• Journal of information and communication convergence engineering
• /
• v.9 no.6
• /
• pp.701-705
• /
• 2011

RFID is a widely adopted in the field of identification technology these days. Radio Frequency IDentification (RFID) has wide applications in many areas including manufacturing, healthcare, and transportation. Because limited resource RFID tags are used, various risks could threaten their abilities to provide essential services to users. A number of RFID protocols have done by researcher in order to protect against some malicious attacks and threat. Existing RFID protocols are able to resolve a number of security and privacy issues, but still unable to overcome other security & privacy related issues. In this paper, we analyses security schemes and vulnerability in RFID application. Considering this RFID security issues, we survey the security threats and open problems related to issues by means of information security and privacy. Neither a symmetric nor an asymmetric cryptographic deployment is necessarily used with light weighted algorithm in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.113-127
• /
• 2000

It is an essential prior condition that information security of all sorts of administration-information on line for E-Government. Every country including United Slates has been constructing and managing Government PKI(Public Key Infrastructure) of information security of one\`s own authentication, confidentiality, integrity, non-repudiation in administration environment on line for information security base construction of E-Government. In this paper, we present an efficient GPKI(Government PKI) implementation suitable for Korea actual circumstance through study and analysis of superior case such as United State.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.693-696
• /
• 2013

Information protection system (Information protection system)-based IT environment built popularity in public agencies and businesses take advantage of the resources for the integration of the information system one essential environment began to recognize, cloud systems (Cloud System), cloud security (Cloud Security), big data (Big Data), big data security (Big Data Security), industrial security (Security Industry), as well as the issue. Due to the influence of these information protection system (Information protection system) in response to my external security threats based on the analysis plan. In this paper, data protection systems (Information protection system), resulting in the introduction, there are a number of security threats and particularly industrial security aspects and internal and external security threats in response by lighting about aspects of the plan is based on knowledge.

• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.9-18
• /
• 2004

This paper is to analyze security and technical problem of NEIS and suggest an improving methods about the effective system. Therefore questionnaire was performed in the five items with security as well as technical problem of NEIS to primary and secondary school teachers. The result of questionnaire analysis on each item is that they think of NEIS as the essential system for the age of information, despite problems such as the invasion of human right and security as well as reveal of personal data.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.7-21
• /
• 2009

Strategies have to be employed in information systems security in order to build and operate systems for information systems security in effective and structured manner. It is also essential for the entire organization to participate for successful implementation of the strategies and making them work. Current researches on information systems security strategy in organizations, however, have mainly been focused on deployment and operation of countermeasures based on strategic thinking and decision. In consequence, it is lack of research on overall frame for containing consideration factors required for moving and leading the whole enterprise for the holistic security purpose. Therefore, this paper proposes a framework for use in establishment of organization-wide information systems security strategies based on the concept of grand strategy from the traditional strategy research and on the four dimensional features of it.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.141-144
• /
• 2004

The Common Criteria (CC) philosophy is to provide assurance based upon an evaluation of the IT product or system that is to be trusted. Evaluation has been the traditional means of providing assurance. It is essential that not only the customer' srequirements for software functionality should be satisfied but also the security requirements imposed on the software development should be effectively analyzed and implemented in contributing to the security objectives of customer's requirements. Unless suitable requirements are established at the start of the software development process, the resulting end product, however well engineered, may not meet the objectives of its anticipated consumers. By the security evaluation, customer can sure about the quality of the products or systems they will buy and operate. In this paper, we propose a selection guide for If products by showing relationship between security engineering and security evaluation and make help user and customer select appropriate products or system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.915-920
• /
• 2015

The commitment of top management is still insufficient for information security even the core of information security governance is dependent on the leadership of top management. In this situation, information security committee can be a good way to vitalize the commitment of top management and its activities are essential for implementing information security governance. The purpose of this study is to test that information security committee affects implementing information security governance and security effect. For a empirical analysis, questionnaire survey was conducted and the PLS(Partial Least Square) was used to analyze the measurement and structural model. The study result shows that a hypothesis related value delivery is not accepted and it is required to study various methods about how the information security provides positive value to business.

• Information Systems Review
• /
• v.11 no.2
• /
• pp.113-129
• /
• 2009

With increasing interest in information security, many studies have been conducted on cultivation and management of information security manpower. The widespread application of information security made the activity of information security professionals more diverse. Therefore, it is essential to analyze the knowledge and skills that are necessary for information security professionals to carry out their job and we also need to take these into considerations for the development and operation of education programs. In this study, for analyzing the perception gaps of information security knowledge and skills level between academia and industry, we have derived 58 knowledge and skills by conducting the literature review and Delphi method and we also conducted a survey of information security knowledge and skills requirements for information security professionals who are now working in industries and educational organizations. As a result, we analyze the perception gaps between two groups of information security professionals and suggest some guidelines for establishing the demand-based curriculum for training information security professionals.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.13-19
• /
• 2010

The flow of time, depending on the company's ongoing business link to guarantee the proportion of much greater importance, it in the organization as part of an enterprise-wide level, rather than acting on the information society has been considered as the topic of race. Information Security Governance, the integrity of the information, service continuity, the three kinds of information asset protection purpose begins. It is essential for corporate governance, transparency should be part, must be aligned with the IT framework. Existing information security governance framework that small businesses a wide range of governance issues and interests have never had. Therefore, we simplified the information security governance framework is proposed, and solve problems, and propose a framework for analysis of the safety and efficiency through the analysis of the effectiveness of the proposed method were discussed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.989-992
• /
• 2007

In this paper we introduce a new paradigm of physical layer security for wireless network. Existing security protocols like internet's transport layer security protocol has some security flaws that skilled hackers could exploit. Motivated from this point we introduce a new security protocol that works in physical layer which is much less vulnerable to hackers than any other higher layers. In our proposal, we incorporate the proposed security protocol within channel coding as channel coding is an essential part of wireless communication. We utilize the flexibility to choose a generator matrix (or generator polynomial) of a particular code that selects the code words as a core of our protocol. Each pair of wireless node will select a unique generator using their security key before they started to communicate with each other.