• Title/Summary/Keyword: security model

Search Result 4,007, Processing Time 0.029 seconds

A Cost-Optimization Scheme Using Security Vulnerability Measurement for Efficient Security Enhancement

  • Park, Jun-Young;Huh, Eui-Nam
    • Journal of Information Processing Systems
    • /
    • v.16 no.1
    • /
    • pp.61-82
    • /
    • 2020
  • The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

Integrative Security Model Design for Academic Affairs Database (대학 학사 데이터베이스 통합 보안 모델 설계)

  • Jeong, Yoon-Su;Shin, Seung-Soo
    • Journal of Digital Convergence
    • /
    • v.10 no.4
    • /
    • pp.235-241
    • /
    • 2012
  • To improve educational excellence and quality, academies carry forward integrative security model related to academic affairs including personal information. This paper proposes an integrative security model for academic affairs database, which guarantees DBMS access control, confidentiality, integrity, and security inspection. This proposed model considered that most academies can't make good use of data security product and suggests a detailed measure to realize the confidentiality based on the function of DBMS.

An Effect of Organizational Security Climate on Individual's Opportunistic Security Behavior: An Empirical Study (조직의 보안 분위기가 개인의 기회주의 행동에 미치는 영향에 관한 실증 연구)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.10 no.10
    • /
    • pp.31-46
    • /
    • 2012
  • Drawing upon Griffin and Neal's safety climate and performance model, this study developed an information security climate model. Research model is composed of three research variables that include information security climate, information security compliance attitude, and opportunistic security behavior. Results of the study strongly support the fundamental proposition that the organizational security climate has significant positive influence on the individual's opportunistic security behavior. However, the study also reveals that the organizational climate may not directly associate with the reduction of opportunistic security behavior. Rather the organizational security climate nurtures the favorable attitude of the employee towards the compliance of information security, which in turn discourages opportunistic security behavior.

Advanced approach to information security management system utilizing maturity models in critical infrastructure

  • You, Youngin;Oh, Junhyoung;Kim, Sooheon;Lee, Kyungho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.10
    • /
    • pp.4995-5014
    • /
    • 2018
  • As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

An Information Security Model for Digital Contents (디지털 콘텐츠의 정보보호 분석 모델)

  • Yoon, Seuk-Kyu;Jang, Hee-Seon
    • Convergence Security Journal
    • /
    • v.10 no.3
    • /
    • pp.9-14
    • /
    • 2010
  • The network architecture and analysis model for evaluating the information security are presented to distribute the reliable and secure multimedia digital contents. Using the firewall and IDS, the function of the proposed model includes the security range, related data collection/analysis, level evaluation and strategy proposal. To develop efficient automatic analysis tool, the inter-distribution algorithm and network design based on the traffic analysis between web-server and user are needed. Furthermore, the efficient algorithm and design of DRM/PKI also should be presented before the development of the automatic information security model.

Enhancement of Internal Control by expanding Security Information Event Management System

  • Im, DongSung;Kim, Yongmin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.20 no.8
    • /
    • pp.35-43
    • /
    • 2015
  • Recently, internal information leaks is increasing rapidly by internal employees and authorized outsourcing personnel. In this paper, we propose a method to integrate internal control systems like system access control system and Digital Rights Managements and so on through expansion model of SIEM(Security Information Event Management system). this model performs a analysis step of security event link type and validation process. It develops unit scenarios to react illegal acts for personal information processing system and acts to bypass the internal security system through 5W1H view. It has a feature that derives systematic integration scenarios by integrating unit scenarios. we integrated internal control systems like access control system and Digital Rights Managements and so on through expansion model of Security Information Event Management system to defend leakage of internal information and customer information. We compared existing defense system with the case of the expansion model construction. It shows that expanding SIEM was more effectively.

A Systematic Treat Model for Software-Defined Networking

  • Zhang, Wenbin;Wu, Zehui;Wei, Qiang;Yuan, Huijie
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.2
    • /
    • pp.580-599
    • /
    • 2021
  • Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

Information Security and Organizational Performance: Empirical Study of Korean Securities Industry

  • Kong, Heekyung;Jung, Suhyun;Lee, Insung;Yeon, Seung-Jun
    • ETRI Journal
    • /
    • v.37 no.2
    • /
    • pp.428-437
    • /
    • 2015
  • This study was conducted to analyze the effect of information security activities on organizational performance. With this in mind and with the aim of resolving transaction stability in the securities industry, using an organization's security activities as a tool for carrying out information security activities, the effect of security activities on organizational performance was analyzed. Under the assumption that the effectiveness of information security activities can be bolstered to enhance organizational performance, such effects were analyzed based on Herzberg's motivation theory, which is one of the motivation theories that may influence information protection activities. To measure the actual attributes of the theoretical model, an empirical survey of the securities industry was conducted. In this explorative study, the proposed model was verified using partial least squares as a structural equation model consisting of IT service, information security, information sharing, transaction stability, and organizational performance.

Knowledge-based modeling and simulation of access control system representing security policies (보안정책을 표현하는 침입차단시스템의 지식기반 모델링 및 시뮬레이션)

  • 고종영;이미라;김형종;김홍근;조대호
    • Journal of the Korea Society for Simulation
    • /
    • v.10 no.4
    • /
    • pp.51-64
    • /
    • 2001
  • It is quite necessary that an organization's information network should be equipped with a proper security system based on its scale and importance. One of the effective methods is to use the simulation model for deciding which security policy and mechanism is appropriate for the complex network. Our goal is to build a foundation of knowledge-based modeling and simulation environment for the network security. With this environment, users can construct the abstracted model of security mechanisms, apply various security policies, and quantitatively analyze their security performance against possible attacks. In this study, we considered security domain from several points of view and implemented the models based on a systematic modeling approach. We enabled the model to include knowledge in modular fashion and provided well-defined guidelines for transforming security policy to concrete rule set.

  • PDF