• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.033 seconds

Study on Detection Technique of Privacy Distribution Route based on Interconnection of Security Documents and Transaction ID (보안문서와 트랜잭션ID 연계기반 개인정보유통경로 탐지기법 연구)

  • Shin, Jae-ho;Kim, In-seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.6
    • /
    • pp.1435-1447
    • /
    • 2015
  • Finance Companies are operating a security solution such as E-DRM(Enterprise-Digital Right Management), Personal information search, DLP(Data Loss Prevention), Security of printed paper, Internet network separation system, Privacy monitoring system for privacy leakage prevention by insiders. However, privacy leakages are occurring continuously and it is difficult to the association analysis about relating to the company's internal and external distribution of private document. Because log system operated in the separate and independent security solutions. This paper propose a systematic chains that can correlatively analyze business systems and log among heterogeneous security solutions organically and consistently based on security documents. Also, we suggest methods of efficient detection for Life-Cycle management plan about security documents that are created in the personal computer or by individual through the business system and distribution channel tracking about security documents contained privacy.

Design of Home Network Security System (홈 네트워크 보안시스템 설계)

  • Seol, Jeong-Hwan;Lee, Ki-Young
    • Proceedings of the IEEK Conference
    • /
    • 2006.06a
    • /
    • pp.193-194
    • /
    • 2006
  • In this paper, the SPINS, a sensor network security mechanism, was researched to design a system to be applied to home network structure and check the security of which degree was ensured by a virtual network of home networking middleware. Sensor Network security mechanism SPINS provides data confidentiality and authentication by SNEP, and provides authenticated broadcast by ${\mu}TESLA$. We designed the system that applied SPINS to home networking middleware basic structure.

  • PDF

Development of Security System in the OSI Transport Layer (OSI 트랜스포트 계층에서의 보호시스템 개발)

  • Park, Young-Ho;Kim, Ki-Hyun;Moon, Sang-Jae;Gang, Shin-Gak
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.5 no.1
    • /
    • pp.65-84
    • /
    • 1995
  • The information security is needed to guarantee the safety and the confidence to users in open system. This paper analyzes transport layer security protocol and security association protocol, which are standards proposed by ISO/IEC, to provide a security service in the transport layer and particulars, not in the standard, are defined for development. And this paper suggests a development model and develps security system based upon the suggested model. The ONP of USL is used as the development environment.

Design of Infringement Accidents Preventing System Using DNS Information Retrieval Integration Method (DNS 정보 검색 연동 기법을 이용한 침해 사고 예방 시스템 설계)

  • Kim, Kwang-Sup;Park, Young-Gil;Ro, Soong-Hwan;Kim, Bong-Hyun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.16 no.9
    • /
    • pp.1955-1962
    • /
    • 2012
  • Recently the flow of information security has become a user-centered change. This is mostly breach of security by the normal and abnormal entering harmful files during user internet. Therefore, we would like to design security system that breach of security can be prevented in advance to improve using the reliability of DNS and system control in this paper. In other words, we would like to suggest method can be block randomly to access the site which information security system of user-centric is breached harmful files infected in user computer.

A Study on Digital Evidence Transmission System for E-Discovery (E-Discovery를 위한 디지털 증거 전송시스템에 대한 연구)

  • Lee, Chang-Hoon;Baek, Seung-Jo;Kim, Tae-Wan;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.5
    • /
    • pp.171-180
    • /
    • 2008
  • This paper also suggests the Digital Evidence Transmission System for E-Discovery which is suited to domestic environments in order to solve these problems and promote safe and convenient transmission of the electronic evidences. The suggested Digital Evidence Transmission System for E-Discovery is the system that submit digital evidences to Court's Sever through the Internet using Public Key Infrastructure and Virtual Private Network, and solves the problems - such as privileged and privacy data, trade secret of company, etc.

A Study on Certification System for Assurance of Secure Information Security Product Development (안전한 정보보호제품 개발 보증을 위한 인증 제도에 관한 연구)

  • Kang, Soo-Young;Park, Jong-Hyuk
    • Journal of Advanced Navigation Technology
    • /
    • v.14 no.2
    • /
    • pp.247-252
    • /
    • 2010
  • According to IT technology has evolved, a lot of information are moving through network. The correct internet users can obtain useful information. But incorrect users expose information and cause various damage for malicious purpose. To solve this problem, various information security products are being developed. For development of secure information security product, the development process should be secure. Also evaluation system is being used about product evaluation and security module for the assurance of secure product. In this paper, we proposed assurance system for secure development of information security product. Therefore this paper proposed more secure product development and assurance scheme.

A study for Information Security Risk Assessment Methodology Improvement by blockade and security system level assessment (봉쇄와 보안장비 수준평가를 통한 정보보호 위험평가 개선 연구)

  • Han, Choong-Hee;Han, ChangHee
    • Convergence Security Journal
    • /
    • v.20 no.4
    • /
    • pp.187-196
    • /
    • 2020
  • In order to manage information security risk, various information security level evaluation and information security management system certification have been conducted on a larger scale than ever. However, there are continuous cases of infringement of information protection for companies with excellent information security evaluation and companies with excellent information security management system certification. The existing information security risk management methodology identifies and analyzes risks by identifying information assets inside the information system. Existing information security risk management methodology lacks a review of where cyber threats come from and whether security devices are properly operated for each route. In order to improve the current risk management plan, it is necessary to look at where cyber threats come from and improve the containment level for each inflow section to absolutely reduce unnecessary cyber threats. In addition, it is essential to measure and improve the appropriate configuration and operational level of security equipment that is currently overlooked in the risk management methodology. It is necessary to block and enter cyber threats as much as possible, and to detect and respond to cyber threats that inevitably pass through open niches and use security devices. Therefore, this paper proposes additional evaluation items for evaluating the containment level against cyber threats in the ISMS-P authentication items and vulnerability analysis and evaluation items for major information and communication infrastructures, and evaluates the level of security equipment configuration for each inflow.

A Study on Five Levels of Security Risk Assessment Model Design for Ensuring the u-Healthcare Information System (u-헬스케어시스템의 정보보안 체계 확보를 위한 5단계 보안위험도 평가모델 설계)

  • Noh, Si Choon
    • Convergence Security Journal
    • /
    • v.13 no.4
    • /
    • pp.11-17
    • /
    • 2013
  • All u-Health system has security vulnerabilities. This vulnerability locally(local) or network(network) is on the potential risk. Smart environment of health information technology, Ad-hoc networking, wireless communication environments, u-health are major factor to increase the security vulnerability. u-health care information systems user terminal domain interval, interval public network infrastructure, networking section, the intranet are divided into sections. Health information systems by separating domain specific reason to assess vulnerability vulnerability countermeasure for each domain are different. u-Healthcare System 5 layers of security risk assessment system for domain-specific security vulnerability diagnosis system designed to take the security measures are needed. If you use this proposed model that has been conducted so far vaguely USN-based health information network security vulnerabilities diagnostic measures can be done more systematically provide a model.

A Case Study on the Information Security Management System for Major Korean Businessn Groups (국내주요그룹의 정보보안관리 체계에 관한 사례 연구)

  • Sun, Han-Gil;Han, In-Goo
    • Asia pacific journal of information systems
    • /
    • v.8 no.2
    • /
    • pp.105-119
    • /
    • 1998
  • As the first step to information security, the security policy and organizational control need to be established. The purpose of this study is to investigate the policy and management of information security of five major Korean business groups. The results of case study on five giant groups can be summarized as follows. There exists a basic policy for information security. But it is outdated and not realistic in the present. The security audit and education need to be upgraded. It is also necessary to use security tools actively. The security level is low in companies which do not have independent information security divisions. Therefore, it is desirable to build information security teams. The number of security personnel is not enough for the task although there exist an information security team in the company. It is important to check if the team has the ability of perform information security task. The interview with security managers reveals that the total security management should be integrated with physical and computer security. It is suggested that an Information Security Center play the major role for information security. The study on the information security management for industry level is expected to be performed in the future.

  • PDF

A Study on Building an Optimized Defense System According to the Application of Integrated Security Policy Algorithm (통합 보안정책 알고리즘 적용에 따른 최적화 방어 시스템 구축에 관한 연구)

  • Seo, Woo-Seok;Jun, Moon-Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.4
    • /
    • pp.39-46
    • /
    • 2011
  • This study is conducted to examine the optimal integrated security policy based on network in case of attacks by implementing unique security policies of various network security equipments as an algorithm within one system. To this end, the policies conduct the experiment to implement the optimal security system through the process of mutually integrating the unique defense policy of Firewall, VPN(Virtual Private Network), IDS(Intrusion Detection System), and IPS(Intrusion Prevention System). In addition, this study is meaningful in that it designs integrated mechanism for rapid detection of system load caused by establishment of the security policy and rapid and efficient defense and secures basic network infrastructure implementation.