• 한국안전학회지
• /
• 제27권3호
• /
• pp.77-82
• /
• 2012

The leakage of toxic chemicals impact seriously on human being and environment, therefore during their treatment process, a proper management system is necessary to control their toxic effect. This study was designed to suggest the management regulation that supports business managers and facilities management. There are no extra regulation to control emergency accidents and terrors in chemical facilities. Developed countries like USA operate the management standards to control the toxic chemical and facilities according to their toxicity and processes. In order to solve this problem, we have analysed the advanced nations standard methods of security in chemical plants to study the new security management regulation which helps to prevent the chemical accidents. Especially, in USA, CCPS (Center for Chemical Process Safety), SVA (Security Vulnerability Assessment) and RBPSs (Risk-Based Performance Standards) of DHS (Department of Homeland Security) were invest I gated. On the basis of the results, we have suggested the application methods of the security and safety regulation in Korea.

• 한국IT서비스학회지
• /
• 제12권4호
• /
• pp.77-90
• /
• 2013

As Cyber threats are rising, the scope of information Security (IS) is extending from technical protection of a single information system to organizational comprehensive IS capability. The ministry of National Defense (MND) has established the IS evaluation for defense organization in 'the Directive for Defense Informatization Affairs.' However, no information about an evaluation method, process and organization is provided. We surveyed information security management system (ISMS) and related best practices in public sector and other countries, and analysed the military information security affairs. Thus, this paper recommends the IS evaluation method and process. The trial IS evaluation is in progress this year and the MND will expand this IS evaluation to the entire organization.

• 디지털산업정보학회논문지
• /
• 제12권3호
• /
• pp.111-123
• /
• 2016

Recently, mobile devices have been widely used. Therefore, the service users want that are not constrained by time and space. Among them, electronic payment services, mobile finance service is enjoying a tremendous popularity. The FinTech is the result of the fusion of finance and ICT(Information & Communication Technology). Security experts is pointed the FinTech security risk. New technology and Innovative FinTech services are even available, Insecure FinTech services is insignificant. In this paper we were surveyed market and product trends of FinTech and analyzed the threats about FinTech. Also, we analyzed the security considerations for FinTech using a questionnaire. As a result, users considers secure payment process and privacy. Therefore, we proposed security considerations for each vulnerability. So, we must be resolved of security technology and policy issues. If establishing a secure payment process and the unclear legal issue is resolved, FinTech service will provide a secure financial services to the user.

• 대한산업공학회지
• /
• 제39권2호
• /
• pp.129-134
• /
• 2013

The airport processes are restricted by some limits of performance objects as size of airport, ability of human resources, capacity of facilities and operational rules. These limitations make passenger handling difficult when passenger numbers increase. In order to solve this problem, we modeled the airport process and analyzed departure passenger arrival, scheduled security manpower under specific customer service level maintenance with mixed integer programming and validate the efficiency with simulation with adapting smart airport framework. We concluded that the airport management with information techniques can reduce waiting time within security and immigration process.

• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제3권9호
• /
• pp.301-310
• /
• 2014

정보의 가용성, 접근성, 안전성을 확보하기 위한 선제적인 정보보호 관리의 부재는 서비스 연속성을 훼손하여 고객에게 뿐만 아니라 조직의 성과와 경쟁력에 심각한 리스크를 가져다 줄 수 있다. 본 연구는 정보보호 성숙도가 조직성과에 미치는 영향을 분석하기 위하여 문헌 조사를 통해 조직성과, 위험 관리 프로세스 성숙도, 위험 평가 프로세스 성숙도, 정보보호 정책지표를 포함하는 연구모형을 만들고 설문을 통한 실증 분석을 하였다. 연구결과 위험 관리 및 위험 평가의 프로세스 성숙도와 조직성과 간에는 높은 인과 관계가 있는 것으로 나타났다. 하지만 정보보호 인력비율, 정보보호 예산비율에 따라 정보보호 성숙도가 조직성과에 미치는 영향은 차이가 없는 것으로 나타났다. 이는 정보보호 성숙도 수준은 조직성과에 영향을 미치나, 실효성이 검증되지 않은 정보보호 정책 및 규제는 정보보호 성숙도가 조직의 성과 향상의 촉매제로 활용하는데 한계가 있음을 시사하고 있다.

• Journal of Information Technology Applications and Management
• /
• 제15권1호
• /
• pp.139-152
• /
• 2008

Recently organizations identify information security as one of essential means for gaining competitive advantage. However, they do not actively increase investment in this area because they consider spending for information security as a cost rather than an investment. This is because organizations don't have a clear understanding of information security objectives which can be achieved through investment, and they don't have criteria for alternatives which can be considered in information security investment decision-making. In this paper we propose to model the decision-making process of information security investment by the AHP (Analytic Hierarchy Process). The results will show that availability is the most important criterion for the decision of information security alternatives, and intrusion detection is the most important information security alternative. We hope that the results of this paper provide a guideline for clear decision-making in information security investment.

• 정보보호학회논문지
• /
• 제21권4호
• /
• pp.77-87
• /
• 2011

다양한 기기와 서비스를 기반으로 정보서비스가 민간 및 공공 부문에 보편화됨에 따라 제품 및 서비스의 개발 및 관리, 개인정보보호, 위기관리 및 안전보장 등의 업무를 수행하기 위해 지식정보보안이 중요한 역할을 담당하고 있다. 이에 따라, 지식정보보안산업의 중요성은 더욱 부각되고 있으며 장기적이고 안정적인 산업의 발전을 위하여 실제 보안 업무를 수행하는 지식정보보안인력 확보에 많은 관심이 쏠리고 있다. 본 연구에서는 지식정보보안 전문인력에 대한 효율적인 양성방안을 한국인터넷진흥원(KISA)이 2009년부터 운영하고 있는 'KISA 고용계약형 석사과정 지원사업'의 유망지원분야 선정의 예를 들어 제시한다. 사업에 참여자 및 참여 희망자 대상의 설문 조사와 전문가 대상의 인터뷰 결과를 정리한 결과, KISA 고용계약형 석사과정 지원사업의 유망 지원 분야로는 모바일 보안, 융합 보안의 순서로 유망한 것으로 분석되었다.

• 한국컴퓨터정보학회논문지
• /
• 제20권8호
• /
• pp.35-43
• /
• 2015

Recently, internal information leaks is increasing rapidly by internal employees and authorized outsourcing personnel. In this paper, we propose a method to integrate internal control systems like system access control system and Digital Rights Managements and so on through expansion model of SIEM(Security Information Event Management system). this model performs a analysis step of security event link type and validation process. It develops unit scenarios to react illegal acts for personal information processing system and acts to bypass the internal security system through 5W1H view. It has a feature that derives systematic integration scenarios by integrating unit scenarios. we integrated internal control systems like access control system and Digital Rights Managements and so on through expansion model of Security Information Event Management system to defend leakage of internal information and customer information. We compared existing defense system with the case of the expansion model construction. It shows that expanding SIEM was more effectively.

• 한국시뮬레이션학회논문지
• /
• 제18권2호
• /
• pp.1-8
• /
• 2009

이종의 분산환경에서 다양한 보안시스템에 대한 효율적인 보안 관리를 위해서 관리자는 보안 시스템들이 설치된 네트워크 환경에 대한 사전에 전문적인 보안 지식을 갖고 있어야하며, 개방형 네트워크 환경의 경우 새로운 보안시스템이 추가되면 새로운 보안 정책과 기술을 적용해야 한다. 이는 전산망 운영 기관의 보안 관리 비용을 가중시키며 체계적이고 일괄적인 보안 정책 및 기술 구현을 불가능하게 하여 오히려 보안 문제를 야기시키는 역기능을 초래할 수 있다. 그리고, 보안 제품의 개발과 공급이 다수의 공급자에 의해서 공급되므로 서로 상이한 특성을 갖는 보안 시스템들로 구성된 보안 관리 구조의 효율적인 운용과 유지에 상당한 어려움이 있다. 이에 본 논문에서는 이종의 보안시스템을 관리하는 통합보안시스템의 보안정책을 Z-Notation을 통해서 정의하고 통합관리에서 발생되는 정책 충돌 문제를 대표적인 보안시스템인 침입차단시스템(Firewall : 방화벽)을 대상으로 모델링하고 이를 해결하는 알고리즘을 제시하고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제23권2호
• /
• pp.96-100
• /
• 2023

In this paper, each inconsistency management process activities was addressed. In addition, a guideline to deal with inconsistency by viewpoints method are introduced. At the end of the paper you should have clear idea to support inconsistency management in future research and having good knowledge of inconsistency management process activities and research issues. Moreover, it gives the researcher ability to design new framework by using powerful concept in inconsistency management and viewpoint techniques. The paper is organized as follows: an introduction is presented in section one, section two contains process viewpoint, while section three includes the proposed model and conclusions are in section four.