• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.036 seconds

Construction of Security MIB for EDI System

  • Park Tae-Kyou
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.8 no.1
    • /
    • pp.23-37
    • /
    • 1998
  • This paper considers the design and management of security MIB for EDI system. EDI system has to establish various securety wervices and mechanisms to protect against security threats. Hence, the EDIsystem requires appropriate security management to monitor and control the security obhects for its security services and mechanisms. In this paper, I identify security objects for management of secueity services defined in the EDIsystem, and propose the design of a security MIB and describe the use of SNMPnetwork management protocol in its management.

Government Information Security System with ITS Product Pre-qualification (사전 검증을 통한 행정정보보호시스템 도입 방안)

  • Yeo, Sang-Soo;Lee, Dong-Bum;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.13 no.5
    • /
    • pp.763-772
    • /
    • 2009
  • According as information-oriented society is propelled, development of various information security systems is achieved, and introduction of information security system is increasing for service offer securing from nation and public institution. In particular, government information system is increasing interest about security assessment service of government information system because verification about security is weighed first of all. Accordingly, study about various security assessment services is preceded in domestic and overseas. In this paper, analyze security assessment service of Britain and Canada, and we proposed about pre-qualification introduction plan of government information system that can offer user of nation and public institution reliability.

  • PDF

Utilization of Physical Security Events for the Converged Security using Analytic Hierarchy Process: focus on Information Security (계층분석과정을 이용한 융합보안을 위한 물리 보안 이벤트 활용: 정보 보안 중심)

  • Kang, Koo-Hong;Kang, Dong-Ho;Nah, Jung-Chan;Kim, Ik-Kyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.553-564
    • /
    • 2012
  • Today's security initiatives tend to integrate the physical and information securities which have been run by completely separate departments. That is, the converged security management becomes the core in the security market trend. However, to the best of our knowledge, we cannot find any solutions how to combine these two security events for the converged security. In this paper, we propose an information security object-driven approach which utilizes the physical security events to enhance and improve the information security. For scalability, we also present a systematic method using the analytic hierarchy process finding the meaningful event combinations among the large number of physical security events. In particular, we show the whole implementation processes in detail where we consider the information security object 'illegal computing system access' combined with two physical security devices - access controller and CCTV+video analyzer system.

A Research on the Development of Information Security Governance Framework (정보보호 거버넌스 프레임워크 개발에 관한 연구)

  • Lee, Seong-Il;Hwang, Kyung-Tae
    • Journal of Information Technology Applications and Management
    • /
    • v.18 no.2
    • /
    • pp.91-108
    • /
    • 2011
  • Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

Improvement of Information Security Management System Evaluation Model Considering the Characteristics of Small and Medium-Sized Enterprises (중소기업의 특성을 고려한 정보보호 관리체계 평가 모델 개선)

  • Kim, Yi Heon;Kim, Tae-Sung
    • Journal of Information Technology Services
    • /
    • v.21 no.1
    • /
    • pp.81-102
    • /
    • 2022
  • Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.

The Effect of Organizational Information Security Environment on the Compliance Intention of Employee (조직의 정보보안 환경이 조직구성원의 보안 준수의도에 미치는 영향)

  • Hwang, Inho;Kim, Daejin
    • The Journal of Information Systems
    • /
    • v.25 no.2
    • /
    • pp.51-77
    • /
    • 2016
  • Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

An Empirical Approach to the Influence of IT Assets Security and Information Security Service on Information Security Qualify and Satisfaction (IT자산 안전성과 정보보호 서비스가 정보보호 품질 및 만족도에 미치는 영향에 관한 실증연구)

  • Kwon, Soon-Jae;Lee, Kun-Chang;Kim, Chang-Hyun
    • Journal of the Korean Operations Research and Management Science Society
    • /
    • v.32 no.2
    • /
    • pp.149-162
    • /
    • 2007
  • In the era of the internet and ubiquitous computing, IS users are still facing a variety of threats. Therefore, a need of more tightened information security service increases unprecedentedly. In this sense, this study is aimed at proposing a new research model in which IT assets (i.e., network, system, and information influence) Security and Information Security Service (i.e., confidentiality, integrity, nonrepudiation, authentication) affect information security quality positively, leading to users' satisfaction eventually. To prove the validity of the proposed research model, PLS analysis is applied with valid 177 questionnaires. Results reveal that both IT assets Security and Information Security Service influence informations security qualify positively, and user satisfaction as well. From the results, it can be concluded that Korean government's recent orchestrated efforts to boost the IT assets Security and Information Security Service helped great improve the information security quality and user satisfaction.

A Study on the Method of Checking the Level of Information Security Management Using Security Maturity Model (보안성숙도 모델을 활용한 정보보호 관리수준 점검방법에 관한 연구)

  • Lee, Sang-kyu;Kim, In-seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1585-1594
    • /
    • 2018
  • In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.

Convergence Security Provider Self-Conformity System (융합보안 공급자 자기 적합성 제도)

  • Baik, Namkyun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.15 no.2
    • /
    • pp.53-61
    • /
    • 2019
  • In this paper, we propose 'a self - conformance system of convergence security provider' to provide basic data for security and reliability of convergence industrial technology, system and service. It is difficult to evaluate convergence security systems, limited to information and communication service providers, unable to check convergence security items, burden of submission documents, difficulty in measuring convergence security service level and we will summarize product and service-based requirements that can be integrated and systematically measure the level of convergence security and define renewed life cycle-based convergence security information and content security and assurance requirements. On the basis of this, each convergence security company declares conformity with the standard itself without the certification of the certification body, and introduces the provider conformity certification system which can manufacture and sell. This will enable the company to strengthen its competitiveness through timely launch and implementation of products and services and cost reduction.

Advanced approach to information security management system utilizing maturity models in critical infrastructure

  • You, Youngin;Oh, Junhyoung;Kim, Sooheon;Lee, Kyungho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.10
    • /
    • pp.4995-5014
    • /
    • 2018
  • As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.