• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.037 seconds

Privacy leakage security system research for small physical companies (중소 경호.경비업체의 개인정보 유출 방지를 위한 보안 체계 연구)

  • Kang, Poo-Reum;Lee, DongHwi;Kim, Kuinam J.
    • Convergence Security Journal
    • /
    • v.12 no.5
    • /
    • pp.87-97
    • /
    • 2012
  • Privacy of personal information disclosure incident occurs frequently as a problem to our society's most important and sensitive social agenda is emerging. Personal information is actually more accurate, depending on the type or types of economic value and sensitivity, the quality of the information, because it can cause a spill a serious social threat and systematic personal information protection and management are not carried out and the information society in a big mess can result. Customers my affairs when small guard security companies, especially the sensitive personal information of customers who need to work, the collected information be leaked or the company's trade secrets, are exposed on the outside, it could be a serious threat to a greater problem cause. Small escort guard companies, however, compared with large companies to build its own security system, due to issues such as the extent of funding, staffing shortages, there are many difficulties. Status of Information Security, scale and analyze the characteristics of small escort guard companies occupied by guard security companies in the present study, sleep, look at him in the solution of the practical issues of information protection system laid small guard. Expenses supplier of propose a security system for preventing the leakage of personal information.

Impacts of Success Factors of Information System on Trust of Security of Casino Information System and Job Satisfaction (정보시스템 성공요인이 카지노정보시스템의 보안신뢰와 직무만족에 미치는 영향)

  • Lee, Dae-Kun;Kim, Yong-Jae
    • Journal of Digital Convergence
    • /
    • v.13 no.10
    • /
    • pp.81-98
    • /
    • 2015
  • This study explores performance factors of a casino information system for foreigners, empirically examines the causal relation between these factors and business performances through organizational trust and job satisfaction and suggests a plan to develop such a information system. We found that information quality positively impacted on perception of information security, but negatively on job satisfaction; system quality positively did on security reliability, but negatively on job satisfaction; service quality positively did on trust in information security and job satisfaction; lastly security reliability positively did on job satisfaction. We found that information quality, system quality and service quality would affect perceived information security and job satisfaction.

The Improvement Strategy of Spatial Information Security Management System to Promote Spatial Information Industry -Focused on Production, Management, Supply Institutions of Spatial information- (공간정보산업 활성화를 위한 공간정보 보안관리체계의 개선전략 - 공간정보의 생산·관리·보급 기관을 중심으로 -)

  • Jeong, In Hun;Park, Hong Gi;Kim, Young Dan;Choi, Yun Soo
    • Spatial Information Research
    • /
    • v.21 no.6
    • /
    • pp.33-42
    • /
    • 2013
  • In a long-term perspective of development of spatial information industry, security regulation, such as limiting public picture resolution of aerial photographs, needs a rational improvement. However, unplanned deregulation of spatial information could lead problematic results such as national security issues because its present security management system is not established in reasonable manner. The main purpose of this research is to suggest the improvement plan of spatial information security management system to meet the reducing security regulation in accordance with changes of political and economic condition including current national spatial information security polices and spatial information industry. From an analytical standpoint, we examined the overall aspects of legal, operation management, and technical system while we maintained especially integrated perspective of spatial information security management. Followed by investigation of spatial information security issues, as well as its regulation and policies in overseas, rational improvement plan of security management is proposed in the aspects of legal, operation management, and technical system. It is also suggested the three-step improvement plan of reducing regulation of security management system.

Actual Condition and Issues for Mobile Security System

  • Sakurai, Kouichi;Fukushima, Kazuhide
    • Journal of Information Processing Systems
    • /
    • v.3 no.2
    • /
    • pp.54-63
    • /
    • 2007
  • The high-speed mobile Internet has recently been expanded, many attractive services are provided. However, these services require some form of security-related technology. This paper outlines Japanese mobile services and exposits some mobile security topics including mobile spam, mobile malware, mobile DRM system, mobile WiMAX security, and mobile key management.

Security Concerns on e-Healthcare System with Countermeasures Applied

  • Bruce, Ndibanje;Kim, Hyun-Ho;Park, JeaHoon;Kim, ChangKyun;Lee, HoonJae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.05a
    • /
    • pp.256-259
    • /
    • 2013
  • Data and network security for e-Healthcare Systems are a primary concern due to the easiest deployment area accessibility of the sensor devices. Furthermore, they are often interacting closely in cooperation with the physical environment and the surrounding people, where such exposure increases security vulnerabilities in cases of improperly managed security of the information sharing among different healthcare organizations. Hence, healthcare-specific security standards such as authentication, data integrity, system security and internet security are used to ensure security and privacy of patients' information. This paper discusses security threats on e-Healthcare Systems where an attacker can access both data and network using masquerade attack. Moreover, an efficient and cost effective approach for countermeasures is discussed for the delivery of secure services.

  • PDF

Improvement of the Certification Model for Enhancing Information Security Management Efficiency for the Financial Sector (금융권 정보보호 관리 효율을 제고하기 위한 인증모형 개선방안)

  • Oh, Eun;Kim, Tae-Sung;Cho, Tae-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.2
    • /
    • pp.541-550
    • /
    • 2016
  • Considering the results of the 3.20 Cyber Attack, leaks of personal information by card companies, and so on, convenience and efficiency cannot be guaranteed without security as a prerequisite. In addition, it is more likely that customers' interests seem to be interfered with in financial institutions than in any other industry. Therefore, when a security accident occurs, users may suffer mental damage and monetary loss, leading to class action, customer defection, loss of reputation, and falloff in international credibility, which all may have a significant effect on the business continuity of corporations. This study integrates the representative information security certification systems in order to improve the efficiency of information security management and demonstrate the necessity of information security management system certification for the financial sector. If the certification is needed, we would like to recommend the desirable development direction.

A Study on Architecture of Access Control System with Enforced Security Control for Ubiquitous Computing Environment (유비쿼터스 컴퓨팅 환경을 위한 보안통제가 강화된 접근제어 시스템 설계에 관한 연구)

  • Eom, Jung-Ho;Park, Seon-Ho;Chung, Tai-Myoung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.5
    • /
    • pp.71-81
    • /
    • 2008
  • In the paper, we designed a context aware task-role based access control system(CAT-RACS) which can control access and prevent illegal access efficiently for various information systems in ubiquitous computing environment. CAT-RACS applied CA-TRBAC, which adds context-role concept for achieve policy composition by context information and security level attribute to be kept confidentiality of information. CA-TRBAC doesn't permit access when context isn't coincident with access control conditions, or role and task's security level aren't accord with object's security level or their level is a lower level, even if user's role and task are coincident with access control conditions. It provides security services of user authentication and access control, etc. by a context-aware security manager, and provides context-aware security services and manages context information needed in security policy configuration by a context information fusion manager. Also, it manages CA-TRBAC policy, user authentication policy, and security domain management policy by a security policy manager.

The Design of Information Security Management System for SMEs Industry Technique Leakage Prevention (중소기업 산업기술 유출방지를 위한 정보보호 관리체계 설계)

  • Chang, Hang-Bae
    • Journal of Korea Multimedia Society
    • /
    • v.13 no.1
    • /
    • pp.111-121
    • /
    • 2010
  • Since SMEs have recognized needs for industrial technique leakage prevention, they tend to construct information security system causing huge consumption of budget, yet they cannot organize information security team to operate integrated information security management system with consistency and it is fact that there only occur instant introductions of certain system. In this study, we designed information security management system for SMEs' industrial technique leakage prevention which is differentiated from those of large enterprises based on current status of SMEs' industrial technique leakage. Specifically we analyzed current status and vulnerability of SMEs' industrial technique leakage and we designed industrial technique leakage prevention management system for SMEs. Then we applied Delphi method to validate appropriateness of study result. We strongly believe that SMEs may estimate a appropriate level of investment on information security and develop countermeasures for control by utilizing this study result.

Security Management Model for Protecting Personal Information for the Customer Contact Center (컨택센터의 고객 개인정보 보호 모델)

  • Kwon, Young-Kwan;Youm, Heung-Youl
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.2
    • /
    • pp.117-125
    • /
    • 2009
  • In this paper, we analyze the Contact Center's specific-security characteristics, including the threat model and weakness and study effective security measures focussing on protecting customer's personal information. Also, we establish the information security management system to reduce the possibility of information leakage from the internal employee in advance. As a result, we propose the "Security management model for protecting personal information for customer Contact Center" that complies with current ISO/IEC JTC 1 ISMS 27000 series standards.

Exploring the Strategy for Acquiring ISMS Certification through Probit Regression: Focusing on Organizational Characteristics (Probit 회귀분석을 통한 ISMS 인증 취득 전략 탐색: 조직 특성을 중심으로)

  • SunJoo Kim;Tae-Sung Kim
    • Journal of Information Technology Services
    • /
    • v.23 no.1
    • /
    • pp.11-25
    • /
    • 2024
  • In the field of information security management systems, one of the representative certifications in Korea is ISMS-P certification, and internationally, ISO/IEC 27001 certification is recognized. When companies acquire both ISMS-P (or ISMS) and ISO/IEC 27001 certifications, budget and manpower are duplicated in similar areas. Therefore, it is necessary for the company to choose and invest in a certification that is suitable for its conditions. This paper proposes a strategy for obtaining information security management system certification that is suitable for the characteristics of the company, allowing for effective information security management based on the company's conditions. To achieve this, data were collected from the Ministry of Science and ICT's Information Security Disclosure System (ISDS), the Korea Internet & Security Agency (KISA), and the Financial Supervisory Service's Data Analysis, Retrieval and Transfer System (DART), and Probit regression analysis was conducted. During the Probit regression analysis, the relationships between seven independent variables and five cases of ISMS-P (or ISMS) acquisition, ISMS-P acquisition, ISMS acquisition, ISO/IEC 27001 acquisition, and both ISMS-P (or ISMS) and ISO/IEC 27001 acquisition were analyzed. The analysis results revealed the relationship between company characteristics, including industry, and certification acquisition in the ISMS field. Through this, strategies for certification acquisition based on company types could be suggested.