• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.035 seconds

Design of Security RoadMap for C4I System (C4I 시스템 보안 로드맵 설계)

  • Lee, Gang-Taek;Lee, Dong-Hwi;Yang, Jae-Su;J. Kim, Kui-Nam;Park, Sang-Min
    • Convergence Security Journal
    • /
    • v.6 no.4
    • /
    • pp.113-120
    • /
    • 2006
  • C4I system is the centerpiece of the military force. The system is an information based system which facilitates information grid, collection of data and dissemination of the information. The C4I system seeks to assure information dominance by linking warfighting elements in the battlespace to information network which enables sharing of battlespace information and awareness; thereby shifting concept of warfare from platform-centric paradigm to Network Centric Warfare. Although, it is evident that C4I system is a constant target from the adversaries, the issues of vulnerability via cyberspace from attack still remains. Therefore, the protection of C4I system is critical. The roadmap I have constructed in this paper will guide through the direction to protect the system during peace and war time. Moreover, it will propose vision, objectives and necessary supporting framework to secure the system from the threat. In order to fulfill these tasks, enhanced investments and plans from the Joint chief of Staff and Defense of Acquisition and Program Administration (DAPA) is critical; thereby enabling the establishment of rapid and efficient security system.

  • PDF

A Study on the Influence of Organizational Information Security Goal Setting and Justice on Security Policy Compliance Intention (조직의 정보보안 목표 설정과 공정성이 보안정책 준수의도에 미치는 영향)

  • Hwang, In-Ho;Kim, Seung-Wook
    • Journal of Digital Convergence
    • /
    • v.16 no.2
    • /
    • pp.117-126
    • /
    • 2018
  • The threat to information security is growing globally. To this, organizations are increasing the weight of adapting and operating the more specialized information security policy and system. Information security requires participation from the employees who execute the security system and policy, and to increase the level of organization's internal security, requires organization's systematic support to improve employees' information security compliance intention. This research finds the mechanism for improving employee's information security compliance intention by applying justice theory and goal setting theory in information security. We use structural equation modeling to verify the research hypothesis, and conducted a survey on the employees of organization with information security policy. In other words, this research performs verification of the research model based hypothesis which claims that security policy goal setting has positive influence on employee's level of security related justice recognition, and claims that justice has positive influence on compliance intention. The object of study is the employees of the organization that adapts information security policy, and 383 valid samples were collected via survey. Structural equation modeling was performed to verify the research hypothesis. The result shows that security policy goal factor (goal difficulty, goal specificity) improves employee's security related justice recognition, and that security related justice (distribution, process, and information justice) has positive influence on compliance intention. The result suggests the strategic approach directions for improving employees' compliance intention on organization's security policy.

Development of Document Security System for KSLV-I Program (KSLV-I 문서보안시스템 개발)

  • Lee, Hyo-Young;Joh, Mi-Ok;Hong, Il-Hee
    • Aerospace Engineering and Technology
    • /
    • v.7 no.1
    • /
    • pp.210-215
    • /
    • 2008
  • Most of technology information obtained from KSLV-I program have been managed by Program Life-Cycle Management System(PLMS). As involving technologies in the program require high level of confidentiality as those may be dealt with entities in international cooperation, the enforcement of strict security policy is inevitable. Therefore, a document security system has been developed to enhance protection in document management. This paper describes the overview and development status of the security system, integrated with PLMS, which aims at preventing illegal access and inadvertant leakage of the technology information.

  • PDF

An Efficient Dispersal/Encryption Scheme for Secure Distributed Information Storage (안전한 분산정보저장을 위한 효율적인 분산/암호화 기법)

  • Choi, Sung-Jin;Youn, Hee-Yong;Lee, Bo-Kyoung;Choi, Joong-Sup;Park, Chang-Won;Lee, Hyung-Su
    • Annual Conference of KIPS
    • /
    • 2002.11b
    • /
    • pp.1087-1090
    • /
    • 2002
  • 인터넷 사용량의 증가, 전자상거래의 활성화 그리고 저장장치의 발전과 더불어 많은 사람들이 디지털 정보를 편리하게 이용할 수 있게 되었다. 이에 따라 저장장치에 대한 의존도 보안성 그리고 생존성에 대한 요구사항 또한 매우 높아져가고 있는 실정이다. 따라서, 본 논문에서는 분산정보저장 시스템의 생존성을 높이기 위해 필수적으로 필요한 행렬의 고유값과 고유벡터를 이용한 새로운 데이터 분산/암호화기법을 제안하고, 제안된 기법의 가용성을 평가한다. 제안된 기법은 데이터의 분할과 암호화를 동시에 허락하여 보안성을 높임과 동시에 기존의 기법과 비교하여 15%정도의 가용성 향상을 보인다.

  • PDF

SD-MTD: Software-Defined Moving-Target Defense for Cloud-System Obfuscation

  • Kang, Ki-Wan;Seo, Jung Taek;Baek, Sung Hoon;Kim, Chul Woo;Park, Ki-Woong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.3
    • /
    • pp.1063-1075
    • /
    • 2022
  • In recent years, container techniques have been broadly applied to cloud computing systems to maximize their efficiency, flexibility, and economic feasibility. Concurrently, studies have also been conducted to ensure the security of cloud computing. Among these studies, moving-target defense techniques using the high agility and flexibility of cloud-computing systems are gaining attention. Moving-target defense (MTD) is a technique that prevents various security threats in advance by proactively changing the main attributes of the protected target to confuse the attacker. However, an analysis of existing MTD techniques revealed that, although they are capable of deceiving attackers, MTD techniques have practical limitations when applied to an actual cloud-computing system. These limitations include resource wastage, management complexity caused by additional function implementation and system introduction, and a potential increase in attack complexity. Accordingly, this paper proposes a software-defined MTD system that can flexibly apply and manage existing and future MTD techniques. The proposed software-defined MTD system is designed to correctly define a valid mutation range and cycle for each moving-target technique and monitor system-resource status in a software-defined manner. Consequently, the proposed method can flexibly reflect the requirements of each MTD technique without any additional hardware by using a software-defined approach. Moreover, the increased attack complexity can be resolved by applying multiple MTD techniques.

Guideline on Security Measures and Implementation of Power System Utilizing AI Technology (인공지능을 적용한 전력 시스템을 위한 보안 가이드라인)

  • Choi, Inji;Jang, Minhae;Choi, Moonsuk
    • KEPCO Journal on Electric Power and Energy
    • /
    • v.6 no.4
    • /
    • pp.399-404
    • /
    • 2020
  • There are many attempts to apply AI technology to diagnose facilities or improve the work efficiency of the power industry. The emergence of new machine learning technologies, such as deep learning, is accelerating the digital transformation of the power sector. The problem is that traditional power systems face security risks when adopting state-of-the-art AI systems. This adoption has convergence characteristics and reveals new cybersecurity threats and vulnerabilities to the power system. This paper deals with the security measures and implementations of the power system using machine learning. Through building a commercial facility operations forecasting system using machine learning technology utilizing power big data, this paper identifies and addresses security vulnerabilities that must compensated to protect customer information and power system safety. Furthermore, it provides security guidelines by generalizing security measures to be considered when applying AI.

Flexible Database security System using Improved Role Hierarchy (개선된 역할 계층을 이용한 유연한 데이터베이스 보안 시스템)

  • Jung Min-A;Lee Kwang-Ho
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.9 no.8
    • /
    • pp.1834-1839
    • /
    • 2005
  • Database security is essential to protect their data in most organization such as hospitals, central or local governments, banks which manage the private, sensitive and important data. Because the duty of the department recently became more various and complicated, the changes of security requirement are needed more frequently. Therefore, easily changeable, flexible security policy and efficient security management with preserving the integrity of security policy are very important. In this paper, we implemented a flexible database security system in the specimen and clinical information management system of leukemic research center using IRH(Improved Role Hierarchy). Data is protected by MAC and we propose a flexible access control and effective administration by using the IRH that is an improved role hierarchy of RBAC. If security policy is needed for changes, this system can do it easily by simply modifying the IRH with the decentralized administration. The modified security policy can be applied flexibly after alteration because the security level of the subject is not fixed but can be derived automatically from the IRH when user connects the system.

A Relationship between Security Engineering and Security Evaluation

  • Tai-hoon, Kim
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.141-144
    • /
    • 2004
  • The Common Criteria (CC) philosophy is to provide assurance based upon an evaluation of the IT product or system that is to be trusted. Evaluation has been the traditional means of providing assurance. It is essential that not only the customer' srequirements for software functionality should be satisfied but also the security requirements imposed on the software development should be effectively analyzed and implemented in contributing to the security objectives of customer's requirements. Unless suitable requirements are established at the start of the software development process, the resulting end product, however well engineered, may not meet the objectives of its anticipated consumers. By the security evaluation, customer can sure about the quality of the products or systems they will buy and operate. In this paper, we propose a selection guide for If products by showing relationship between security engineering and security evaluation and make help user and customer select appropriate products or system.

  • PDF

The Effects of Security Policies, Security Awareness and Individual Characteristics on Password Security Effectiveness (보안정책, 보안의식, 개인적 특성이 패스워드 보안효과에 미치는 영향)

  • Kim, Jong-Ki;Kang, Da-Yeon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.4
    • /
    • pp.123-133
    • /
    • 2008
  • Information securiry is considered important due to the side effect generated from the expansion of information system and rapid increase of the use of internet. Nevertheless, we are getting unconscious of the importance of information security. The purpose of this research is to empirically analyze that the effects of security policies, security awareness and individual characteristics on password security effectiveness. Based on the analysis of research model using structural equation modeling technique, security policies were influencing individual characteristics and improving user's security awareness. Also individual characteristics and security awareness had positive impact on security effectiveness.

Bitcoin and the Monetary System Revolution Changes

  • Alotaibi, Leena;Alsalmi, Azhar;Alsuwat, Hatim;Alsuwat, Emad
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.6
    • /
    • pp.156-160
    • /
    • 2021
  • Every day brings a new challenge to the humanities. Life nowadays needs accuracy, privacy, integrity, authenticity, and security to run life systems especially the monetary system. Things now differ from previous centuries. Multiple varieties in digital banking have opened the new and most advanced innovations for human beings. The monetary system is going to developed day by day to facilitate the public. Electronic money has amazed the world and gave a challenge to central banking. For this purpose, there will be a need for strict security, information, and confidence. Blockchain technology has opened new gateways. Bitcoin has become the most famous digital currency, which has created a thunderstorm in digital marketing. Blockchain, as a new Financial Technology, has satisfied all the security issues and satisfied doing business in secure ways that encourage investors to invest and keep the world business wheel. Assessment of the sustainability of implementing Bitcoin in financial institutions will be discussed. Every new system has its pros and cons in which a clear vision of what we are about to use can be sought. Through this research paper, a demonstration of the monetary system evolution, the new ways of doing business, some evidence in a form of academic cases will be demonstrated through comparison a table, a suggested method to transfer to the new system in safe mode will be proposed, and a conclusion will be concluded.