• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.035 seconds

A Study on the Improvement of Information Security Management Condition Evaluation in Public Sector through the SCAP Analysis by NIST in U.S. (미(美) NIST 보안성 자동평가프로토콜(SCAP)분석을 통한 공공기관의 정보보안관리실태 평가제도 개선방안 연구)

  • Jee, Yoon Seok;Lee, Yong Suk;Yoon, Duck Jung;Shin, Yong Tae
    • Journal of Information Technology Applications and Management
    • /
    • v.26 no.4
    • /
    • pp.31-39
    • /
    • 2019
  • The 129 public institutions in Korea are subject to Information Security Management Condition Evaluation (ISMCE) as a part of the government management evaluation system by the Ministry of Economy and Finance. ISMCE is started in 2006 with the central government institutions, and applied to the all public institutions in 2009. This evaluation is annually conducted by the National Intelligence Service through the site visits, and the number of the evaluated institutions is increasing year by year. However, the process of ISMCE - identifying existing vulnerabilities in the information system - is conducted manually. To improve this inconvenience, this paper introduces the various evaluation system in the major countries, especially in the United States, and analyzes the Security Content Automation Protocol (SCAP) by NIST. SCAP is automation protocol for the system vulnerability management (in technical fields) and security policy compliance evaluation. Based on SCAP, this paper suggests an improvement plan for the ISMCE of Korea.

Development of Vulnerability Scanner using Search Engine (검색엔진을 이용한 취약점 분석 시스템 개발)

  • Joo, Bok-Gyu;Min, Beung-Woo;Chang, Moon-Suk;Ahn, Chang-Kyum;Yang, Dong-Hyuk
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.9 no.1
    • /
    • pp.19-24
    • /
    • 2009
  • In these days, security threat is ever increasing as computer systems and networking is everywhere. This paper is on the development of security scanner using search engine, with which site managers can easily check security vulnerability on their systems. Our security server automatically collects security-related information on the Internet, and indexes them in the database. To check the vulnerability of a customer server, the client system collects various system-specific information, and sends necessary queries to our security server for vulnerability checking. Up-to-date and site-specific vulnerability information is retrieved through the viewer, which allows the customer effectively to check and respond to security threat on client systems.

  • PDF

A Study on Selection Factors of Consulting Company for the Certification of Information Security Management System (정보보호 관리체계(ISMS) 인증을 위한 컨설팅 업체 선정 요인에 관한 연구)

  • Park, Kyeong-Tae;Kim, Sehun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1309-1318
    • /
    • 2014
  • In the past few years, data leakage of information assets has become a prominent social issue. According to the National Industrial Security Center in South Korea, 71 percent who suffer from technology leakage are small and medium sized enterprises. Hence, establishment and operation of ISMS (Information Security Management System) for small and medium sized enterprises become an important issue. Since it is not easy to obtain ISMS certification for a small or medium sized enterprise by itself, consultation with an expert firm in information security is necessary before the security implementation. However, how to select a proper security consulting company for a small or medium sized firm has not been studied yet. In this study, we analyze empirically the selection factors of ISMS certification consulting company for a small or medium sized firm through exploratory factor analysis (EFA). Our study identified the following four important factors in selecting a security consulting company: expertise of the staffs and human resource management proficiency, market leading capability, competence to make progress during the consultation, and the performance and the size of the physical assets and human resources.

An Approach for Security Problems in Visual Surveillance Systems by Combining Multiple Sensors and Obstacle Detection

  • Teng, Zhu;Liu, Feng;Zhang, Baopeng;Kang, Dong-Joong
    • Journal of Electrical Engineering and Technology
    • /
    • v.10 no.3
    • /
    • pp.1284-1292
    • /
    • 2015
  • As visual surveillance systems become more and more common in human lives, approaches based on these systems to solve security problems in practice are boosted, especially in railway applications. In this paper, we first propose a robust snag detection algorithm and then present a railway security system by using a combination of multiple sensors and the vision based snag detection algorithm. The system aims safety at several repeatedly occurred situations including slope protection, inspection of the falling-object from bridges, and the detection of snags and foreign objects on the rail. Experiments demonstrate that the snag detection is relatively robust and the system could guarantee the security of the railway through these real-time protections and detections.

Information System of Anti-Crisis Management in the Context of Ensuring National Security

  • Kryshtanovych, Myroslav;Antonova, Liudmyla;Pohrishchuk, Borys;Mironova, Yulia;Storozhev, Roman
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12spc
    • /
    • pp.719-725
    • /
    • 2021
  • The main purpose of the study is to determine the main aspects of information support for anti-crisis management in the context of ensuring national security. In modern conditions, under the influence of COVID-19, it becomes important to develop a modern paradigm for the transformation of anti-crisis management, based on the determination of the laws of state development on the basis of the imperative of national interests and territorial integrity. These are, firstly, the patterns of development of the state system of public administration, secondly, the patterns of development of a complex of state interests, and thirdly, patterns of development of the modern model of the country's territorial integrity. As a result of the study, the key aspects of the anti-crisis management system were identified in the context of ensuring the security of national interests.

Performance Analysis of Blockchain Consensus Protocols-A Review

  • Amina Yaqoob;Alma Shamas;Jawad Ibrahim
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.6
    • /
    • pp.181-192
    • /
    • 2023
  • Blockchain system brought innovation in the area of accounting, credit monitoring and trade secrets. Consensus algorithm that considered the central component of blockchain, significantly influences performance and security of blockchain system. In this paper we presented four consensus protocols specifically as Proof of Work (PoW), Proof of Stake (PoS), Delegated Proof of Stake (DPoS) and Practical Byzantine Fault-Tolerance (PBFT), we also reviewed different security threats that affect the performance of Consensus Protocols and precisely enlist their counter measures. Further we evaluated the performance of these Consensus Protocols in tabular form based on different parameters. At the end we discussed a comprehensive comparison of Consensus protocols in terms of Throughput, Latency and Scalability. We presume that our results can be beneficial to blockchain system and token economists, practitioners and researchers.

Decision Support System to Detect Unauthorized Access in Smart Work Environment (스마트워크 환경에서 이상접속탐지를 위한 의사결정지원 시스템 연구)

  • Lee, Jae-Ho;Lee, Dong-Hoon;Kim, Huy-Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.4
    • /
    • pp.797-808
    • /
    • 2012
  • In smart work environment, a company provides employees a flexible work environment for tele-working using mobile phone or portable devices. On the other hand, such environment are exposed to the risks which the attacker can intrude into computer systems or leak personal information of smart-workers' and gain a company's sensitive information. To reduce these risks, the security administrator needs to analyze the usage patterns of employees and detect abnormal behaviors by monitoring VPN(Virtual Private Network) access log. This paper proposes a decision support system that can notify the status by using visualization and similarity measure through clustering analysis. On average, 88.7% of abnormal event can be detected by this proposed method. With this proposed system, the security administrator can detect abnormal behaviors of the employees and prevent account theft.

A Study on the New Threat Level Decision Method for Information System (새로운 정보시스템 위협수준결정방법론에 대한 연구)

  • Kim, Tai-Hoon;Yeo, Sang-Soo;Cho, Sung-Eon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.11 no.12
    • /
    • pp.2280-2286
    • /
    • 2007
  • Information system contains various components, and these components can be categorized into some types. When preparing security level management activity, it is most important to define the target of management activity. And after deciding these targets, security level management activity can be started. This paper defines management targets by dividing information system into some parts, and shows these targets can be managed variously according to operation environments and characteristics.

The Study on Corporate Information Security Governance Model for CEO (최고경영자를 위한 기업 정보보호 거버넌스 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.17 no.1
    • /
    • pp.39-44
    • /
    • 2017
  • The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

A Survey on Cyber Physical System Security for IoT: Issues, Challenges, Threats, Solutions

  • Kim, Nam Yong;Rathore, Shailendra;Ryu, Jung Hyun;Park, Jin Ho;Park, Jong Hyuk
    • Journal of Information Processing Systems
    • /
    • v.14 no.6
    • /
    • pp.1361-1384
    • /
    • 2018
  • Recently, Cyber Physical System (CPS) is one of the core technologies for realizing Internet of Things (IoT). The CPS is a new paradigm that seeks to converge the physical and cyber worlds in which we live. However, the CPS suffers from certain CPS issues that could directly threaten our lives, while the CPS environment, including its various layers, is related to on-the-spot threats, making it necessary to study CPS security. Therefore, a survey-based in-depth understanding of the vulnerabilities, threats, and attacks is required of CPS security and privacy for IoT. In this paper, we analyze security issues, threats, and solutions for IoT-CPS, and evaluate the existing researches. The CPS raises a number challenges through current security markets and security issues. The study also addresses the CPS vulnerabilities and attacks and derives challenges. Finally, we recommend solutions for each system of CPS security threats, and discuss ways of resolving potential future issues.