• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.926-931
• /
• 2004

In this paper, we proposed security management architecture that combines programmable network technology and policy based network management technology to manage efficiently heterogeneous security systems. By using proposed security management architecture, a security administrator can manage heterogeneous security systems using security policy, which is automatically translated into a programmable security policy and executed on programmable middleware of security system. In addition, programmable middleware that has the features of programmable network can reduce excessive management traffic. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time between the proposed architecture and PBNM architecture.

• Journal of Information Technology Applications and Management
• /
• v.22 no.2
• /
• pp.171-199
• /
• 2015

This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

• Korean Security Journal
• /
• no.42
• /
• pp.155-178
• /
• 2015

This study surveyed the subject of companies' industrial security on priorities of the government policy for the confidentiality of corporate and the necessity of expanding the government support for the industrial security. In determining the priority, we should consider all opinions of companies, individuals, societies, and governments that associated with the confidentiality. Especially in industrial security, companies are the most significant beneficiaries and consumers of security policy and it would be the basis for supporting on policy-making. As a result, we analyzed the 50 valid questionnaires collected from security personnel of Korean corporations and 'Enhance support for education and promotion of human resource (On/Off-Line)', 'Establish Security management and Security measures', and 'Enhance Security professionals status via qualifications/certifications' are shown as 1st, 2nd, 3rd priority of government policy to protect Corporate confidential information including its customer information. All respondents of the study says that the Government support for Industrial Security should be enlarged.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.303-309
• /
• 2013

This paper analyzed about operation environment and policy for US military tactical communication, and security policy and transmission performance of tactical link. It is presented operation communication message and framework, which is supported semi automated force, SINCGARS specification of link layer in operation environment, and analyzed COMSEC policy and application layer security in tactical security policy. Also it analyzed in respect to transmission performance and crypto synchronization detection. Security policy of tactical link and COMSEC is analyzed in respect of crypto device such as AFKDMS, AKMS, RBECS, KIV-7/HSB.

• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.37-46
• /
• 2004

This paper presents the design of a certain highly efficient security policy negotiation of SPS(Security Policy System) using mobile agent system. The conventional IP security systems have some problems. A drawback to these systems is that the required policy between each security area is different. Another problem is not possible to guarantee whether a packet is transmitted through the same path by both directions and is protected by the same policy due to the topology of the network. Unlike conventional systems, the model developed herein can be resolved by using a mobile agent technology. If each domain needs a negotiation of security policy, a mobile agent manages the result of the negotiation in the form of a passport and guarantees the authentication and reliability each other by using the passport.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.131-142
• /
• 2008

Enterprises accomplish their missions through obtaining and managing information. The unintended disclose of enterprises' sensitive information causes serious damage to enterprises, resulting in disruptive management. For effective security of enterprises, information security management systems and information security policy owing clear goals should be firmly established. This study analyzes factors influencing maturity of information security policy and gives important hints to execute information security policy.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.27-32
• /
• 2014

The information security policy is one of the most important tools for organization to manage the implementation and ensure the organizational security. However, we do not have metrics for measuring its effectiveness. The ultimate purpose of this study is to develop the measures of information security policy effectiveness. To do this, this study review data quality and information quality literatures and investigate appropriate subfactors for information security policy. Rooted in these concepts, we suggest accuracy, completeness, interpretability, and relevance from content aspect and understandability, concise representation, and amount from form aspect as factors for information security policy effectiveness.

• Journal of Digital Convergence
• /
• v.10 no.10
• /
• pp.119-128
• /
• 2012

This study is to identify the factors that influence an intention to information security policy compliance of employees. To do this, this study is based on three theoretical backgrounds because of the lack of holistic perspective. Research results show that detection certainty and individual attachment have a positive effect on information security policy compliance intention. Detection certainty is influenced by security awareness education and training. Finally, response cost has a negative effect on information security policy compliance intention.

• Journal of Digital Convergence
• /
• v.16 no.2
• /
• pp.117-126
• /
• 2018

The threat to information security is growing globally. To this, organizations are increasing the weight of adapting and operating the more specialized information security policy and system. Information security requires participation from the employees who execute the security system and policy, and to increase the level of organization's internal security, requires organization's systematic support to improve employees' information security compliance intention. This research finds the mechanism for improving employee's information security compliance intention by applying justice theory and goal setting theory in information security. We use structural equation modeling to verify the research hypothesis, and conducted a survey on the employees of organization with information security policy. In other words, this research performs verification of the research model based hypothesis which claims that security policy goal setting has positive influence on employee's level of security related justice recognition, and claims that justice has positive influence on compliance intention. The object of study is the employees of the organization that adapts information security policy, and 383 valid samples were collected via survey. Structural equation modeling was performed to verify the research hypothesis. The result shows that security policy goal factor (goal difficulty, goal specificity) improves employee's security related justice recognition, and that security related justice (distribution, process, and information justice) has positive influence on compliance intention. The result suggests the strategic approach directions for improving employees' compliance intention on organization's security policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.13-28
• /
• 2003

The Protection Profile(PP) is a common security function and detailed statement of assurance requirements in a specific class of Information Technology security products such as firewall and smart card. The parts of TOE security environment in the PP have to be described about assumption, treat and security policy through analyzing purpose of TOE. In this paper, we present a new security policy derivation among TOE security environment parts in the PP. Our survey guides the organizational security policy statements in CC scheme through collected and analyzed hundred of real policy statements from certified and published real PPs and CC Toolbox/PKB that is included security policy statements for DoD. From the result of the survey, we present a new generic organizational policy statements list and propose a organizational security policy derivation method by using the list.