• Title/Summary/Keyword: information security system

Search Result 6,599, Processing Time 0.031 seconds

Internal Lecturer Management Plan for Effective Information Security Technology Job Training (효과적인 정보보호 기술 직무교육을 위한 사내강사 운영관리 방안)

  • Yang, Jinseok;Chung, Taimyoung;Eom, Jungho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.14 no.4
    • /
    • pp.109-116
    • /
    • 2018
  • This research proposed management plan of internal lecturer who is in charge of job training of researchers working in administrative, researching and developing institutes or public institutions related to information security. The education and training department of the government or public institutions selects and manages lecturers in member of the staff. We applied to the management plan of internal lecturers who are in charge of information security job training by analyzing the way in which internal lecturers are operated by public organizations or corporations. We propose the management plan of internal lecturer according to the position, because the institute of information security is applying the researcher 's position(rank) system. By the proposed circulation management plan by the position, the internal lecturer position is determined according to the position of the employees to be trained and the internal lecturer is selected and operated only at the same position. The proposed management plan includes internal lecturer selection, responsibilities and duties, education, evaluation, and training support.

Safe Web Using Scrapable Headless Browser in Network Separation Environment

  • Jung, Won-chi;Park, Jeonghun;Park, Namje
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.8
    • /
    • pp.77-85
    • /
    • 2019
  • In this paper, we propose a "Safe Web Using Scrapable Headless Browse" Because in a network separation environment for security, It does not allow the Internet. The reason is to physically block malicious code. Many accidents occurred, including the 3.20 hacking incident, personal information leakage at credit card companies, and the leakage of personal information at "Interpark"(Internet shopping mall). As a result, the separation of the network separate the Internet network from the internal network, that was made mandatory for public institutions, and the policy-introduction institution for network separation was expanded to the government, local governments and the financial sector. In terms of information security, network separation is an effective defense system. Because building a network that is not attacked from the outside, internal information can be kept safe. therefore, "the separation of the network" is inefficient. because it is important to use the Internet's information to search for it and to use it as data directly inside. Using a capture method using a Headless Web browser can solve these conflicting problems. We would like to suggest a way to protect both safety and efficiency.

Development of IoT-based Lighting System for the Hearing impaired (청각장애인을 위한 IoT 기반 조명 시스템 개발)

  • Son, Hyun-ji;Lee, So-jung;Han, Min-seo;Han, Hye-jin;Kim, Sung-wook
    • Annual Conference of KIPS
    • /
    • 2022.11a
    • /
    • pp.968-970
    • /
    • 2022
  • 일반적으로 가정 내에서 발생하는 안전 사고의 비율은 비장애인에 비해 청각장애인이 높다. 이는 외부인에게 도움을 받을 수 없는 상황에서 청각장애인 스스로 위험상황에 대한 소리를 인지하지 못하기 때문이다[1]. 본 연구에서는 이러한 문제를 해결하기 위해 시각적 효과 또는 진동 신호를 통해 청각장애인들에게 사고 상황 인지를 돕는 시스템을 제안한다. 현재 상용 제품의 경우는 청각장애인이 스마트기기를 소지하고 있을 때만 알림을 인지할 수 있기 때문에 긴급 상황에서 효과가 떨어질 수 있다. 따라서 제안 시스템에서는 어플리케이션 알림과 함께 건물내 전등 색상에 변화를 주는 서비스를 개발하여 스마트 기기를 소지하지 않는 상황에서도 위험상황에 대한 즉각적인 인지를 통해 위험에 대처할 수 있도록 한다. 소리를 시각화하는 것이 본 연구의 핵심 방법론이며 이를 위해 Convolutional Neural Network 모델과 라즈베리파이를 활용하였다.

Sharing Information for Event Analysis over the Wide Internet

  • Nagao, Masahiro;Koide, Kazuhide;Satoh, Akihiro;Keeni, Glenn Mansfield;Shiratori, Norio
    • Journal of Communications and Networks
    • /
    • v.12 no.4
    • /
    • pp.382-394
    • /
    • 2010
  • Cross-domain event information sharing is a topic of great interest in the area of event based network management. In this work we use data sets which represent actual attacks in the operational Internet. We analyze the data sets to understand the dynamics of the attacks and then go onto show the effectiveness of sharing incident related information to contain these attacks. We describe universal data acquisition system for event based management (UniDAS), a novel system for secure and automated cross-domain event information sharing. The system uses a generic, structured data format based on a standardized incident object description and exchange format (IODEF). IODEF is an XML-based extensible data format for security incident information exchange. We propose a simple and effective security model for IODEF and apply it to the secure and automated generic event information sharing system UniDAS. We present the system we have developed and evaluate its effectiveness.

A Study on Smart Tourism Based on Face Recognition Using Smartphone

  • Ryu, Ki-Hwan;Lee, Myoung-Su
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.8 no.4
    • /
    • pp.39-47
    • /
    • 2016
  • This study is a smart tourism research based on face recognition applied system that manages individual information of foreign tourists to smartphone. It is a way to authenticate by using face recognition, which is biometric information, as a technology applied to identification inquiry, immigration control, etc. and it is designed so that tourism companies can provide customized service to customers by applying algorism to smartphone. The smart tourism system based on face recognition is a system that prepares the reception service by sending the information to smartphone of tourist service company guide in real time after taking faces of foreign tourists who enter Korea for the first time with glasses attached to the camera. The smart tourism based on face recognition is personal information recognition technology, speech recognition technology, sensing technology, artificial intelligence personal information recognition technology, etc. Especially, artificial intelligence personal information recognition technology is a system that enables the tourism service company to implement the self-promotion function to commemorate the visit of foreign tourists and that enables tourists to participate in events and experience them directly. Since the application of smart tourism based on face recognition can utilize unique facial data and image features, it can be beneficially utilized for service companies that require accurate user authentication and service companies that prioritize security. However, in terms of sharing information by government organizations and private companies, preemptive measures such as the introduction of security systems should be taken.

Exploratory Study on the Media Coverage Trends of Personal Information Issues for Corporate Sustainable Management

  • Dabin Lee;Yeji Choi;Jaewook Byun;Hangbae Chang
    • Journal of Internet Computing and Services
    • /
    • v.25 no.4
    • /
    • pp.87-96
    • /
    • 2024
  • Information power has been a major criterion for wealth disparity in human history, and since the advent of the Fourth Industrial Revolution, referred to as the data economy era, personal information has also gained economic value. Additionally, companies collect and analyze customer information to use as a marketing tool, providing personalized services, making the collection of quality customer information crucial to a company's success. However, as the amount of data held by companies increases, crimes of stealing personal information for financial gain have surged, making corporate customer information a target for criminals. The leakage of personal information and its circumstances lead to a decline in corporate trust from the customer's perspective, threatening corporate sustainability with falling stock prices and decreased sales. Therefore, companies find themselves in a paradoxical situation where the utilization of personal information is increasing while the risk of personal information leakage is also growing. This study used the news big data analysis system, BIG KINDS, to analyze major keywords before and after media coverage on personal information leaks, examining domestic media coverage trends. Through this, we identified the impact of personal information leakage on corporate sustainability and analyzed the connection between personal information protection and sustainable corporate management. The results derived from this study are expected to serve as foundational data for companies seeking ways to enhance sustainable management while increasing the utilization of personal information.

Factors that Affect Sharing Cyber Threat Information in South Korea (국내 사이버위협 정보 공유에 영향을 미치는 요인)

  • Kim, Ha-Young;Kim, Tae-Sung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.5
    • /
    • pp.1167-1188
    • /
    • 2017
  • The purpose of this study is to investigate the factors affecting cyber threat information provision in order to activate cyber threat information sharing in Korea. In particular, we looked at the intention to provide simple information and important information according to the importance of information. The research method was conducted on the information security practitioners' online survey in terms of users of information sharing system. And empirical analysis was conducted. As a result of the study, only the CEO's attitude influenced the intention to provide simple information. On the other hand, important information was influenced not only by the CEO's attitude but also by the information evaluation system, privatization, and mitigating legal penalties. The results of this study can identify the problems of the cyber threat information sharing system in Korea. And we can confirm the priority of improvement and the change of information providing intention before and after improvement of information sharing system.

Development of Security Metrics of Enterprise Security Management System (통합보안관리시스템의 보안성 메트릭 개발)

  • Yang, Hyo-Sik
    • Journal of Digital Convergence
    • /
    • v.15 no.12
    • /
    • pp.303-311
    • /
    • 2017
  • As new information technology emerges, companies are introducing an Enterprise Security Management system to cope with new security threats, reducing redundant investments and waste of resources and counteracting security threats. Therefore, it is necessary to construct a security evaluation metric based on related standards to demonstrate that the Enterprise Security Management(ESM) System meets security. Therefore, in order to construct a metric for evaluating the security of the ESM, this study analyzed the security quality related requirements of the ESM and constructed a metric for measuring the degree of satisfaction. This metric provides synergies through the unification of security assessments that comply with ISO/IEC 15408 and ISO/IEC 25000 standards. It is expected that the evaluation model of the security quality level of ESM will be established and the evaluation method of ESM will be standardized in the future.

Accelerated Implementation of NTRU on GPU for Efficient Key Exchange in Multi-Client Environment (다중 사용자 환경에서 효과적인 키 교환을 위한 GPU 기반의 NTRU 고속구현)

  • Seong, Hyoeun;Kim, Yewon;Yeom, Yongjin;Kang, Ju-Sung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.3
    • /
    • pp.481-496
    • /
    • 2021
  • It is imperative to migrate the current public key cryptosystem to a quantum-resistance system ahead of the realization of large-scale quantum computing technology. The National Institute of Standards and Technology, NIST, is promoting a public standardization project for Post-Quantum Cryptography(PQC) and also many research efforts have been conducted to apply PQC to TLS(Transport Layer Security) protocols, which are used for Internet communication security. In this paper, we propose a scenario in which a server and multi-clients share session keys on TLS by using the parallelized NTRU which is PQC in the key exchange process. In addition, we propose a method of accelerating NTRU using GPU and analyze its efficiency in an environment where a server needs to process large-scale data simultaneously.

Study on Zero Trust Architecture for File Security (데이터 보안을 위한 제로 트러스트 아키텍처에 대한 연구)

  • Han, Sung-Hwa;Han, Joo-Yeon
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.10a
    • /
    • pp.443-444
    • /
    • 2021
  • Security threats to information services are increasingly being developed, and the frequency and damage caused by security threats are also increasing. In particular, security threats occurring inside the organization are increasing significantly, and the size of the damage is also large. A zero trust model has been proposed as a way to improve such a security environment. In the zero trust model, a subject who has access to information resources is regarded as a malicious attacker. Subjects can access information resources after verification through identification and authentication processes. However, the initially proposed zero trust model basically focuses on the network and does not consider the security environment for systems or data. In this study, we proposed a zero trust-based access control mechanism that extends the existing zero trust model to the file system. As a result of the study, it was confirmed that the proposed file access control mechanism can be applied to implement the zero trust model.

  • PDF