• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39C no.8
• /
• pp.716-721
• /
• 2014

This paper proposes how to prevent of vulnerability from IP address attack of Oracle DB by C program environments. An attacker may try to login DB by connectng remote IP address. Recently an attacker use foreign IP address and try to connect to DB using known DB account. Therefore, DB data is frequently disclosed. I propose a new idea that develops specific IP address blocking module in C program in the Oracle DB. By this module, we can use the Oracle DB safely.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1261-1266
• /
• 2021

Existing information security risk assessment methods focus on evaluating the vulnerability of information assets. However, when the form of information assets changes and new types of information assets emerge, there is a limitation in that the evaluation standards for them are also added or deleted. Existing methods have insufficient research on the path through which cyber threats are introduced. In particular, there is very little research on blocking the inflow path for web-based information systems with public IPs. Therefore, this paper introduces the main research contents of the BDLA (Blockade and Defense Level Analysis)-based information security risk assessment model. In addition, by applying the BDLA-based information security risk assessment model, the information security risk level was studied by measuring the blockade level and security equipment level of 17 public institutions.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.187-196
• /
• 2020

In order to manage information security risk, various information security level evaluation and information security management system certification have been conducted on a larger scale than ever. However, there are continuous cases of infringement of information protection for companies with excellent information security evaluation and companies with excellent information security management system certification. The existing information security risk management methodology identifies and analyzes risks by identifying information assets inside the information system. Existing information security risk management methodology lacks a review of where cyber threats come from and whether security devices are properly operated for each route. In order to improve the current risk management plan, it is necessary to look at where cyber threats come from and improve the containment level for each inflow section to absolutely reduce unnecessary cyber threats. In addition, it is essential to measure and improve the appropriate configuration and operational level of security equipment that is currently overlooked in the risk management methodology. It is necessary to block and enter cyber threats as much as possible, and to detect and respond to cyber threats that inevitably pass through open niches and use security devices. Therefore, this paper proposes additional evaluation items for evaluating the containment level against cyber threats in the ISMS-P authentication items and vulnerability analysis and evaluation items for major information and communication infrastructures, and evaluates the level of security equipment configuration for each inflow.