• Title/Summary/Keyword: security assessment

Search Result 728, Processing Time 0.029 seconds

A Cost-Optimization Scheme Using Security Vulnerability Measurement for Efficient Security Enhancement

  • Park, Jun-Young;Huh, Eui-Nam
    • Journal of Information Processing Systems
    • /
    • v.16 no.1
    • /
    • pp.61-82
    • /
    • 2020
  • The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

A Study for Effectiveness of Preliminary Security Assessment on Online Game Service Domain (온라인게임 서비스 분야에 정보보호 사전진단 적용시 효과성에 관한 연구)

  • Yoo, Dong-Young;Seo, Dong-Nam;Kim, Huy-Kang;Choi, Jin-Young
    • Journal of Information Technology Services
    • /
    • v.10 no.2
    • /
    • pp.293-308
    • /
    • 2011
  • The preliminary security assessment is an information security process to analyze security weaknesses before beginning of services. Discovering security weakness through preliminary security assessment is highly required because it costs much when security incident occur in the middle of service operation. However, this assessment is not widely spread in the online game service domain yet. In this paper, we summarize the security risk existed in the online game service, and we classify the security requirements related to the each risk. Also, through the case study, we evaluated the effectiveness of preliminary security assessment in this domain. In addition, we suggest checklists that should be reviewed once in game-client side, network-side and game-server side for the purpose of security enhancement.

Improving Imaging Quality Assessment of Cabinet X-Ray Security Systems (캐비닛 엑스선 검색장비 이미지품질평가 고도화 방안 연구)

  • Yoon, Yeon Ah;Jung, Jin Hyeong;Kim, Yong Soo
    • Journal of Korean Society for Quality Management
    • /
    • v.49 no.1
    • /
    • pp.47-60
    • /
    • 2021
  • Purpose: This study proposes methods and procedures for evaluating imaging security systems quality of cabinet x-ray screening system to enhance performance certification technology. Also, conducted a comparative analysis of the literature of test-kit for imaging security quality evaluation. Methods: Comparative analysis of the test-kits and related documents for image quality assessment of cabinet x-ray screening equipment. This allows assessment items were selected and the methods for each assessment item were proposed. In addition, the configuration method of the assessment team was established by applying the technology readiness assessment(TRA). Results: Four of the assessment items were selected when estimate image quality by a comparative analysis of literature. For each assessment item, the evaluation method and minimum level of availability were determined. Finally, this paper proposes an imaging quality assessment of cabinet X-ray imaging security systems. Conclusion: Development of imaging security systems evaluation procedures for cabinet X-ray screening systems can be help improve performance certification of aviation security equipment.

Proposed RASS Security Assessment Model to Improve Enterprise Security (기업 보안 향상을 위한 RASS 보안 평가 모델 제안)

  • Kim, Ju-won;Kim, Jong-min
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.05a
    • /
    • pp.635-637
    • /
    • 2021
  • Cybersecurity assessment is the process of assessing the risk level of a system through threat and vulnerability analysis to take appropriate security measures. Accurate security evaluation models are needed to prepare for the recent increase in cyberattacks and the ever-developing intelligent security threats. Therefore, we present a risk assessment model through a matrix-based security assessment model analysis that scores by assigning weights across security equipment, intervals, and vulnerabilities. The factors necessary for cybersecurity evaluation can be simplified and evaluated according to the corporate environment. It is expected that the evaluation will be more appropriate for the enterprise environment through evaluation by security equipment, which will help the cyber security evaluation research in the future.

  • PDF

Developing a Framework for the Implementation of Evidence Collection System: Focusing on the Evaluation of Information Security Management in South Korea

  • Choi, Myeonggil;Kang, Sungmin;Park, Eunju
    • Journal of Information Technology Applications and Management
    • /
    • v.26 no.5
    • /
    • pp.13-25
    • /
    • 2019
  • Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

A Security Assessment on the Designated PC service

  • Lee, Kyungroul;Yim, Kangbin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.20 no.12
    • /
    • pp.61-66
    • /
    • 2015
  • In this paper, we draw a security assessment by analyzing possible vulnerabilities of the designated PC service which is supposed for strengthening security of current online identification methods that provide various areas such as the online banking and a game and so on. There is a difference between the designated PC service and online identification methods. Online identification methods authenticate an user by the user's private information or the user's knowledge-based information, though the designated PC service authenticates a hardware-based unique information of the user's PC. For this reason, high task significance services employ with online identification methods and the designated PC service for improving security multiply. Nevertheless, the security assessment of the designated PC service has been absent and possible vulnerabilities of the designated PC service are counterfeiter and falsification when the hardware-based unique-information is extracted on the user's PC and sent an authentication server. Therefore, in this paper, we analyze possible vulnerabilities of the designated PC service and draw the security assessment.

Development of Cyber Security Assessment Methodology for the Instrumentation & Control Systems in Nuclear Power Plants (원전 계측제어시스템에 대한 사이버보안성 평가 방법론 개발)

  • Kang, Young-Doo;Chong, Kil-To
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.9
    • /
    • pp.3451-3457
    • /
    • 2010
  • Cyber security assessment is the process of determining how effectively an entity being assessed meets specific cyber security objectives. Cyber security assessment helps to measure the degree of confidence one has and to identify that the managerial, technical and operational measures work as intended to protect the I&C systems and the information it processes. Recently, needs for cyber security on digitalized nuclear I&C systems are increased. However the overall cyber security program, including cyber security assessment, is not established on those systems. This paper presents the methodology of cyber security assessment which is appropriate for nuclear I&C systems. This methodology provides the qualitative assessments that may formulate recommendations to bridge the security risk gap through the incorporated criteria. This methodology may be useful to the nuclear organizations for assessing the weakness and strength of cyber security on nuclear I&C systems. It may be useful as an index to the developers, auditors, and regulators for reviewing the managerial, operational and technical cyber security controls, also.

Network Security Situation Assessment Method Based on Markov Game Model

  • Li, Xi;Lu, Yu;Liu, Sen;Nie, Wei
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.5
    • /
    • pp.2414-2428
    • /
    • 2018
  • In order to solve the problem that the current network security situation assessment methods just focus on the attack behaviors, this paper proposes a kind of network security situation assessment method based on Markov Decision Process and Game theory. The method takes the Markov Game model as the core, and uses the 4 levels data fusion to realize the evaluation of the network security situation. In this process, the Nash equilibrium point of the game is used to determine the impact on the network security. Experiments show that the results of this method are basically consistent with the expert evaluation data. As the method takes full account of the interaction between the attackers and defenders, it is closer to reality, and can accurately assess network security situation.

Internet Security Readiness: The Influence of Internet Usage Level and Awareness on Internet Security Readiness Capital, Skill, and Actual Uptake/Use of Infrastructure

  • Ryoo, Jung-Woo;Park, Eun-A
    • Journal of Computing Science and Engineering
    • /
    • v.5 no.1
    • /
    • pp.33-50
    • /
    • 2011
  • In this paper we applied our previously developed assessment framework to the data collected from an internet security readiness survey targeted at households. We used the assessment framework to compute an Internet Security Readiness index for each household, which was in turn derived from Internet Security Readiness capital, skill, and actual uptake/use of infrastructure indices. We then examined the relationships among overall Internet Security Readiness, and the capital, skill, and actual uptake/use of infrastructure related to Internet Security Readiness. In addition, we explored the influence of Internet usage level and experience on Internet Security Readiness.

Developing the Assessment Method for Information Security Levels (정보보호 수준평가 방법 개선에 관한 연구)

  • Oh, Nam-Seok;Han, Young-Soon;Eom, Chan-Wang;Oh, Kyeong-Seok;Lee, Bong-Gyou
    • The Journal of Society for e-Business Studies
    • /
    • v.16 no.2
    • /
    • pp.159-169
    • /
    • 2011
  • In order for agencies and companies at the IT service industry to check as well as to upgrade the current status of their information security programs, this paper suggests the assessment method for information security levels. The study developed 12 assessment fields and 54 assessment items derived from domestic and foreign cases including SP800-26, SP800-53, ISMS, and ISO27001. It categorized 54 assessment items into 5 levels for determining information security levels. Also, the study presents 7 strategies for performing their efficient evaluations. The proposed method and process in this paper can be useful guidelines for improving the national information security level.