• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.037 seconds

The Effect of Reward and Security Awareness on User Intention of Knowledge Portal Service for ROK Army (보상과 보안의식이 육군지식포탈 사용자 의도에 미치는 영향)

  • Lee, Jong-Gill;Ku, Xyle
    • Journal of Korean Society of Industrial and Systems Engineering
    • /
    • v.42 no.2
    • /
    • pp.36-48
    • /
    • 2019
  • As the importance of Knowledge Management System (KMS) in the military increases, Republic of Korea Army (ROK Army) developed Army Knowledge Portal. Although the members in the military are encouraged to use the portal, few members currently use it. This study was conducted to find variables to predict the user's intention to use the portal, which contributes to activating the use of Army Knowledge Portal in the army. On the basis of Technology Acceptance Model (TAM), ten variables such as perceived ease of use, general information security awareness, information security awareness, expectation for external rewards, expectation for relationships, sense of self-worth, attitude toward compliance with security policy, attitude toward knowledge sharing, intention of non-combat knowledge sharing, and intention of combat knowledge sharing were considered as independent variables. 105 participants on active duty who currently use or have experience to use the portal participated in this study. The results indicated that general information security awareness and information security awareness increases compliance with the information security policy. In addition, the attitude toward knowledge sharing is enhanced by expectations for relationship and sense of self-worth. Based on the results, the authors propose the need for policy alternatives to reinforce the reward system and security policy, which activates the use of Knowledge Portal Service for ROK Army.

Improvement of Security Management Model for a High Speed Information Network (초고속 정보망의 보안관리모델 개선방안)

  • Seo Jeong-Eun;Kim Yoon-Ho;Choi Se-Ha
    • Journal of The Institute of Information and Telecommunication Facilities Engineering
    • /
    • v.2 no.4
    • /
    • pp.71-77
    • /
    • 2003
  • Security system in internet as well as the performance in information network became more important as the internet environment is getting popular and complicate. In this study, the security system (Firewall and IDS) was installed in high speed information network and analyzed for a change in the speed of data transfer and the possibility of invasion. The selection of appropriate system, efficient detection and protection and surveillance method were suggested and analyzed In order to do experiments, an experimental model was com prized to analyze the parameters that was affected by the detection and protection system in network. This will give a standard how much we can pull up the security system maintaining the network speed.

  • PDF

An Empirical Study on the Effects of Business Performance by Information Security Management System(ISMS) (정보보호 관리체계(ISMS)가 기업성과에 미치는 영향에 관한 실증적 연구)

  • Jang, Sang Soo;Kim, Sang Choon
    • Convergence Security Journal
    • /
    • v.15 no.3_1
    • /
    • pp.107-114
    • /
    • 2015
  • Since 2002, information security management system has been implemented (ISMS) certification scheme whilst providing telecommunications services to enhance the level of enterprise information security was ongoing and Prevent accidents and avoid spread of infringement, such as rapid response and there is a lot of it came true. However, this system is the protection of the country or the investment company, as part of the actual information on how management affects the performance came from or how measures are still lacking for. In this study, the companies have their own privacy ISMS certification measures the level of activity continued to improve information security performance measures and methodology are presented. The government is also based on the validity of the certification system to ensure the overall implementation of the ISMS itself is this a step increase effective information security system is to be certified in advance to prevent security incidents and to improve business performance to help.

Design of the Security Evaluation System for Decision Support in the Enterprise Network Security Management (대규모 네트워크 환경에서의 보안관리를 위한 보안평가 시스템 설계)

  • 이재승;김상춘
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.6
    • /
    • pp.776-786
    • /
    • 2003
  • Security Evaluation System is a system that evaluates the security of the entire enterprise network domain which consists of various components and that supports a security manager or a Security Management System in making decisions about security management of the enterprise network based on the evaluation. It helps the security manager or the security management system to make a decision about how to change the configuration of the network to prevent the attack due to the security vulnerabilities of the network. Security Evaluation System checks the “current status” of the network, predicts the possible intrusion and supports decision-making about security management to prevent the intrusion in advance. In this paper we analyze the requirements of the Security Evaluation System that automates the security evaluation of the enterprise network which consists of various components and that supports decision-making about security management to prevent the intrusion, and we propose a design for it which satisfies the requirements.

A Security Monitoring System for Security Information Sharing and Cooperative Countermeasure (협력대응기반 전역네트워크 보안정보공유 시스템)

  • Kim, Ki-Young;Lee, Sung-Won;Kim, Jong-Hyun
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.50 no.2
    • /
    • pp.60-69
    • /
    • 2013
  • Highlighted by recent security breaches including Google, Western Energy Company, and the Stuxnet infiltration of Iranian nuclear sites, Cyber warfare attacks pose a threat to national and global security. In particular, targeted attacks such as APT exploiting a high degree of stealthiness over a long period, has extended their victims from PCs and enterprise servers to government organizations and critical national infrastructure whereas the existing security measures exhibited limited capabilities in detecting and countermeasuring them. As a solution to fight against such attacks, we designed and implemented a security monitoring system, which shares security information and helps cooperative countermeasure. The proposed security monitoring system collects security event logs from heterogeneous security devices, analyses them, and visualizes the security status using 3D technology. The capability of the proposed system was evaluated and demonstrated throughly by deploying it under real network in a ISP for a week.

Design and Implementation of a Smishing Message Detection System Using NLP and PunyCode Conversion Techniques (NLP와 PunyCode 변환 기법을 활용한 스미싱 메시지 탐지 시스템 설계 및 구현)

  • Joongjin Kook;Keonhee Lee;Juhwan Kim;Jaehyeok Oh;Jaehan Park;Jungeun Park
    • Journal of the Semiconductor & Display Technology
    • /
    • v.23 no.3
    • /
    • pp.115-120
    • /
    • 2024
  • As smartphones become more integral to daily life, security concerns, particularly regarding smishing, have risen significantly. With the increasing frequency and variety of smishing attacks, current detection methods struggle to provide effective solutions, with most commercial algorithms achieving around a 70% detection rate. This paper proposes a novel approach to enhancing smishing detection accuracy by utilizing Natural Language Processing to analyze message syntax and semantics, combined with URL Punycode conversion and whitelist techniques. The approach focuses on improving detection through comprehensive message analysis, aiming to address the limitations of existing preventive methods. The proposed system offers conceptual improvements in smishing detection strategies, providing a more robust framework for addressing evolving security challenges.

  • PDF

Characteristics and Implementation of ISO/IEC 27001 : 2013 Information Security Management System (ISO/IEC 27001 : 2013 정보보안경영시스템의 특징과 적용 방안)

  • Song, Kyung-Il;Jang, Joong-Soon
    • Journal of Applied Reliability
    • /
    • v.14 no.2
    • /
    • pp.108-113
    • /
    • 2014
  • The demand against the risk analysis and information security of system from the companies or the agencies which operate an information system is increasing. ISO/IEC 27001 was established by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission). Also this standard is international and authoritative standard of ISMS (Information Security Management System). This paper is to review how the ISO 27001 ISMS Requirement has been established and improved, and to communicate the significant changes from ISO27001 : 2005 to ISO 27001 : 2013 focusing on reasons for revisions. Additionally, This paper shows case study for understanding ISO 27001 : 2013 implementation.

A Study on Strengthening of Logistics Security and RFID (물류보안강화와 RFID에 관한 소고)

  • Kim, Jang-Ho;Kim, Jong-Deuk;Kim, Jea-Sung
    • International Commerce and Information Review
    • /
    • v.9 no.4
    • /
    • pp.241-261
    • /
    • 2007
  • 9.11 terrors which happen in 2001 in the U.S. recognize importance about national security and Department of Commerce, country safety department, Federal Communication Commission(FCC) etc. are establishing RFID sticking plan in harbor exit and entrance container for this, and it is real condition that is preparing preparation of law and system that establishes harbor peace law(Safe Port Act) on October, 2006 and acts on for U.S. about container load cargo Europe and Asia each countries. These law and system is logistics security that strengthen search for import and export freight and security to main contents. To meet in these circumstance subsequent, this paper is to examine the following three themes. First, examined necessity of logistics security and logistics security strengthening tendency, and second, examined in achievement of logistics business and RFID, and third, presented logistics security process that utilize change of realization about logistics security and RFID's role for logistics security. Through upper investigation, this paper suggested the realization about logistics security raising, logistics security connection system construction by export step, real-time freight chase that use RFID, construction necessity of executive system and development of logistics security equipment required.

  • PDF

Design and Implementation of Information Security System to Prevent Leakage of Drawing Information (설계정보 유출방지를 위한 정보보안시스템 설계 및 구현)

  • Chang, H.B.;Lee, H.S.
    • Korean Journal of Computational Design and Engineering
    • /
    • v.11 no.5
    • /
    • pp.327-334
    • /
    • 2006
  • Recently, security incidents are growing rapidly in which internal employees let the drawing leak out to competitors or other countries. This type of security incidents has a characteristic that it occurs less frequently than other types of security incidents such as network or server security incident, but the damage is a lot more serious. The existing information security technologies to prevent internal information from being leaked out are only applicable to general documents(office documents, web pages and image files in which data are encrypted one by one). However, architectural drawings made up of collection of files with various formats(extensions) have problems with the process speed of en(de) cryption and accuracy, so the developments of security technologies by new methods are required. In this study, we design and develop a security technology based on work area with which users can protect the leakage of critical information in the kernel level while maintaining their work environment when they have to use sharing information that cannot be managed by the unit of file. As a result, we developed the "Virtual Secure Disk" which allows only authorized users and applications to have an access to drawings, and have verified its security by applying it to the actual company.

A Study on the Secure Coding for Security Improvement of Delphi XE2 DataSnap Server (델파이 XE2 DataSnap 서버의 보안성 개선을 위한 시큐어 코딩에 관한 연구)

  • Jung, Myoung-Gyu;Park, Man-Gon
    • Journal of Korea Multimedia Society
    • /
    • v.17 no.6
    • /
    • pp.706-715
    • /
    • 2014
  • It is used to lead to serious structural vulnerability of the system security of security-critical system when we have quickly developed software system according to urgent release schedule without appropriate security planning, management, and assurance processes. The Data Set and Provider of DataSnap, which is a middleware of Delphi XE2 of the Embarcadero Technologies Co., certainly help to develop an easy and fast-paced procedure, but it is difficult to apply security program and vulnerable to control software system security when the connection structure Database-DataSnap server-SQL Connection-SQL Data set-Provider is applied. This is due to that all kinds of information of Provider are exposed on the moment when DataSnap Server Port is sure to malicious attackers. This exposure becomes a window capable of running SQL Command. Thus, it should not be used Data Set and Provider in the DataSnap Server in consideration of all aspects of security management. In this paper, we study on the verification of the security vulnerabilities for Client and Server DataSnap in Dlephi XE2, and we propose a secure coding method to improve security vulnerability in the DataSnap server system.