• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.1
• /
• pp.51-61
• /
• 2011

A smartphone is a mobile phone that offers more advanced computing ability and connectivity than a contemporary basic feature phone. Unlike feature phone, a smartphone allows the user to install and run more advanced applications based on a specific platform. Smartphones run complete operating system software providing a platform for application developers. A smartphone will become the default computing method for many point activities in the not-too-distant future, such as e-mail, online shopping, gaming, and even video entertainment. For smartphone that contains sensitive information and access the Internet, security is a major issue. In the 1980s, security issues were hardly noticed; however, security is a major issue for users today, which includes smart phones. Because security is much more difficult to address once deployment and implementation are underway, it should be considered from the beginning. Recently our government recognized the importance of smartphone security and published several safety tips for using the smartphone. However, theses tips are user-oriented measures. Maintaining the security of a smartphone involves the active participation of the user. Although it is a important users understand and take full advantage of the facilities afforded by smarphone, it is more important developers distribute the secure smartphone application through the market. In this paper we describe some scenarios in which user is invaded his/her privacy by smartphone stolen, lost, misplaced or infected with virus. Then we suggest the security considerations for securing smartphone applications in respect with developers. We also suggest the methods applying domestic encryption algorithms such as SEED, HIGHT and ARIA in developing secure applications. This suggested security considerations may be used by developers as well as users (especially organizations) interested in enhancing security to related security incidents for current and future use of smartphones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.175-185
• /
• 2019

The security control is to protect IT system from cyber infringement by deriving valid result values in the process of gathering and analyzing various information. Currently, security control is very effective by using SIEM equipment which enables analysis of systematic and comprehensive viewpoint based on a lot of data, away from analyzing cyber threat information with only fragmentary information. However, It can also be said that cyber attacks are analyzed and coped with the manual work of security personnel. This means that even if there is excellent security equipment, the results will vary depending on the user using. In case of operating a characteristic web service including information provision, This study suggests the basic point of security control through characteristics information analysis, and proposes a model for intensive security control through the type discovery and application which enable a step-wise analysis and an effective filtering. Using this model would effectively detect, analyze and block attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.69-79
• /
• 2013

Recently, many enterprises are suffering from advanced types of malware and their variants including intelligent malware that can evade the current security systems. This addresses the fact that current security systems have limits on protecting advanced and intelligent security threats. To enhance the overall level of security, first of all, it needs to increase detection ratio of each security solution within a security system. In addition, it is also necessary to implement internetworking between multiple security solutions to increase detection ratio and response speed. In this paper, we suggest a collaborative security response method to overcome the limitations of the previous Internet service security solutions. The proposed method can show an enhanced result to respond to intelligent security threats.

• Convergence Security Journal
• /
• v.22 no.5
• /
• pp.81-87
• /
• 2022

The purpose of this paper is to take a look the effect of the physical security level of companies possessing national core technology on security performance and work efficiency. To this end, a survey was set out for about 200 security officers for a month. In the survey, the independent variable was physical security level, the parameter was security performance, and the dependent variable was work efficiency. Reliability analysis, validity analysis, discriminant validity analysis, etc. were analyzed for causality through SPSS. As a result, "Physical Security Level ⇒ Security Performance, Security Performance ⇒ Work Efficiency" was adopted, but "Physical Security Level ⇒ Work Efficiency" was rejected. Therefore, it was found that the physical security level affects work efficiency through security performance, which is a parameter. However, it was found that the physical security level did not directly affect work efficiency. In order to improve work efficiency in the future, improving security performance should be a priority.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.101-106
• /
• 2008

It is essential for organizations to employ strategies for improving their information systems security. It is also required to consider features of information systems security strategies which affect their successful and efficient implementation in organizations. This paper identifies those features from various information systems security and strategies literatures.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2017

The first thing to be prioritized is to set the scope of the management system when establishing an information security management system for systematic and effective information security management. It is important to set the scope for an organization's information security goals due to the scope affects the organization's overall information security activities. If the scope is set incorrectly, it might become impossible to protect important services and therefore, the scope of the management system should be determined in consideration of the core business services of the organization. We propose a core service selection model based on the organization's mission-critical service and high risk service in order to determine the effective information security management system scope in this paper. Core service selection criteria include the type of service, contribution to sales, socio-economic impact, and linkage with other services.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.93-100
• /
• 2017

Current internet has evolved from the sharing and efficiency aspects of information, it is still vulnerable to the fact that the Internet is not secure in terms of security and is not safe to secure of security mechanism. Repeating patches on continuous hacking are continuously demanding additional resources for network or system equipment, and consequently the costs continue to increase. Businesses and individuals alike are speeding up the damage caused by crime like of ransomware, not jusy simple attacks, and businesses and individuals need to respond to cyber security. In addition, the ongoing introduce of security device, and separate of networks for secure transmission of contents in the existing TCP/IP system, but it is still lacking in security. To complement the security implications of this existing TCP/IP Internet Protocol, we intend to propose a Secure Contents Transport System (SCTS) on the network using the CCN concept.

• Convergence Security Journal
• /
• v.5 no.1
• /
• pp.63-74
• /
• 2005

Security products were developed and diffused for defense all emergency on cyberspace on E-commerce, but it requires special technique of information security in maintenance. The operation and need of security system was required in a public corporation and company, but it isn't provided in an appropriate time. Therefore, the domestic sites were vulnerable by security vulnerability. In this paper, we propose on the design and implementation of the data integrity analysis system that a novice manage usefully and automatically for management of E-commerce security products.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.763-777
• /
• 2021

Information security started as an IT operation process and is now recognized as an important issue of information technology, and each international organization is newly defining the concept. Information security itself is a new combination of IT technologies, a set of technologies and a technology area. As IT outsourcing becomes common in many public sectors, SLAs are introduced to evaluate the level of IT services. In the area of information security, many studies have been conducted on the derivation and selection of SLA performance indicators, but it is difficult to find a way to apply the performance indicators to service level evaluation and performance systems. This thesis conducted a study on the application of a service evaluation system for information security performance indicators based on the public sector and a performance system including compensation regulations. It presents standards and rewards(incentive and penalty) that define expectation and targets of performance indicators that take into account the environment and characteristics of a specific public sector, and defines appropriate SLA costs. It proposes a change plan for the organizational structure for practical SLA application and service level improvement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.411-429
• /
• 2014

As cloud computing has enabled, a variety of cloud services has come into wide use. Thus, cloud computing products can be easily identified in the IT market. Common Criteria is international standards for security evaluation performed of IT products. In addition, Consumers can be used as a objective guideline for the evaluation results. And, it is a provides for protection profile(security target of security products). For general, IT products are providing the protection profile. However, for cloud-related products of protection profile is not being provided. Thus, about cloud security products, there is no way for evaluation. Therefore, in this paper, we propose protection profile on cloud database management system for the secure cloud environment in common criteria.