• Title/Summary/Keyword: information protection requirements

Search Result 203, Processing Time 0.018 seconds

A Study on the Security Requirements for Developing Protection Profiles (보호프로파일 개발을 위한 보안요구사항 도출 방법에 관한 연구)

  • Zheng, He;Lee, Kwang-Woo;Kim, Seung-Joo;Won, Dong-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.133-138
    • /
    • 2007
  • As a formal document that expresses a set of security requirements for IT products that meets specific consumer needs in the ISO/IEC 15408(CC, Common Criteria) evaluation, protection profiles are developing by many national agencies and companies recently. Since a protection profile is a criteria for security evaluation when the IT systems and products are introduced, the importance of the protection profile is increasing. However, developing protection profiles are still difficult due to lack of detailed methodology and guidance to analyze security environments or to derive security requirements. In this paper, we analyze foreign instances of developing protection profiles and propose a methodology for deriving security requirements through analyzing the TOE security environment.

A Method to Elicit Privacy Requirements and Build Privacy Assurance Cases for Privacy Friendly System (프라이버시 친화 시스템 개발을 위한 프라이버시 요구사항 도출 및 보증 사례 작성)

  • Cho, Ju Hye;Lee, Seok-Won
    • Journal of KIISE
    • /
    • v.44 no.9
    • /
    • pp.918-931
    • /
    • 2017
  • Recently, the spread of smartphones and various wearable devices has led to increases in the accumulation and usage of personal information. As a result, privacy protection has become an issue. Even though there have been studies and efforts to improve legal and technological security measures for protecting privacy, personal information leakage accidents still occur. Rather than privacy requirements, analysts mostly focus on the implementation of security technology within software development. Previous studies of security requirements strongly focused on supplementing the basic principles and laws for privacy protection and securing privacy requirements without understanding the relationship between privacy and security. As a result, personal information infringement occurs continuously despite the development of security technologies and the revision of the Personal Information Protection Act. Therefore, we need a method for eliciting privacy requirements based on related privacy protection laws that are applicable to software development. We also should clearly specify the relationship between privacy and security. This study aims to elicit privacy requirements and create privacy assurances cases for Privacy Friendly System development.

Vulnerability Countermeasures for Information Security in Smart Work Services (스마트워크 서비스에서 정보보호를 위한 취약성 대응 방안)

  • Kim, Ji Seog;Kim, Dong Soo;Kim, Hee Wan
    • Journal of Service Research and Studies
    • /
    • v.7 no.4
    • /
    • pp.69-81
    • /
    • 2017
  • Smart work refers to enhancing the efficiency of work by utilizing smart devices. Smart work improves business productivity by improving business productivity of companies, reducing costs, but there is a threat to various information protection. To operate telecommuting, mobile office, and smart work center, hardware and software are needed to support various network resources, servers, and platforms. As a result, there are many vulnerabilities to security and information protection that protect information resources. In this paper, we analyze the smart work environment for smart work service and analyze vulnerability for smart work information protection through analysis of IOS27001 and KISA-ISMS. We have developed requirements for information protection requirements for users and service providers. We have developed a solution for information security protection for smart work environments such as common parts, mobile office, telecommuting, and smart work center for security threats and weaknesses per smart work type.

Biometric Information Protection Measures in the Biometric Person Authentication System Using Match-on-Card (Match-on-Card를 사용한 생체 개인 인증 시스템에서의 생체정보 보호대책)

  • 이상곤;조대성
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.40 no.6
    • /
    • pp.237-246
    • /
    • 2003
  • To acquire certificate of security evaluation for information protection Products, it is necessary for a designer to grasp the threats listed in a protection profile and to reflect them in the product design. BDPP is a protection profile for the biometric devices. In this paper, we applied BDPP to a Match-on-Card, and ertracted some security requirements to protect biometric data against threats. We also studied some countermeasures satisfying the security requirements.

Analysis of Stability of PV System using the Eigenvalue according to the Frequency Variation and Requirements of Frequency Protection

  • Seo, Hun-Chul;Kim, Chul-Hwan
    • Journal of Electrical Engineering and Technology
    • /
    • v.7 no.4
    • /
    • pp.480-485
    • /
    • 2012
  • Use of photovoltaic (PV) power generation system will become more widespread in the future due to anticipated cost reduction in PV technology. As the capacity of PV systems increases, a variation of power system frequency may prevent the stable output of PV system. However, the standard for the frequency protection of distributed generation in Korea Electric Power Corporation (KEPCO)'s rule does not include the setting of frequency protection. Therefore, this paper analyzes the correlation between the frequency protection requirements and the stability of grid-connected PV system for the adjustable operating setting of frequency protection. The distribution system interconnected with 3 MW PV system is modeled by Matlab/Simulink. The various values of frequency are simulated. For studied cases, the stability of PV system is analyzed. It is concluded that the setting of frequency protection is necessary to consider the stability of PV system.

A Study for the Measurement Method of Electromagnetic Field Strength of Power Line Communications Modem (전력선통신모뎀의 전자계강도 측정방법 연구)

  • Jang Dong-Won
    • 한국정보통신설비학회:학술대회논문집
    • /
    • 2006.08a
    • /
    • pp.162-165
    • /
    • 2006
  • This paper describes a measurement method for electromagnetic field strength of power-line communications(PLC) modem. First it outlines the technology used in PLC modems, and the technical regulation being offered to the technology, from the point of view of its effect on electromagnetic compatibility (EMC). The radio spectrum needs protection from other interferers, and there is a regime in place to provide this protection. Difficulties in achieving compatibility between the requirements for radio protection and the requirements for operation of the PLC modem mean that there is no consensus as yet as to how PLC modem components can be made compliant with EMC requirements globally. It is concluded that there is a measurement method according to CISPR standards which satisfy requirements in domestic regulation.

  • PDF

A Study on the Fire Protection Safety of the Public-utilization Shops (다중이용업소의 소방안전기준에 관한 연구)

  • Kim, Yeob-rae
    • Journal of the Society of Disaster Information
    • /
    • v.5 no.2
    • /
    • pp.10-21
    • /
    • 2009
  • This study contains the fire protection safety of the public-utilization shops. The toll of fires in the public-utilization shops is so heavy in spite the less occurency. The shops are mostly compartmented into small rooms by partition wall which hinders the evacuation of the people on fire. This study provides additional requirements on the fire safety of the public-utilization shops needed for human life and property.

  • PDF

Security Evaluation Criteria for Firewalls in Kirea

  • Lee, Cheol-Won;Hong, Ki-Yoong;Kim, Hak-Beom;Oh, Kyeong-Hee;Kwon, Hyun-Jo;Sim, Joo-Geol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.8 no.3
    • /
    • pp.63-78
    • /
    • 1998
  • Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)

The Simplified V2V Communication Authentication Service for Privacy Protection (프라이버시 보호를 위한 V2V 통신 인증 서비스의 간략화)

  • Park, Sung-Su;Han, Keun-hee;Kim, Keecheon
    • Journal of Internet of Things and Convergence
    • /
    • v.2 no.1
    • /
    • pp.35-40
    • /
    • 2016
  • One of the next generation of automotive V2V communication technology is a core technology for next-generation ITS as a technique used for communications between the vehicle. Looking at the existing V2V communication using the pseudonym certificate authentication service structure to meet the security requirements for privacy protection. Since the issuance of multiple certificates when needed authority in issuing and managing to use the pseudonym certificate issued once and it takes a lot of time. In this paper, we present the method utilizing a vehicle ID to meet the security requirements for the privacy protection without the use of a pseudonym certificate.

A Study on Methods of Interference Avoidance between Power Line Communications and Radio Communications (고속전력선통신과 무선통신간의 간섭 회피 방법에 대한 연구)

  • Jang, Dong-Won;Lee, Young-Hwan
    • 한국정보통신설비학회:학술대회논문집
    • /
    • 2007.08a
    • /
    • pp.223-226
    • /
    • 2007
  • This paper first outlines the technology used in Power Line Communications(PLC) systems, and the political support being offered to the technology, from the point of view of its effect on electromagnetic compatibility (EMC). The radio spectrum needs protection from other interferers, and there is a regime in place to provide this interference avoidance/mitigation. Nevertheless, PLC has several features that mean that it is capable of creating such interference. These features are discussed, and some published field trial results are reviewed. Difficulties in achieving compatibility between the requirements for radio protection and the requirements for operation of the PLC system mean that there is no consensus as yet as to how PLC system components can be made compliant with EMC requirements. It is concluded that there is little prospect of an accommodation between the competing demands, so that if PLC is to become widespread it will be at the expense of the radio environment.

  • PDF