• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.031 seconds

A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013 (클라우드 서비스 평가 프로그램과 ISO/IEC 27001:2013의 비교 연구)

  • Choi, Ju-Young;Choi, Eun-Jung;Kim, Myuhng-Joo
    • Journal of Digital Convergence
    • /
    • v.12 no.1
    • /
    • pp.405-414
    • /
    • 2014
  • It is very important to IT users that the Cloud service provides dynamic extension of IT resources and cost-saving. However, the reliability for Cloud service hinders utilizing Cloud service actively. Existing studies on assessment program for Cloud Service are executed by extracting information security assessment articles and adding features of cloud services by referencing ISO/IEC 27001:2005. This paper will review the recently released ISO/IEC 27001:2013 for the addition, reduction, and changing of articles for Controls and Control objectives. Comparative analysis for the Controls of ISO/IEC 27001:2013 with those of CSA CCMv.3, FedRAMP which is an assessment program for Cloud service will suggest Control Objects of Information Security Management System for related Cloud service. The suggestion of Controls will be an important reference index for the security policy of companies which manage the information security management system based on Cloud service.

Andro-profiler: Anti-malware system based on behavior profiling of mobile malware (행위기반의 프로파일링 기법을 활용한 모바일 악성코드 분류 기법)

  • Yun, Jae-Sung;Jang, Jae-Wook;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.145-154
    • /
    • 2014
  • In this paper, we propose a novel anti-malware system based on behavior profiling, called Andro-profiler. Andro-profiler consists of mobile devices and a remote server, and is implemented in Droidbox. Our aim is to detect and classify malware using an automatic classifier based on behavior profiling. First, we propose the representative behavior profiling for each malware family represented by system calls coupled with Droidbox system logs. This is done by executing the malicious application on an emulator and extracting integrated system logs. By comparing the behavior profiling of malicious applications with representative behavior profiling for each malware family, we can detect and classify them into malware families. Andro-profiler shows over 99% of classification accuracy in classifying malware families.

Situation Analysis and Education Plan of Security Ethics for Training College Students Majoring in Information Security (정보보안전공 대학생을 위한 보안 윤리의식 분석 및 교육 방안)

  • Kim, Tae-Hee
    • The Journal of the Korea Contents Association
    • /
    • v.17 no.4
    • /
    • pp.596-605
    • /
    • 2017
  • Recently, it has been pointed out that the lack of professional ethics of computer and security experts is serious as college students majoring in information security and insiders who are in charge of security work are involved in crimes after being tempted to cyber crimes. In this paper, we investigate and analyze the security ethics awareness and education situation of college students majoring in information security, and examine the security ethics education method for human resource development with personality and qualities. As the information society becomes more widespread, the ethics and occupational consciousness of the university students who are majoring in information security are recognized as lack of awareness and education about security ethics, As a solution to solve these problems, it is expected that it will be possible to nurture security experts who are aware of their vocation through the educational plan to enhance the security ethics of the information security major college students. According to the security ethics education system proposed in the paper, the security ethical consciousness of the group that received education was remarkably improved.

Analysis of Jini 2.0 Security for Home Network (홈네트워크를 위한 Jini 2.0 Security 분석)

  • 이윤경;한종욱;김도우;주홍일
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2004.05b
    • /
    • pp.717-720
    • /
    • 2004
  • Jini is a middle ware supposed in Sun Microsystems. The goal of lil is the establishment of dynamic distributed system, which can share information and control of other Jini technology-enabled services or devices in the same Jini system. Jini is one of the best middleware together UPnP and HAVi. Hone network security, soch as privacy protection, crime prevention, and etc, is very important. So Jini 2.0 adds security mechanism in 11. 2003. This paper describes the analysis of Jini 2.0 security mechanism, and home network security.

  • PDF

Security Design of Information Security for Wireless Local Area Network (무선 네트워크망의 정보보호를 위한 시스템 설계)

  • Kim, Jung-Tae;Jung, Sung-Min
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2003.05a
    • /
    • pp.729-732
    • /
    • 2003
  • Security and privacy issues complicate wireless local area network deployment. for a wired network, certain levels of security are maintained since access to the physical medium is restricted to the devices physically connected to the network. Though wireless local area networks offer some built-in security features, security breaches are possible if appropriate precautions are not taken. This paper describes security issues related to wireless local area networks and presents a software approach for restricting and controlling wireless access. The system authenticates users on the basis of identity, privileges and access hardware by distributed software agents that implement security policy and restrict unauthorized access.

  • PDF

Implementing Side Channel Analysis Evaluation Boards of KLA-SCARF system (KLA-SCARF 부채널 검증 보드 구현)

  • Choi, YongJe;Choi, DooHo;Ryou, JeaCheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.229-240
    • /
    • 2014
  • With increasing demands for security evaluation of side-channel resistance for crypto algorithm implementations, many equipments are developed at various research institutes. Indeed, commercial products came out for the purpose of evaluation and certification tool of security products. However, various types of security products exclusive a smart card make it difficult to implement a security evaluation system for them. In this paper, we describe implementation and characteristic of the side-channel evaluation boards of the KLA-SCARF, which is the project to develop domestic side-channel evaluation system. This report would be helpful for following researchers who intend to develop side-channel evaluation boards for other security devices.

Development of the framework for quantitative cyber risk assessment in nuclear facilities

  • Kwang-Seop Son;Jae-Gu Song;Jung-Woon Lee
    • Nuclear Engineering and Technology
    • /
    • v.55 no.6
    • /
    • pp.2034-2046
    • /
    • 2023
  • Industrial control systems in nuclear facilities are facing increasing cyber threats due to the widespread use of information and communication equipment. To implement cyber security programs effectively through the RG 5.71, it is necessary to quantitatively assess cyber risks. However, this can be challenging due to limited historical data on threats and customized Critical Digital Assets (CDAs) in nuclear facilities. Previous works have focused on identifying data flows, the assets where the data is stored and processed, which means that the methods are heavily biased towards information security concerns. Additionally, in nuclear facilities, cyber threats need to be analyzed from a safety perspective. In this study, we use the system theoretic process analysis to identify system-level threat scenarios that could violate safety constraints. Instead of quantifying the likelihood of exploiting vulnerabilities, we quantify Security Control Measures (SCMs) against the identified threat scenarios. We classify the system and CDAs into four consequence-based classes, as presented in NEI 13-10, to analyze the adversary impact on CDAs. This allows for the ranking of identified threat scenarios according to the quantified SCMs. The proposed framework enables stakeholders to more effectively and accurately rank cyber risks, as well as establish security and response strategies.

Analyses of Crypto Module for Gbps VPN System

  • Kim, Jung-Tae;Han, Jong-Wook
    • Journal of information and communication convergence engineering
    • /
    • v.1 no.4
    • /
    • pp.213-216
    • /
    • 2003
  • A VPN is widely used in a communications environment which access is controlled to permit peer connections only within a defined community of interest. It is constructed through some form of partitioning of a common underlying communication medium, where this underlying communications medium provides services to the network on a non-exclusive basis. In this paper, we have analyzed a variety of architecture to implement Giga bps VPN system. The proposed architecture will satisfy the needs of clients who adopt Giga bps VPN system in the various environments.

Design and Implementation of Security System for Wargame Simulation System (워게임 시뮬레이션 시스템을 위한 보안시스템 설계 및 구현)

  • Song Jong Seok;Kim Jin Soo;Shin Moon Sun;Ryu Keun Ho
    • The KIPS Transactions:PartC
    • /
    • v.12C no.3 s.99
    • /
    • pp.369-378
    • /
    • 2005
  • War simulation system is a virtual space that my tactical simulation exercise is held. The data used in this system are considered sensitive and needs to be protected. But suity vulnerabilities and possible security loopholes were not considered when designing the war game simulation system. So currently the systemis highly vulnerable against hackers and data leakages. This paper proposed a security system for war game simulation system based on considering the currently vulunerabilities and possible suity leakages. The proposed security system supports security patches. In this paper, we analyze vulunerabilities of the running environment of current system and we design and implement the security system that is consisted of three components : Authentication System, Encryption System and Network Security System. The security patches are safe and there are no negative effects on the system's performance. The patches are proved to be effective and very reliable towards solving the security vulnerabilities.

A Study on the Plan of Construction of Cooperating Crime Prevention System between Public Police and Private Security of Korea (공경비와 민간경비의 협력방범체제 구축방안)

  • Lee, Sang-Won
    • Korean Security Journal
    • /
    • no.6
    • /
    • pp.67-101
    • /
    • 2003
  • This study presents a plan of construction for cooperating crime prevention system between public police and private security to provide positive safety, and crime prevention activity for clients. A method of this study, this paper used statistics analysis and literature study. This study, an introduction is at the chapter I , a role of public police and private security at the Chapter II, the realities of private security industry of korea at the Chapter III, the police service relating with private security and operating realities at the ChapterIV, the problems and a plan of construction for co-operating crime prevention system at the ChapterV, and conclusion at the ChapterVI. In conclusion, It is needed a public information strategy, partnership between the police and guard, establishment of special office for private security, and the improvement of the quality in security corporation.

  • PDF