• Journal of Information Technology Applications and Management
• /
• 제16권2호
• /
• pp.23-43
• /
• 2009

For reliability and confidentiality of information security systems, the security engineering methodologies are accepted in many organizations. To improve the effectiveness of security engineering, this paper suggests a security methodology ISEM, which considers both product assurance and production processes, takes advantages in terms of quality and cost. To verify the effectiveness of ISEM, this paper introduces the concepts of quality loss, and compares the development costs and quality losses between ISEM and CC through the development of VPN system.

• 한국컴퓨터정보학회논문지
• /
• 제23권2호
• /
• pp.45-51
• /
• 2018

In this paper, we propose a Designed and Developed home router management system. Through the fourth industrial revolution and development of IoT technology, now people can experience a wide range of IoT related services at their workplace or daily lives. At the industrial site, IoT devices are used to improve productivity such as factory automation, and at home, IoT technology is used to control home appliances from a remote distance. Usually IoT device is integrated and controlled by the router. Home router connects different IoT devices together at home, however when security issues arise, it can invade personal privacy. Even though these threats exist, the perception for home router security is still insufficient. In this paper, we have designed and developed home router management system using DEVS methodology to promote the safe use of home router. Through the DEVS methodology, we have designed the system and developed the mobile application. This management system enables users to set up security options for home router easily.

• 디지털산업정보학회논문지
• /
• 제5권1호
• /
• pp.71-81
• /
• 2009

To the cause of the development of IT technology and the Internet, information leakage of industry is also facing a serious situation. However, most of the existing techniques to prevent leakage of information disclosure after finding the cause of defense. Therefore, in this paper by adding information about the Hardware to offer a way to protect the information. User authentication information to access the data according to different security policies to reflect a little more to strengthen security. And the security agent for the data by using a log of all actions by the record was so easy to analyze. It also analyzes and apply the different scenarios possible. And the analysis of how to implement and how to block. The future without the use of security agents to be able to control access to data and H/W information will be updated for the study will be done.

• 경영과학
• /
• 제17권1호
• /
• pp.145-158
• /
• 2000

The medical records of diagnostic and testing information include sensitive personal information that reveals some of the most intimate aspects of an individual's life. The hospital information system (HIS) operates in a state of high risk which may lead to the possible loss to the IS resources caused by various threats. This research addresses twofold : (1) to perform asset identification ad valuation and (2) to recommend countermeasures for secure HIS network using case studies This paper applied a risk management tool CRAMM (Central Computer and Tele-communications Agency's Risk Analysis and Management Method) to assess asset values and suggest countermeasures for the security of computerized medical information of two large hospitals in Korea. CRAMM countermeasures are recommended at the reference sites from the network security requirements of system utilized for the diagnosis and treatment of patients. The results of the study will enhance the awareness of IS risk management by IS managers.

• 디지털산업정보학회논문지
• /
• 제13권1호
• /
• pp.159-171
• /
• 2017

The purpose of this study is to investigate the effects of e - commerce technology characteristics and personal values on purchasing behavior by information security importance. The results of the empirical study that examined the university students in 2006 and 2016 are as follows. First, personal value is centered on personal values, such as self - esteem and self - esteem in 2006. In 2016, however, personal values such as self - fulfillment and personal relationship with others are important. Transactional ease and product service serve as the main value of the fun and pleasure of life, but the sense of accomplishment as the core value of information protection. Second, the technical characteristics of e-commerce are as follows. In terms of ease of transaction and product service, technology characteristics are simplified and directly effected over time. On the other hand, information protection works very closely with individual value, There was a strong tendency to enjoy benefits. Especially in 2006, if you want to enjoy transactional convenience through transaction information security or benefit from product service, it has been changed to recognize the importance of information security through payment in 2016.

• 항공우주기술
• /
• 제7권1호
• /
• pp.210-215
• /
• 2008

소형위성 발사체(KSLV-I) 개발사업과 관련된 주요 기술정보는 우주발사체사업단 정보시스템인 통합 사업관리 시스템(PLMS)을 통해 관리해오고 있다. 국제 협력을 통한 사업 추진 및 대상 기술의 특성으로 인해 대내외적으로 기술정보에 대한 엄격한 보안이 요구되고 있으며, 이에 기술정보의 보안 강화를 위해 문서보안시스템의 개발을 완료하였다. 본 연구는 통합 사업관리 시스템과 연동하여 주요 기술정보에 대한 불법 접근 및 유출 방지를 목표로 개발된 문서보안시스템의 개요 및 구축 현황에 대해 기술하였다.

• 정보보호학회논문지
• /
• 제25권4호
• /
• pp.793-805
• /
• 2015

현대의 자동차는 안전필수(Safety Critical) 시스템이기 때문에 차량의 안전성을 보장하는 것은 물론 초 연결사회를 지향하는 사물인터넷 기술의 발전과 자동차의 스마트화 됨에 따른 자동차 보안문제가 대두됨에 따라 자동차 소프트웨어와 공급망에서의 보증 방안과 공급망에서 발생할 수 있는 위험을 식별, 평가 및 통제하기 위한 위험관리 방안이 필요하다. 본 논문에서는 자동차 Life-Cycle 내에서 이해관계자 별 위험관리(A-SCRM, Automotive Supply Chain Risk Management) 방법을 연구 제안한다.

• 한국IT서비스학회지
• /
• 제15권3호
• /
• pp.33-50
• /
• 2016

In a dynamic IT environment, employees often utilize external IT resources to work more efficiently and flexibly. However, the use of external IT resources beyond its control may cause difficulties in the company. This is known as "Shadow IT." In spite of efficiency gains or cost savings, Shadow IT presents problems for companies such as the outflow of enterprise data. To address these problems, appropriate measures are required to maintain a balance between flexibility and control. Therefore, in this study, we developed a new information security management system called AIIMS (Advanced IT service & Information security Management System) and the Shadow IT Evaluation Model. The proposed model reflects a Shadow IT's attributes such as innovativeness, effectiveness, and ripple effect. AIIMS consists of five fields: current analysis; Shadow IT management plans; management process; education and training; and internal audit. There are additional management items and sub-items within these five fields. Using AIIMS, we expect to not only mitigate the potential risks of Shadow IT but also create successful business outcomes. Now is the time to draw to the Light in the Shadow IT.

• Journal of Information Technology Applications and Management
• /
• 제27권6호
• /
• pp.89-99
• /
• 2020

Cloud computing is rapidly increasing for achieving comfortable computing. Cloud computing has essentially security vulnerability of software and hardware. For achieving secure cloud computing, the vulnerabilities of cloud computing could be analyzed in a various and systematic approach from perspective of the service designer, service operator, the designer of cloud security and certifiers of cloud systems. The paper investigates the vulnerabilities and security controls from the perspective of administration, and systems. For achieving the secure operation of cloud computing, this paper analyzes technological security vulnerability, operational weakness and the security issues in an enterprise. Based on analysis, the paper suggests secure establishments for cloud computing.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2002년도 추계학술발표논문집 (중)
• /
• pp.1043-1046
• /
• 2002

서바이벌 스토리지 시스템(Survivable Storage System)은 데이터의 가용성 및 보안성을 높이기 위해 여러 가지 분할 복제 기법들을 사용한다. 이러한 기법들을 정보의 중요도를 고려하지 않고 모든 데이터에 일괄적으로 적용하면, 시스템의 성능면에서 비효율적이다. 본 논문은 이를 해결하기 위해 정보의 중요도별로 다른 정보 분할 기법(IDS : Information Dispersal Scheme)를 적용하는 레벨 단위 데이터 분할 프로토콜을 제안하고 그 성능을 평가한다. 그 결과 제안된 방식은 정보의 중요도가 높을수록 데이터의 실질적인 가용성 및 보안성을 증가시킨다는 것을 볼 수 있다.