• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.029 seconds

On-line Shared Platform Evaluation Framework for Advanced Persistent Threats

  • Sohn, Dongsik;Lee, Taejin;Kwak, Jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.5
    • /
    • pp.2610-2628
    • /
    • 2019
  • Advanced persistent threats (APTs) are constant attacks of specific targets by hackers using intelligent methods. All current internal infrastructures are constantly subject to APT attacks created by external and unknown malware. Therefore, information security officers require a framework that can assess whether information security systems are capable of detecting and blocking APT attacks. Furthermore, an on-line evaluation of information security systems is required to cope with various malicious code attacks. A regular evaluation of the information security system is thus essential. In this paper, we propose a dynamic updated evaluation framework to improve the detection rate of internal information systems for malware that is unknown to most (over 60 %) existing static information security system evaluation methodologies using non-updated unknown malware.

A Government Agency Environment Protects Information System Design using Intrusion Prevention System and Role-Base Security Policy (침입방지시스템과 역할기반 보안정책을 이용한 정부기관 정보보호 시스템 설계)

  • Ahn Joung Choul
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.6
    • /
    • pp.91-103
    • /
    • 2004
  • The survey of network firewall system has been focused on the deny policy that protects information from the unlicensed and the intrusion detection system. Government has solved several firewall problems as building the intranet separated from the intranet. However, the new firewall system would been satisfied both the denialpolicy and information share with the public, according as government recently emphasizes electronic service. Namely, it has to provide the functions such as the information exchange among divisions, partial share of information with the public, network connection and the interception of illegal access. Also, it considers the solution that protects system from hacking by inner user and damage of virus such as Worm. This Paper suggests the protects information system using the intrusion prevention system and role-based security policy to support the partial opennessand the security that satisfied information share among governments and public service.

Study on Technical trend of physical security and future service (물리보안의 기술동향과 미래 서비스에 대한연구)

  • Shin, Byoung-Kon
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.15 no.5
    • /
    • pp.159-166
    • /
    • 2010
  • From public insecurity, access of wealth, alteration of population structure, and changes of security recognition, physical security has been continuously developed and changed. In these days, typical systems for physical security are unmanned security system using telephone network and security equipment, image recognition system using DVR and camera, and access control system by finger print recognition and RFID cards. However, physical security system is broadening its domain towards ICT based convergence with networked camera, biometrics, individual authentication, and LBS services. This paper proposes main technical trends and various security convergences for future physical security services by classifying the security categories into 3 parts; Individual security for personal protection, IT Convergence for large buildings, and Homeland Security for omni-directional security.

A Study on the Evaluation Indices for Evaluation of the Information Security Level on the Enterprise Organization (기업의 정보보호 수준 평가를 위한 평가지표)

  • Na, Yun-Ji;Ko, Il-Seok;Cho, Young-Suk
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.135-144
    • /
    • 2006
  • Until now, most of the evaluation systems have performed evaluation with an emphasis on in-formation security products. However, evaluating information security level for an enterprise needs analysis of the whole enterprise organization, and a synthetic and systematic evaluation system based on it. In this study we subdivided the information security elements of the whole enterprise such as planning, environment, support, technology, and management; developed indices based on them; finally, made the information security level of the whole enterprise organization possible to be measured. And we tried to grasp the information security level of the whole enterprise organization and develop an evaluation system of information security level for suggesting a more developing direction of information security.

  • PDF

Measures for Training Military Information Security Professional Personnel for Cyber Security (사이버 안보를 위한 군(軍) 정보보호 전문인력 양성방안)

  • Lee, Kwang-ho;Kim, Heung-Taek
    • Convergence Security Journal
    • /
    • v.17 no.2
    • /
    • pp.145-151
    • /
    • 2017
  • The Cyberspace of the Republic of Korea Army is continuously threatened by enemies. Means for responding to such cyber threats are ultimately Military information security professional personnel. Currently, however, there are only a handful of advanced information security professional persons in Republic of Korea Army, and a lack of systematic training is inadequate. Therefore, in this thesis, we surveyed the information security professional human resource policies of USA, UK, Israel, and Japan. In addition, the policy to train professional human resources specialized in defense cyber security, we proposed training of specialist talent of 4 steps and medium and long term plan, step-by-step training system sizing, introduction of certification system.

An Access Control Security Architecture for Secure Operating System supporting Flexible Access Control (유연한 접근통제를 제공하는 보안 운영체제를 위한 접근통제 보안구조)

  • Kim Jung-Sun;Kim Min-Soo;No Bong-Nam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.2
    • /
    • pp.55-70
    • /
    • 2006
  • In this paper, we propose a new access control security architecture for supporting flexibility in Secure Operating Systems. By adding virtual access control system layer to the proposed security architecture, various access control models such as MAC, DAC, and RBAC can be applied to Secure Operating Systems easily. The proposed security architecture is designed to overcome the problem of Linux system's base access control system. A policy manager can compose various security models flexibly and apply them to Operating Systems dynamically. Also, the proposed architecture is composed of 3 modules such as access control enforcement, access control decision, and security control. And access control models are abstracted to hierarchy structure by virtual access control system. And, we present the notation of policy conflict and its resolution method by applying various access control model.

A Study on the Methodology in Classifying the Importance of Information System (정보시스템 중요도 분류 방법론에 관한 연구)

  • Choi, Myeonggil;Cho, Kang-Rae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1329-1335
    • /
    • 2014
  • The importance of information security is increasing in the public and private organizations. The interruption of the information system might cause massive disorder. To protect information systems effectively, information systems would be categorized and managed in terms of degree of importance. In this study, we suggest a new evaluation method that categorizes information systems based on the three nature of security, confidentiality, integrity and availability. For validation of the method, we use a case study in a public sector. Through the validation of method, the availability of applying the method for categorization information systems to other domains could be suggested.

A comparative study on the priorities between perceived importance and investment of the areas for Information Security Management System (정보보호관리체계(ISMS) 항목의 중요도 인식과 투자의 우선순위 비교 연구)

  • Lee, Choong-Cheang;Kim, Jin;Lee, Chung-Hun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.5
    • /
    • pp.919-929
    • /
    • 2014
  • Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.

Policy-based Security System Modeling using Vulnerable Information (취약성 정보를 활용한 정책 기반 보안 시스템 모델링)

  • Sea, Hee-Suk;Kim, Dong-Soo;Kim, Hee-Wan
    • Journal of Information Technology Services
    • /
    • v.2 no.2
    • /
    • pp.97-109
    • /
    • 2003
  • As the importance and the need for network security is increased, many organization uses the various security systems. They enable to construct the consistent integrated security environment by sharing the vulnerable information among firewall, intrusion detection system, and vulnerable scanner. And Policy-based network provides a means by which the management process can be simplified and largely automated. In this article we build a foundation of policy-based network modeling environment. The procedure and structure for policy rule induction from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Based) is conducted. It also transforms the policy rules into PCIM (Policy Core Information Model).

A Study on the Factors Affecting the User Satisfaction and Continuous Use Intention of the Improved Army Tactical Command Information System (ATCIS 성능개량체계 만족 및 지속사용 의도에 미치는 영향요인)

  • Lee, Tae Bok;Baek, Seung Nyoung
    • The Journal of Information Systems
    • /
    • v.31 no.1
    • /
    • pp.1-24
    • /
    • 2022
  • Purpose The purpose of this study is to investigate the factors that affect the user satisfaction and continuous use intention of the improved ATCIS in the Korean Army. Design/methodology/approach Based on the various theories in relation to IT continuance, user satisfaction was identified as the main factor with regard to the continuous use intention of the improved ATCIS. In addition, computer self-efficacy, education-training, and system quality were hypothesized as antecedent variables to user satisfaction, and information security stress was set as a moderating variable for these relationships. Findings Survey results show that computer self-efficacy, education and training, and system quality had a positive effect on user satisfaction, and information security stress was found to moderate these relationships. The effects of computer self-efficacy and education-training on user satisfaction were higher in the group with low information security stress. However, the relationship between system quality and user satisfaction was higher in the group with high information security stress. User satisfaction is found to have a positive effect on the continuous use intention even with habit considered as a control variable.