity and probability, validity and impact, and importance and probability. A quantification scheme of information security index has been developed by experts' judgement and statistical tests.

• Journal of Navigation and Port Research
• /
• v.31 no.2
• /
• pp.151-157
• /
• 2007

After World Trade Center's Terror in 2001 and promulgating Maritime Transportation Security Act (MTSA, 2002) and Security and Accountability For Every Port Act (SAFE Port Act, 2006) in the United States, most of the attention on security of international transportation including marine carrier and facility has focused increasingly. Inspection stations in foreign seaport terminal including Busan, South Korea, have been installed by Container Security Initiative (CSI) and Customs Trade Partnership against Terrorism (C-TPAT). The inspection station, however, may directly and indirectly affect delay of truck turnaround time in the seaport, especially high and severe level of security. This paper was analysed a risk for the additional average delay of truck turnaround time incurring by the inspection station under the all level of security, C-TPAT and CSI. As a result of this risk analysis, the higher weighted inspection time based on raising security level, the less number of trucks to be inspected, which will derive high delay in the inspection station.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.312-314
• /
• 2017

생체정보를 이용한 사용자 인증은 차세대 인증 방법으로서 기존의 인증 시스템에서 급진적으로 사용되고 있는 인증 방법이다. 현재 대부분의 생체인증 시스템은 단일 생체정보를 이용하고 있는데, 단일 생체인증 시스템은 노이즈로 인한 문제, 데이터의 질에 대한 문제, 인식률의 한계 등 많은 문제점들을 가지고 있다. 이를 해결하기 위한 방법으로 다중 생체정보를 이용하는 사용자 인증 방법이 있다. 다중 생체인증 시스템은 각각의 정보에 대한 information fusion을 적용하여 새로운 정보를 생성한 뒤, 그 정보를 기반으로 사용자를 인증한다. information fusion 방법들 중에서도 Rank-level fusion 방법은 표준화 작업이 필요하고 높은 계산 복잡도를 갖는 Score-level fusion방법의 대안으로 선택되고 있다. 따라서 본 논문에서는 기존 방법보다 정확도가 높게 향상된 Rank-level fusion 방법을 제안한다. 또한, 본 논문에서 제안하는 방법은 낮은 정확도를 갖는 matcher를 사용하더라도 정확도를 향상시킬 수 있음을 실험을 통해 보이고자 한다.

• Korean Security Journal
• /
• no.22
• /
• pp.1-14
• /
• 2010

The purpose of this study was to analyze the difference of body composition, metabolic factor, and blood components according to job forms which are job period and job type and stress level for security guard workers. The conclusion is as follows. 1. There were lower level for the body fat with short term and higher level for the lactate with long term according to the job period. 2. There were lower level for the body fat with the field service and higher level for the lactate and stress with the field service according to the job type. In conclusion, it needs to have a continuous physical activity behavior for the security guard workers to manage for their effective health and to have a rest for the field service workers to decrease their physical and mental stress.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.87-97
• /
• 2009

Internet network routing system is used to prevent spread and distribution of malicious data traffic. This study is based on analysis of diagnostic weakness structure in the network security domain. We propose an improved integrated multi-level protection domain for in the internal route of groupware. This paper's protection domain is designed to handle the malicious data traffic in the groupware and finally leads to lighten the load of data traffic and improve network security in the groupware. Infrastructure of protection domain is transformed into five-stage blocking domain from two or three-stage blocking. Filtering and protections are executed for the entire server at the gateway level and internet traffic route ensures differentiated protection by dividing into five-stage. Five-stage multi-level network security domain's malicious data traffic protection performance is better than former one. In this paper, we use a trust evaluation metric for measuring the security domain's performance and suggested algorithm.