• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.033 seconds

A system for detecting document leakage by insiders through continuous user authentication by using document reading behavior (문서 읽기 행위를 이용한 연속적 사용자 인증 기반의 내부자 문서유출 탐지기술 연구)

  • Cho, Sungyoung;Kim, Minsu;Won, Jongil;Kwon, SangEun;Lim, Chaeho;Kang, Brent ByungHoon;Kim, Sehun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.2
    • /
    • pp.181-192
    • /
    • 2013
  • There have been various techniques to detect and control document leakage; however, most techniques concentrate on document leakage by outsiders. There are rare techniques to detect and monitor document leakage by insiders. In this study, we observe user's document reading behavior to detect and control document leakage by insiders. We make each user's document reading patterns from attributes gathered by a logger program running on Microsoft Word, and then we apply the proposed system to help determine whether a current user who is reading a document matches the true user. We expect that our system based on document reading behavior can effectively prevent document leakage.

Software integrity verification method in POS system (POS시스템 내 소프트웨어 무결성 검증 방안)

  • Cho, Sung-A;Kim, Sung Hoon;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.987-997
    • /
    • 2012
  • A Point-of-Sales (POS) terminal manages the selling process by a salesperson accessible interface in real time. Using a POS system makes a business and customer management much more efficient. For these reasons, many store install POS terminal and used it. But it has many problem that stealing personal information by hacking and insider corruption. Because POS system stored payment information like that sales information, card valid period, and password. In this paper, I proposed software integrity verification technique in POS system based on White list. This method can prevent accidents that personal information leak by hacking and POS system forge and falsification. This proposed method provides software integrity, so it can prevent inside and outside threats in advance.

An Analysis on Training Curriculum for Educating Information Security Experts (정보보안 전문인력 양성을 위한 교육과정 분석)

  • Park, Jae-Yong
    • Management & Information Systems Review
    • /
    • v.31 no.1
    • /
    • pp.149-165
    • /
    • 2012
  • Nowadays due to the development of IT, hacking has become a major issue and importance of information system security is rapidly increasing. This research focuses on problems of training system security experts within Korea by analysing university's management information system curriculum and proposes an alternative way to solve this problem. The result of this research is the following. First, reformation of university's curriculum for successfully training system security experts is crucial. Second, theories that was learned in university courses need to be coherent to the actual work that the system security experts do in the field. Lastly, advanced IT countries like the US and Japan have already made standards on training system auditors and reinforced it with laws. Therefore Korea should establish a formal standard system like the other IT industry advanced countries.

  • PDF

A Study on Secure Interaction of DHCP Server with DNS Server

  • Ham Young Hwan;Chung Byung Ho;Chung Kyo Il
    • Proceedings of the IEEK Conference
    • /
    • 2004.08c
    • /
    • pp.544-548
    • /
    • 2004
  • DHCP(Dynamic Host Configuration Protocol) is a protocol which dynamically allocates an IP address and/or host configuration parameters to a host. The DHCP client's address can be changed dynamically any time. For the possible communication with other system, the DHCP client has to inform its address to the DNS system with dynamic update facility. But the DNS dynamic update has a problem related to the security. So we proposed the efficient mechanism for the secure integration of DHCP and DNS by using DNS security extensions. The system also uses the DNS server as the certificate repository for the storing & retrieval of each other's certificate.

  • PDF

Design of SVC-based Multicasting System Preserving Scalable Security

  • Seo, Kwang-Deok
    • Journal of information and communication convergence engineering
    • /
    • v.8 no.1
    • /
    • pp.71-76
    • /
    • 2010
  • Scalable video coding (SVC) has been standardized as an extension of the H.264/AVC standard. SVC allows straightforward adaptation of video streams by providing layered bit streams. In this paper, we propose a SVC video-based multicasting system preserving scalable security which is able to provide a SVC video service while maintaining information security. In order to maintain information security between a server and a client during all transmission time, the proposed system immediately performs a packet filtering process without decoding with respect to encrypted data received in a routing device, thereby reducing an amount of calculations and latency.

Design of Information Security Management for Industrial Control System (산업제어시스템을 위한 정보보호 관리체계 설계 방안 연구)

  • Jo, Young-Hyun;Lee, Eun-Kyoung
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2016.01a
    • /
    • pp.311-314
    • /
    • 2016
  • 지난 5년간 대표적인 산업제어시스템(Industrial Control System)인 국내 원자력 발전소에 대한 해킹 시도는 총 1,843회로 사이버공격에 대한 위험은 날로 높아지고 있다. 이러한 공격은 사이버전, 테러, 사이버범죄자들에 의해 실행되고 있다. 이러한 위험을 통제하기 위해서는 산업제어시스템이 일반적인 IT시스템과 다른 운영체제, 네트워크 등 시스템 환경을 고려하여야 한다. 본 논문에서는 기존의 IT보안 대책과 산업제어시스템 보안 대책을 비교 분석하고, 국내외에서 발생하고 있는 산업제어시스템에 대한 공격 사례를 비교 분석하여 산업제어시스템 인프라에서 고려하고 통제해야 할 정보보호 요소들을 제언한다.

  • PDF

Informational and Methodological Approach to Ensuring the Economic Security of the State in the Banking Sphere

  • Shemayeva, Luidmila;Hladkykh, Dmytro;Mihus, Iryna;Onofriichuk, Andrii;Onofriichuk, Vitalii
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12spc
    • /
    • pp.477-482
    • /
    • 2021
  • The existing approaches to ensuring the banking security of the state do not take into account the peculiarities of the banking system in the rapid development of the information economy (increasing uncertainty, imbalance and nonlinearity of processes in the banking system under the influence of innovation, institutions, information asymmetry, etc.). A methodological approach to determining the synergetic effect in the implementation of the regulatory influence of the state on the development of innovation processes related to informatization in the banking system, based on the use of differential equations and modelling the sensitivity of innovation processes related to informatization in the banking system, to the regulatory influence of the state to prevent the deployment of risks and threats to economic security of the state in this area has been suggested in the present article.

System Dynamics Approach, to Demand and Supply of Information Security Manpower (시스템 다이내믹스 방법론을 이용한 정보보호인력 수급체계 분석)

  • 김태성;전효정;박상현;장석호
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.2B
    • /
    • pp.228-239
    • /
    • 2004
  • Information Security industry in Korea is growing rapidly but is confronted with many challenges in business environment. One of the worst hardships is the mismatch in the demand and supply of manpower. Thus the government is developing a manpower policy to relieve the situation. To suggest policy implications, this study analyzes the demand and supply of Information Security manpower in the systematic and behavioral point of views. Using System Dynamics approach, we formulate a model to analyze the demand and supply of Information Security manpower. Finally we simulate the model and interpret the results.

System Dynamics Approach to Demand and Supply of Information Security Manpower (시스템 다이내믹스 방법론을 이용한 정보보호인력 수급체계 분석)

  • 김태성;전효정;박상현;장석호
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.5C
    • /
    • pp.642-653
    • /
    • 2004
  • Information Security industry in Korea is growing rapidly but is confronted with many challenges in business environment. One of the worst hardships is the mismatch in the demand and supply of manpower. Thus the government is developing a manpower policy to relieve the situation. To suggest policy implications, this study analyzes the demand and supply of Information Security manpower in the systematic and behavioral point of views. Using System Dynamics approach we formulate a model to analyze the demand and supply of Information Security manpower. Finally we simulate the model and interpret the results.

Information Security Research for Smartwork System (Smartwork System을 위한 정보보호연구)

  • Cheon, Jae-Hong;Park, Dae-Woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.05a
    • /
    • pp.323-325
    • /
    • 2016
  • Computing loud arrival times were, important data Clouding and, without being limited to the device, may process the information. Recently, work environment and improved access to Cloud and Mobile, this decision has been made to take effect immediately. However, when such important decisions of the government, the security is required. In this paper, we study the network access and control in IoT, Cloud, Bigdata, Smartwork System applied to Mobile. Study the authentication, authorization, and security for each security level Level of Service to connect to the DB information. Research of this paper will be used as the basis for the information processing and decision-making system design and construction of public institutions and agencies as important information for the protection Smartwork System.

  • PDF