• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.39-51
• /
• 2017

In October 2016, the NFSA (National Financial Supervisory Authorities) revised the network separation clause of the Regulation on Supervision of Electronic Financial Activities in order to promote the Cloud Computing implementation in the financial sectors. The new regulation, however, limits the Cloud Computing usage to non-critical information and its processing system. Financial institutions that provide customer data analysis and personalized services based on personal data regard current revision as unchanged as before. The implementation of Cloud Computing has greatly contributed to cost reduction, business innovation and is an essential requirement in ever-changing information communication technology environment. To guarantee both security and reliability of the implementation of the Cloud Computing in financial sectors, a considerable amount of research and debate needs to be done. This paper examines current Cloud Computing policies in the Korean financial sector and the challenges associated with it. Finally, the paper identifies policy suggestions based on both European Union and United States' approach as they have successfully introduced Cloud Computing Services for their financial sectors.

• The Journal of the Convergence on Culture Technology
• /
• v.3 no.4
• /
• pp.199-205
• /
• 2017

As cloud computing can utilize the proper allocation of system resources, it can be expected to have great benefits in terms of maintaining availability and reducing costs when a cloud is applied to a financial company's computer system. Although some provisions of the Financial Supervisory Regulation were revised in October 2016, this is limited to non-critical information processing systems, limits are remain whitch the application of cloud computing to the whole computer system of financial companies including electronic financial systems. In this paper, cloud security requirements are studied for the application of financial company's computational infrastructure system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2394-2406
• /
• 2016

ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). In our scheme, data receiver can decrypt the ciphertext if the attributes he owns match with the self-centric policy which is set by the data owner. Besides, a unique identifier is embedded into each user's private key. If a malicious user exposes his private key for illegal data sharing, his identity can be exactly pinpointed by system manager. The key-insulation mechanism guarantees forward and backward security when key exposure happens as well as provides efficient key updating for users in the cloud system. The higher efficiency with proved security make our KI-CPABE-KEA more appropriate for secure data sharing in cloud computing.

• Journal of Digital Convergence
• /
• v.13 no.2
• /
• pp.1-11
• /
• 2015

The growing company that provides high quality service to every customer by introducing a cloud-system organization. However, the information needs of diverse and different, so every cloud system, and acts as a barrier to entry for cloud services provide appropriate. Cloud services are becoming complicated and diversified depending on concerns about cloud security continues, the growing need of professionalism held by the cloud service(Cloud Service Brokerage) CSB companies. Thus, to analyze the various services, find my support legislation, security and compatibility issues, the services of the best new business through service offerings tailored to the environment, and will implement the necessary management services which brokerage (CSB) is. This study presents a brokerage(CSB) development model, and suggested policy measures that apply to the co-op that I am having difficulties in cloud services business models.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.263-269
• /
• 2014

Mobile Cloud Service will provide cloud services through mobile devices. Because storage space constraints and computing process performance limitations of mobile devices, this service will process in the cloud environment after moving works and data that have to process in mobile terminal. The obstacles of mobile cloud service activity will have concerned high about the reliability service, data security, and the confidentiality security. In particular, in convergence of mobile services and cloud services, each threats are expected to be generated complicatedly. In this paper, we define the type of mobile cloud services as well as security threats that can occur in mobile cloud. Also we suggest security countermeasures in mobile app. and enterprises countermeasures. We suggest verification of mobile applications for user information protection about security countermeasures in mobile app. Also we describe the cloud providers responsibility and user responsibility about enterprises countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.695-706
• /
• 2018

In recent years, industrial convergence centered on ICBM (internet of things (IoT), cloud, big data, mobile) has been experiencing rapid development in various fields such as agriculture and the financial industry. In order to prepare for cyber threats, one of the biggest problems facing the convergence industry in the future, the development of the industry must proceed in tandem with a framework of information security. In this study, we analyze the details of the current industrial development policy and related information protection policies using cross impact analysis and present policy priorities through the expert questionnaire. The aim of the study was to clarify the priorities and interrelationships within information security policy as a first step in suggesting effective policy direction. As a result, all six information security policy tasks derived from this study belong to key drivers. Considering the importance of policies, policies such as improving the constitution of the security industry and strengthening of support, training of information protection talent, and investing in the information security industry need to be implemented relatively first.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.27-33
• /
• 2015

In this paper, the development level of information security technology for internet of things(Iot), big data and clo ud services is analyzed, and the detail policy is proposed to be leader in area of patents and ICT standard. The conc ept of ICT convergence is defined frist, market and current state of technology for three convergence services is the n analyzed, and finally main function and security target for each technology are presented. The evaluation criteria a nd IPR are analyzed to diagnose the level of patent and standard for the technology. From the results, even though the domestic competence is inferior compared to other advanced country, the efficient policy should be presented by using our capability for the big data and cloud. Furthermore, the technology development for the IoT and cloud is ne eded in advance considering the market-technology influence effects. In addition to, M2M security framework in IoT, data security in big data and reliable networking in cloud should be developed in advance.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.5
• /
• pp.1041-1051
• /
• 2012

Attack on Cloud Computing, an intensive service solution using network infrastructure recently released, generates service breakdown or intrusive incidents incapacitating developmental platforms, web-based software, or resource services. Therefore, it is needed to conduct research on security for the operational information of three kinds of services (3S': laaS, PaaS, SaaS) supported by the Cloud Computing system and also generated data from the illegal attack on service blocking. This paper aims to build a system providing optimal services as a 4-stage defensive method through the test on the attack and defense of Cloud Computing services. It is a defense policy that conducts 4-stage, orderly and phased access control as follows: controlling the initial access to the network, controlling virtualization services, classifying services for support, and selecting multiple routes. By dispersing the attacks and also monitoring and analyzing to control the access by stage, this study performs defense policy realization and analysis and tests defenses by the types of attack. The research findings will be provided as practical foundational data to realize Cloud Computing service-based defense policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.645-654
• /
• 2012

The South Korean Defense Ministry is planning and pushing forward to conduct a cloud computing pilot project in 2012. Taking into consideration the high-level security necessary in the military as well as wartime duties, if not designed properly, this project may anticipate severe damage to national security and interest. In particular, despite the fact that vulnerability due to inter-Korean confrontation and regular security-related incidents have been triggered, unconditionally conducting a cloud computing pilot project without reviewing not only violates security regulations but also causes various security-related side effects in and outside South Korea. Therefore, this thesis found conditions for conduct of this project by suggesting duties that can apply cloud computing as well as security technology, administration, post-accident matters and conditions for legally solving cloud computing in the military.

• Journal of Internet Computing and Services
• /
• v.13 no.6
• /
• pp.33-40
• /
• 2012

The cloud service has become the significant factor to save the IT operation cost and to improve the productivities in companies. It was introduced to Korea for enterprise services of major companies in 2008. As the increase of recognition for its effect, more small businesses and public institutions plan to introduce the cloud computing services. The cloud computing researches have only focused on the security threats and response technologies to them. Therefore, this research analyzed the importances of responses to security threats in specific domains. The domains were divided into managerial, physical, and technical security. The specific factors in three domains were used for the analysis in this research as well. The ordered logit model was used for the analysis and the analysis results showed that physical security and managerial security are considered to be significantly important in the cloud computing security. The results also presented that the security policy, the control and surveillance to service infrastructure, and application security are highly important in the respect of specific factors. This research will contribute to enterprises or institutions in Korea, which want to introduce the cloud computing services, by aiding the establishment of effective security strategies.