• Title/Summary/Keyword: Security Management Models

Search Result 208, Processing Time 0.022 seconds

Exploratory Autopsy on Digital Payment Models

  • Wang, Tao;Kim, Chang-Su;Kim, Ki-Su
    • 한국경영정보학회:학술대회논문집
    • /
    • 2007.06a
    • /
    • pp.646-651
    • /
    • 2007
  • Secure digital payment is critical in the successful shaping of global digital business. Digital payments are increasingly being used as a substitute to traditional payments, contributing markedly to the efficiency of the economy. The focus of every digital business transaction is to minimize risks arising from transactions. It is essential to ensure the security of digital payment whether used in internal networks or over wireless Internet. This paper analyses secure digital payment methods from the viewpoint of systemic security and transaction security. According to comparative analysis of digital payment models, this paper proposes a comparative analysis framework to investigate and evaluate secure digital payment. In conclusion, the comparative analysis framework, comparison of digital payment models and mobile payment models proposes a useful academic and practical foundation to enhance the understanding of secure digital payment methods. It also provides academic background and practical guidelines for the development of secure digital payment systems.

  • PDF

Design of Financial Information Security Model based on Enterprise Information Security Architecture (전사적 정보보호 아키텍처에 근거한 금융 정보보호 모델 설계)

  • Kim, Dong Soo;Jun, Nam Jae;Kim, Hee Wan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.307-317
    • /
    • 2010
  • The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.

The Integrated Cyber SRM(Security Risk Monitoring) System Based on the Patterns of Cyber Security Charts

  • Lee, Gang-Soo;Jung, Hyun Mi
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.11
    • /
    • pp.99-107
    • /
    • 2019
  • The "Risk management" and "Security monitoring" activities for cyber security are deeply correlated in that they prepare for future security threats and minimize security incidents. In addition, it is effective to apply a pattern model that visually demonstrates to an administrator the threat to that information asset in both the risk management and the security system areas. Validated pattern models have long-standing "control chart" models in the traditional quality control sector, but lack the use of information systems in cyber risk management and security systems. In this paper, a cyber Security Risk Monitoring (SRM) system that integrates risk management and a security system was designed. The SRM presents a strategy for applying 'security control' using the pattern of 'control charts'. The security measures were integrated with the existing set of standardized security measures, ISMS, NIST SP 800-53 and CC. Using this information, we analyzed the warning trends of the cyber crisis in Korea for four years from 2014 to 2018 and this enables us to establish more flexible security measures in the future.

An Intelligent Game Theoretic Model With Machine Learning For Online Cybersecurity Risk Management

  • Alharbi, Talal
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.6
    • /
    • pp.390-399
    • /
    • 2022
  • Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.

Cost Management for Security Applications

  • Arshi Naim;Zubairul Hasan
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.7
    • /
    • pp.63-72
    • /
    • 2024
  • This is an extended paper, focusing on the cost management for the organizations dealing with the crucial issues of security systems. Information Technology (IT) is an important and irreplaceable need of society and all working sector's success depends on IT to a greater extent; therefore maintaining security features is one of the most important aspects of IT. When security in the IT sector is discussed, Patch Management (P.Mgnt) has to be taken under account. P. Mgnt includes many concerns and areas to be described for IT security such as methods and problems in updating patch, methods of reducing security risks with P.Mgnt, methods of achieving economies of scale by controlling the operational costs and taking decisions in investing as and when necessary. This paper presents a general definition of Patch management, its benefits and management of working cost through theoretical models, also the paper gives methods of feeding techniques for microstrip patch antenna MPA, showing the contracting and non contracting methods.

Models of State Clusterisation Management, Marketing and Labour Market Management in Conditions of Globalization, Risk of Bankruptcy and Services Market Development

  • Prokopenko, Oleksii;Martyn, Olga;Bilyk, Olha;Vivcharuk, Olga;Zos-Kior, Mykola;Hnatenko, Iryna
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12
    • /
    • pp.228-234
    • /
    • 2021
  • The article defines the problems of forming the models of government regulation of clustering, marketing management and labor market in the context of globalization, business bankruptcy risk and services market development. The clustering models based on the optimal partner network cooperation were proposed in order to ensure the strategic development of territories, to attract budget leading enterprises and to support small businesses. A descriptive model of government regulation of clustering, marketing management and labor market in the context of globalization, business bankruptcy risk and Covid-19 was determined.

A Risk Management Model for Efficient Domestic Information Technology Security (효율적 국내 정보기술 보안을 위한 위험관리 모형)

  • Ahn, Choon-soo;Cho, Sung-Ku
    • Journal of Korean Institute of Industrial Engineers
    • /
    • v.28 no.1
    • /
    • pp.44-56
    • /
    • 2002
  • For the risk analysis and risk assessment techniques to be effectively applied to the field of information technology (IT) security, it is necessary that the required activities and specific techniques to be applied and their order of applications are to be determined through a proper risk management model. If the adopted risk management model does not match with the characteristics of host organization, an inefficient management of security would be resulted. In this paper, a risk management model which can be well adapted to Korean domestic IT environments is proposed for an efficient security management of IT. The structure and flow of the existing IT-related risk management models are compared and analysed, and their common and/or strong characteristics are extracted and incorporated in the proposed model in the light of typical threat types observed in Korean IT environments.

Analysis of the Features of Corporate Governance by the State: Similarity and Difference of Models

  • Martynyshyn, Yaroslav;Kukin, Igor;Khlystun, Olena;Zrybnieva, Iryna;Pidlisnyi, Yevhen
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.6
    • /
    • pp.29-34
    • /
    • 2021
  • The article formulates the key characteristics and features of country models of corporate governance. It was revealed that all countries are characterized by a fairly high concentration of ownership, insider control; Key gaps in the implementation of corporate governance principles were found: transparency and disclosure of information, protection of shareholders' rights, gender diversity of boards of directors, implementation of recommendations on the share of independent directors; The criterion of countries' efficiency (total investments) was identified and recommendations for their improvement were developed.

A Study on Development of Information Security Evaluation Model (정보보호 수준평가 적정화 방안 연구)

  • Hur, Soon-Haeng;Lee, Kwang-Woo;Jo, Hea-Suk;Jeong, Han-Jae;Jeon, Woong-Ryul;Won, Dong-Ho;Kim, Seung-Joo
    • The KIPS Transactions:PartC
    • /
    • v.15C no.3
    • /
    • pp.173-190
    • /
    • 2008
  • The purposes of this study is development of information security evaluation model for governments to analyze domestic and foreign existing models. Recent domestic information security certification systems have several problems, because shortage of organic connectivity each other. Therefore we analysis on domestic and foreign existing models, specify security requirements, evaluation basis and other facts of models, optimize these facts for governments, and develop new model for domestic governments.

헬스케어시스템을 위한 역할 기반의 신뢰협상 모델

  • Jo, Hyeon-Suk;Lee, Hyeong
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2007.05a
    • /
    • pp.84-102
    • /
    • 2007
  • Security is crucial for the successful deployment of large distributed systems. Many of these systems provide services to people across different administrative domains. The traditional identity-based access control mechanisms are un scalable and difficult to manage. Unlike the closed systems, open systems provide services to people from different security domains. Healthcare systems need to be highly available in order for the patients to get a timely treatment. The health care information should be available to authorized users both inside the administrative domain and outside the domain, such as pharmacies and insurance companies. In this paper, we first analyzed the necessities and advantages of importing attribute-based trust-management models into open distributed systems. Then we reviewed traditional access-control models and presented the basic elements of the new trust-management model.

  • PDF