• Title/Summary/Keyword: security model

Search Result 4,007, Processing Time 0.026 seconds

The Best Model to Optimize Security Investments with Considering a Corelation of Response Techniques Against Each Threat (위협별 대응기술들의 상관관계를 고려한 보안 투자 모델링)

  • Kim, Min-Sik;Lim, Jong-In
    • Convergence Security Journal
    • /
    • v.9 no.1
    • /
    • pp.39-44
    • /
    • 2009
  • To get legitimacy of a security investment, the analysis of ROI about the security investment is required. In this paper, we suggest a practical quantitative model with considering factors that do decision-making of optimized security investment difficult. This model makes use of the value of a residual risk to decide the best information security solution and considers a corelation of response techniques of the information security solution against each threat to do exact decision-making.

  • PDF

A Study on Development of Information Security Evaluation Model (정보보호 수준평가 적정화 방안 연구)

  • Hur, Soon-Haeng;Lee, Kwang-Woo;Jo, Hea-Suk;Jeong, Han-Jae;Jeon, Woong-Ryul;Won, Dong-Ho;Kim, Seung-Joo
    • The KIPS Transactions:PartC
    • /
    • v.15C no.3
    • /
    • pp.173-190
    • /
    • 2008
  • The purposes of this study is development of information security evaluation model for governments to analyze domestic and foreign existing models. Recent domestic information security certification systems have several problems, because shortage of organic connectivity each other. Therefore we analysis on domestic and foreign existing models, specify security requirements, evaluation basis and other facts of models, optimize these facts for governments, and develop new model for domestic governments.

Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System (통합보안 관리시스템의 침입탐지 몇 대응을 위한 보안 정책 모델)

  • 손우용;송정길
    • Journal of the Korea Society of Computer and Information
    • /
    • v.9 no.2
    • /
    • pp.81-87
    • /
    • 2004
  • Very various intrusion by development of systems that is based on network is spread. To detect and respond this intrusion, security solutions such as firewall or IDS are bringing and management of security system that load these becomes more harder. Moreover, because environment of systems that require security is various, hard to manage establishing suitable security policy Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

  • PDF

Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System (통합보안관리 시스템에서의 침입탐지 및 대응을 위한 보안 정책 모델에 관한 연구)

  • Kim, Seok-Hun;Kim, Eun-Soo;Song, Jung-Gil
    • Convergence Security Journal
    • /
    • v.5 no.2
    • /
    • pp.9-17
    • /
    • 2005
  • Recently It's difficult to deal with about variety of attack. And Simple Security management have a problem. It is that they don't develop system measuring their system envoirment and have efficient attack detector, countermeasure organization about large network. Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

  • PDF

Information Security on Learning Management System Platform from the Perspective of the User during the COVID-19 Pandemic

  • Mujiono, Sadikin;Rakhmat, Purnomo;Rafika, Sari;Dyah Ayu Nabilla, Ariswanto;Juanda, Wijaya;Lydia, Vintari
    • Journal of information and communication convergence engineering
    • /
    • v.21 no.1
    • /
    • pp.32-44
    • /
    • 2023
  • Information security breach is a major risk in e-learning. This study presents the potential information security disruptions in Learning Management Systems (LMS) from the perspective of users. We use the Technology Acceptance Model approach as a user perception model of information security, and the results of a questionnaire comprising 44 questions for instructors and students across Indonesia to verify the model. The results of the data analysis and model testing reveals that lecturers and students perceive the level of information security in the LMS differently. In general, the information security aspects of LMSs affect the perceptions of trust of student users, whereas such a correlation is not found among lecturers. In addition, lecturers perceive information security aspect on Moodle is and Google Classroom differently. Based on this finding, we recommend that institutions make more intense efforts to increase awareness of information security and to run different information security programs.

A Building Method of Designing National Cyber Security Governance Model Through Diagnosis of Operational Experience (정보보안체계 운영경험 진단을 통한 국가 사이버보안 거버넌스 모델 연구 방법)

  • Bang, Kee-Chun
    • Journal of Digital Convergence
    • /
    • v.16 no.6
    • /
    • pp.205-212
    • /
    • 2018
  • This Study aims to propose a new information security governance model design method for streamlining security governance at national strategic level. The research method of this study is to diagnose our operational experience and to derive a new model design method. In the meantime, national information security activities were perceived to be focused on knowledge transfer, and motivation of activities and securing of executive power were weak. As a result, security blind spots and frequent occurrence of large security incidents have become unresolved challenges. National cyber security governance should be grouped together as a whole systematically from the upper policy to the lower level of performance under the responsibility of the national leader. Based on this approach, this study presented the comprehensive framework of Korean security governance model and embodied it into four architectural designs such as vision, goal, process, and performance, thus deriving the foundation for future national governance model design. Further research is needed to diagnose problems in life cycle flow, security policies based on environmental changes, and new frameworks in which all subjects participate.

Development of Integrated Security Control Service Model based on Artificial Intelligence Technology (인공지능 기술기반의 통합보안관제 서비스모델 개발방안)

  • Oh, Young-Tack;Jo, In-June
    • The Journal of the Korea Contents Association
    • /
    • v.19 no.1
    • /
    • pp.108-116
    • /
    • 2019
  • In this paper, we propose a method to apply artificial intelligence technology efficiently to integrated security control technology. In other words, by applying machine learning learning to artificial intelligence based on big data collected in integrated security control system, cyber attacks are detected and appropriately responded. As technology develops, many large capacity Is limited to analyzing individual logs. The analysis method should also be applied to the integrated security control more quickly because it needs to correlate the logs of various heterogeneous security devices rather than one log. We have newly proposed an integrated security service model based on artificial intelligence, which analyzes and responds to these behaviors gradually evolves and matures through effective learning methods. We sought a solution to the key problems expected in the proposed model. And we developed a learning method based on normal behavior based learning model to strengthen the response ability against unidentified abnormal behavior threat. In addition, future research directions for security management that can efficiently support analysis and correspondence of security personnel through proposed security service model are suggested.

Development of a Formal Access Control Model in CORBA Security using the Z Language (Z 언어를 기반으로 CORBA 보안의 정형화된 접근 제어 모델 개발)

  • 김영균;김경범;인소란
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.7 no.3
    • /
    • pp.79-94
    • /
    • 1997
  • OMG (Object Management Group) published a security service specification, called CORBA (Common Object Request Broker Architecture) security reference model because the integration of security and object-oriented techniques was critical for successful deployment of distributed object systems. The CORBA security reference model treats access control as an implementation independent semantic concept but has incomplete semantics of the access control function. Because of such imcompleteness it is difficult for the system administrator and the CORBA security implementor to have the same understanding for the meaning of access control in the CORBA security. We propose a formal model for access control the CORBA security using the formal description language, which is called Z language based on typed set theory. The proposed model provides concrete semantics of the access control function to both the system administrator and the implementor.

Analysis of the Security Requirements of the Chatbot Service Implementation Model (챗봇서비스 구현 모델의 보안요구사항 분석)

  • Kyu-min Cho;Jae-il Lee;Dong-kyoo Shin
    • Journal of Internet Computing and Services
    • /
    • v.25 no.1
    • /
    • pp.167-176
    • /
    • 2024
  • Chatbot services are used in various fields in connection with AI services. Security research on AI is also in its infancy, but research on practical security in the service implementation stage using it is more insufficient. This paper analyzes the security requirements for chatbot services linked to AI services. First, the paper analyzes the recently published papers and articles on AI security. A general implementation model is established by investigating chatbot services provided in the market. The implementation model includes five components including a chatbot management system and an AI engine Based on the established model, the protection assets and threats specialized in Chatbot services are summarized. Threats are organized around threats specialized in chatbot services through a survey of chatbot service managers in operation. Ten major threats were drawn. It derived the necessary security areas to cope with the organized threats and analyzed the necessary security requirements for each area. This will be used as a security evaluation criterion in the process of reviewing and improving the security level of chatbot service.

Research on the Level Evaluation Model of the Organization Research Security (조직의 연구보안 수준평가 모형 연구)

  • Na, Onechul;Chang, Hangbae
    • The Journal of Society for e-Business Studies
    • /
    • v.25 no.3
    • /
    • pp.109-130
    • /
    • 2020
  • Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.