• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.033 seconds

A Study on Models for Technical Security Maturity Level Based on SSE-CMM (SSE-CMM 기반 기술적 보안 성숙도 수준 측정 모델 연구)

  • Kim, Jeom Goo;Noh, Si Choon
    • Convergence Security Journal
    • /
    • v.12 no.4
    • /
    • pp.25-31
    • /
    • 2012
  • The SSE-CMM model is how to verify the level of information protection as a process-centric information security products, systems and services to develop the ability to assess the organization's development. The CMM is a model for software developers the ability to assess the development of the entire organization, improving the model's maturity level measuring. However, this method of security engineering process improvement and the ability to asses s the individual rather than organizational level to evaluate the ability of the processes are stopped. In this research project based on their existing research information from the technical point of view is to define the maturity level of protection. How to diagnose an information security vulnerabilities, technical security system, verification, and implementation of technical security shall consist of diagnostic status. The proposed methodology, the scope of the work place and the current state of information systems at the level of vulnerability, status, information protection are implemented to assess the level of satisfaction and function. It is possible that measures to improve information security evaluation based on established reference model as a basis for improving information security by utilizing leverage.

The Security Quality of Computer Network (컴퓨터 네트워크의 보안 품질)

  • 신장균;박병호;유진철
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1995.11a
    • /
    • pp.41-47
    • /
    • 1995
  • This research suggests a criterion, security quality, which is a unifying principle in computer network security that has the lack of a unifying principle. The security quality includes secrecy, integrity, recording, and availability among the factors that represent the security evaluation of the computer system. So, we defined the security quality, which is a basis for determining the security level, as the grand total of evaluation about each factor.

  • PDF

A Proposal of Risk Management Framework for Design as a Secure Power Control System (안전한 전력 제어시스템 설계를 위한 위험관리 프레임워크 제안)

  • Park, Jun Yong;Shin, Sumin;Song, Kyoung-Young
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.2
    • /
    • pp.425-433
    • /
    • 2016
  • In smart grid, enhancement of efficiency and interoperability of electric power system is achieved through the connection with outer network, and this induces that power grid system is threatened increasingly, becomes the main target of cyber terrorism, and is sincerely required to design the secure power system. Although SSDLC(Secure System Development Life Cycle) is used for risk management from the design phase, traditional development life cycle is somewhat limited for satisfaction of information security indicator of power control system. Despite that power control system should reflect control entities of information security considering its own characteristics, validation elements are insufficient to apply into real tasks based on existing compliance. To make design of diagnostic model and assessment process for power control system possible and to give a direction for information security and present related indicator, we propose the new risk management framework of power control system which is applied operational security controls and standard architecture presented by IEC 62351 TC 57 with enterprise risk management framework.

Derivation of Security Requirements for Cloud Managing Security Services System by Threat Modeling Analysis (위협 모델링 분석에 의한 클라우드 보안관제시스템 보안요구사항 도출)

  • Jang, Hwan
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.10 no.5
    • /
    • pp.145-154
    • /
    • 2021
  • Recently, the introduction of Cloud Managing Security Services System to respond to security threats in cloud computing environments is increasing. Accordingly, it is necessary to analyze the security requirements for the Cloud Managing Security Services System. However, the existing research has a problem that does not reflect the virtual environment of the cloud and the data flow of the Cloud Managing Security Services System in the process of deriving the requirements. To solve this problem, it is necessary to identify the information assets of the Cloud Managing Security Services System in the process of threat modeling analysis, visualize and display detailed components of the cloud virtual environment, and analyze the security threat by reflecting the data flow. Therefore, this paper intends to derive the security requirements of the Cloud Managing Security Services System through threat modeling analysis that is an improved existing research.

Economic Analysis of The Operational Policy for Data Backup with Information Security Threats (정보보호위협하에서 경제적인 데이터백업 운영 정책 분석)

  • Yang, Won Seok;Kim, Tae-Sung;Lee, Doo Ho
    • The Journal of the Korea Contents Association
    • /
    • v.14 no.10
    • /
    • pp.270-278
    • /
    • 2014
  • The stability and security management of IT data becomes more important because information security threats increases rapidly in Big Data era. The operational policy of the data backup considering information security threats is required because the backup policy is the fundamental method that prevents the damage of security threats. We present an economic approach for a data backup system with information security threats which damage the system. The backup operation consists of the differential backup and the batch backup. We present a stochastic model considering the occurrence of information security threats and their damage. We analyze the stochastic model to derive the performance measures for the cost analysis. Finally we analyze the average cost of the system and give numerical examples.

Establishment and Effectiveness Analysis of Emergency Vehicle Priority Signal Control System in Smart City and Directions for ISMS-P Technical Control Item Improvement (스마트시티 내 긴급차량 우선신호 제어시스템 구축과 효과성 분석 및 ISMS-P 기술적 통제항목 개선 방향성 연구)

  • Yoon, TaeSeok;Park, Yongsuk
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.25 no.9
    • /
    • pp.1166-1175
    • /
    • 2021
  • We investigate the current situation and development trend of domestic smart city and emergency vehicle priority signal control system analyzing the existing effectiveness of 1) emergency vehicle priority signal control system and 2) control emergency vehicle priority signal, based on domestic and foreign prior research for signal control system security. The effectiveness of time reduction was analyzed through actual application and test operation to emergency vehicles after establishing the system. In addition, for security management and stable service of real-time signal system control we propose improvement for the technical control items of the ISMS-P certification system to secure golden time to protect citizens' precious lives and property in case of emergency by classifying and mapping the existing ISMS-P certification system and the Korea Internet & Security Agency's cyber security guide according to the items of security threats.

Web Services based XML Security Model for Secure Information Exchange in Electronic Commerce (전자상거래에서 안전한 정보 교환을 위한 웹 서비스 기반의 XML 보안 모델)

  • Cho, Kwang-Moon
    • The Journal of Korean Association of Computer Education
    • /
    • v.7 no.5
    • /
    • pp.93-99
    • /
    • 2004
  • The most important technology in the electronic commerce based on Internet is to guarantee the security of trading information exchange. Many technologies are proposed as a standard to support this security problem. One of them is an XML (eXtensible Markup Language). This is used in various applications as the document standard for electronic commerce system. The XML security has become very important topic. In this paper an XML security model for web services based electronic commerce system to guarantee the secure exchange of trading information. To accomplish the security of XML, the differences of XML signature, XML encryption and XML key management scheme respect to the conventional system should be provided. The new architecture is proposed based on unique characteristics of XML. Especially the method to integrate the process management system need to the electronic commerce is proposed.

  • PDF

System Design and Implementation for Security Policy Management of Windows Based PC and Weakness Inspection (Windows 기반의 PC 보안 정책 관리 및 취약성 점검을 위한 시스템 설계 및 구현)

  • Park, Byung-Yeon;Yang, Jong-Won;Seo, Chang-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.1
    • /
    • pp.23-30
    • /
    • 2008
  • Attempt to protect personal computer from hacking, virus, worm, and the troy wooden horse is progressed variously. Nevertheless, it is very difficult fer public users to understand configurations to enhance security stability in windows based personal computer, and many security problem is due to there lack of recognize about information accessability, various kind of configuration, these necessity, and efficiency. Accordingly, it is demandded to develop an efficient system to protect networks and personal computer with automated method. In this paper, we derive problems of personal computer by analyzing various vulnerableness and policy on security, through which we design and implement the system to solve various windows system problem conveniently.

A study on the proposal of integrated security management of Affiliated Organizations within the Local Governments (지방자치단체 산하기관의 통합 보안관리 제안에 관한 연구)

  • Hwanju Choi;Yongsuk Park
    • Convergence Security Journal
    • /
    • v.21 no.4
    • /
    • pp.117-128
    • /
    • 2021
  • Most of the Affiliated Organizations of the Local Governments are constantly exposed to cyber threats due to the lack of dedicated information security organizations, dedicated personnel and interest from institutions. As an institution invested and contributed by the Local Government, it has the legal responsibility of management and supervision. Therefore, in this study, the network of the Local Government is connected by using the network of the Local Government, information security infrastructure, and security control infrastructure. It was an opportunity to conduct research on the improvement of the security control system of the Local Government to protect important information (personal information, etc.) owned by the Local Government. In the long term, we propose a transfer to the cloud system for stable services of personal information processing systems such as public systems, ERPs, and groupwares operated by Affiliated Organizations, and consider enhancing the security of Affiliated Organizations and security control. It is hoped that the results of this study will be helpful to the Local Governments.

Optical Character Recognition based Security Document Image File Management System (광학문자인식 기반 보안문서 이미지 파일 관리 시스템)

  • Jeong, Pil-Seong;Cho, Yang-Hyun
    • Journal of the Korea Convergence Society
    • /
    • v.10 no.3
    • /
    • pp.7-14
    • /
    • 2019
  • With the development of information and communication technology, we have been able to access and manage documents containing corporate information anytime and anywhere using smart devices. As the work environment changes to smart work, the scope of information distribution is expanded, and more efforts are needed to manage security. This paper proposes a file sharing system that enables users who have smart devices to manage and share files through mutual cooperation. Proposed file sharing system, the user can add a partner to share files with each other when uploading files kept by spliting the part of the file and the other uses an algorithm to store on the server. After converting the file to be uploaded to base64, it splits it into encrypted files among users, and then transmits it to the server when it wants to share. It is easy to manage and control files using dedicated application to view files and has high security. Using the system developed with proposed algorithm, it is possible to build a system with high efficiency even for SMEs(small and medium-sized enterprises) that can not pay much money for security.