• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.042 seconds

A Study on Establishing Guidelines for Information Protection and Security for Educational Institutes (학내 정보보호지침 수립에 관한 연구)

  • Yu, Ki-Hun;Choi, Woong-Chul;Kim, Shin-Kon;Goo, Chun-Yul
    • Journal of Information Technology Services
    • /
    • v.7 no.1
    • /
    • pp.23-43
    • /
    • 2008
  • Because IT security guidelines for universities and colleges mostly focus on hardware aspects, the problems such as security incidents by a user's mistake and personal information leakage by hacking are serious in our higher educational institutes. In order to solve these information protection and security problems in the educational institutes, realizable and implementable information protection and security guidelines which will contribute to escalate information protection level should be established and at the same time, specific guidelines should be provided to make the guidelines efficient. In this paper, the information security problems and cases are categorized to develop information security guidelines for the higher educational institutes in terms of short, mid, and long term aspects and the solutions to the problems are sought. In addition, a serious of approaches to the information security are proposed such as the improvement measures for the employees of the institute to have desirable security-minded, security problem prevention and resolving methods, developing conflict coordination procedure and law and regulation system establishment for making the educational institutes be information-oriented.

Design and Implementation of Internet Throats and Vulnerabilities Auto Collector for Cyber Threats Management (사이버위협 관리를 위한 인터넷 위협 및 취약점 정보 수집기 설계 및 구현)

  • Lee, Eun-Young;Paek, Seung-Hyun;Park, In-Sung;Yun, Joo-Beom;Oh, Hung-Geun;Lee, Do-Hoon
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.21-28
    • /
    • 2006
  • Beginning flag security it was limited in Firewall but currently many information security solutions like Anti-virus, IDS, Firewall are come to be many. For efficiently managing different kinds of information security products ESM (Enterprise Security management) are developed and operated. Recently over the integrated security management system, TMS (Threat Management System) is rising in new area of interest. It follows in change of like this information security product and also collection information is being turning out diversification. For managing cyber threats, we have to analysis qualitative information (like vulnerabilities and malware codes, security news) as well as the quantity event logs which are from information security products of past. Information Threats and Vulnerability Auto Collector raises the accuracy of cyber threat judgement and can be utilized to respond the cyber threat which does not occur still by gathering qualitative information as well as quantity information.

  • PDF

Security Analysis on the Implementation Vulnerabilities of I-PIN (주민등록번호 대체수단에 대한 구현 취약점 분석)

  • Choi, Youn-Sung;Lee, Yun-Ho;Kim, Seung-Joo;Won, Dong-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.2
    • /
    • pp.145-185
    • /
    • 2007
  • A resident registration number is used to confirm and prove his/her identity in a government/non-governmental agency. It is a essential requirement to become the registered member on internet website in Korea. It is serious problem that the resident registration number and name are outflowed in internet and misused by others. So the MIC(Ministry of Information and Communication) in Korea plans and operates the identification system using I-PIN that integrate 5 alternative methods of resident registration number. In this paper, we analyze the problem about the method of 5 I-PIN services and show the security analysis on the implementation vulnerabilities of I-PIN services. we also analyze 17 websites that provides identification system using I-PIN. Finally, we analyze the overall problem of I-PIN service and propose the countermeasure about the problem.

A study on the information security compliance and non-compliance causes of organization employees (조직구성원의 정보보안 준수 및 미준수 원인에 대한 연구)

  • Hwang, In-Ho;Hu, Sung-Ho
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.9
    • /
    • pp.229-242
    • /
    • 2020
  • The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.

Design and implementation of the honeycomb structure visualization system for the effective security situational awareness of large-scale networks (대규모 네트워크의 효과적 보안상황 인지를 위한 벌집 구조 시각화 시스템의 설계 및 구현)

  • Park, Jae-Beom;Kim, Huy-Kang;Kim, Eun-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1197-1213
    • /
    • 2014
  • Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels' 'Network Security Situational Awareness(NSSA)' is effectively determining the security situation of overall computer network on the basis of the relation between the security events that occur in the several views. The process of situational awareness is divided into three stages of the 'identification,' 'understanding' and 'prediction'. And 'identification' and 'understanding' are prerequisites for 'predicting' and the following appropriate responses. But 'identification' and 'understanding' in the vast amount of information became more difficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the 'identification' and 'understanding' stages. And we identified the empirical effects of this system on the basis of the 'VAST Challenge 2012' data.

Healthcare Security based on Blockchain

  • Almalki, Taghreed;Alzahrani, Shahad;Alhakami, Wajdi
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.8
    • /
    • pp.149-160
    • /
    • 2021
  • One of the most important inventions and developments in the digital world today is the healthcare system based on blockchain technology. Healthcare is an important field that requires the application of security mechanisms due to the sensitivity of patient data. The association of blockchain with healthcare contributed to achieving better security mechanisms than the traditional approach. The new approach operates in a decentralized system, which in turn, improves security in the healthcare environment. Consequently, blockchain technology has emerged as one of the most crucial solutions to security violations and challenges in the healthcare industry. This paper provides a comprehensive review of several experts' recent protection and detection approaches in this domain. It is also imperative to note that the paper focuses only on the recent techniques that have been published during 2017-2020. The sophisticated procedures have been investigated and discussed in terms of similarities and differences to highlight the significance of the protection needed to secure the healthcare environment.

The Trends of Next Generation Cyber Security (차세대 사이버 보안 동향)

  • Lee, Daesung
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.23 no.11
    • /
    • pp.1478-1481
    • /
    • 2019
  • As core technologies(IoT, 5G, Cloud, Bigdata, AI etc) leading the Fourth Industrial Revolution promote smart convergence across the national socio-economic infrastructure, the threat of new forms of cyber attacks is increasing and the possibility of massive damage is also increasing. Reflecting this trend, cyber security is expanding from simple information protection to CPS(Cyber Physical System) protection that combines safety and security that implements hyper-connectivity and ultra-reliability. This study introduces the recent evolution of cyber attacks and looks at the next generation cyber security technologies based on the conceptual changes of cyber security technologies such as SOAR(Security Orchestration, Automation and Response) and Zero Trust.

Development of a Bi-Directional Security Light Control System based on Low-Bandwidth Wireless Sensor Network (저대역 센서 네트워크 기반의 양방향 보안등 관제 시스템 개발)

  • Lee, Ho-Gun;Lee, Sang-Ho;Lee, Suk-Gyu;Choi, Jeong-Won
    • Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
    • /
    • v.24 no.10
    • /
    • pp.58-66
    • /
    • 2010
  • This paper shows an implementation and management result of wireless networks based security light control system, which performs a great role in protection of pedestrians and prevention of crime. Conventional security light units have severe limits in confirmation and inspection of security light unit failure, like wilful damage by someone or failure by influence of other equipment or failure by spontaneous heat-increase, and so on. In addition, local government offices are responsible for maintenance of security light units and as a matter of fact, most of civil complaints are about security light units. It is an obvious that the existing security light maintenance system reaches the limit and the security light maintenance problem is a difficulty of local government. Therefore, efficient security light control system is needed, which enables central control and intelligent maintenance. Moreover, the system has to be easy to control and has to be stable. In this study, wireless sensor network based security light control system is implemented, which is independent of programming language and platform, and which is simple to control and extend the system. The proven protocols, HTTP and SOAP, are utilized in order to improve the system reliability. This paper shows the excellence of our proposed system by implementing and operating it in real environment.

Design and Implementation of Linux-based Integrated Security System(LISS) Using Open Security Tools (공개 보안 도구를 이용한 리눅스 기반 통합 보안 시스템의 설계 및 구현)

  • Jeon, Yong-Hee;Kim, Min-Soo;Jang, Jung-Sook
    • The KIPS Transactions:PartC
    • /
    • v.11C no.4
    • /
    • pp.485-496
    • /
    • 2004
  • The wide spread of Internet makes susceptible to the attacks via communication Web from hackers using the vulnerability of both computer and network systems. In this paper, we design and implement an integrated security system, named as LISS(Linux-based Integrated Security System) in which an integrated security management is possible. This system is based on the open operating system, Linux and consists of open security tools, which is effective in security management of Linux based-servers. We also construct a test-bed in order to testify the performance of the LISS. It is revealed that the implemented system captures all the attack Patterns generated from Network Mapper.

Building an Electronic Approval Module Using Multi-Level Security (다중등급 보안 정책을 적용한 전자결재 모듈의 개발)

  • 김진성;안병혁
    • The Journal of Information Systems
    • /
    • v.11 no.1
    • /
    • pp.175-198
    • /
    • 2002
  • This paper is to develop a security module for electronic approval systems. Electronic documents are created, transmitted and saved in the company's intranet computer network. Transmitting electronic documents, however, brings us a security problem. Communications among various computer systems are exposed to many security threats. Those threats are eavesdropping, repudiation, replay back etc. The main purpose of this paper is to develop a module which provides the security of electronic documents while they are passed from one place to another This paper applies Multi-Level security to the electronic approval system that guarantees security of electronic documents from many threats. Multi-Level security controls the access to the documents by granting security level to subject users and object electronic documents. To prevent possible replay back attacks, this paper also uses one time password to the system. The security module is composed of client program and server one. The module was developed using Microsoft Visual Basic 6.0 and Microsoft SQL Server 7.0. The code uses Richard Bondi's WCCO(Wiley CryptoAPI COM Objects) library functions which enables Visual Basic to access Microsoft CryptoAPI.

  • PDF