• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.39-44
• /
• 2017

The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1279-1294
• /
• 2016

Information security to use information technology(IT) in safety and reliability environment is becoming of great importance. In advanced countries including United States and United Kingdom are consistently expanding budget for information security. Korea also has been a growing interest in information security and Korea government announced plan to develop information security into next-generation growth engine. However, information security budget has increased slightly in recent years, so many national institutions and state governments have budget shortfall to perform information security work. Moreover budget items do not include generic contents about information security and there are confined to some security SW, HW and services. It is necessary to expand information security budget for enhancement national capabilities of information security. In this paper, we analyze the IT and information security budget situation for Korea and United States and propose effective budget expansion and improvement approaches for Korea.

• Journal of the Korean Professional Engineers Association
• /
• v.16 no.1
• /
• pp.20-34
• /
• 1983

A phenomenon in the unplanned urban sprawl of Cheong-ju city has to be rest-rained from disposing and to develop, though progress in urbanization inevitably decreases rural area. So, this thesis aims at reviewing, revising and guiding toward the more effective land use planning practice and zoning mechanism and system of Cheong-ju city. I proposed that land use planning should be had several factors and thereupon that Korean zoning mechanism and system including Building Code should be amended because of inducing human activities in buildings and facilities not to demarcate and plan every one of them. First, the factors of urban planning are a rather diversified approach to it than a unified, supplementation of the applicable difference in time between preparing and appling it, a solid controlling system, a micro and macro planning theory and giving serious consideration for the inertia from the existing land use. Second, the applicable amendments for our zoning mechanism including Eluding Code are as follows; a need of reorganization for Zoning Ordinance appricated to different regulation concerning a scale and peculiarity of a oily, a decision of the different earmarked confinement in area to different zone ana from Zoning Ordinance in City Planning Law, a demarcated facilities and the more detailed land use concerning human activies than the exsisting and entrusting decision on the ways and processes of it to every rural city planning committee, a settlement of zone ana area considering for block-unit and Planned Unit Development(P. U. D.), and a need of security jurisprudence in order to solve the zoning regulation rather in City Planning Law than in Building Code that our zoning regulation and controlling system are depended on. According to these applicable amendments to Cheong-ju city, I proposed the conceptions of Cheong-ju city land use planning are as follows; a reinforcement with one cored pattern of urban land use, a selection of gradual urban sprawl by way of city development and renewal, a strengthening accessibility to the core of the city with Plurizing the system of arterial roads, a choice of priority to conservation at the core of tile city and security of open spaces and parking area at the area of the city, a harmonization between development and conservation at the inner ring area that is situated between the core and periphery reserved area in order to develop in the future, a buffered open space situated at the congested area with heterogenous functions, and a completion of urban open space system. The proposal made here so far is for the hope of the better structure of Cheong-ju city that should be granted to the peculiarity developed with educational, cultural, conservative and self-sufficient city functions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.471-478
• /
• 2013

Industrial control system was designed mainly in the form of analog in early days. However, necessity of digital system engineering is increasing recently because systems become complicated. Consequently, stability of digital systems is improved so most industrial control systems are designed with digital. Because Using digital design of Industrial control system is expanded, various threatening possibilities such as penetration or destruction of systems are increasing enormously. Domestic and overseas researchers accordingly make a multilateral effort into risk analysis and preparing countermeasures. In this paper, this report chooses common security requirement in industrial control system and nuclear control system through relevant guidelines analysis. In addition, this report suggests the development plan of nuclear cyber security system which will be an essential ingredient of planning approvals.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.26 no.3
• /
• pp.281-301
• /
• 2023

The shipboard combat system is a key system for naval combat that supports a command and control process cycle consisting of Detect - Control - Engage in real time to ensure ship viability and conduct combat missions. Modern combat systems were developed on the basis of Open Architecture(OA) to maximize acceptance of latest technology and interoperability between systems, and actively introduced the COTS(Commercial-of-the-shelf). However, as a result of that, vulnerabilities inherent in COTS SW and HW also occurred in the combat system. The importance of combat system cybersecurity is being emphasized but cybersecurity research reflecting the characteristics of the combat system is still lacking in Korea. Therefore, in this paper, we systematically identify combat system threats by applying Data Flow Diagram, Microsoft STRIDE threat modelling methodology. The threats were analyzed using the Attack Tree & Misuse case. Finally we derived the applicable security requirements which can be used at stages of planning and designing combat system and verified security requirements through NIST 800-53 security control items.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.167-174
• /
• 2015

Information security organization has normally been organized under the IT department. However, as the importance of information security has gradually increased, the way of information security organized for enterprise security management has become a noteworthy issue. The need for separation of Information security organization from IT department is growing, such as restriction on the concurrent positions in CIO and CISO. Nowadays there are many studies about Information security organization while relatively there has been minimal research regarding a departmentalization. For these reasons this study proposes a Information Security Departmentalization Model which is based on business risk and reliance on the IT for effectively organizing Information security organization, using Contingency theory. In addition, this study classified the position of Information security organization into Planning & Coordination, Internal Control, Management and IT and analyze the strengths and weaknesses of each case.

• Journal of information and communication convergence engineering
• /
• v.18 no.1
• /
• pp.39-48
• /
• 2020

Information-security management systems (ISMSs) are becoming very important, even for micro, small, and medium enterprises (MSMEs). However, implementing an ISMS is not an easy task. Many obstacles must be overcome, e.g., complexity, document tracking, competency management, and even changing cultures. The objective of our study is to provide ISMS application tools, based on ISO 27001:2013 ISM frameworks. The application was developed on the Odoo Open Enterprise Resource Planning platform. To validate its feasibility for future improvement, the application was implemented by an MSME company. For this implementation, information-security-related users gave their feedback through a questionnaire. The distributed feedback questionnaire consists of nine assessment parameters, covering topics from the application's technical aspects to users' experiences. Based on the questionnaire feedback, all users of the application were satisfied with its performance.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.06a
• /
• pp.408-416
• /
• 2002

네트워크의 발달과 인터넷의 생활화로 컴퓨터 보안이 시대적인 중요문제로 부각하고 있다. 요즘 해킹으로 발생하는 재정적 손실은 특별하게 큰 사건이 아닌 경우에 언론에 보도되지 않을 정도로 만성적인 현상으로 인식되고 있으며 컴퓨터 범죄는 어느정도 사회현상의 하나로 여겨질 정도다. 그러나 컴퓨터 범죄를 퇴치하고 컴퓨터보안의 완벽성을 유지하고자 하는 기술적인 노력은 지속적으로 전개되고 있으나 컴퓨터 범죄는 오히려 늘어가고 있는 추세다. 이에따라 컴퓨터 범죄등 컴퓨터보안관리가 기술적인 수준에 머물지 않는 성격을 갖추고 있다는 인식이 최근들어 확산하고 있다고 할 수 있다. 이 논문은 이런 인식에서부터 출발해 새로운 개념으로 등장한 전사적 보안관리 (Enterprise Security Planning)와 컴퓨터 보안 위험 관리(Computer Security Risk Management)의 개념에 대한 이해를 중점적으로 제기했다. 또 컴퓨터 보안위험관리의 과정을 단계별로 검토해 컴퓨터 보안위험관리를 체계적으로 이해할수 있도록 제시했다. 마지막으로 본 논문은 전사적 보안관리와 컴퓨터 보안위험 관리차원에서 기업이 보안관리를 위해 갖춰야 할 새로운 흐름들, 예를 들어 보안관리자(Chief Security Officer) 제도와 보안보험 가입등 보안정책을 제시함으로써 컴퓨터범죄로부터 기업이 최대한의 안전성을 확보할 수 있는 경영전략의 틀을 제시했다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.243-245
• /
• 2017

In the face recognition technology, which has been studied a lot, the security of the face recognition technology is improved by receiving the depth data as a weak point for the 2D. In this paper, we expect the effect of cost reduction by enhancing the security of 2D by taking new features of eye flicker that each person possesses as new data information.

• Korean Institute of Interior Design Journal
• /
• v.20 no.4
• /
• pp.163-173
• /
• 2011

Now, 1 person or 2 people households have increased in Korea. But the quality of living environment of small houses and small houses supply for university students are insufficient. The purpose of this study is to propose the types and spaces of small houses, and the elements and types of interior space planning of small houses for university students. This study surveyed 293 university students lived in metropolitan area. And the methods of this study are literature review and survey. Through this study, the conclusions of this study are as follows. First, the types of small houses are 9 types, and the types of interior space planning of small houses are 10 types. Seconds, the introduction of natural elements and spatial separation based on openness in small houses for university students are necessary. Thirds, the spatial planning for security and safety in small houses for university students are necessary. Fourth, the planning of various storage space and space maintenance of small houses are necessary. Fifths, generally, the consideration of functional elements as 'safety', 'storage', and natural elements as 'ventilation', 'view' and 'daylighting' in small houses are necessary for university students.