• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.038 seconds

A Study on An Architecture of the Security improved Document DRM for preventing Information Leakage in Military Information System Environment (국방 정보시스템 환경에서 정보유출 방지를 위한 보안성이 강화된 문서 DRM 설계에 관한 연구)

  • Eom, Jung Ho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.7 no.1
    • /
    • pp.41-49
    • /
    • 2011
  • We designed a security improved document DRM for protecting document based military information which is transmitted in the military information system environment. The user should be could not access document which not related to his/her role and duty, and must view the only document appropriate for his/her role and security level according to the security level of document. We improved the security of document DRM by adding to the access control module in DRM server. Our system allows operation mode authorizations for the document, considering the user's role & security level and the security level of document. And it prevents indiscriminate access to the document and damage the confidentiality and integrity of information.

Information Technology for Mobile Perimeter Security System Creation

  • Mazin Al Hadidi;Jamil S. Al-Azzeh;Lobanchikova N.;Kredentsar S.;Odarchenko R.;Opirskyy I.;Seilova N.
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.10
    • /
    • pp.63-70
    • /
    • 2024
  • This paper is about information technology of creation of mobile (of rapid deployment) security systems of the area perimeter. This system appears to be a complex of models and methods, information, software and hardware means that are interacted with users during decision-making and control of implementation for management solutions. The proposed information technology aimed at improving the protection level for security departments by automating the process of dangers detection for perimeters and decision-making for alarm. The structural model of the system, the model of system's components interaction and the model of identifying the subjects of emergencies threats have been proposed. A method for identifying unauthorized access to the perimeter of the protected object, using the production model of knowledge representation, was created. It is a set of linguistic expressions (such as "IF-THEN") and knowledge matrix. The method of ranking for objects, which are threats of unauthorized access to the perimeter for protected area, has been proposed. Practical value of work consists in the possibility of the use this information technology by perimeter's security systems of various objects. Proposed models are complete and suitable for the hardware and software implementation.

A Study on the Qualitative Improvement of Private Security Industrial (민간경호업의 질적 발전 방안에 관한 연구)

  • Song, Sang-Wook
    • Journal of the Society of Disaster Information
    • /
    • v.2 no.1
    • /
    • pp.113-127
    • /
    • 2006
  • The suggestions that follow are about the Qualitative Improvement of private security Industrial. First, in legal and institutional policy, new establishment by law for private security and more support from government is asked. Moreover, the restructuring or M&A between petty companies and the pricing for security service should be performed. Second, in the structural aspect of private security industry, the professional education center for private security guards should be established and the terms of payment and welfare should be improved to the level above standard. In addition, it should be achieved to change the public to have a new and correct understanding of private security and develope the specialized parts suited to the characteristic and ability of each companies. Third, the construction of operating system for private security service should be achieved; recruit system for competent security guards, marketing strategy and enforcement system, widely known confidence to client, normal training system for security guards and post management system for client. This is also to be suited to the characteristic of each companies.

  • PDF

The Correspondence Competence of Information Accident by Firms Experienced in Confidential Information Leak (기밀정보 유출 경험을 가진 기업들의 정보사고 대응역량 강화에 관한 연구)

  • Jung, Byoungho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.12 no.2
    • /
    • pp.73-86
    • /
    • 2016
  • The purpose of this study is to examine a security investment for firms experienced in confidential information leak. Information security is an apparatus for protection of secret information. The competence of information security is a competitiveness to avoid information leakage in changing business environment. The type of information security is divided into administrative security, technical security and physical security. It is necessary to improve the incident correspondence competence through information security investment of the three types. Therefore, the investment of information security is to enhance information-asset protection of firms. To reinforce accident response competence, an organization discussed an establishment, security technology development, expand investment and legal system of the security system. I have studied empirically targeting the only information leak of firms. This data is a technical security competence and technology leakage situation of firms happened in 2010. During recovery of the DDos virus damage on countries, company and individual, the collected data signify a reality of information security. The data also identify a security competence of firms worrying information security management. According to the study, the continuous investment of information security has a high competence of accident correspondence. In addition, the most of security accidents showed a copy and stealing of paper and computer files. Firm on appropriate security investment is an accident correspondence competence higher than no security investment regardless of a large, small and medium-sized, and venture firm. Furthermore, the rational security investment should choose the three security type consideration for firm size.

Relationship of Information Technology User Personality, Security and Control (보안 및 통제와 정보기술 사용자의 성격의 관계)

  • Lee, Jang-Hyung;Kim, Jong-Won
    • The Journal of Information Systems
    • /
    • v.19 no.3
    • /
    • pp.1-12
    • /
    • 2010
  • Personality is comprehensive nature of the mood and attitude of people, most clearly revealed in the interaction with other people. This study is a analysis on personality type to information system security and control from financial institute employee. Based on 'The Big Five' personality model, this study develops hypothetical causal relationships of potential organization member's personality and their information system security and control. Research hypotheses are empirically tested with data collected from 901 employees. Results show that employees of high level security mind are the owner of conscientious and emotional stable personality and the employees of high level control mind are the owner of agreeable and emotional stable personality. Therefore the owner of agreeable and stable personality is higher security and control than others.

Design and Implimentation of Intrusion Detection System on Contents Security (컨텐츠 보안 침입 탐지 시스템 설계 및 구현)

  • Kim, Young Sun;Seo, Choon Weon
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.52 no.11
    • /
    • pp.164-168
    • /
    • 2015
  • As Internet use is widespread advertising through the Web, shopping, banking, etc. As the various services offered by the network, the need for Web security is increasing. A security system for the protection of information assets and systems against various types of external hacking threats and unlawful intrusion will require. Intrusion Detection Tool of the paper web will have is to increase the security level, to prevent the loss of resources and labor spent by the individual monitoring of the web. Security intrusion detection system analyzes the cause of the problem of the security vulnerability and exposure of the information on the Web. Using a monitor to determine a fast support of security is to design a security system for the purpose of protecting the information security vulnerability and exposure information.

Global Recovery Management Protocol for Heterogeneous System in Security Environments (보안환경에서 이질형 시스템의 전역 복구 관리 프로토콜)

  • Jeong, Hyun Cheol
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.5 no.4
    • /
    • pp.51-59
    • /
    • 2009
  • Many failures are due to incorrectly programmed transactions and data entry errors. System failure causes the loss or corruption of the contents of volatile storage. Although global processing protects data values to detect direct or indirect information effluence, security environments are very important in the recovery management of heterogeneous systems. Although transaction can't control system fault, the restart for the system can cause information effluence by low bandwith. From various faults, it is not easy to maintain the consistency and security of data. This paper proposes recovery management protocols to assure global multilevel secure one-copy quasi-serializability in security environments of heterogeneous systems with replicated data and proves its correctness. The proposed secure protocols guarantee the reliability and security of system when the system fault is happened.

A Study on Enterprise Information Security Portal Model for Enterprise Information Security Governance (기업 정보보호 거버넌스를 위한 기업 정보보호 포털 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.39-46
    • /
    • 2020
  • In order to protect the business information of the enterprise, the company is engaged in various information security activities, such as establishing an information security management system, establishing and operating an information security system, checking vulnerabilities and security controls. It is an enterprise information security governance that organizes various information security activities for enterprise business, and it needs to be systematized to operate them effectively. In this study, to systematize the enterprise information security governance, we would like to explore the existing Enterprise Information Portal(EIP) model and propose an Enterprise Information Security Portal(EISP) model based on it. The Enterprise Information Security Portal(EISP) model provides an integrated environment for supporting the activities of the information security departments by systemizing the enterprise information security governance, which is a variety of information security activities of the enterprises, so that the information security activities of the enterprises can participate directly from CEO to executives and employees, not just from the information security departments.

The effects of the operation of an information security management system on the performance of information security (정보보호 관리체계의 지속적인 정보보호 관리과정(PDCA)이 정보보호 성과에 미치는 영향에 관한 실증 연구)

  • Jang, Sang-Soo;Lee, Sang-Joon;Noh, Bong-Nam
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1123-1132
    • /
    • 2012
  • Many domestic organizations are introducing and operating various information security management systems capable of coping with technical, administrative, and legal issues comprehensively and systematically, in order to prevent various infringement incidents such as personal information disclosure and hacking preemptively and actively. However, empirical analyses regarding the extent to which an information security management system contributes to information security performance have not been fully conducted, even though enterprises and organizations are actively introducing such systems in order to achieve their information security objectives as a part of their organizational management activities in line with their respective business, by investing considerable effort and resources in developing and operating these systems. This approach can be used to apply, develop, and operate the information management system actively within an organization. this study focused on analyzing how each specific phase of the information security management system affects information security performance, compared with previous studies, which generally focus on the information security control item in analyzing information security performance. The information security management system was analyzed empirically to determine how the Security PCDA cycling model affects information security performance.

A Safe Qperati ng Strategy for Information System of Small and Medium Enterprises (중소기업 정보시스템의 안정적 운영 전략)

  • Yeo, Sang-Soo;Hwang, Su-Chul
    • Journal of the Korea Society of Computer and Information
    • /
    • v.14 no.7
    • /
    • pp.105-112
    • /
    • 2009
  • Small and medium enterprises have more dependency on their information technology than large enterprises have. but they can't pay much for information technology and information security due to financial restrictions, limited resources, and lack of know-how. So there are many vulnerabilities in small and medium enterprises and these would make many security incidents. Security managers of small and medium enterprises think that information security in their company is simply equivalent to updating the antivirus solutions. managing firewall, and patching systems regularly. However, security policies, prevention of information theft. business continuity, access controls, and many other information security issues should be considered for mitigating security incidents. In this context, we redefined security countermeasures and strategies which are only appropriate to large enterprises. for making them appropriate on a secure operating for information system of small and medium enterprises, and we investigate information security issues in the four views of information system and company, and finally we present information security strategies for each view, in this paper.