• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.035 seconds

Incident Response Competence by The Security Types of Firms:Socio-Technical System Perspective (기업 보안 유형에 따른 보안사고 대응역량 : 사회기술시스템 이론 관점에서)

  • Lee, Jeonghwan;Jung, Byungho;Kim, Byungcho
    • Journal of Information Technology Services
    • /
    • v.12 no.1
    • /
    • pp.289-308
    • /
    • 2013
  • This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

An Integrative Method of Fault Tree Analysis and Fault Modes and Effect Analysis for Security Evaluation of e-Teaching and Learning System (전자 교수학습 시스템의 보안성 평가를 위한 결함트리분석과 고장유형에 대한 영향분석의 통합적 방법)

  • Jin, Eun-Ji;Kim, Myong-Hee;Park, Man-Gon
    • KIPS Transactions on Software and Data Engineering
    • /
    • v.2 no.1
    • /
    • pp.7-18
    • /
    • 2013
  • These days, the teaching and learning system has been increasing for the rapid advancement of the information technologies. We can access education systems of good quality anytime, anywhere and we can use the individually personalized teaching and learning system depending on developing the wireless communication technology and the multimedia processing technology. The more the various systems develop, the more software security systems become important. There are a lot kind of fault analysis methods to evaluate software security systems. However, the only assessment method to evaluate software security system is not enough to analysis properly on account of the various types and characteristic of software systems by progressing information technology. Therefore, this paper proposes an integrative method of Fault Tree Analysis (FTA) and Fault Modes and Effect Analysis(FMEA) to evaluate the security of e-teaching and learning system as an illustration.

A Development of Comprehensive Framework for Continuous Information Security (기업의 지속적 정보보안 강화를 위한 접근법 개발)

  • Jeong, Tae-Seok;Yim, Myun-Seong;Lee, Jae-Beom
    • Journal of Digital Convergence
    • /
    • v.10 no.2
    • /
    • pp.1-10
    • /
    • 2012
  • The growth in computer use has ushered increased concerns of information security throughout the world. Historically, researchers interested in the security of information systems have long investigated extensively themselves with building technological countermeasures in order to prevent several information security problems. However, due to infusion of more procedures and logical or physical devices within the information environment, no system can be completely secure. Therefore, keeping IT environment safe demands a more comprehensive understanding of the phenomenon, which requires broadening information security far beyond the technical aspects. This study is aimed at proposing a information security framework from holistic view.

Evaluation Model of the Contracting Company's Security Management Using the DEA Model (DEA 모형을 이용한 도급회사 보안관리 평가모델)

  • Kim, In-hwan;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.687-704
    • /
    • 2017
  • As Korea's industrial competitiveness and technological prowess increase, collaboration and technical exchanges with contracting companies are increasing. In an environment where cooperation with the contracting company is unavoidable ordering companies are also striving to prevent leakage of technologies through various security systems, policy-making and security checks. However, although the contracting companies were assessed to have a high level of security management the leakage of technical datas are steadily increasing. Issues are being raised about the effectiveness of the security management assessment and the actual security management levels. Therefore, this study suggested a security management system model to improve security management efficiency in the general contract structure. To prove this, analyze the efficiency of 36 contractor companies for the technical datas security management system using the DEA model. The results of the analysis are reflected in the assessment results. Lastly, suggestions for improving the effectiveness of the technical datas security system are proposed.

A Study on the Customized Security Policy for Effective Information Protection System (실효적인 정보보호관리 통제를 위한 맞춤형 보안정책 연구)

  • Son, Young-hwan;Kim, In-seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.705-715
    • /
    • 2017
  • Today, the world is evolving into a huge community that can communicate with real-time information sharing and communication based on the rapid advancement of scientific technology and information. Behind this information, the adverse effects of information assets, such as hacking, viruses, information assets, and unauthorized disclosure of information assets, are continually increasing as a serious social problem. Each time an infringement of the invasion and personal information leaks occur, many regulatory policies have been announced, including stricter regulations for protecting the privacy of the government and establishing comprehensive countermeasures. Also, companies are making various efforts to increase awareness of the importance of information security. Nevertheless, information security accidents like the leaks of industrial secrets are continuously occurring and the frequency is not lessening. In this thesis, I proposed a customized security policy methodology that supports users with various business circumstances and service and also enables them to respond to the security threats more confidently and effectively through not a monotonous and technical but user-centered security policy.

A Development of Curriculum for Information Security Professional Manpower Training (정보보안 전문인력 양성을 위한 교육과정 개발)

  • Lee, Moongoo
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.54 no.1
    • /
    • pp.46-52
    • /
    • 2017
  • Social attention to information security field is inspired, and manpower demand forecast of this area is getting high. This study surveyed information security knowledge of practitioners who work in a field of information security such as computer and network system. We analyzed a connection between survey data, information protection job system that was suggested by NICE, IT skills that NCS and KISA classified and security field classification system. Base on data that analyzed, this study suggests a curriculum that trains professional manpower who perform duties in the field of information security. Suggested curriculum can be applied to 2 year college, 3 year college and 4 year college. Suggested curriculum provides courses that students who want to work in a field of information security must learn during the college. Suggested courses are closely connected to a related field and detailed guideline is indicated to each course to educate. Suggested curriculum is required, and it combines a theoretical education that become basis and a practical education so that it is not weighted to learn theory and is not only focusing on learning simple commands. This curriculum is established to educate students countermeasures of hacking and security defend that based on scenario that connected to executive ability. This curriculum helps to achieve certificates related to a field more than paper qualification. Also, we expect this curriculum helps to train convergent information security manpower for next generation.

Adaptation Policy of ISO 27001 ISMS (Information Security Management System) for e-Government (전자정부 정보보호관리체계(G-ISMS) 적용 정책)

  • Han, Keun-Hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.5
    • /
    • pp.119-130
    • /
    • 2009
  • Korea ranked 2nd in the UN Global e-Participation Index and ranked number one as the leader in e-Government for the third consecutive year. However, Korea ranked 51 in the level of information security published by WEF(World Economic Forum), relatively a low level comparing with its great number of users and excellent environments for the Internet service. A series of critical hacking accidents such as the information leak at Auction and GS Caltex emerged consecutively in 2008 year, resulting in the leak of personal & critical information. This led to a strong interest in the necessity and importance of information security and personal information so that demand for IT security is growing fast. In this paper, we survey to benchmark information security in the perspective of service level, system, investment and policy about major foreign countries. Then we research on an effective way to make the most of the benchmark result to Korea e-Government. In addition, the purpose of this paper is to improve national information security index by developing a policy for ISO 27001 ISMS, an international standard for Information Security Management System, and elevate safety and security of the e-Government serviced by central administrative organizations and local authorities.

A Study on security characteristics and vulnerabilities of BAS(Building Automation System) (BAS의 보안 특성 및 취약점에 관한 연구)

  • Choi, Yeon-Suk
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.18 no.4
    • /
    • pp.669-676
    • /
    • 2017
  • Recently, due to the importance of information security, security vulnerability analysis and various information protection technologies and security systems are being introduced as a countermeasure against cyber-attacks in new as well as existing buildings, and information security studies on high-rise buildings are also being conducted. However, security system introduction and research are generally performed from the viewpoint of general IT systems and security policies, so there is little consideration of the infrastructure of the building. In particular, the BAS or building infrastructure, is a closed system, unlike typical IT systems, but has unique structural features that accommodate open functions. Insufficient understanding of these system structures and functions when establishing a building security policy makes the information security policies for the BAS vulnerable and increases the likelihood that all of the components of the building will be exposed to malicious cyber-attacks via the BAS. In this paper, we propose an architecture reference model that integrates three different levels of BAS structure (from?) different vendors. The architectures derived from this study and the security characteristics and vulnerabilities at each level will contribute to the establishment of security policies that reflect the characteristics of the BAS and the improvement of the safety management of buildings.

Development of requirements for information security management system (ISO 27001) with CPTED in account (셉테드(CPTED)를 고려한 정보보안 관리시스템(ISO 27001)의 요구사항 개발)

  • Lim, Heon-Wook
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.19-24
    • /
    • 2021
  • The purpose of this study was to add CPTED to the information security area. The control items of ISO 27001 (11 types) and the application principles of CPTED (6 types) were mapped. And the relevance between the items was verified through the FGI meeting through 12 security experts. As a result of the survey, the control items with a relevance of at least 60% on average are security policy, physical and environmental security, accident management, and conformity. As a result, the comprehensive policy was shared with CPTED's items as a whole. The specialized control items are security organization, asset management, personnel security, operation management, access control, system maintenance, and continuity management. However, specialized control items were mapped with each item of CPTED. Therefore, information security certification and septed are related. As a result, environmental security can be added to the three major areas of security: administrative security, technical security, and physical security.

A Designing Method of Software Architecture for Information Security Business Model Selection using BMO Technique Base (BMO기법을 활용한 정보보안 비즈모델 평가시스템 소프트웨어 아키텍쳐 설계방법)

  • Noh, Si Choon
    • Convergence Security Journal
    • /
    • v.13 no.3
    • /
    • pp.71-77
    • /
    • 2013
  • In our country security industry biz model analysis methodology fragmentary theory exists, but it is hard to find a comprehensive analysis methodology. Biz model analysis IT companies the external factors and internal factors to integrate the information gathered about the comprehensive analysis of the development of an information system are required. Information support system early in the software architecture of the system design decisions early decision as the design, development, testing, maintenance, has a lasting impact on the project as a guideline in the development of a framework of design abstraction. BMO evaluation support information systems architecture designs system purposes. The mission must support the execution. Information system stakeholders to determine the mission and the environment. All information systems architecture shall have architecture. Technology architecture should be documented with each other can be used. Determine the architecture based architecture descriptions are presented.