• Title/Summary/Keyword: Security Management Model

Search Result 1,152, Processing Time 0.032 seconds

Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System (통합보안 관리시스템의 침입탐지 몇 대응을 위한 보안 정책 모델)

  • 손우용;송정길
    • Journal of the Korea Society of Computer and Information
    • /
    • v.9 no.2
    • /
    • pp.81-87
    • /
    • 2004
  • Very various intrusion by development of systems that is based on network is spread. To detect and respond this intrusion, security solutions such as firewall or IDS are bringing and management of security system that load these becomes more harder. Moreover, because environment of systems that require security is various, hard to manage establishing suitable security policy Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

  • PDF

Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System (통합보안관리 시스템에서의 침입탐지 및 대응을 위한 보안 정책 모델에 관한 연구)

  • Kim, Seok-Hun;Kim, Eun-Soo;Song, Jung-Gil
    • Convergence Security Journal
    • /
    • v.5 no.2
    • /
    • pp.9-17
    • /
    • 2005
  • Recently It's difficult to deal with about variety of attack. And Simple Security management have a problem. It is that they don't develop system measuring their system envoirment and have efficient attack detector, countermeasure organization about large network. Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

  • PDF

A Study on Design Security Management Evaluation Model for Small-Medium size Healthcare Institutions (중소형 의료기관 보안관리 평가모델 설계 연구)

  • Kim, Ja Won;Chang, Hang Bae
    • The Journal of Society for e-Business Studies
    • /
    • v.23 no.1
    • /
    • pp.89-102
    • /
    • 2018
  • In this paper, the security characteristics of healthcare institutions were derived through analysis of previous research, and the characteristics and status of small and medium sized healthcare institutions were surveyed through field surveys of small and medium sized healthcare institutions. The security management evaluation model for small and medium sized healthcare institutions was designed and verified based on the security characteristics of small and medium healthcare institutions. For the design, we compared and analyzed existing security management system and evaluation certification system of healthcare institutions. We also confirmed the proposed security management evaluation model and the degree of sharing. In addition, we conducted validation for the statistical verification of the proposed security management evaluation model for small and medium sized healthcare institutions, and we performed the relative priority analysis through AHP analysis to derive the weight for each item. The result of this study is expected to be used as a standard of security management evaluation model that can be practiced in small and medium sized healthcare institutions.

The Study on Corporate Information Security Governance Model for CEO (최고경영자를 위한 기업 정보보호 거버넌스 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.17 no.1
    • /
    • pp.39-44
    • /
    • 2017
  • The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

Design and Analysis of Role-based Security Management Model for Policy-based Security Management in SNMPv3 Network (SNMPv3 통신망의 정책기반 보안관리를 위한 역할기반 보안관리 모델의 설계 및 분석)

  • Ju, Gwang-Ro;Lee, Hyeong-Ho;No, Bong-Nam
    • The KIPS Transactions:PartC
    • /
    • v.8C no.5
    • /
    • pp.573-584
    • /
    • 2001
  • Policy-Based Network Management (PBNM) architecture is to meet various needs of network users and to provide effective management facilities in distributed and large scale networks to network managers. In PBNM, network managers perform network management operations by stipulating a set of rules rather than control each network component. On the other hand, providing security services such as authentication, privacy of messages as well as a new flexible and extensible administration framework, SNMPv3 enables network managers to monitor and control the operation of network components more secure way than ever before. Despite of its enhanced security services, SNMPv3 has difficulties in managing distributed, large-scaled network because it does not provide centralized security management facilities. In this paper, we propose a new security model called Role-based Security Management model (RSM) with security management policy to support scalable and centralized security management for SNMP-based networks. Also, the structure and the operation of the security system as well as the efficiency analysis of RSM in terms of security management are also described.

  • PDF

A Study about Practical Model of Meteorological Information for Convergence Security Service Science (융합보안 서비스 사이언스를 위한 기상정보 활용모델 연구)

  • Choi, Kyong-Ho;Lee, DongHwi;Kim, Minsu;Kim, JongMin;Kim, Kuinam J.
    • Convergence Security Journal
    • /
    • v.13 no.3
    • /
    • pp.79-84
    • /
    • 2013
  • In this study the improved service innovation model to solve the problems that appear from a vantage point of the providing security services process through the application and appeal process of convergence security technologies proposed. The model was in view of service science to resolves the limitations that facilities management and unmanned security of physical security field through the application of meteorological information on convergence security technologies. The contribution of this research: improved risk management based on convergence security technologies through service innovation management, evaluated the quantitative value of risk management activity using service effects, and development of physical security service providing methodology using meteorological information.

Research on the Level Evaluation Model of the Organization Research Security (조직의 연구보안 수준평가 모형 연구)

  • Na, Onechul;Chang, Hangbae
    • The Journal of Society for e-Business Studies
    • /
    • v.25 no.3
    • /
    • pp.109-130
    • /
    • 2020
  • Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

A Security Metrics Taxonomization Model for Software-Intensive Systems

  • Savola, Reijo M.
    • Journal of Information Processing Systems
    • /
    • v.5 no.4
    • /
    • pp.197-206
    • /
    • 2009
  • We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

A Study on the Security Architecture of CALS System (CALS체계의 정보보호 구조 연구)

  • 남길현
    • The Journal of Society for e-Business Studies
    • /
    • v.4 no.2
    • /
    • pp.197-208
    • /
    • 1999
  • With developing computer and communication technologies, the concept of CALS system has been popular not only to military but also to commercial industries. The security problem is one of the most critical issues to construct CALS infrastructure. The CALS system needs some security functions such that data confidentiality, integrity, authenticity, availability, and non-repudiation. This paper proposes a security architecture model in CALS. The security architecture model is composed of 5 submodels such that network security model, authentication and key management model, operation and audit model, integrated database security model, and risk analysis model.

  • PDF

A Cost-Optimization Scheme Using Security Vulnerability Measurement for Efficient Security Enhancement

  • Park, Jun-Young;Huh, Eui-Nam
    • Journal of Information Processing Systems
    • /
    • v.16 no.1
    • /
    • pp.61-82
    • /
    • 2020
  • The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.