• Nuclear Engineering and Technology
• /
• v.44 no.8
• /
• pp.919-928
• /
• 2012

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.6
• /
• pp.1192-1213
• /
• 2011

Information security management systems (ISMSs) are used to manage information about their customers and themselves by governments or business organizations following advances in e-commerce, open networks, mobile networks, and Internet banking. This paper explains the existing ISMSs and presents a comparative analysis. The discussion deals with different types of ISMSs. We addressed issues within the existing ISMSs via analysis. Based on these analyses, then we proposes the development of an information security management evaluation system (ISMES). The method can be applied by a self-evaluation of the organization and an evaluation of the organization by the evaluation committee. The contribution of this study enables an organization to refer to and improve its information security levels. The case study can also provide a business organization with an easy method to build ISMS and the reduce cost of information security evaluation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.3
• /
• pp.579-588
• /
• 2009

Enterprises and governments currently utilize COTS (Commercial off-the-Shelf) based information systems which are a kind of component based systems. Especially, COTS are widely utilized as components of information security systems and information systems. This paper suggests an appropriate adaptation level and a cost effective priority to replace security functional components in security environment. To make a cost effective decision on adapting security functional components, this paper develops a hierarchical model of information security technologies and analyzes findings through multiple decision-making criteria.

• Journal of Navigation and Port Research
• /
• v.31 no.9
• /
• pp.779-784
• /
• 2007

This paper describes a new progressive embedded Internet Protocol(IP) camera available for real-time image transmission. It was applied for ship safety and security on seashore area. The functions of developed embedded system was more effective and excellent than conventional systems. Nowadays, each nation has established harbor security systems to jump up their ports to international port. Recently Incheon port has tried to change man security into center security system used by image security system. The security system of Incheon port has some advantages like effectivity of security system and reduction of manpower and cost, installed by image security system with CCTV cameras at the entrance gate and around the fence. Thus in this paper, we have designed and implemented a Personal Digital Assistants(PDA) based Image Surveillance System for Harbor Security using IP Camera under ubiquitous environment. This system has big advantages which are more effective in an emergency and low cost and small manpower than conventional systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6139-6160
• /
• 2018

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.

• Journal of Korea Society of Industrial Information Systems
• /
• v.4 no.4
• /
• pp.137-142
• /
• 1999

This paper applies role-based access control(RBAC) policy for solving security problems when it will be operated business of many field on the Linux sever environments and designed RBAC＿Linux security systems that it is possible to manage security systems on the Linux environments. In this paper, the RBAC_Linux is security system which is designed for applicable on the Linux enviroment The applying RBAC model is based on RBAC96 model due to Sandhu et al. Therefor, the using designed RBAC_Linux security system on the Linux sever system have the advantage of the following: it can be implemented sever system without modifying its source code, high migration, easy and simple of secure managing.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.7 no.5
• /
• pp.255-265
• /
• 2012

A cyber-physical system(CPS) is a collection of cyber and physical components that interact with each other to achieve a particular application. Here, the CPS is emerged the reliability and security problems. Particularly, the defect of reliability in the data/control transmission under the CPS can lead to serious damage. We discuss the reliability and security problem on CPS architecture. Then we would suggest the considerations of cyber security in industrial control systems built with CPS.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.3
• /
• pp.55-68
• /
• 2018

In this paper, we identify and evaluate the information security factors considered in outsourcing development of information systems for defense agency with analytic hierarchy process(AHP). To assess the information security elements, we prepared three groups including the experts of a defense agency, subcontractor managers and subcontractor practitioners who are involved in developing information systems. And the relative importance of security factors were analyzed using questionnaires and responses. As a result of analysis of 27 security factors, factors corresponding to human and physical security as a whole were evaluated as having higher importance. Although there are some differences in the ranking of some importance according to human roles, they can be positive for the implementation of complementary information security. And administrative security and technical security can be relatively insignificant considering that they can be considered as infrastructure of the overall information environment. The result of this paper will be helpful to recognize the difference of perception of information security factors among the persons in the organization where collaboration is activated and to prepare countermeasures against them.

• The Journal of Information Systems
• /
• v.17 no.1
• /
• pp.23-43
• /
• 2008

Nowadays, openness and accessibility of information systems increase security threats from inside and outside of organization. Appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. This study emphasizes on choosing passwords from perspective of information security and investigated user's security awareness affecting behavioral intention. The research model proposed in this study includes user's security belief which is influenced by risk awareness factors such as information assets, threats and vulnerability elements. The risk awareness factors ale derived from risk analysis methodologies for information security. User's risk awareness is a factor influencing the security belief, attitude toward security behavior, and security behavioral intention. According to the result of this study, while vulnerability is not related to the risk awareness, information assets and threats are related to the user's risk awareness. There is a significant relationship between risk awareness and security belief. Also, user's security behavioral intention is significantly affected by security attitude.

• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.5
• /
• pp.159-166
• /
• 2010

From public insecurity, access of wealth, alteration of population structure, and changes of security recognition, physical security has been continuously developed and changed. In these days, typical systems for physical security are unmanned security system using telephone network and security equipment, image recognition system using DVR and camera, and access control system by finger print recognition and RFID cards. However, physical security system is broadening its domain towards ICT based convergence with networked camera, biometrics, individual authentication, and LBS services. This paper proposes main technical trends and various security convergences for future physical security services by classifying the security categories into 3 parts; Individual security for personal protection, IT Convergence for large buildings, and Homeland Security for omni-directional security.