• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.209 seconds

A Study of Memory Information Collection and Analysis in a view of Digital Forensic in Window System (윈도우 시스템에서 디지털 포렌식 관점의 메모리 정보 수집 및 분석 방법에 관한 고찰)

  • Lee Seok-Hee;Kim Hyun-Sang;Lim JongIn;Lee SangJin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.1
    • /
    • pp.87-96
    • /
    • 2006
  • In this paper, we examine general digital evidence collection process which is according to RFC3227 document[l], and establish specific steps for memory information collection. Besides, we include memory dump process to existing digital evidence collection process, and examine privacy information through dumping real user's memory and collecting pagefile which is part of virtual memory system. Especially, we discovered sensitive data which is like password and userID that exist in the half of pagefiles. Moreover, we suggest each analysis technique and computer forensic process for memory information and virtual memory.

Administrator Privilege Management System Classification of u-City Management Center (u-City 통합운영센터 관리자 권한관리 체계 분류)

  • Yi, Wan-Suck;Go, Woong;Won, Dong-Ho;Yeo, Sang-Soo;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.13 no.4
    • /
    • pp.586-599
    • /
    • 2009
  • Recently, a lot of nations are establish and researches the u-City which ubiquitous technology based city, and u-City Management Center(UMC) is also establish and researches. Technical researches of UMC are increasing. However, administrator privilege management researches for UMC is not enough. If we don't manage to administrator privilege who can access and control all of information in UMC, security problems will be occurs. Therefore, in this paper, analyses of administrator privilege management security problems, and proposed administrator privilege management system classification.

  • PDF

A Study on Information Security Production Certification System for Secure Smart Phone Security (안전한 스마트폰 보안을 제공하기 위한 정보보호제품 인증 제도에 관한 연구)

  • Park, Jong-Hyuk
    • Journal of Advanced Navigation Technology
    • /
    • v.14 no.6
    • /
    • pp.970-974
    • /
    • 2010
  • According to IT technology has evolved, smart phone rapidly propagates for mobility. A smart phone user acquires useful information, but attackers generate various damage. For example, an attacker must distribute to expose the privacy of others. To solve this problem, various information security products are being developed. In addition, information security has been strengthened. In this paper, we propose a scheme for secure use of smart phone. For development of secure smart phone, the development processes should be secure. In addition, we propose an information security production certification system for secure smart phone security.

Design and Load Map of the Next Generation Convergence Security Framework for Advanced Persistent Threat Attacks

  • Lee, Moongoo
    • IEIE Transactions on Smart Processing and Computing
    • /
    • v.3 no.2
    • /
    • pp.65-73
    • /
    • 2014
  • An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

Secure Authentication with Mobile Device for Ubiquitous RFID Healthcare System in Wireless Sensor Networks

  • Kim, Jung-Tae
    • Journal of information and communication convergence engineering
    • /
    • v.9 no.5
    • /
    • pp.562-566
    • /
    • 2011
  • As telecommunication technologies in telemedicine services are developed, the expeditious development of wireless and mobile networks has stimulated wide applications of mobile electronic healthcare systems. However, security is an essential system requirement since many patients have privacy concerns when it comes to releasing their personal information over the open wireless channels. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well prepared. In this paper, we analyzed authentication and authorization procedures for healthcare system architecture to apply secure M-health systems in the hospital environment. From the analyses, we estimate optimal requirements as a countermeasure to its vulnerabilities.

A Study on the Necessity of the Introduction of Professional Certification System for Financial Security (금융보안 전문 자격제도 도입 필요성에 관한 연구)

  • Jung, Hee-Hyoung;Kwon, Hun-Yeong
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.17 no.4
    • /
    • pp.209-218
    • /
    • 2017
  • In order to efficiently and preemptively respond to financial security threats that are becoming more sophisticated and intelligent, and to enable financial users to receive financial services safely, financial information security professionals are needed. However, as of 2015, the number of financial IT security personnel was 4.9%, which is slightly lower than the previous year, but still low. In this study, it is expected that the number of experts in financial security will increase gradually. In order to verify the minimum performance of financial security professionals and enhance the security consciousness, the subjects of the existing security qualification system, Curriculum and inspection techniques to analyze the necessity of introducing information security specialization specialized in financial sector.

A Study on The Efficiency Elevation Method of IT Security System Evaluation via Process Improvement (프로세스 개선을 통한 정보보호제품 평가 효율 향상 방법에 관한 연구)

  • 김태훈;성윤기;조규민;김상호;노병규
    • Convergence Security Journal
    • /
    • v.3 no.1
    • /
    • pp.23-30
    • /
    • 2003
  • As IT industries grow rapidly, many kinds of problems related to information security have gained force. Demands for information security products such as firewall, Intrusion Detection System have grown and the reliability and the safety of information security products is gathering strength. The evaluation for information security products is putting in operation, but developers have a difficulty in timely presenting their products due to long time for the evaluation. In this paper, we suggest the efficient elevation method for information security product by improving the development process in order to meet the assurance requirements of the Common Criteria.

  • PDF

Vision-based Authentication and Registration of Facial Identity in Hospital Information System

  • Bae, Seok-Chan;Lee, Yon-Sik;Choi, Sun-Woong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.12
    • /
    • pp.59-65
    • /
    • 2019
  • Hospital Information System includes a wide range of information in the medical profession, from the overall administrative work of the hospital to the medical work of doctors. In this paper, we proposed a Vision-based Authentication and Registration of Facial Identity in Hospital Information System using OpenCV. By using the proposed security module program a Vision-based Authentication and Registration of Facial Identity, the hospital information system was designed to enhance the security through registration of the face in the hospital personnel and to process the receipt, treatment, and prescription process without any secondary leakage of personal information. The implemented security module program eliminates the need for printing, exposing and recognizing the existing sticker paper tags and wristband type personal information that can be checked by the nurse in the hospital information system. In contrast to the original, the security module program is inputted with ID and password instead to improve privacy and recognition rate.

Design and Implement of Authentication System for Secure User Management for Secure on Medical ICT Convergence Environment (의료 ICT융합 환경에서 안전한 사용자 관리를 위한 인증시스템 설계 및 구현: 중소형 의료기관을 중심으로)

  • Kim, Yanghoon;Choi, Yean Jung
    • Convergence Security Journal
    • /
    • v.19 no.3
    • /
    • pp.29-36
    • /
    • 2019
  • The convergence of traditional industry and ICT is a combination of security threats and vulnerabilities in ICT and specific industry-specific problems of existing industries, and new security threats and vulnerabilities are emerging. In particular, in the medical ICT convergence industry, various problems regarding user authentication are derived from the medical information system, which is being used for abuse and security weaknesses. According, this study designed and implemented a user authentication system for secure user management in medical ICT convergence environment. Specifically, we design and implement measures to solve the abuse and security weaknesses of ID sharing and to solve the inconvenience of individual ID / PW authentication by performing user authentication using personalized devices based on medical information systems.

Information Security on Learning Management System Platform from the Perspective of the User during the COVID-19 Pandemic

  • Mujiono, Sadikin;Rakhmat, Purnomo;Rafika, Sari;Dyah Ayu Nabilla, Ariswanto;Juanda, Wijaya;Lydia, Vintari
    • Journal of information and communication convergence engineering
    • /
    • v.21 no.1
    • /
    • pp.32-44
    • /
    • 2023
  • Information security breach is a major risk in e-learning. This study presents the potential information security disruptions in Learning Management Systems (LMS) from the perspective of users. We use the Technology Acceptance Model approach as a user perception model of information security, and the results of a questionnaire comprising 44 questions for instructors and students across Indonesia to verify the model. The results of the data analysis and model testing reveals that lecturers and students perceive the level of information security in the LMS differently. In general, the information security aspects of LMSs affect the perceptions of trust of student users, whereas such a correlation is not found among lecturers. In addition, lecturers perceive information security aspect on Moodle is and Google Classroom differently. Based on this finding, we recommend that institutions make more intense efforts to increase awareness of information security and to run different information security programs.