• 융합보안논문지
• /
• 제9권4호
• /
• pp.1-6
• /
• 2009

현재 산업보안의 패러다임은 단순한 보안장비 설치에서 효율적인 운영 관리로 바뀌어 가고 있다. 물리적 보안시스템(출입통제시스템, 영상보안시스템 등)과 IT 통합보안관제시스템이 융합하면 기업의 위험관리 및 보안관리를 통하여 내부자의 정보유출을 획기적으로 예방, 차단하고, 사후 추적등을 가능케 해준다. 즉, 기존의 물리적 보안과 IT 보안인력의 추가적인 확충이 없어도 단시간 내에 체계적인 융합보안관리 프로세스 확립이 가능해져 전문 조직 체제를 상시 운영하는 효과를 기대할 수 있게 된다. 이제 개별 기술로 IT보안 및 물리보안 영역의 보안이벤트 수집 및 통합관리, 보안사고 발생시 사후 연계 추적 관리, 정보유출 보안위반 사항에 대한 패턴 정의 및 실시간 감시, 보안위반 정보유출 시도에 대한 신속한 판단 및 대응/조치, 단계적 체계적 보안정책 수립 및 융합보안의 통합보안관리체계 확립이 필요하다.

• 한국정보과학회논문지:컴퓨팅의 실제 및 레터
• /
• 제10권2호
• /
• pp.199-208
• /
• 2004

본 논문에서는 각 센서에서 수집한 수 많은 경고 메시지중에서 불필요한 정보는 필터링하여, 위험 상태를 크게 4가지의 유형으로 분류하는 SIA 시스템을 제안하고 구현하였다. 또한 제안한 방법을 실제 환경에서 구현하여 현장에서 적용해 본 결과, 실시간으로 이루어지는 네트워크의 위험요소 판정에 도움을 줌으로써 보안관리자가 실질적인 위협에 즉각적으로 대처 할 수 있음을 확인하였다.

• 디지털융복합연구
• /
• 제4권2호
• /
• pp.109-126
• /
• 2006

The United States Intel company and these enterprises which Andy Grove President talks exception are without coming out at the Internet enterprise and the hereafter 5 year back side separately it means the necessity which will write the word which is a Internet enterprise will lose. When that time about, it puts upper volume from the Internet territory which is will open the competition where the relation enterprises are keen the winner will be undertaken the existing enterprises and the place where it receives the footlights where the e-business is many in this recent times which it talks, the reason the whole world becomes connection with the Internet, the frame of the social whole changes and the arrival result completeness sincerity pursuit of information comes to be possible simultaneously, it is changing as the product army which is complicatedly diversified from the product army where the craving of the customer becomes simplification. The consequently quick doctor decision and efficient manufacturing environment construction are demanded and Product Life cycle becomes shortening, the e-Business from the digital management environment which changes suddenly the necessity is plentifully raising its head with plan of competitive power security of the enterprise and management renovation. Successful of the e-business model and failure instances there is a depth from the research which it sees and after trying to investigate, it originated to the advancement of digital environment the strategies and to sleep against the successful model of the e-business for a new management renovation presentation it tries it does.

• 한국정보과학회:학술대회논문집
• /
• 한국정보과학회 2002년도 가을 학술발표논문집 Vol.29 No.2 (3)
• /
• pp.190-192
• /
• 2002

EJB(Enterprise Java Bean)컨테이너에서 보안은 크게 사용자 인증과 빈의 메소드 호출에 대한 접근 제어로 구분된다. 기업이 가지고 운영 중인 다양한 보안 플랫폼 상에 EJB 컨테이너가 구동되기 때문에 EJB 컨테이너는 개별 보안 시스템과 독립적인 방법으로 빈에 대한접근 제어 방법을 정의하고 있다. 본 논문에서는 E504(Enterprise 504) EJB 컨테이너 시스템에서의 사용자 인증 및 접근 제어 방법에 대해 논의한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권9호
• /
• pp.4588-4608
• /
• 2017

The measurement of information security levels is a very important but difficult task. So far, various measurement methods have studied the development of new indices. Note, however, that researches have focused on the problem of attaining a certain level but largely neglecting research focused on the issue of how different types of possible flaws in security controls affect each other and which flaws are more critical because of these effects. Furthermore, applying the same weight across the board to these flaws has made it difficult to identify the relative importance. In this paper, the interrelationships among security flaws that occurred in the security controls of K-ISMS were analyzed, and the relative impact of each security control was measured. Additionally, a case-control study was applied using empirical data to eliminate subjective bias as a shortcoming of expert surveys and comparative studies. The security controls were divided into 2 groups depending on whether or not a security flaw occurs. The experimental results show the impact relationship and the severity among security flaws. We expect these results to be applied as good reference indices when making decisions on the removal of security flaws in an enterprise.

• Industrial Engineering and Management Systems
• /
• 제9권2호
• /
• pp.141-156
• /
• 2010

Despite all attempts to prevent fraud, it continues to be a major threat to industry and government. Traditionally, organizations have focused on fraud prevention rather than detection, to combat fraud. In this paper we present a role mining inspired approach to represent user behaviour in Enterprise Resource Planning (ERP) systems, primarily aimed at detecting opportunities to commit fraud or potentially suspicious activities. We have adapted an approach which uses set theory to create transaction profiles based on analysis of user activity records. Based on these transaction profiles, we propose a set of (1) anomaly types to detect potentially suspicious user behaviour, and (2) scenarios to identify inadequate segregation of duties in an ERP environment. In addition, we present two algorithms to construct a directed acyclic graph to represent relationships between transaction profiles. Experiments were conducted using a real dataset obtained from a teaching environment and a demonstration dataset, both using SAP R/3, presently the predominant ERP system. The results of this empirical research demonstrate the effectiveness of the proposed approach.

• International Journal of Computer Science & Network Security
• /
• 제21권11호
• /
• pp.271-275
• /
• 2021

The article assesses the role of the human factor in management, analyzes the personnel policy, as well as the style and methods of management at the enterprise. The purpose of the article is to study the place and role of personnel management in the general management system of an organization. Particular tasks of the research have been solved: the place and role of personnel management in the system of general management theory have been determined; determined the place of personnel management in the system of modern sciences.

• 한국IT서비스학회지
• /
• 제15권3호
• /
• pp.33-50
• /
• 2016

In a dynamic IT environment, employees often utilize external IT resources to work more efficiently and flexibly. However, the use of external IT resources beyond its control may cause difficulties in the company. This is known as "Shadow IT." In spite of efficiency gains or cost savings, Shadow IT presents problems for companies such as the outflow of enterprise data. To address these problems, appropriate measures are required to maintain a balance between flexibility and control. Therefore, in this study, we developed a new information security management system called AIIMS (Advanced IT service & Information security Management System) and the Shadow IT Evaluation Model. The proposed model reflects a Shadow IT's attributes such as innovativeness, effectiveness, and ripple effect. AIIMS consists of five fields: current analysis; Shadow IT management plans; management process; education and training; and internal audit. There are additional management items and sub-items within these five fields. Using AIIMS, we expect to not only mitigate the potential risks of Shadow IT but also create successful business outcomes. Now is the time to draw to the Light in the Shadow IT.

• 시큐리티연구
• /
• 제55호
• /
• pp.57-73
• /
• 2018

국내 카지노 산업은 기존의 단일 카지노 형태에서 벗어나 선진형 복합 카지노 리조트로 변화를 시도하고 있다. 이와 함께 카지노 기업 차원에서 도박의 부정적인 영향으로 인한 사건사고를 예방하고 대응하는 보안관리 시스템의 중요성이 더욱 부각되고 있다. 이에 본 연구에서는 관련 문헌 분석과 사례연구를 통하여 바람직한 국내 외국인 전용 카지노의 보안관리 운영시스템의 활성화 방안을 모색하고자 하였다. 분석결과, 국내의 외국인 전용 카지노 보안관리 시스템이 카지노 산업 변화에 효과적으로 대응하기 위해서는 첫째, 카지노 보안요원의 보호규정 결여, 둘째, 카지노 보안관리 시스템 이원화로 인한 운영체계 비효율, 셋째, 카지노 보안요원의 체계적인 교육 시스템 부재의 세 가지 영역에서 개선이 필요하다는 결론을 도출하였다. 그리고 이에 대한 개선 방안으로 본 연구에서는 첫째, 카지노 보안요원의 신변 보호를 위한 관계법 개정 검토, 둘째, 카지노 보안요원의 전문성 강화, 셋째, 카지노 보안관리 운영시스템의 단일 운영체계 구축을 제시하였다.

• 아태비즈니스연구
• /
• 제9권3호
• /
• pp.51-69
• /
• 2018

This study intends to investigate the management efficiency of social enterprises according to types based on the portion of the budget for employing disadvantaged social groups, in the region of Gyeonggi-do. Based on the performance list disclosed at Korea Social Enterprise Promotion Agency's website, 126 social enterprises certified during a period of five years from 2013 to 2017, 126 enterprises were analyzed by using data envelopment analysis (DEA) models comparing five types of the enterprises. The types was mainly identified by the job security of disadvantaged social groups. As for measurement variables, the input components included average wage, support fund, and the number of non-vulnerable employees and the number of vulnerable employees, sales, and net income were selected as output variables. In conclusion, the efficiency of Gyeonggi-do social enterprises decreased every year, and thus it is urgent to improve their efficiency, and priority should be given to the employment of vulnerable social groups, which both the job opportunity providing-type and the social service providing-type showed the highest performance.