• The KIPS Transactions:PartC
• /
• v.14C no.2
• /
• pp.115-122
• /
• 2007

US is strengthening the information security by managing federal agency's information and information system systematically. For this purpose. US government put the Federal Information Security Management Act into the E Government Act of 2002. According to the FISMA, it is required to have information securitv management plan for all federal agencies. In addition that, OMB Circular A II requires all federal agencies to identity the ratio of information security investment. That is the basis of strengthening the information security of federal agency, This paper will compare the budget status and information security mechanism of Korea and US.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.4
• /
• pp.39-43
• /
• 2020

Currently, the nation's military is facing a real threat due to a reduction in military service resources and shorter service periods. Based on the military view that puts security first, the military tried to draw its impact and implications on the future army by reflecting the general objective content that the Ministry of National Defense and other government agencies and international agencies share. In other words, this study looks at the direction of the perception of mainstream perspectives (realism, liberalism) on international order, and presents the direction and framework for establishing future security strategies for the Korean Peninsula on the basis of military relevance that reflects the essential characteristics of military organizations contributing to national security on the theory and prospects of international order.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.209-220
• /
• 2010

Evaluating performance in public sector aims to enhance the efficiency of organizations. Evaluating the efficiency which is the ratio between input and output, organizations set directions of improvement. This research applied Data Envelopment Analysis(DEA) useful to evaluating the efficiency of organizations in public sector. Decision Making Units(DMU) of this research are 21 Information Security Organizations of departments/agencies. As the results, the mean of efficiency score of 21 DMUs is a little more than 50%. Means of departments(8 DMUs) and agencies/committees(11 DMUs) are similar to the total efficiency score. For these results, the decision makers of the information security organizations in public sector have to strive to improve the inefficiency.

• Nuclear Engineering and Technology
• /
• v.55 no.1
• /
• pp.25-36
• /
• 2023

Nuclear power plants have recognized the importance of nuclear cybersecurity. Based on regulatory guidelines and security-related standards issued by regulatory agencies around the world including IAEA, NRC, and KINAC, nuclear operating organizations and related systems manufacturing organizations, design companies, and regulatory agencies are considering methods to prepare for nuclear cybersecurity. Cryptographic algorithms have to be developed and applied in order to meet nuclear cybersecurity requirements. This paper presents methodologies for validating cryptographic algorithms that should be continuously applied at the critical control system of I&C in NPPs. Through the proposed schemes, validation programs are developed in the PLC, which is a critical system of a NPP's I&C, and the validation program is verified through simulation results. Since the development of a cryptographic algorithm validation program for critical digital systems of NPPs has not been carried out, the methodologies proposed in this paper could provide guidelines for Cryptographic Module Validation Modeling for Control Systems in NPPs. In particular, among several CMVP, specific testing techniques for ECB mode-based block ciphers are introduced with program codes and validation models.

• Journal of Information Technology Applications and Management
• /
• v.26 no.5
• /
• pp.13-25
• /
• 2019

Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2007-2013
• /
• 2016

It was found to have hacking attempts totaling 115,000 to target the public sector since 2011 to 2015. National Intelligence Service was conducting survey information security management states of a wide range of national-public institutions up to 800 including government agencies in the 2012, while instructing to complement shortcomings. However, there is still going to occur invasions, such as Korea Hydro & Nuclear Power hacking. Even though KHNP's security personnel was only 53 people, in the total 20,000 workforces, got the almost perfect score in the 2013 and 2014 related to information security personnel. Through them, we can confirm that between the organizational response to information security incidents and something theoretical is very far. In this paper, we suggest solutions not using the professional staff management but the non-professional staff management to upgrade the level of public agencies information security.

• International journal of advanced smart convergence
• /
• v.11 no.3
• /
• pp.7-16
• /
• 2022

The targets of cyber-attacks are not limited to the websites and internal IT systems of shipping agencies. Ships and ports have become important targets for cyber attackers. This paper examines the current state of ship network security, introduces the International Maritime Organization's resolution on ship network security management, and summarizing the cyber-attacks in maritime so the readers can have a general understanding of maritime environment.

• Journal of the Society of Disaster Information
• /
• v.10 no.4
• /
• pp.536-547
• /
• 2014

With the changing safety services and social order systems accompanied by the economic development and changing public security environment since the Chinese economic reform, the security service industry in China is growing daily and related problems are increasing. For the Chinese security service market to be activated, the monopoly of security services by the public security agencies must be removed. In addition, the research and development, expansion, and applications of safety and crime prevention technologies regarding the safety and protection of exhibition, sales, culture, sports, commerce activities, combinations of safety technologies and crime prevention processes, the provision of relevant technical operations, and the expansion of security service areas are required. Furthermore, the administration rights, property rights, and business management rights of security companies must be separated, the security headquarters must be integrated and coordinated for optimization of various resources solely by market needs, and their rights and affiliation relations must be clear. Besides, the competitiveness of security companies in the security service market must be enhanced by unifying the business management, and optimizing and sharing their resources. The security service ordinances of China that have been implemented now must be applied realistically, methods to activate the true market economy for security services must be researched, and various ordinances related to security services must be realigned in line with the characteristics of security services. Finally, for the mutual cooperation system between public and private security services, the public security agencies must acknowledge the importance of private security services and the status of security service providers in crime prevention and social order maintenance. They must establish partnership relations with each other beyond the unilateral direction and management system for security services and drive with positive attitudes the security service industry which is still in its infancy.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.19-24
• /
• 2022

The main purpose of the study is to analyze the current state of the organization's information security system in the context of COVID-19 on the basis of public-private partnership. The development of public-private interaction in information security is one of the priorities of the state policy of many estates. Among the priorities of public-private partnership in cybersecurity and information security, there is an expansion of interaction between government agencies and private scientific institutions, public associations and volunteer organizations, including in training, as well as increasing the digital literacy of citizens and the security culture in cyberspace. As a result of the study, the foundations of the organization's information security system in the context of COVID 19 were formed on the basis of public-private partnership.

• Journal of Korean Society of Disaster and Security
• /
• v.6 no.1
• /
• pp.47-53
• /
• 2013

Standard Incident Command System in Korea is that Incident Command System for Emergency Rescue Operation, which is commanded only by Fire Fighting Agencies. However, in the event of a disaster such as the flood, storm, or landslide disaster, there are many disaster response activities performed by the General Public Officers at the disaster on-scene. Yet, there isn't an Natural Disaster Command System for the General Public Officers in Korea. Thus, we have studied the response activities needed cooperation among agencies and proposed some considerations of the Natural Disaster Command System for General Public Officers. The system will be useful to response and recover disaster rapidly, seamlessly, and cooperatively among General Public Officers and the related agencies.