• Title/Summary/Keyword: enterprise security management

Search Result 209, Processing Time 0.028 seconds

The Study on Corporate Information Security Governance Model for CEO (최고경영자를 위한 기업 정보보호 거버넌스 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.17 no.1
    • /
    • pp.39-44
    • /
    • 2017
  • The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

A Study on the Evaluation Indices for Evaluation of the Information Security Level on the Enterprise Organization (기업의 정보보호 수준 평가를 위한 평가지표)

  • Na, Yun-Ji;Ko, Il-Seok;Cho, Young-Suk
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.135-144
    • /
    • 2006
  • Until now, most of the evaluation systems have performed evaluation with an emphasis on in-formation security products. However, evaluating information security level for an enterprise needs analysis of the whole enterprise organization, and a synthetic and systematic evaluation system based on it. In this study we subdivided the information security elements of the whole enterprise such as planning, environment, support, technology, and management; developed indices based on them; finally, made the information security level of the whole enterprise organization possible to be measured. And we tried to grasp the information security level of the whole enterprise organization and develop an evaluation system of information security level for suggesting a more developing direction of information security.

  • PDF

Tools for Improving the Efficiency of the Economic Security of Enterprises in Face of the Competitiveness Intensification

  • Turylo, Anatolii M.;Sharko, Vitalii;Fesun, Iryna;Stadnyk, Viktoriya;Andrusenko, Nadiia
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.3
    • /
    • pp.53-60
    • /
    • 2022
  • The article examines the problems of ensuring the effectiveness of the economic security system in the face of increasing competition. The relevance of the study is determined by the intensification of competition between enterprises and the threats arising from this phenomenon. The methodological basis is the methods used: analysis and synthesis - to identify the main trends in the development of tools for economic security of the enterprise; systematization - to highlight the main characteristics of the economic security of the enterprise in the intensification of competition; generalization - to form the general conclusions of the study. The purpose of scientific research is to substantiate the feasibility of using the tools of the economic security system to increase its efficiency in the face of intensifying competition. The main components of the economic security system of the enterprise, which have the greatest impact on the formation of an effective level of economic security. The defining characteristics of the system of economic security of the enterprise are investigated. Special characteristics of the economic security system of the enterprise are considered. The offered directions of tools of maintenance of system of economic safety of the enterprise in competitive conditions: objective, subjective external, subjective internal. For each area, specific tools for ensuring the system of economic security, which affect its efficiency, have been identified.

Design and Implementation of Security Solution Structure to Enhance Inside Security in Enterprise Security Management System (통합보안관리 시스템에서 내부 보안을 향상시킨 보안 솔루션 구조의 설계 및 구현)

  • Kim Seok-Soo;Kang Min-Gyun
    • The Journal of the Korea Contents Association
    • /
    • v.5 no.6
    • /
    • pp.360-367
    • /
    • 2005
  • Corporation's computerization developed by diffusion of internet, and dysfunction of Information is increasing greatly with virus, computing network infringement. Therefore, the today, corporation security is more and more emphasized. Security solution by that importance of security rises so is developing together Security solution is developing to ESM system in existing single system and important thing is function of each security solution and optimizing design of policy. Existent security policy taking a serious view security from external invasion but security of interior the importance rise the today. Accordingly, must construct ESM system of new structure for this. This paper proposes and embodied integration security administration system that solidify interior security utilizing IDS. Experiment external IP and ID access and analyzed the result.

  • PDF

Development of Security Evaluate Model and Test Methodology of Enterprise Security Manageent (ESM) Product (기업보안관리(ESM) 제품의 보안성 평가모델 및 시험방법론 개발)

  • Cha, Young-Hwan;Yang, Hae-Sool
    • The Journal of the Korea Contents Association
    • /
    • v.10 no.6
    • /
    • pp.156-165
    • /
    • 2010
  • ESM(Enterprise Security Management) is representing domestic security management, and there is requirement to enhance it. This paper will evaluate quality of ESM products, understand its quality level, and derive method to improvement so as to develop security evaluation model and test methodology which can support quality enhancement. In addition, it presented the performance test cases and evaluation method to measure product's security quality, and to perform research on the judgement method for the results based on appropriate criteria. Developed quality evaluation model is expected perform important role in evaluating and enhancing the quality of intrusion prevention system.

The Mechanism of Labor Motivation as a Determinant of Economic Security of Enterprises in Competitive Conditions

  • Lagodiienko, Volodymyr;Samoilenko, Viktoria;Pasko, Maryna;Ovod, Larysa;Matsulevych, Yevgeniy
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.2
    • /
    • pp.385-393
    • /
    • 2022
  • In the study of the mechanism of labor motivation as a determinant of economic security of the enterprise in competitive conditions, it was found that motivation is determinant in creating the conditions for production and ensuring the active functioning of the enterprise. It is substantiated that the motivational mechanism is the presence of a system of levers, incentives, measures and other elements for economic and administrative incentives for employees, which are used for incentives to work, increase productivity and safety, and more. The motivational mechanism plays an important role in ensuring the economic security of the enterprise and at the same time is a lever to increase competitiveness in the market. The functions of the mechanism of labor motivation are singled out, among which: explanatory-substantiating, regulative, communicative, socialization, regulating. The stages of occurrence of the motive for the employee are classified. The interrelation of motives and incentives in the mechanism of labor motivation as determinants of economic security of the enterprise in competitive conditions is proved. It is proved that the mechanism of labor motivation as a determinant of economic security of the enterprise in competitive conditions should be aimed at: assistance in forming and achieving goals and objectives of the enterprise and achieving balance and equilibrium of economic goals and social responsibility of the enterprise; ensuring close cooperation between management and employees of the enterprise; focus on building a flexible mechanism; transition to a democratic style of governance and involvement of employees in decision-making.

A Study on Enterprise and Government Information Security Enhancement with Information Security Management System (정보보호관리체계를 통한 기업 및 정부 정보보안 강화 방안에 관한 연구)

  • Park, Chung-Soo;Lee, Dong-Bum;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.15 no.6
    • /
    • pp.1220-1227
    • /
    • 2011
  • According to the development of IT technology, life itself is becoming the change to Knowledge-based systems or information-based systems. However, the development of IT technology, the cyber attack techniques are improving. And DDoS a crisis occurs frequently, such as cyber terrorism has become a major data leakage. In addition, the various paths of attack from malicious code entering information in the system to work for your company for loss and damage to information assets is increasing. In this environment, the need to preserve the organization and users of information assets to perform ongoing inspections risk management processes within the organization should be established. Processes and managerial, technical, and physical systems by establishing an information security management system should be based. Also, we should be introduced information security product for protecting internal assets from the threat of malicious code incoming to inside except system and process establishment. Therefore we proposed enterprise and government information security enhancement scheme through the introduction of information security management system and information security product in this paper.

Design and Implementation of Enterprise Information Security Portal(EISP) System for Financial Companies (금융회사를 위한 기업 정보보호 포털(EISP) 시스템의 설계 및 구현)

  • Kim, Do-Hyeong
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.101-106
    • /
    • 2021
  • To protect financial information, financial companies establish strategies and plans for information security, operate information security management systems, establish and operate information security systems, check vulnerabilities, and secure information. This paper aims to present an information security portal system for financial companies that can gain visibility into various information security activities being undertaken by financial companies and can be integrated and managed. The information security portal system systemizes the activities of the information security department, providing an integrated environment for information security activities to participate from CEOs to executives and employees, not just from the information security department. Through this, it can also be used as information security governance that can be used by top executives to reflect information security in corporate management.

A Study On Enterprise Password Management Recommendations (대규모 조직에서의 패스워드 관리에 관한 권고 고찰)

  • Park, Jin-Sub
    • Journal of National Security and Military Science
    • /
    • s.8
    • /
    • pp.421-465
    • /
    • 2010
  • Passwords are used in many ways to protect data, systems, and networks. Passwords are also used to protect files and other stored information. In addition, passwords are often used in less visible ways for authentication. In this article, We provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems. Organizations need to protect the confidentiality, integrity, and availability of passwords so that all authorized users - and no unauthorized users - can use passwords successfully as needed. Integrity and availability should be ensured by typical data security controls, such as using access control lists to prevent attackers from overwriting passwords and having secured backups of password files. Ensuring the confidentiality of passwords is considerably more challenging and involves a number of security controls along with decisions involving the characteristics of the passwords themselves.

  • PDF

A Study on Generalization of Security Policies for Enterprise Security Management System (통합보안관리시스템을 위한 보안정책 일반화에 관한 연구)

  • Choi, Hyun-H.;Chung, Tai-M.
    • The KIPS Transactions:PartC
    • /
    • v.9C no.6
    • /
    • pp.823-830
    • /
    • 2002
  • Enterprise security management system proposed to properly manage heterogeneous security products is the security management infrastructure designed to avoid needless duplications of management tasks and inter-operate those security products effectively. In this paper, we propose the model of generalized security policies. It is designed to help security management build invulnerable security policies that can unify various existing management infrastructures of security policies. Its goal is not only to improve security strength and increase the management efficiency and convenience but also to make it possible to include different security management infrastructures while building security policies. In the generalization process of security policies. we first diagnose the security status of monitored networks by analyzing security goals, requirements, and security-related information that security agents collect. Next, we decide the security mechanisms and objects for security policies, and then evaluate the properness of them on the basis of security goals, requirements and a policy list. With the generalization process, it is possible to integrate heterogeneous security policies and guarantee the integrity of them by avoiding conflicts or duplications among security policies. And further, it provides convenience to manage many security products existing in large networks.