• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.031 seconds

A study on primary control area for information security management system (ISMS): focusing on the finance-related organizations (정보보호 관리체계를 위한 주요 통제영역 연구: 금융 관련 조직을 중심으로)

  • Kang, Youn-chul;Ahn, Jong-chang
    • Journal of Internet Computing and Services
    • /
    • v.19 no.6
    • /
    • pp.9-20
    • /
    • 2018
  • Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have not been treated importantly in financial industry. In addition, this study presented that ISMS can be an effective management system applicable for financial service industry.

Scrambling Chaotic On Off Keying Modulation Scheme for Security Improvement (보안성 향상을 위한 스크램블링 COOK 변조 방식)

  • Lee, Jun-Hyun;Lee, Dong-Hyung;Keum, Hong-Sik;Ryu, Heung-Gyoon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.39A no.6
    • /
    • pp.303-309
    • /
    • 2014
  • Chaos communication system can improve a system security due to characteristics of non-periodic, non-predictability, broadband signal and easy implementation. Also, chaos signal is sensitive to initial conditions of chaos map. By these reasons, security of chaos communication system is superior to digital communication system. BER performance of COOK modulation system is better than other chaos modulation systems, even if COOK modulation system uses an asynchronous receiver. However, security and safety of COOK modulated signal are worse than other chaos modulation systems, because information bits can be easily predicted from COOK modulated signal. In this paper, for security improvement of COOK modulated signal, we propose a novel Scrambling COOK modulation system by applying the scrambling method. Conventional COOK modulated signal can be predicted, because chaos signal is generated when data is only 1. However, proposed system cannot be predicted, because chaos signal is generated when data is 0 or 1. Therefore, security and safety of transmitted signal in scrambling COOK modulation system is superior to conventional COOK modulation system.

The Study on a Security Safeguard Plan for SCADA Infrastructure (SCADA 시설에 대한 보안강화 방안에 관한 연구)

  • Chung, Yoon-Jung
    • Convergence Security Journal
    • /
    • v.6 no.4
    • /
    • pp.153-160
    • /
    • 2006
  • The control system is accomplishing very important role in our life currently as the national critical Infrastructure and large scale industry plant. We manage SCADA system to manage generally the control system interconnected with the information system. The operating system of SCADA is changing also to the well-known OS like Windows or UNIX for offer various convenience and facility to the user. We offered the reason why such change of the system makes so that it is exposed to cyber terror. In the traditional SCADA system is managed safely by an isolated network system physically. It is the trend to increase gradually though a cyber terror possibility is thinner on a control system than a information system but the cyber terror gives a nation or community wide damage influence of large scale if it happens. Therefore this paper presents a security safeguard plan about SCADA system and helps prepare systematic security strategy and enhance the security level implement.

  • PDF

Protection of Information Sovereignty as an Important Component of the Political Function of the State

  • Zadorozhnia, Halyna;Mykhtunenko, Viktoriia;Kovalenko, Hanna;Kuryliuk, Yurii;Yurchenko, Liubov;Maslennykova, Tetiana
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.9
    • /
    • pp.151-154
    • /
    • 2021
  • State information policy is an important component of foreign and domestic policy of the country and covers all spheres of society. The rapid development of the information sphere is accompanied by the emergence of fundamentally new threats to the interests of the individual, society, state and its national security. The article considers the components of the state information policy to ensure information security of the country and identifies the main activities of public authorities in this area. Internal and external information threats to the national security of Ukraine and ways to guarantee the information security of the country are analyzed. Information security is seen as a component of national security, as well as a global problem of information protection, information space, information sovereignty of the country and information support of government decisions. Approaches to ensure the process of continuity of the information security system of the state in order to monitor new threats, identify risks and levels of their intensity are proposed.

Vulnerability and Security Requirement Analysis on Security Token and Protection Profile Development based on Common Criteria Version 3.1 (보안토큰의 취약성/보안요구사항 분석 및 CC v3.1 기반 보호프로파일 개발)

  • Kwak, Jin;Hong, Soon-Won;Yi, Wan-Suck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.2
    • /
    • pp.139-150
    • /
    • 2008
  • Recently, financial institutes and industrial companies are adopted to security token such as OTP, smart card, and USB authentication token and so on for secure system management and user authentication. However, some research institutes have been introduced security weaknesses and problems in security tokens. Therefore, in this paper, we analyses of security functions and security requirements in security token performed by analyses of standardization documents, trends, security problems, attack methods for security tokens. Finally, we propose a CC v.3.1 based security token protection profile.

Model Proposal for Detection Method of Cyber Attack using SIEM (SIEM을 이용한 침해사고 탐지방법 모델 제안)

  • Um, Jin-Guk;Kwon, Hun-Yeong
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.16 no.6
    • /
    • pp.43-54
    • /
    • 2016
  • The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

A Study on the Improvement of Security Vulnerabilities in Intelligent Transport Systems (지능형교통시스템의 보안취약점 개선방안에 관한 연구)

  • Jo, Pyoung Hyun;Lim, Jong In;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.3
    • /
    • pp.531-543
    • /
    • 2013
  • The destruction and prejudice of major infrastructure such as energy, broadcast, communication and transportation could result in a threat to individual rights and liberties, as well as social and economic losses. If a traffic signal control facilities have been violated, the lives of the citizens discomfort as well as causing social disruption such as traffic accident. Because the control system is operating as a closed network and you think it is safe, the information protection system has not been built or security patches and anti-virus updates do not work properly. So, cyber attacks by security vulnerabilities are exposed. Therefore, there is a need to identify the characteristics of the system, and develop appropriate countermeasures in order to prevent cyber attacks and prejudices incidents. This paper examines the vulnerabilities of Intelligent Transport Systems and proposes the improvement of security vulnerabilities.

A Development of the Model for Evaluating the Security of Information Systems in Health Care Organizations (의료기관의 정보보안 수준 측정을 위한 평가모형 개발)

  • Ahn, Sun-Ju;Kwon, Soon-Man
    • Korea Journal of Hospital Management
    • /
    • v.10 no.4
    • /
    • pp.98-112
    • /
    • 2005
  • The purpose of this study is to develop a framework for evaluating security levels in hospitals. We classify security indicators into administrative, technical and physical safeguards. The security evaluation model for hospital information systems was applied to three general hospitals. The analysis of the results showed a low security level in information systems. In particular, requirements for administrative and physical safeguards were very low. Hospitals need strict security policies more than other organizations because their information systems contain patients' highly confidential data. The evaluation model developed in this study can be used for guidelines and as a checklist for hospitals. The security evaluation in hospital informational systems needs to be an essential element of hospital evaluation.

  • PDF

Object Classification Method for Security Model Based on Linux System (리눅스 환경에서 보안 모델을 위한 객체 분류 방법)

  • Im Jong-Hyuk;Park Jae-Chul;Kim Dong-Kook;Noh Bong-Nam
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2006.06a
    • /
    • pp.228-232
    • /
    • 2006
  • 최근 활발히 개발 중인 보안운영체제의 핵심인 보안커널(security kernel)은 참조모니터(reference monitor)에서 주체(subject)가 객체(object)에 대한 실행(action) 권한을 판단함으로써 접근 제어를 실행한다. 보안운영체제의 대표적인 접근제어모델에는 다중레벨접근제어(MLS: Multi Level Security)모델과 역할기반접근제어(RBAC: Role Based Access Control) 모델 등이 있다. 리눅스 시스템에서 이러한 접근제어모델을 적용하기 위해서 접근 대상이 되는 객체들의 효과적인 분류가 요구된다. 본 논문에서는 리눅스 환경에서 효과적인 접근제어모델을 적용하기 위하여 객체들을 객체 클래스(class)와 유형(type)을 기준으로 분류 하였다.

  • PDF

A Study on Security of AMI(Advanced Metering Infrastructure) in SMARTGRID (스마트 그리드에서의 AMI 보안에 관한연구)

  • Kim, Yeoun-Soo;Kim, Jin-Cheol;Ko, Jong-Bin;Shon, Tae-Shik
    • Journal of Advanced Navigation Technology
    • /
    • v.16 no.6
    • /
    • pp.1014-1023
    • /
    • 2012
  • Recently with improvement of SMART Grid, AMI network security has been affecting the environment for Electric information and communication. The system and communication protection consists of steps taken to protect the AMI components and the communication links between system components from cyber intrusions. The addition of two way communications between SUN and HAN introduces additional risk for unauthorized access to the AMI system. In this paper, we propose new AMI device authentication infrastructure, key establishment and security algorithm based on public key encryption to solve AMI network security problems.