DOI QR코드

DOI QR Code

A Study on Interface Security Enhancement

조직의 실시간 보안관리 체계 확립을 위한 '인터페이스 보안' 강화에 대한 연구

  • Received : 2015.01.12
  • Accepted : 2015.02.28
  • Published : 2015.05.31

Abstract

Because the specific security technology alone can not cope with sophisticated attacks, various security management models are applied. But, they do not focus on the vulnerability of the highest part because they offer so many common security management criteria. By analyzing the main information and confidential leakage cases inflicting enormous damage to our society, we found that attackers are using mainly an interface vulnerabilities - the paths that connect the internal and external of the organization, such as e-mail, web server, portable devices, and subcontractor employees. Considering the reality that time and resources to invest in security domain are limited, we point out the interface security vulnerabilities the possibility of attackers to exploit and present a convergence method of security measures. Finally, based of ROI(Return on Investment), we propose the real-time security management system through the intensive and continuous management.

Acknowledgement

Grant : Research on Communication Technology using Bio-inspired Algorithm

Supported by : IITP

References

  1. Ji-sook Kim et al., "Comparison of The ISMS Difference for Private and Public Sector," Journal of Korea Institute of Information Security and Cryptology, Vol.20, No.2, pp. 117-129, Apr., 2010.
  2. Hyewon Shin, "Methodology to Analyze Insider Risk for the Prevention of Corporate Data Leakage," Korea Computer Congress 2012, Vol.39, No.1, pp.295-297, Jun., 2012.
  3. Oh-Hun Kwon et al., "A Persistent and Real Time Security Management System for Korea Military Network," Journal of Korea Institute of Information Security and Cryptology, Vol.23, No.6, pp.54-66, Dec., 2013.
  4. Song-young Kim et al., "A study on the security policy improvement using the big data," Journal of Korea Institute of Information Security and Cryptology, Vol.23, No.5, pp. 969-976, Oct., 2013. https://doi.org/10.13089/JKIISC.2013.23.5.969
  5. National Industrial Security Center [Internet], http://service12.nis.go.kr/servlet/page?cmd=preservation&cd_code=outflow_1&menu=AAA00#.VD47J01xlZQ, 2014.
  6. Munhwailbo [Internet], http://www.munhwa.com/news/viewhtml?no=20141008010710231730020, 2014.
  7. Joon-Jeong Park, Kwangjo Kim, "A Compensation Method to the Deliberate Military Secret Leakers," Conference on Information Security and Cryptology-Winter 2014, Dec. 2014.
  8. YounhapnewsTV [Internet], http://www.news-y.co.kr/MYH20140822016200038, 2014.
  9. Ministry of Science, ICT and Future Planning [Internet], http://www.msip.go.kr/www/brd/m_211/view.do?seq=1251, 2014.
  10. Prosecution Service [Internet], http://www.spo.go.kr/seoul/notice/notice/notice01.jsp?mode=view&board_no=116&article_no=579011, 2014.
  11. SBS [Internet], http://news.sbs.co.kr/news/endPage.do?news_id=N1002623091&plink=ORI, 2014.
  12. YTN [Internet], http://www.ytn.co.kr/_ln/0103201310141055339751, 2014.
  13. AJU Business Daily[Internet], http://www.ajunews.com/common/redirect.jsp?newsId=20121023000324, 2012.
  14. Ministry of Trade, Industry & Energy [Internet], http://www.motie.go.kr/motie/ne/presse/press2/bbs/bbsView.do?bbs_cd_n=81&bbs_seq_n=156671, 2014.
  15. R. West, "The Psychology of Security : why do good users make bad decisions?," Communications of the ACM, Vol.51, No.4, pp.34-40, Apr., 2008. https://doi.org/10.1145/1330311.1330320
  16. Boannews [Internet], http://www.boannews.com/media/view.asp?idx=40482&kind=1, 2014.
  17. Ministry of Science, ICT and Future Planning [Internet], http://www.msip.go.kr/www/brd/m_211/view.do?seq=1228, 2014.
  18. AJUnews [Internet], http://www.ajunews.com/view/20141016093217871, 2014.
  19. National Cyber Security Center, "Introduction to G-ISMS," Journal of Korea Institute of Information Security and Cryptology, Vol.23, No.5, pp.9-11. Oct., 2013.
  20. Korea Internet and Security Agency [Internet], http://isms.kisa.or.kr/kor/intro/intro02.jsp, 2014.
  21. Korea Internet and Security Agency [Internet], http://isms.kisa.or.kr/kor/notice/dataView.jsp?p_No=48&b_No=48&d_No=114&cgubun=&cPage=1&searchType=ALL&searchKeyword=, 2013.
  22. NIST, "Critical Success Factors" in Special Publication 800-55 Revision1: Performance Measurement Guide for Information Security, 2008.
  23. Chae-ho Lim, "Cyber attack strategy(NaverCast)," [Internet] http://navercast.naver.com/author_contents_list.nhn?acknowledgeType=author&acknowledgeId=au1337, 2014.
  24. C. Herley, "Security, Cybercrime, and Scale," Communications of the ACM, Vol.57, No.9, pp.64-71, Sep., 2014. https://doi.org/10.1145/2654847