• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.03 seconds

A Study on Decision Making Process of System Access Management (시스템 접근관리에 대한 의사결정 프로세스 연구)

  • Cho, Young-Seok;Im, Jong-In;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.1
    • /
    • pp.225-235
    • /
    • 2015
  • Recently, the administration and supervision of Information Security Certification and Security Inspection has been enforced but information leakage and security accidents by insiders are increasing consistently. The security accidents by insiders ran to 21% in 2010, by the 2011 Cyber Security Watch Survey. The problem is that immediate recognition is difficult and stopgap measure is mostly adopted without company's external notice apprehensive for cost increase or credit drop in case of internal security accidents. In the paper, we conducted the regression study on security access management then proposed the standard process available for other systems and businesses sites. It can be very useful for many companies to investigate, analyze and improve the problem of security management conveniently.

Risk Rating Process of Cyber Security Threats in NPP I&C (원전 계측제어시스템 사이버보안 위험도 산정 프로세스)

  • Lee, Woomyo;Chung, Manhyun;Min, Byung-Gil;Seo, Jungtaek
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.3
    • /
    • pp.639-648
    • /
    • 2015
  • SInce 2000, Instrumentation and Control(I&C) systems of Nuclear Power Plant(NPP) based on analog technology began to be applied to the digital technology. NPPs under construction in the country with domestic APR1400 I&C system, most devices were digitalized. Cyber security of NPP I&C systems has emerged as an important issue because digital devices compared to the existing analog equipment are vulnerable to cyber attacks. In this paper, We proposed the risk rating process of cyber security threats in NPP I&C system and applied the proposed process to the Reactor Protection System(RPS) developed through Korea Nuclear Instrumentation & Control System(KINCS) project for evaluating the risk of cyber security threats.

Development of Embedded Security Fax Server Supporting Dual Mode (이중 방법을 지원하는 임베디드 보안 팩스 서버 개발)

  • Lee, Sang-Hak;Chung, Tae-Choong
    • The KIPS Transactions:PartA
    • /
    • v.11A no.3
    • /
    • pp.129-138
    • /
    • 2004
  • Even though the Internet applications such as e-mail and FTP are widely used, fax is still an important media for data communications till today. Many researches on security over the Internet data communication have been done over the years, on the other hand not many researches have been dedicated to the fax security issue which is as important as the Internet. In this paper, we describe the development of hardware and software of the embedded security fax server which increases the security in supporting existing fax. The developed system is designed and implemented to maintain security while minimizing the delay due to encryptionㆍdecryption. Since there's international or domestic tryptographic standard and each nation have their policy to restrict the use of cryptographic system, we adopt domestic standard cryptographic protocol admitted in Korea. And the system supports two modes: Security mode and Non-Security mode that user can choose from. The system can be applied directly which is the requirements of users at company ,End the government. We verify the performance and functioning of the system in various real environment.

A Study on the Security Structure of Next Generation E-mail System (차세대 이메일 보안 기술에 관한 연구)

  • Kim, Kui-Nam J.
    • Convergence Security Journal
    • /
    • v.8 no.4
    • /
    • pp.183-189
    • /
    • 2008
  • E-mail's role has been increased due to its merit which is sending demanded information in real-time anywhere, anytime. However, Today's E-mail security threats have being changed intelligently to attack against the specific agency. The threat is a limit to respond. Therefore precise definition and development of security technology is needed to analyze changing environment and technologies of e-mail so that remove fundamental security threat. we proposed Next Generation E-mail System Security Structure and the Next Generation fusion System using authentication As a result, in this study, we development of Next Generation E-mail System Security Structure. This system can protect E-mail user from social engineering hacking technique, spam, virus, malicious code and fabrication.

  • PDF

A Study on the Development of Cyberpolice Volunteer System Using the Collective Intellectual Network (집단지성 네트워크형 사이버폴리스 자원봉사시스템 구축에 관한 연구)

  • Kim, Doo-Hyun;Park, Sung-Joon;Na, Gi-Sung
    • Korean Security Journal
    • /
    • no.61
    • /
    • pp.59-85
    • /
    • 2019
  • In the reality that the boundary between the real world and the virtual world disappears with the 4th Industrial Revolution, cyber crimes that occur beyond time and space have clear limitations in fulfilling their duties only with the police force of government organizations established under the real law system. The research method of this thesis is based on the literature research and the experience of security work. The purpose of this paper is to establish a social system where collective intelligence of each social field can participate voluntarily to respond to cyber crimes occurring beyond the time and space before the law and institutionalization. In addition, the social system in which collective intelligence in each social sector can participate voluntarily was established to define crime types in cyberspace in real time and to prevent crimes defined by the people themselves and the counter-measures had been proposed in order to form social consensus. First, it is necessary to establish a collective intelligent network-type cyberpolice volunteer system. The organization consists of professors of security and security related departments at universities nationwide, retired public officials from the National Intelligence Service, the National Police Agency, and the National Emergency Management Agency, security companies and the organizations, civilian investigators, security & guard, firefighting, police, transportation, intelligence, security, national security, and research experts. Second, private sector regulation should be established newly under the Security Business Act. Third, the safety guard of the collective intelligent cyberpolice volunteer system for the stability of the people's lives should strengthen volunteer work. Fourth, research lessons and legal countermeasures against cybercrime in advanced countries should be introduced. Fifth, the Act on the Protection of Personal Information, the Act on Promotion of Information and Communication Network Utilization and Information Protection, the Act on the Utilization and Protection of Credit Information, and the Special Act on the Materials and Parts Industry should be amended. Sixth, police officers should develop cybercrime awareness skills for proactive prevention activities.

A Design of Network Security Kernel for Multilevel Secure Message Handling on the Distributed Network (분산 네트워크상에서 다중등급보안 메세지 처리를 위한 네트워크 보안 커널의 설계)

  • 홍기융;조인준;김동규
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1994.11a
    • /
    • pp.203-211
    • /
    • 1994
  • 본 논문에서는 다중 등급의 기밀성을 갖는 메세지의 보호를 위한 보안 특성 함수와 보안 오퍼레이션을 제시하였으며, 이를 구현하기 위한 네트워크 보안 커널의 구조를 설계하였다. 제안한 네트워크 보안 커널은 분산 네트워크상에서 다중등급보안 메세지를 안전하게 보호할 수 있도록 하는 분리된 (Isolated) 보호 기능을 제공한다.

  • PDF

The Safety Evaluation for a Security Model using SPR (SPR를 이용한 보안 모델의 안전성 평가)

  • ;;;;;;Dmitry P. Zegzhda
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.12a
    • /
    • pp.655-659
    • /
    • 2003
  • 시스템의 안전성을 평가하기 위해 안전성 문제 해결 도구인 SPR[1]을 이용하여 보안 모델을 프롤로그 기반의 명세 언어인 SPSL로 기술하여 안전성을 검증한다. 보안 모델은 시스템의 3가지 컴포넌트, 시스템 보안 상태(system security states), 접근 통제 규칙(access control rules), 그리고 보안 기준(security criteria)으로 구성된다. 본 논문에서는 보안 모델의 보안 기준에 NTFS의 다중 사용 권한을 적용하여 명세하고 안전성 문제 해결방법을 제시하고자 한다.

  • PDF

Android Operating System: Security Features, Vulnerabilities, and Protection Mechanisms

  • AlJeraisy, Lulwa Abdulmajeed;Alsultan, Arwa
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.11
    • /
    • pp.367-372
    • /
    • 2022
  • In the age of smartphones, users accomplish their daily tasks using their smartphones due to the significant growth in smartphone technology. Due to these tremendous expansions, attackers are highly motivated to penetrate numerous mobile marketplaces with their developed malicious apps. Android has the biggest proportion of the overall market share when compared to other platforms including Windows, iOS, and Blackberry. This research will discuss the Android security features, vulnerabilities and threats, in addition to some existing protection mechanisms.

A Protection System of Medical Information using Multiple Authentication (다중 인증 기술을 이용한 의료정보 보호시스템)

  • Kim, Jin-Mook;Hong, Seong-Sik
    • Convergence Security Journal
    • /
    • v.14 no.7
    • /
    • pp.3-8
    • /
    • 2014
  • Recently, A utilization request of the U-Healthcare services are increasing rapidly. This is because the increase in smartphone users and ubiquitous computing technology was developed. Furthermore, the demand for access to and use of medical information systems is growing rapidly with a smartphone. This system have the advantage such as they can access from anywhere and anytime in the healthcare information system using their smartphone quickly and easily. But this system have various problems that are a privacy issue, the location disclosure issue, and the potential infringement of personal information. this problems are arise very explosive. Therefore, we propose a secure information security system that can solve the security problems in healthcare information systems for healthcare workers using smartphone. Our proposed system, doctors record, store, modify and manage patient medical information and this system would be safer than the existing healthcare information systems. The proposed system allows the doctor to perform further authentication by transmitting using SMS to GOTP message when they accessing medical information systems. So our proposed system can support to more secure system that can protect user individual information stealing and modify attack by two-factor authentication scheme. And this system can support confidentiality, integrity, location information blocking, personal information steal prevent using cryptography algorithm that is easy and fast.

Overview of the Sambodana Project: Development of Mobile Communication Security System using Hardening Android

  • Cahyo, Darujati;Moh Noor Al, Azam
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.12
    • /
    • pp.57-62
    • /
    • 2022
  • The Sambodana project is a mobile communication security system development project using Hardening Android. The initial idea for this project is that information leakage occurs outside of a communications application with end-to-end cryptographic security. Android hardening prevents unwanted applications and bloatware from being installed, such as unavailable Google Play Store or install restrictions.