• Title/Summary/Keyword: information security system

Search Result 6,598, Processing Time 0.037 seconds

Spring Boot-based Web Application Development for providing information on Security Vulnerabilities and Patches for Open Source Software (Spring Boot 기반의 오픈소스 소프트웨어 보안 취약점 및 패치 정보 제공 웹 어플리케이션 개발)

  • Sim, Wan;Choi, WoongChul
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.17 no.4
    • /
    • pp.77-83
    • /
    • 2021
  • As Open Source Software(OSS) recently invigorates, many companies actively use the OSSes in their business software. With such OSS invigoration, our web application is developed in order to provide the safety in using the OSSes, and update the information on the new vulnerabilities and the patches at all times by crawling the web pages of the relevant OSS home pages and the managing organizations of the vulnerabilities. By providing the updated information, our application helps the OSS users and developers to be aware of such security issues, and gives them to work in the safer environment from security risks. In addition, our application can be used as a security platform to greatly contribute to preventing potential security incidents not only for companies but also for individual developers.

Comparison of Security Education Program of Woman Information Security Majors of Seoul Region (서울지역 여성 정보보호전공의 보안교육 프로그램 비교)

  • Hong, Jin-Keun
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.10
    • /
    • pp.107-113
    • /
    • 2020
  • With the development of IT technology, along with the expansion of women's participation in society, the education training of information security women's workforce is becoming a very important issue. Therefore, it is important to analyze the relevant curriculum to identify the direction of fostering women's information security workforce. Therefore, in this paper, the education and training programs of the department for training women's information security workforce based in Seoul area of the Korean metropolitan area were analyzed. The main research objective of this paper is to review whether the education and training system, which consists of the department of women's information security human resources development, is in line with the direction of NIST's human resources development. The research focus was on what the women's information security department organizes courses with each security major and what task training is interested in. In addition, in this paper, we were confirmed that the curriculum of the relevant major is based on the NIST Human Resources Development Framework, and that the majors of the relevant universities have an education and training system that conforms to the relevant task. In conclusion, the related majors are judged to be focused on the development of certification evaluation personnel of convergence industry security or information security development personnel, and general cyber security personnel.

A Enhanced Security Model for Cloud Computing in SSO Environment

  • Jang, Eun-Gyeom
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.8
    • /
    • pp.55-61
    • /
    • 2017
  • Cloud computing is cost-effective in terms of system configuration and maintenance and does not require special IT skills for management. Also, cloud computing provides an access control setting where SSO is adopted to secure user convenience and availability. As the SSO user authentication structure of cloud computing is exposed to quite a few external security threats in wire/wireless network integrated service environment, researchers explore technologies drawing on distributed SSO agents. Yet, although the cloud computing access control using the distributed SSO agents enhances security, it impacts on the availability of services. That is, if any single agent responsible for providing the authentication information fails to offer normal services, the cloud computing services become unavailable. To rectify the environment compromising the availability of cloud computing services, and to protect resources, the current paper proposes a security policy that controls the authority to access the resources for cloud computing services by applying the authentication policy of user authentication agents. The proposed system with its policy of the authority to access the resources ensures seamless and secure cloud computing services for users.

A Reliable Secure Storage Cloud and Data Migration Based on Erasure Code

  • Mugisha, Emmy;Zhang, Gongxuan
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.1
    • /
    • pp.436-453
    • /
    • 2018
  • Storage cloud scheme, pushing data to the storage cloud poses much attention regarding data confidentiality. With encryption concept, data accessibility is limited because of encrypted data. To secure storage system with high access power is complicated due to dispersed storage environment. In this paper, we propose a hardware-based security scheme such that a secure dispersed storage system using erasure code is articulated. We designed a hardware-based security scheme with data encoding operations and migration capabilities. Using TPM (Trusted Platform Module), the data integrity and security is evaluated and achieved.

Research about Evaluation Scoping Analysis for Composition TOE (합성 TOE에 대한 평가범위 분석에 관한연구)

  • Kim, Seok-Soo
    • Convergence Security Journal
    • /
    • v.7 no.3
    • /
    • pp.45-50
    • /
    • 2007
  • The creation of information protection system which solely do detection and solely do prevention will have less protection for information. This research paper is a study of Information Protection System which aims to fulfill security reeds in a more powerful way by combining detection and prevention that is in the context of TOE via ISO/IEC TR 19791. The Creation of Composition ST will be a big help in the establishment of security policy.

  • PDF

Development of an Industrial Control System Information Security Management System Program (산업제어시스템 정보보안 관리체계 프로그램 개발)

  • Chun, Se-In;Joo, Soyoung;Kim, Min-Ju;Baek, Ji-Yeon;Shin, Jaeun
    • Annual Conference of KIPS
    • /
    • 2019.10a
    • /
    • pp.397-400
    • /
    • 2019
  • 주요기반시설 산업제어시스템의 운영환경 변화에 따라 보안 위협의 양상이 다양해지고 있다. 따라서 이를 반영한 보안 관리체계가 새로이 요구된다. 이에 본 논문은 미국 을 참조한 산업제어시스템의 정보보안 관리체계 프로그램을 제안한다. 프로그램의 기능은 다음과 같다. 첫째, 산업제어시스템 자산 관리 기능, 둘째, 보안상태 평가 기능, 셋째, 보안조치 관리 기능이다. 해당 프로그램을 통해 국내 산업제어시스템의 보안 수준 향상을 기대한다.

Advanced insider threat detection model to apply periodic work atmosphere

  • Oh, Junhyoung;Kim, Tae Ho;Lee, Kyung Ho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.3
    • /
    • pp.1722-1737
    • /
    • 2019
  • We developed an insider threat detection model to be used by organizations that repeat tasks at regular intervals. The model identifies the best combination of different feature selection algorithms, unsupervised learning algorithms, and standard scores. We derive a model specifically optimized for the organization by evaluating each combination in terms of accuracy, AUC (Area Under the Curve), and TPR (True Positive Rate). In order to validate this model, a four-year log was applied to the system handling sensitive information from public institutions. In the research target system, the user log was analyzed monthly based on the fact that the business process is processed at a cycle of one year, and the roles are determined for each person in charge. In order to classify the behavior of a user as abnormal, the standard scores of each organization were calculated and classified as abnormal when they exceeded certain thresholds. Using this method, we proposed an optimized model for the organization and verified it.

A study on neutralization malicious code using Windows Crypto API and an implementation of Crypto API hooking tool (윈도우즈 Crypto API를 이용한 악성코드 무력화 방안 연구 및 도구 구현)

  • Song, Jung-Hwan;Hwang, In-Tae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.2
    • /
    • pp.111-117
    • /
    • 2011
  • Advances in encryption technology to secret communication and information security has been strengthened. Cryptovirus is the advent of encryption technology to exploit. Also, anyone can build and deploy malicious code using windows CAPI. Cryptovirus and malicious code using windows CAPI use the normal windows API. So vaccine software and security system are difficult to detect and analyze them. This paper examines and make hooking tool against Crytovirus and malicious code using windows CAPI.

An Implementation Strategy for the Physical Security Threat Meter Using Information Technology (정보통신 기술을 이용한 물리보안 위협 계수기 구현 전략)

  • Kang, Koo-Hong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.19 no.7
    • /
    • pp.47-57
    • /
    • 2014
  • In order to publicly notify the information security (Internet or Cyber) threat level, the security companies have developed the Threat Meters. As the physical security devices are getting more intelligent and can be monitored and managed through networks, we propose a physical security threat meter (PSTM) to determine the current threat level of physical security; that is a very similar compared with the one of information security. For this purpose, we investigate and prioritize the physical security events, and consider the impact of temporal correlation among multiple security events. We also present how to determine the threshold values of threat levels, and then propose a practical PSTM using the threshold based decision. In particular, we show that the proposed scheme is fully implementable through showing the block diagram in detail and the whole implementation processes with the access controller and CCTV+video analyzer system. Finally the simulation results show that the proposed PSTM works perfectly under some test scenarios.

Privacy and Security Model for RFID Healthcare System in Wireless Sensor Network (무선센서네트워크 환경하에서 RFID 헬스 시스템을 위한 보안)

  • Kim, Jung-Tae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2012.05a
    • /
    • pp.439-441
    • /
    • 2012
  • The use of a mobile agent in hospital environment offers an opportunity to deliver better services for patients and staffs. Furthermore, medical errors will be reduced because M-health system helps to verify the medical process. Optimized security protocols and mechanisms are employed for the high performance and security. Finally, a challenge in the near future will be converge the integration of Ubiquitous Sensor Network (USN) with security protocols for applying the hospital environment. We proposed secure authentication and protocol with Mobile Agent for ubiquitous sensor network under healthcare system surroundings.

  • PDF