• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.028 seconds

A Study on the CPR Security System (CPR 시큐리티 시스템에 관한 연구)

  • Kim, Seok-Soo
    • Convergence Security Journal
    • /
    • v.6 no.1
    • /
    • pp.75-82
    • /
    • 2006
  • This paper proposes CPR(Computer-based patient record) system that is utilized in Ubiquitous environment, establish security policy by analyzing security limitation of system and design suitable security system in CPR system. The present study designed a CPR system and, for the development of a security system, established security policies for the CPR system through analyzing the operating environment and vulnerability in security and designed a security system implementing the policies. The security system supporting CPR system is composed of authentication system, XML documentation and encryption of medical information and network security system.

  • PDF

A Study for the Efficient Constructure on Network Security System (효율적인 네트워크 보안시스템 구축에 관한 연구)

  • 정한열
    • Journal of the Korea Society of Computer and Information
    • /
    • v.3 no.4
    • /
    • pp.120-125
    • /
    • 1998
  • Many Company or college construct the network for the of office efficient and information but they construct the total solution from vendor without security consultant. It makes many security problems. In this paper, I expalaned the network security system method from the three information security system that block system, encryption system, authentication system

  • PDF

A study on the development of SRI(Security Risk Indicator)-based monitoring system to prevent the leakage of personally identifiable information (개인정보 유출 방지를 위한 SRI(Security Risk Indicator) 기반 모니터링 시스템 개발)

  • Park, Sung-Ju;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.637-644
    • /
    • 2012
  • In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.

The ISO the research also the ISMS security maturity of 27001 regarding a measurement modeling (ISO 27004 information security management measurement and metric system) (ISO 27001의 ISMS 보안성숙도 측정 모델링에 관한 연구 (ISO 27004 정보보호관리 측정 및 척도 체계))

  • Kim, Tai-Dal
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.6
    • /
    • pp.153-160
    • /
    • 2007
  • Recently, the demand against the system risk analysis and security management from the enterprises or the agencies which operate a information system is increasing even from domestic. The international against the standardization trend of information protection management system it investigates from the dissertation which it sees. It analyzed and against information property information protection management system integrated it will be able to manage a danger modeling it did it proposed. Having analyzed as well as compared the matureness of security-measurement models in regard to the global standard of proposal system, the administrative presentation for various IT technology resources. which have been managed singly so far, is now well applied under the united control of the company itself, and enabled the automated management of authentication support and renewal for ISO 27001, ISO 9000, ISO 14000, resulting in much advanced operation for both material and human resources.

  • PDF

Extensional End-to-End Encryption Technologies to Enhance User's Financial Information Security and Considerable Security Issues (이용자의 금융거래정보 보호를 위한 확장 종단간(End-to-End) 암호화 기술과 보안고려사항)

  • Seung, Jae-Mo;Lee, Su-Mi;Noh, Bong-Nam;Ahn, Seung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.4
    • /
    • pp.145-154
    • /
    • 2010
  • End-to-End(E2E) encryption is to encrypt private and important financial information such as user's secret access numbers and account numbers from user's terminal to financial institutions. There has been found significant security vulnerabilities by various hacking in early E2E encryption system since early E2E encryption is not satisfied the basic security requirement which is that there does not exist user's financial information on plaintext in user's terminal. Extensional E2E encryption which is to improve early E2E encryption provides confidentiality and integrity to protect user's financial information from vulnerabilities such as alteration, forgery and leakage of confidential information. In this paper, we explain the extensional E2E encryption technology and present considerable security issues when the extensional E2E encryption technology is applied to financial systems.

A Novel Method for Effective Protection of IPTV Contents with One-Time Password and Conditional Access System (IPTV 시스템에서의 효과적인 콘텐츠 보호를 위한 일회성 암호와 수신제한시스템을 사용한 보안 모델)

  • Seo, Ki-Taek;Kim, Tae-Hun;Kim, Jung-Je;Lim, Jong-In;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.4
    • /
    • pp.31-40
    • /
    • 2010
  • The evolution of internet have opened the world of IPTV. With internet protocol, IPTV broadcasts contents stream. The IP protocol doesn't provide secure service due to IP characteristics. So, it is important to provide both connect and secure service. Conditional Access System and/or Digital Right Management are being used to protect IPTV contents. However, there exist restrictions in the view of security. In this paper, we analyse existing security technologies for IPTV and propose a novel method to enforce security efficiently. In the proposed method, OTP is used for encryption/decryption contents and CAS controls key for encryption/decryption and the right of user. With this scheme, it reduces the load of the system and provides more security.

A Study on DSMS Framework for Data Security Certification (데이터보안인증을 위한 DSMS 프레임워크 구축 연구)

  • Yoo, Seung Jae
    • Convergence Security Journal
    • /
    • v.19 no.4
    • /
    • pp.107-113
    • /
    • 2019
  • Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

A Study for Integrating ICS Security Logs with Centralized SIEM (Security Information and Event Management) using OPC Protocol (OPC 프로토콜을 활용한 제어시스템 보안로그 전송방법 고찰 및 통합 로그서버 구축방안)

  • Kim, Jaehong;Park, Yongsuk
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.26 no.8
    • /
    • pp.1205-1212
    • /
    • 2022
  • Cyber threat targeting ICS (Industrial Control System) has indicated drastic increases over the past decade and Cyber Incident in Critical Infrastructure such as Energy, Gas Terminal and Petrochemical industries can lead to disaster-level accidents including casualties and large-scale fires. In order to effectively respond to cyber attacks targeting ICS, a multi-layered defense-in-depth strategy considering Control System Architecture is necessary. In particular, the centralized security log system integrating OT (Operational Technology) and IT (Information Technology) plays an important role in the ICS incident response plan. The paper suggests the way of implementing centralized security log system that collects security events and logs using OPC Protocol from Level 0 to Level 5 based on IEC62443 Purdue Model to integrate ICS security logs with SIEM (Security Information Event Management) operated in IT environment.

Korean Security Risk Management Framework for the Application of Defense Acquisition System (국방획득체계 적용 한국형 보안위험관리 프레임워크)

  • Yang, Woo-sung;Cha, Sung-yong;Yoon, Jong-sung;Kwon, Hyeok-joo;Yoo, Jae-won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1183-1192
    • /
    • 2022
  • Information and Information processing systems must maintain a certain level of security during the total life cycle of Information. To maintain a certain level of security, security management processes are applied to software, automobile development, and the U.S. federal government information system over a life cycle, but theme of no similar security management process in Korea. This paper proposes a Korean-style security risk management framework to maintain a certain level of security in the total life cycle of information and information processing system in the defense sector. By applied to the defense field, we intend to present the direction of defense security work in the future and induce an shift in security paradigm.

Encryption scheme suitable to RFID Systems based on EPC Generation2 (Gen2 기반 RFID 시스템에 적합한 암호 기법 설계)

  • Won, Tae-Youn;Kim, Il-Jung;Choi, Eun-Young;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.67-75
    • /
    • 2008
  • RFID(Radio Frequency Identification) system is an automated identification system that consists of tags and readers. They communicate with each other by RF signal. As a reader can identify many tags in contactless manner using RF signal, RFID system is expected to do a new technology to substitute a bar-code system. But RFID system creates new threats to the security and privacy of individuals, Because tags and readers communicate with each other in insecure channel using RF signal. So many people are trying to study various manners to solve privacy problems against attacks, but it is difficult to apply to RFID system based on low-cost Gen2. Therefore, We will propose a new encryption scheme using matrix based on Gen2 in RFID system in paper, and We will analyze our encryption scheme in view of the security and efficiency through a simulation and investigate application environments to use our encryption scheme.