• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.034 seconds

A Study on Establishment of Small and Medium Business Information Security Plan under Resource Restrictions (자원 제약하의 중소기업 정보보안계획 수립방안 연구)

  • Kwon, Jang-Kee;Kim, kyung-Ihl
    • Journal of Convergence for Information Technology
    • /
    • v.7 no.2
    • /
    • pp.119-124
    • /
    • 2017
  • Information is a valuable asset regardless of the size of the enterprise and information security is an essential element for the survival and prosperity of the enterprise. However, in the case of large corporations, Security is ensured through rapid introduction of information security management system. but In the case of SMEs, security systems are not built or construction is delayed due to complex factors such as budget constraints, insufficient security guidelines, lack of security awareness. In this paper, we analyze the actual situation of information security management of SMEs through questionnaires, and We would like to suggest a comprehensive security plan for SMEs in free or inexpensive ways. We believe that by applying the method presented in this paper, SMEs will be able to implement the lowest cost basic information security and will benefit SMEs who plan to establish an information security plan.

Implementation of File Security Module Using on Windows (윈도우즈 기반 파일 보안 모듈 설계 및 구현)

  • Sung Kyung;Yoon Ho-gun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.2 s.34
    • /
    • pp.105-112
    • /
    • 2005
  • As the development of information telecommunication technology and thus the information sharing and opening is accelerated, If system is exposed to various threatener and the avrious security incident is rasing its head with social problem. As countermeasure, to protect safely and prepare in the attack for a system from a be latent security threat, various security systems are been using such as IDS, Firewall, VPN etc.. But, expertise or expert is required to handle security system. The module, implemented in this paper, is based on Windows XP, like Linux and Unix, and has effect integrity and non-repudiation for a file.

  • PDF

IoT based Authentication System Implementation on Raspberry Pi (라즈베리파이에서 사물인터넷 기반의 인증 시스템 구현)

  • Kim, Jeong Won
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.22 no.6
    • /
    • pp.31-38
    • /
    • 2017
  • With the Development of Information Technology, Security is becoming very Important. Existing Security Systems are Mostly Expensive and Not Easy to Implement, and are Also very Complex when using Biometric Information. In this paper, We try to solve this Problem by Implementing a Low cost Internet based Security Terminal Using Fingerprint and Face Image. To Implement a Low-cost Security System, a Fingerprint Scanner and a Camera are installed in Raspberry pi, and the Scanned Image is encrypted with the AES-256 Algorithm and Transmitted to Cloud. Through This Study, We confirmed the Possibility of the Proposed System in view of Authentication, Cost Reduction, Security and Scalability.

A Study on security policy for vitalizing financial company cloud (금융회사 클라우드 활성화를 위한 보안 정책 연구)

  • Im, Je-sang
    • The Journal of the Convergence on Culture Technology
    • /
    • v.3 no.4
    • /
    • pp.199-205
    • /
    • 2017
  • As cloud computing can utilize the proper allocation of system resources, it can be expected to have great benefits in terms of maintaining availability and reducing costs when a cloud is applied to a financial company's computer system. Although some provisions of the Financial Supervisory Regulation were revised in October 2016, this is limited to non-critical information processing systems, limits are remain whitch the application of cloud computing to the whole computer system of financial companies including electronic financial systems. In this paper, cloud security requirements are studied for the application of financial company's computational infrastructure system.

NoSQL-based User Behavior Detection System in Cloud Computing Environment (NoSQL 기반 클라우드 사용자 행동 탐지 시스템 설계)

  • Ahn, Kwang-Min;Lee, Bong-Hwan
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2012.10a
    • /
    • pp.804-807
    • /
    • 2012
  • Cloud service provider has to protect client's information securely since all the resources are offered by the service provider, and a large number of users share the resources. In this paper, a NoSQL-based anomaly detection system is proposed in order to enhance the security of mobile cloud services. The existing integrated security management system that uses a relational database can not be used for real-time processing of data since security log from a variety of security equipment and data from cloud node have different data format with unstructured features. The proposed system can resolve the emerging security problem because it provides real time processing and scalability in distributed processing environment.

  • PDF

A Secure Healthcare System Using Holochain in a Distributed Environment

  • Jong-Sub Lee;Seok-Jae Moon
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.15 no.4
    • /
    • pp.261-269
    • /
    • 2023
  • We propose to design a Holochain-based security and privacy protection system for resource-constrained IoT healthcare systems. Through analysis and performance evaluation, the proposed system confirmed that these characteristics operate effectively in the IoT healthcare environment. The system proposed in this paper consists of four main layers aimed at secure collection, transmission, storage, and processing of important medical data in IoT healthcare environments. The first PERCEPTION layer consists of various IoT devices, such as wearable devices, sensors, and other medical devices. These devices collect patient health data and pass it on to the network layer. The second network connectivity layer assigns an IP address to the collected data and ensures that the data is transmitted reliably over the network. Transmission takes place via standardized protocols, which ensures data reliability and availability. The third distributed cloud layer is a distributed data storage based on Holochain that stores important medical information collected from resource-limited IoT devices. This layer manages data integrity and access control, and allows users to share data securely. Finally, the fourth application layer provides useful information and services to end users, patients and healthcare professionals. The structuring and presentation of data and interaction between applications are managed at this layer. This structure aims to provide security, privacy, and resource efficiency suitable for IoT healthcare systems, in contrast to traditional centralized or blockchain-based systems. We design and propose a Holochain-based security and privacy protection system through a better IoT healthcare system.

New Approach for Detecting Leakage of Internal Information; Using Emotional Recognition Technology

  • Lee, Ho-Jae;Park, Min-Woo;Eom, Jung-Ho;Chung, Tai-Myoung
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.11
    • /
    • pp.4662-4679
    • /
    • 2015
  • Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.

Study on Security Grade Classification of Financial Company Documents (금융기관 문서 보안등급 분류에 관한 연구)

  • Kang, Bu Il;Kim, Seung Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1319-1328
    • /
    • 2014
  • While the recent advance in network system has made it easier to collect and process personal information, the loss of customers, financial companies and even nations is getting bigger due to the leakage of personal information. Therefore, it is required to take a measure to prevent additional damage from the illegal use of leakaged personal information. Currently, financial companies use access control in accordance with job title or position on general documents as well as important documents including personal information. Therefore, even if a documents is confidential, it is possible for a person of the same job title or position to access the document properly. This paper propose setting up security grade of documents to improve current access control system. It will help preventing the leakage of personal information.

Network 2-Factor Access Control system based on RFID security control system (RFID 출입통제시스템과 연동한 네트워크 이중 접근통제 시스템)

  • Choi, Kyong-Ho;Kim, Jong-Min;Lee, Dae-Sung
    • Convergence Security Journal
    • /
    • v.12 no.3
    • /
    • pp.53-58
    • /
    • 2012
  • Network Access Control System that is one of the efforts to protect the information of internal applies to effectively control of insider and automatic network management and security. However, it has some problems : spoofing the authorized PC or mobile devices, connect to the internal network using a system that authorized users are away. In addition, information leakage due to malicious code in the same system. So in this paper, Network 2-Factor Access Control System based on RFID security control system is proposed for safety communication environment that performing a two-factor authentication using authorized user and devices to connect to the internal network.

Study on the way of Institutionalized Budget for Information Security (정보보호 강화를 위한 예산편성 제도화 방안 연구)

  • Kim, So-Jeong;Choi, Seok-Jin;Lee, Cheol-Won
    • The KIPS Transactions:PartC
    • /
    • v.14C no.2
    • /
    • pp.115-122
    • /
    • 2007
  • US is strengthening the information security by managing federal agency's information and information system systematically. For this purpose. US government put the Federal Information Security Management Act into the E Government Act of 2002. According to the FISMA, it is required to have information securitv management plan for all federal agencies. In addition that, OMB Circular A II requires all federal agencies to identity the ratio of information security investment. That is the basis of strengthening the information security of federal agency, This paper will compare the budget status and information security mechanism of Korea and US.