• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.039 seconds

Coordination among the Security Systems using the Blackboard Architecture (블랙보드구조를 활용한 보안 모델의 연동)

  • 서희석;조대호
    • Journal of Institute of Control, Robotics and Systems
    • /
    • v.9 no.4
    • /
    • pp.310-319
    • /
    • 2003
  • As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

Study on Highly Reliable Drone System to Mitigate Denial of Service Attack in Terms of Scheduling (고신뢰 드론 시스템을 위한 스케줄링 측면에서의 서비스 거부 공격 완화 방안 연구)

  • Kwak, Ji-Won;Kang, Soo-Young;Kim, Seung-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.821-834
    • /
    • 2019
  • As cyber security threats increase, there is a growing demand for highly reliable systems. Common Criteria, an international standard for evaluating information security products, requires formal specification and verification of the system to ensure a high level of security, and more and more cases are being observed. In this paper, we propose highly reliable drone systems that ensure high level security level and trust. Based on the results, we use formal methods especially Z/EVES to improve the system model in terms of scheduling in the system kernel.

A Study on Domestic Information Security Education System (국내 정보보호 교육체계 연구)

  • Kim, Dong-Woo;Chai, Seung-Woan;Ryou, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.3
    • /
    • pp.545-559
    • /
    • 2013
  • There is a limitation on counteracting recent cyber-attacks with only technical security measures because they become more intelligent and large-scale to aim at employees instead of systems directly or to be conducted with unspecified multiple PCs. Thus, comprehensive measures revolved around related manpower are necessary to deal with them. However, domestic information security education system which is the base of professional manpower training lacks medium-and long-term plans for information security education, verification of education programs, and information sharing among educational institutions. This paper suggests information security education development plans for resolving problems on domestic education systems and improving cyber information security environment such as a national information security education master plan, certification system introduction of education programs, and professional manpower database management.

A Coherent Model in Upholding General Deterrence Theory and Impact to Information Security Management

  • Choi, Myeong-Gil;Ramos, Edwin R.;Kim, Man-Sig;Kim, Jin-Soo;Whang, Jae-Hoon;Kim, Ki-Joo
    • Journal of Information Technology Applications and Management
    • /
    • v.16 no.3
    • /
    • pp.73-86
    • /
    • 2009
  • To establish an effective security strategy, business enterprises need a security benchmarking tool. The strategy helps to lessen an impact and a damage in any threat. This study analyses many aspects of information security management and suggests a way to deal with security investments by considering important factors that affect security manager's decision. To address the different threats resulting from a major cause of accidents inside an enterprise, we investigate an approach that followed ISO17799. We unfold a criminology theory that has designated many measures against the threat as suggested by General Deterrence Theory. The study proposes a coherent model of the theory to improve the security measures especially in handling and protecting company assets and human lives as well.

  • PDF

Impact of Modern Information and Communication Technologies on Economic Security in the Context of COVID-19

  • Kotlyarevskyy, Yaroslav;Petrukha, Sergii;Mandzinovska, Khrystyna;Brynzei, Bohdan;Rozumovych, Natalia
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.1
    • /
    • pp.199-205
    • /
    • 2022
  • The main purpose of the study is to analyze the main aspects of the impact of information and communication technologies on the economic security system in the context of a pandemic situation. The new realities of the modern turbulent world require a new approach to the issues of ensuring economic security, in which information and communication technologies and information security are beginning to play an increasingly important role. As a result of a detailed analysis of the further functioning of all components of economic security in the context of the existence of the consequences of the COVID-19 pandemic.

The Empirical Study on the Misuse Intention Using Information System : Focus on Healthcare Service Sector (정보시스템 오남용 의도에 관한 실증적 연구 : 의료기관을 대상으로)

  • Kim, Eun Ji;Lee, Joon Taik
    • Convergence Security Journal
    • /
    • v.16 no.5
    • /
    • pp.23-31
    • /
    • 2016
  • Despite the number of security incidents in healthcare sector is considerable, earlier studies have been done in business sector. We have tried to empirically analyze the misuse intention using information system for healthcare sector. As a result, the preventative security software of the information security management have positive impact on the effectiveness of sanctions. Though further analysis is needed, the security policies, security awareness program and monitoring practices are determined to have a valid impact on the effectiveness of sanctions equivalent to the preventative security software.

A REID privacy protect scheme based on mobile (모바일 기반의 RFID 프라이버시 보호 기법)

  • Kim, Il-Jung;Choi, Eun-Young;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.89-96
    • /
    • 2007
  • Radio Frequency Identification system based on EPC(Electronic Product Code) Network Environment can read or write information of tagged objects, using Rf signals without direct contact. This advantage which is to provide storage ability and contactless property is better than Bar-code system. Mobile RFID system which integrates Mobile system with RFID system will provide new additional service to users. However, an advantage for obtaining information of objects using RF signal causes personal privacy problem. In this paper, we propose techniques that can protect personal privacy based on mobile. Our scheme provides privacy protection of users and is more efficiently than another application service.

A Study on Design Direction of Industry-Centric Security Level Evaluation Model through Analysis of Security Management System (보안관리체계 분석을 통한 산업중심 보안수준평가 모형 설계 방향 연구)

  • Bae, Je-Min;Kim, Sanggeun;Chang, Hangbae
    • The Journal of Society for e-Business Studies
    • /
    • v.20 no.4
    • /
    • pp.177-191
    • /
    • 2015
  • Recently, the necessity of systematic security management system that consider company' character and environment has appeared because of increasing security accident continuously in domestic companies. However, most of companies has applied to only K-ISMS which is existing information security management system, although They are different from object, purpose and way of security level evaluation by companies. According to this situation, Many experts have questioned that there are many problems with effectiveness of introducing security management system. In this study, We established definition of information security management system, industrial security management system and research security management system through analysis of previous study and developed evaluation item which can implement security in whole industry comparing and analyzing the control items of them. Also, we analyzed existing security level evaluation and suggest design direction of industry-centric security level evaluation model considering character of industry.

Analysis on ISMS Certification and Organizational Characteristics based on Information Security Disclosure Data (정보보호 공시 데이터를 이용한 정보보호 관리체계 인증과 조직의 특성 분석)

  • SunJoo Kim;Tae-Sung Kim
    • Information Systems Review
    • /
    • v.25 no.4
    • /
    • pp.205-231
    • /
    • 2023
  • The Information Security Management System (ISMS) is a protection procedure and process that keeps information assets confidential, flawless, and available at any time. ISMS-P in Korea and ISO/IEC 27001 overseas are the most representative ISMS certification systems. In this paper, in order to understand the relationship between ISMS certification and organizational characteristics, data were collected from Korea Internet & Security Agency (KISA), Ministry of Science and ICT, Information Security Disclosure System (ISDS), Financial Supervisory Service, Data Analysis, Retrieval and Transfer System (DART), and probit regression analysis was performed. In the probit analysis, the relationship with four independent variables was confirmed for three cases: ISMS-P acquisition, ISO/IEC 27001 acquisition, and both ISMS-P and ISO/IEC 27001 acquisition. As a result of the analysis, it was found that companies that acquired both ISMS-P and ISO/IEC 27001 had a positive correlation with the total number of employees and a negative correlation with business history. In addition, the improvement direction of the ISMS-P certification system and information security disclosure system could also be confirmed.

A Multi-Perspective Benchmarking Framework for Estimating Usable-Security of Hospital Management System Software Based on Fuzzy Logic, ANP and TOPSIS Methods

  • Kumar, Rajeev;Ansari, Md Tarique Jamal;Baz, Abdullah;Alhakami, Hosam;Agrawal, Alka;Khan, Raees Ahmad
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.1
    • /
    • pp.240-263
    • /
    • 2021
  • One of the biggest challenges that the software industry is facing today is to create highly efficient applications without affecting the quality of healthcare system software. The demand for the provision of software with high quality protection has seen a rapid increase in the software business market. Moreover, it is worthless to offer extremely user-friendly software applications with no ideal security. Therefore a need to find optimal solutions and bridge the difference between accessibility and protection by offering accessible software services for defense has become an imminent prerequisite. Several research endeavours on usable security assessments have been performed to fill the gap between functionality and security. In this context, several Multi-Criteria Decision Making (MCDM) approaches have been implemented on different usability and security attributes so as to assess the usable-security of software systems. However, only a few specific studies are based on using the integrated approach of fuzzy Analytic Network Process (FANP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) technique for assessing the significant usable-security of hospital management software. Therefore, in this research study, the authors have employed an integrated methodology of fuzzy logic, ANP and TOPSIS to estimate the usable - security of Hospital Management System Software. For the intended objective, the study has taken into account 5 usable-security factors at first tier and 16 sub-factors at second tier with 6 hospital management system softwares as alternative solutions. To measure the weights of parameters and their relation with each other, Fuzzy ANP is implemented. Thereafter, Fuzzy TOPSIS methodology was employed and the rating of alternatives was calculated on the foundation of the proximity to the positive ideal solution.