• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.259-273
• /
• 2016

After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.

• Journal of Convergence Society for SMB
• /
• v.6 no.3
• /
• pp.13-19
• /
• 2016

In various ICBM (IoT, Bigdata, Cloud, Mobile) IT convergence environments, IT technologies have been evolved, new information security threats have been occurred. As information security incidents in major public agencies, financial institutions and companies occurred, it was emphasized that the importance of human security was disclosed. Thus, implementing of information security management system could protect hacks and security breaches and respond quickly to accidents so it minimized the sized of loss. In this paper, comparison of human security controls shown in ISO27001, COBIT, NIST 800-53, K-ISMS, Cyber Security Framework such as the main information security management systems was analyzed, and proposed of the security implications about effective controls of human resources security issues.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1425-1435
• /
• 2019

The expanded application of digital controls has raised the issue of cyber security for nuclear facilities. To cope with this, the cyber security technical standard RS-015 for Korean nuclear facilities requires nuclear system developers to apply security functions, analyze known vulnerabilities, and test and evaluate security functions. This requires the development of procedures and methods for testing the suitability of security functions in accordance with the nuclear cyber security technical standards. This study derived the security requirements required at the device level by classifying the details of the technical, operational and administrative security controls of RS-015 and developed procedures and methods to test whether the security functions implemented in the device meet the security requirements. This paper describes the process for developing security function compliance test procedures and methods and presents the developed test cases.

• Journal of Korea Multimedia Society
• /
• v.14 no.1
• /
• pp.15-23
• /
• 2011

In this paper, we propose a keyboard security method that is based on a subclassing. This method doesn't need an additional hardware and can be applied to Web browsers that do not support ActiveX controls. As the users of Web browsers such as Firefox, Safari, Chrome etc. are increased, it is more required to have the keyboard security methods that are based on software and don't use ActiveX controls. Thus we developed the user mode keyboard security method that is based on a subclassing with plugins. Our method doesn't need an additional hardware module and is interoperable with general kernel mode security programs.

• Asia pacific journal of information systems
• /
• v.15 no.2
• /
• pp.65-96
• /
• 2005

It is generally believed that, compared to traditional commerce, Electronic Commerce(EC) is more difficult to gain and sustain customers. One of the major reasons that customers do not use EC is lack of trust. Previous researches on the EC user's trust suggested that risk is an antecedent of trust and the concept of trust is highly related to risk. This study proposed a combined model in which includes the factors based on generic information security risk analysis methodology and trust factors in EC. The objectives of this study are follows; first, investigating the relationship between trust and risk that are antecedent factors of purchase intention, and second, examining the validity of information security risk analysis approach in EC environment. Based on the survey results of 143 MBA students statistical analysis showed that factors like threats and controls were significantly related to risk, but assets did not have statistically significant relationship with risk. Controls and knowledge of EC had meaningful effect on user's trust. This study found that risk analysis methodology which is generally used at organizational level is practically useful at user level on EC environment. In conclusion, the results of this study would be applied to generic situation of information security for analyzing and managing the risk. Besides, this study emphasized that EC vendors need to pay more attention to the information security risk to gain customer's trust.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.251-265
• /
• 2013

Cloud computing provided as a service type by sharing IT resources cannot be activated unless the issue of information security is solved. The enterprise attempts to maximize the efficiency of information and communication resources by introducing cloud computing services. In comparison to the United States and Japan, however, cloud computing service in korea has not been activated because of a lack of confidence in the security. This paper suggests core evaluation criteria and added evaluation criteria which is removed the redundancy of the security controls from existing ISMS for Korean cloud computing through a comparative analysis between domestic and foreign security controls of cloud certification scheme and guidelines and information security management system. A cloud service provider certified ISMS can minimize redundant and unnecessary certification assessment work by considering added evaluation criteria.

• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• Korean Security Journal
• /
• no.8
• /
• pp.197-218
• /
• 2004

This study has been conducted to provide data that contribute to increasing efficiency of 'Private Security', which is cooperated by customer, security companies and the police which carried out 'Public Law Enforcement' and controls security companies. To reach this purpose, we investigated the status of the 'Security Alarm Systems' operated by security service companied in Korea, analyzed arising problems, considered the polices for improving the operational quality. 'Electronic Security Systems' will increase working efficiency in performing 'Private Security'. There can be no two opinions on this matter. Therefore, it can be supposed that the improvement of operational quality of 'Electronic Security System' is an important factor to accomplish security services. 'Security Alarm System' is one of the 'Electronic Security System'. The critical problems in operating 'Security Alarm system' are unnecessary response by false alarm and nuisance alarm. To reduce the problems, it is suggested that security specialist officially licensed should improve security planning, installation and maintenance, and the 'Alarm Verification System' should be introduced with appropriate facilities.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.42
• /
• pp.309-335
• /
• 2009

Over the last several years, regarding to the strategic items, the international community has seen governments make more formal commitments to adopt and implement effective export controls to counter the proliferation of weapons of mass destruction(WMD). United Nations Security Council Resolution 1540(that is "S/RES/1540") stands as the most important of these commitments. Many UN members already have export control laws and regulations in place to prevent the proliferation of weapons of mass destruction. Many members also participate in a variety of formal and informal international arrangements to coordinate their export control efforts. Nonetheless, each of these countries has its own unique legal framework for export controls. This generates considerable diversity in the construction of the specific national legal authorities. Over the last few years, however, a consensus over what constitutes the key elements of effective legal authorities for export controls has begun to emerge. Evidence for this development comes in the identification of best legal authorities or principles at several multilateral conferences on export controls.

• Proceedings of the Korean Radioactive Waste Society Conference
• /
• 2019.05a
• /
• pp.19-20
• /
• 2019