• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.036 seconds

The Policy Distribution Algorithm of Firewall in Integrated Security Management (통합보안관리시스템의 방화벽정책 분배를 위한 알고리즘 : FALCON)

  • Kim, Gwang-Hyeok;Gwon, Yun-Ju;Kim, Dong-Su;Jeong, Tae-Myeong
    • The KIPS Transactions:PartC
    • /
    • v.9C no.4
    • /
    • pp.467-472
    • /
    • 2002
  • Recently, Networks are required to adopt the security system and security consulting because of security threats and vulnerabilities of systems. Enterprise Security Management (ESM) is a system which establishes the security zone composed of security systems and Firewalls and applies the security policy to each security system. A relevant ESM is based on the effective policy and the proper security system. Particularly, multiple firewalls in ESM are concerned with the security policy about each traffic. In this paper, we describe the problems that can be occurred when we select the firewalls to apply security policy of access control in ESM composed of multiple firewalls and propose the FALCON algorithm, which is able to select the firewalis to apply the policy. We expect that FALCON algorithm offers stability, scalability and compactness for selecting firewall set.

Impacts of Success Factors of Information System on Business Performance through Security Reliability of Casino Information System and Job Satisfaction (정보시스템 성공요인이 카지노정보시스템의 보안신뢰와 직무만족을 통해 경영성과에 미치는 영향)

  • LEE, Dae Kun;HWANG, Chan Gyu
    • Journal of Digital Convergence
    • /
    • v.14 no.9
    • /
    • pp.181-198
    • /
    • 2016
  • This study explored the performance factors of casino information systems for foreigners, empirically examined the causal relation between these factors and the business performances through organizational trust and job satisfaction and suggested a direction to enhance the casino information systems. The result of this study showed that, firstly, information quality impacted positively on security reliability and job satisfaction. Secondly, system quality impacted positively on security reliability and job satisfaction. Thirdly, service quality impacted positively on security reliability and job satisfaction. Fourthly, security reliability impacted positively on job satisfaction through security reliability. Lastly, security reliability and job satisfaction impacted positively on business performance. This research must be continued by expanding upon the variables of this research study, and there is a need for follow up research on methods that can analyze the management performance of casino information systems from a diverse set of approaches and also research that conducts an analysis on systems that are implemented to prevent tax evasion.

A Study on Data Security Control Model of the Test System in Financial Institutions (금융기관의 테스트시스템 데이터 보안통제 모델 연구)

  • Choi, Yeong-Jin;Kim, Jeong-Hwan;Lee, Kyeong-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1293-1308
    • /
    • 2014
  • The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.

Design and Implementation of the Security System using RFID and Biometric Information (RFID 및 생체정보를 이용한 보안시스템의 설계 및 구현)

  • Choi, Jae-Kwan;Lee, Ki-Young
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.10 no.6
    • /
    • pp.251-256
    • /
    • 2010
  • In times past, simple numeric password was the commonly used method in security system. For complement this method, the security system using biometric information is appeared. But it usually uses the scheme to utilize portion of biometric information, and has limited application fields. This biometric security system has low reliability because of some problems such as steal, robbery, and so on. Furthermore, it is associated secondary crime as leaking personal information. For this reason new security system using the unique individual biometric is required. In this paper, we propose the security scheme which used face image and iris analysis. While face image processing for specific person identification, it calculate some feature points of face image and iris's features in our proposed scheme. After person identification applying RFID tags in doorway, several feature information is extracted from camera image, and these compare with registered information of our system for final identification.

A Study for Limitations and Improvement of Information Security Management System (정보보호 관리의 한계점과 개선방안에 관한 연구)

  • Lee, Sujin;Choi, Sang-Yong;Kim, JaeKyoung;Oh, ChungShick;Seo, Changho
    • Journal of Digital Convergence
    • /
    • v.12 no.2
    • /
    • pp.563-570
    • /
    • 2014
  • As information security is becoming more important today, efforts in managing information security more efficiently is becoming greater. Each department such as Ministry of Security and Public Administration, Ministry of Science, Ministry of Education, National Intelligence Service, etc. is established screening criteria for information security and conducted the evaluation. Various information security certification and evaluation for public institutions effectively help to improve the level of information security. However, there are limitations of efficient security management because the examination to be performed frequently by each department. In this paper, we analyze screening criteria of the information security management that is being conducted in the public institutions. We also present limitations of information security management and the direction of improving the limitations.

Design and Implementation of the System Supporting Security Communication between a Web Browser and a CGI Program (웹 브라우져와 CGI 프로그램 사이의 보안 통신을 지원하는 시스템 설계 및 구현)

  • Lee, Jun-Seok
    • The Transactions of the Korea Information Processing Society
    • /
    • v.6 no.3
    • /
    • pp.641-653
    • /
    • 1999
  • The paper is design and implementation of the system to support security communication between a Web Browser and a CGI program by a Web Server using PKI(Public Key Infrastructure. This system uses GSS(Generic Security Service)-API to communicate with PKI, offers a Web user a Client Proxy, and offers a CGI developer there library functions related with security. TLS(Transport Layer Security) supports security communication between a Web Browser and a Web Server, but the system supports security communication between a Web Browser and a CGI program as the protected data received from a Client Proxy are sent to a CGI program, and the CGI program decrypts the data using the library functions supported by this system.

  • PDF

A Building Method of Infrastructure Efficiency under Ad Hoc-based on Network Infrastructure for Medical Information System (Ad Hoc 기반 의료정보시스템의 네트워크 보안 효율성구조 Infrastructure 설계방법)

  • Noh, Si-Choon;Yoo, Seung-Jae
    • Convergence Security Journal
    • /
    • v.11 no.3
    • /
    • pp.91-98
    • /
    • 2011
  • Medical information system based on ad hoc network designed for general information systems and information networks have different security requirements. Malicious code infiltration and security features are performed on same medical information network architecture along the route. Security domain of medical information systems is the ground of penetration and defense performed over the network architecture and it is also the traffic handling areas separated by a concept of differentiated group. Ad hoc-based medical information systems in the network security domain, set some standards about what should be the methodology of this study. In this paper, medical information system network configuration, the determining factor based on the security domain, the structure selection criteria and blocking positionings are presented according to the traffic route configuration. If you apply this methodology designed to increase security, efficiency can be possible. Health information systems in accordance with the security domain areas requires differentiated protection needs of the security mechanism that is proposed by this study.

A Feasibility Study on Introduction of Information Security Disclosure (정보보안 공시제도 도입을 위한 타당성 분석과 운영체계 제언)

  • Jun, Hyo-Jung;Kim, Tae-Sung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.6
    • /
    • pp.1393-1405
    • /
    • 2012
  • This study intends to help establishing guidelines on providing easier access to security status-related information about business and public institutions by interested parties such as investors and civic societies, and to push ahead with the compulsory execution of the information security disclosure. We suggest a draft for the information disclosure system by reviewing the existing disclosure systems and validate the draft by surveying experts. It is expected that the result of this study will be the basis for the adoption of the information security disclosure system and be used as a referential material in the establishment of the relevant policy.

Meeting Real Challenges in Eliciting Security Attributes for Mobile Application Development

  • Yusop, Noorrezam;Kamalrudin, Massila;Yusof, Mokhtar Mohd;Sidek, Safiah
    • Journal of Internet Computing and Services
    • /
    • v.17 no.5
    • /
    • pp.25-32
    • /
    • 2016
  • There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.

A study on Security Risk Analysis Methods in Overseas (해외의 보안위험분석 방법론 현황 및 분석)

  • 이성만;이필중
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1994.11a
    • /
    • pp.288-302
    • /
    • 1994
  • A security risk analysis provides all information system with the capability to investigate and estimate the status of its security, and gives a guideline for establishing a safeguard against any means of security threats. The information system needs tile judicious and accurate why for performing a risk analysis since security policy and risk analysis of tile information system are based on risk analysis, The risk analysis is composed of two methods. mathematical approach and diagramming technique. Mathematical approach cannot yield a precise description of the real world. However, diagramming technique is more pragmatic since it overcomes this limitation. In this paper, we studied tile security risk analysis methods proposed in overseas such as INFOSEC [4], SRAG [5], FIPS65[6], and JRAM[7].

  • PDF