• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.039 seconds

Dynamic Sensitivity Level Measurement for Privacy Protection (개인정보보호 강화를 위한 동적 보안수준 결정)

  • Jang, In-Joo;Yoo, Hyeong-Seon
    • The Journal of Society for e-Business Studies
    • /
    • v.17 no.1
    • /
    • pp.137-150
    • /
    • 2012
  • For social demand and technological development, systematic private information management and security guidance have been enhanced; however, the issue of leakage and invasion of private information is shown in many ways. In the management of such private information, the issue of how to protect such information is one of the sensitive key elements. As a criterion to decide the management policy of each property information consisting of private information, this article suggests Dynamic-Security-Level-Measurement for property information. DSLM adopts the variable characteristics of property information as the element of measurement. By applying this method, it is possible to provide information management functions to cope with the changes of each property information security level of an individual actively. It is expected that this will improve the security of previous information management methods even more and also contribute to the improvement of security in integrated systems such as the integrated ID management system and electronic wallet.

Traffic Extraction and Verification for Attack Detection Experimentation (공격탐지 실험을 위한 네트워크 트래픽 추출 및 검증)

  • Park, In-Sung;Lee, Eun-Young;Oh, Hyung-Geun;Lee, Do-Hoon
    • Convergence Security Journal
    • /
    • v.6 no.4
    • /
    • pp.49-57
    • /
    • 2006
  • Firewall to block a network access of unauthorized IP system and IDS (Intrusion Detection System) to detect malicious code pattern to be known consisted the main current of the information security system at the past. But, with rapid growth the diffusion speed and damage of malicious code like the worm, study of the unknown attack traffic is processed actively. One of such method is detection technique using traffic statistics information on the network viewpoint not to be an individual system. But, it is very difficult but to reserve traffic raw data or statistics information. Therefore, we present extraction technique of a network traffic Raw data and a statistics information like the time series. Also, We confirm the validity of a mixing traffic and show the evidence which is suitable to the experiment.

  • PDF

A Study on the Implementation of the Privacy Impact Assessment Management System for Enterprise (기업을 위한 개인정보영향평가 관리 시스템의 구현에 관한 연구)

  • Sun, Jae Hoon;Kim, Yong Ho
    • Convergence Security Journal
    • /
    • v.15 no.4
    • /
    • pp.57-63
    • /
    • 2015
  • Development of IT technology, the rapid computerization of society has accelerated the digitization of the world's information. Then, the activation of the e-commerce is the collection of a number of sensitive information, storage, operational increased rapidly. Currently, the public sector, financial sector, the private sector has utilized a number of privacy. Accidents caused by leakage of information is a tendency to increase day by day. For a review of the problems of security and protection for such sensitive information, the need for easier support system it is required. This thesis suggests E-PIAMS(Enterprise-Privacy Impact Assessment Management System) applicable effectively in private sectors.

A Study on Security Police against Problem of Using Secure USB according to National Assembly Network Separation (국회 네트워크 분리에 따른 보안 USB 메모리의 사용 문제점 및 보안 대책 연구)

  • Nam, Won-Hee;Park, Dea-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2012.05a
    • /
    • pp.471-474
    • /
    • 2012
  • The administration of government agencies and Law enforcement agencies is utilize. that network separation and Establish CERT for network security. However, the legislature has a basic security system. so a lot of relative vulnerability. In this paper, study for security National Assembly and the National Assembly Secretariat, at Library of National Assembly on legislative National Assembly for information security and network configuration, network and external Internet networks is to divide the internal affairs. Network separation in accordance with the movement of materials to use secure USB memory, the user has the uncomfortable issues. Problem analysis and security vulnerabilities on the use of USB memory is study the problem. User efficiency and enhance security.

  • PDF

The Impact of Internal Control on the Security and Usefulness of EDI System (EDI시스템에 있어서 내부통제가 정보시스템 보안성 및 유용성에 미치는 영향)

  • Han, In-Goo;Lee, Jae-Chang
    • Asia pacific journal of information systems
    • /
    • v.9 no.3
    • /
    • pp.143-157
    • /
    • 1999
  • EDI is one of the most important information technologies in todays business environment. This study is an exploratory study on the EDI control of Korean companies in their early stage of EDI implementation. The purpose of this study is to examine the impact of EDI controls on the security and usefulness of EDI systems for Korean companies who have adopted EDI. The data of fifty-one Korean companies for financial, manufacturing, and trade industries are collected by the mail survey and interview methods. The level of EDI control is mediocre on the average. The level of EDI security is low while that of EDI usefulness is mediocre. The empirical results show that the EDI controls in general improve the EDI security and usefulness significantly. Especially, the application and security control affect the EDI security significantly while the management, application, and security controls affect the EDI usefulness significantly. The gap between the level and perceived importance of control does not affect the EDI security but decreses the EDI usefulness at the marginal level of significance. The limitation of this study is that only a small number of companies are available for data collection because Korea is in the early stage of EDI implementation.

  • PDF

Security Vulnerability of Internet of Things and Its Solution (사물인터넷 보안 문제제기와 대안)

  • Choi, Heesik;Cho, Yanghyun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.11 no.1
    • /
    • pp.69-78
    • /
    • 2015
  • Internet of Things(IoT) is electronic devices and household appliances use wireless sensor network in environment of high speed wireless network and LTE mobile service. The combination of the development of Internet and wireless network led to development of new forms of service such as electronic devices and household appliances can connect to the Internet through various sensors and online servers such as a Home Network. Even though Internet of Things is useful, there are problems in Internet of Things. In environment of Internet of Things, information leakage could happens by illegal eavesdropping and spoofing. Also illegal devices of wireless communication interference can cause interfere in Internet of things service, physical damage and denial of service by modulation of data and sensor. In this thesis, it will analyze security threats and security vulnerability in environment of mobile services and smart household appliances, then it will suggest plan. To solve security issues, it is important that IT and RFID sensor related companies realize importance of security environment rather than focus on making profit. It is important to develop the standardized security model that applies to the Internet of Things by security-related packages, standard certification system and strong encrypted authentication.

Institutional Improvements for Security of IoT Devices (IoT 기기의 보안성 확보를 위한 제도적 개선방안)

  • Lee, Donghyeok;Park, Namje
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.607-615
    • /
    • 2017
  • Recently, IoT products with various functions are being developed. Through the combination of objects and information technology, convenient services that have not been imagined before are emerging. For a secure IoT environment, product security must be considered. However, the existing IoT products have various problems such as security vulnerability. In order to secure the security of IoT products, technical countermeasures as well as policy responses are needed. However, the legislation related to current IoT products has a limit to guarantee safety in IoT environment. In this paper, we analyze the limitations of the current legal system of IoT, and suggests ways to improve it.

Design and Implementation of USIM Security Module for the Wireless Network Interworking (무선 네트워크 연동을 위한 USIM 보안 모듈 설계 및 구현)

  • Kim, Choon-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.2
    • /
    • pp.41-49
    • /
    • 2007
  • USIM(UMTS Subscriber Identity Module) technology that accept 3GPP(3rd Generation Partnership Project) standards for information security supports security function in 3GPP. Supported security functions of USIM are confidentiality of user identity, mutual authentication and key agreement between end user and network, confidentiality of user data and data integrity. It is very important technology in wireless network. It makes secure environment that user and service provider can use securely mobile service in network. In this paper, design and implementation USIM security module that supports common network access method and authentication protocol in 3GPP and WLAN(Wireless LAN) and AAA (3A-Authentication Authorization Accounting) server system based RADIUS.

A Design on Information Security Core Knowledge for Security Experts by Occupational Classification Framework (보안전문인력 양성을 위한 직업분류체계별 정보보호 핵심지식 설계)

  • Lee, Hyojik;Na, Onechul;Sung, Soyoung;Chang, Hangbae
    • The Journal of Society for e-Business Studies
    • /
    • v.20 no.3
    • /
    • pp.113-125
    • /
    • 2015
  • Information Security Incidents that have recently happen rapidly spread and the scale of that incidents' damage is large. In addition, as it proceeds to the era of converged industry in the future environment and the virtual cyber world expands to the physical world, new types of security threats have occurred. Now, it is time to supply security professionals who have a multi-dimensional security capabilities that can manage the strategies of technological security and physical security from the management point of view, rather than the ones who primarily focus on the traditional technologic-centered strategies to solve new types of security threats. In conclusion, in this paper we try to produce the curriculum of information security featured in the occupational classification system and analyze the subjects that are additionally required for those who move to other occupations to cultivate security professionals who suited to the converged-industrial environment. It is expected that multi-dimensional security professionals who suited to the converged-industrial environment will be cultivated by harmoniously integrating information security subjects from technological and business/managerial perspectives, and education training courses will be developed that effectively provide core knowledges per occupational classification when people moves to other occupations in the areas of information security.

Rule-base Expert System for Privacy Violation Certainty Estimation (개인정보유출 확신도 도출을 위한 전문가시스템개발)

  • Kim, Jin-Hyung;Lee, Alexander;Kim, Hyung-Jong;Hwang, Jun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.4
    • /
    • pp.125-135
    • /
    • 2009
  • Logs from various security system can reveal the attack trials for accessing private data without authorization. The logs can be a kind of confidence deriving factors that a certain IP address is involved in the trial. This paper presents a rule-based expert system for derivation of privacy violation confidence using various security systems. Generally, security manager analyzes and synthesizes the log information from various security systems about a certain IP address to find the relevance with privacy violation cases. The security managers' knowledge handling various log information can be transformed into rules for automation of the log analysis and synthesis. Especially, the coverage of log analysis for personal information leakage is not too broad when we compare with the analysis of various intrusion trials. Thus, the number of rules that we should author is relatively small. In this paper, we have derived correlation among logs from IDS, Firewall and Webserver in the view point of privacy protection and implemented a rule-based expert system based on the derived correlation. Consequently, we defined a method for calculating the score which represents the relevance between IP address and privacy violation. The UI(User Interface) expert system has a capability of managing the rule set such as insertion, deletion and update.