• Title, Summary, Keyword: 자료보안기술

Search Result 314, Processing Time 0.04 seconds

Status and Future of Security Techniques in the Internet Banking Service (인터넷 뱅킹 서비스 보안기술의 현황과 미래)

  • Lee, Kyungroul;Yim, Kangbin;Seo, Jungtaek
    • Journal of Internet Computing and Services
    • /
    • v.18 no.2
    • /
    • pp.31-42
    • /
    • 2017
  • As Internet banking service became popular, many users can exchange goods by online. Even though this advantage, there are incident cases in the Internet banking service due to security threats. In order to counteract this problem, various security techniques have been applied over whole area in the Internet banking service. Therefore, we described that analyzed results of security techniques applied in the financial institutions area and network communication area in this paper. We consider that this paper will be useful as a reference to protect security threats occurred by insiders and vulnerabilities in implementation.

Detection and Prevention of Bypassing Attack on VLAN-Based Network Segmentation Environment (VLAN을 이용한 네트워크 분할 환경에서의 네트워크 접근 제어 우회 공격 탐지 및 방어 기법)

  • Kim, Kwang-jun;Hwang, Kyu-ho;Kim, In-kyoung;Oh, Hyung-geun;Lee, Man-hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.2
    • /
    • pp.449-456
    • /
    • 2018
  • Many organizations divide the network to manage the network in order to prevent the leakage of internal data between separate organizations / departments by sending and receiving unnecessary traffic. The most fundamental network separation method is based on physically separate equipment. However, there is a case where a network is divided and operated logically by utilizing a virtual LAN (VLAN) network access control function that can be constructed at a lower cost. In this study, we first examined the possibility of bypassing the logical network separation through VLAN ID scanning and double encapsulation VLAN hopping attack. Then, we showed and implemented a data leak scenario by utilizing the acquired VLAN ID. Furthermore, we proposed a simple and effective technique to detect and prevent the double encapsulation VLAN hopping attack, which is also implemented for validation. We hope that this study improves security of organizations that use the VLAN-based logical network separation by preventing internal data leakage or external cyber attack exploiting double encapsulation VLAN vulnerability.

Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior (정보보안 준수의도에 대한 사회심리적 요인 분석: 정보보안과 조직시민행동이론 융합)

  • Han, Jin-Young;Kim, Yoo-Jung
    • Journal of Digital Convergence
    • /
    • v.13 no.8
    • /
    • pp.133-144
    • /
    • 2015
  • In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.

The Activation Strategy and Diagnostic Issues through Business Environment (SWOT) Analysis for Private Security Industry (민간경비 산업의 경영환경(SWOT)분석과 활성화 전략)

  • Ahn, Hwang-Kwon;Park, Young-Man
    • Korean Security Journal
    • /
    • no.20
    • /
    • pp.229-248
    • /
    • 2009
  • This research is looking for the private security industry and diagnostic issues and enable our strategy will be presented through SWOT analysis for the management environment of private security industry to ultimately contribute to the private security industry. Along, the purpose of this research is to want to reach key factors which affect the competitiveness of the private security industry. This study was to conduct literature research and surveys. And analyzing literature and data was collected. And determined the status of private security industry by conducted a comprehensive survey with 13 experts is causal. The question investigation hemisphere the question which harmonizes became accomplished in the center. Like this question analyzed the opinion of the identical research participant and 3 times was executed repetitively, and 2 to verify the data through multiple data as a basis for the SWOT analysis of the environment. Accordingly, the following conclusion emerges. First, the private security industry-related legislation will complement the systematic. This is the task of the public security authority and the relationship will be in the direction for improvement. Second, to develop strategies for diversification of products and services through the use of IT. This business what development security services and products based on IT advanced technology can provide a solution to maximize profits to large security companies and to all of the small companies. Third, it should seek ways to make exports that social safety net project based on security technology and capital of Kore for other Asian countries or developing countries in the world.

  • PDF

Study on the methods of Information security strengthening for the online data sharing (협업자료의 원활한 유통을 위한 정보 보안 강화 방안 연구)

  • Lee, Young-Woo;Oh, Seung-Hyueb
    • Proceedings of the KIEE Conference
    • /
    • /
    • pp.174-175
    • /
    • 2008
  • 오늘날에는 국가 간의 기술경쟁이 더욱 치열해 지면서 국가 경쟁력 확보를 위하여 최단기간 내에 최고의 성과를 얻을 수 있도록 협업 정보를 가상공간상에서 지원하기 위한 국가차원의 "소프트 인프라"에 대한 필요성이 강조되고 있다. 기업들은 저렴한 인터넷 망을 사용하지 못하고 상당한 비용의 선용회선을 협업자료의 유통을 위하여 지출하고 있는 것이다. 또한, 기업 내부에는 외부 웹 하드 ASP 사업자들을 통한 웹 하드 서비스를 제공받기 위하여 년간 특정 금액을 지속적으로 자료 유통을 위해서 그 대가를 지불하고 있다. 본 논문에서는 기업 내 협업자료를 업무 환경 속에서 효율적으로 유통시키기 위한 정보 보안 강화 방안을 제시하고자 한다.

  • PDF

An Empirical Study on Influencing Factors of Using Information Security Technology (정보보안기술 사용의 영향요인에 관한 실증적 연구)

  • Kim, Sang-Hoon;Lee, Gab-Su
    • The Journal of Society for e-Business Studies
    • /
    • v.20 no.4
    • /
    • pp.151-175
    • /
    • 2015
  • Although three types of the information security measures (technical, physical and managerial ones) are all together critical to maintaining information security in the organizations and should be implemented at the same time, this study aims at providing theoretical basis of establishing and implementing effective managerial security measures. The rationale behind this research objective is that it is very important to effectively perform the managerial security measures to achieve the target performance level of the technical and the physical security measures because main agents of practicing the information security measures in the organizations are staff members even though the technical and the physical ones are well constructed and implemented. In particular, this study intends to develop and propose the theoretical model applicable to providing the way of improving organizational members' intention to use information security technologies since the very intention to use them is essential to effectively establishing and promoting managerial security measures. In order to achieve the objective of this study, the factors critical to influencing upon the intention to use information security technologies are derived through systematically reviewing related theories and previous studies, and then the research model and hypotheses are proposed by logically reasoning the casual relationship among the these factors. Also, the empirical analyses are performed by conducting the survey of the organization members of domestic large companies and analyzing the structural equation model by PLS (Partial Least Squares) method. The significant results of this study can contribute to expanding the research area of managerial information security and can be applied to suggesting the practical guidelines for effectively establishing and implementing the managerial security measures in various organizations.

일본 개인정보보호법제 정비동향에 관한 고찰

  • 김현수;박춘식
    • Review of KIISC
    • /
    • v.13 no.5
    • /
    • pp.96-103
    • /
    • 2003
  • 정보화사회의 진전에 따라 일본은 개인정보보호법제의 정비에 착수하여, 2003년 5월 30일에 '개인정보보호 관련 5법안'을 공포하였다. 금번 법제정비의 가장 큰 특징은 공공부문과 민간부문을 포괄하는 개인정보보호 관련 기본법제를 제정함으로써, 국가차원의 종합적ㆍ일체적 개인정보보호 체계를 구축한 것이라고 할 수 있다. 본 논문에서는 최근 국내에서 대두되고 있는 개인정보보호법제 정비의 움직임이 일고 있는 가운데 유용한 자료가 될 수 있는 일본의 개인정보보호법제 정비 과정과 새로이 성립된 개인정보보호 관련법제의 주요내용을 살펴본다.

CA 시스템 적용 모델 및 현황

  • 안혜연
    • Review of KIISC
    • /
    • v.8 no.3
    • /
    • pp.105-114
    • /
    • 1998
  • 최근 정보 보안 및 전자 상거래 관련된 영역에서 cdrtificate(인증), certificate authirity(인증기관) 및 Public key Infrastructure(공개키 기반 구조) 등에 대한 관심이 고조되고 있다. 이러한 기술은 보안의 기본 요소인 인증 (authentication), 기밀성(confidentiality), 무결성(Integrity)및 부인봉쇄(non-repudiation)등의 기능을 커다란 규모의 시스템에 적용할 수 있는 거의 유일한 solution이 될 것이 확실하다. 이 자료에서는 CA(Certificate Authority)관련 기술 자체에 대한 자세한 설명보다는 개념적인 차원에서의 소개와 적용 영역 및 적용 model에 대해 소개하였다.

  • PDF

자동차 융합 정보통신 장치들의 보안 기술 현황 및 발전 방향

  • Yun, KeumJu;Park, DaeHyuck
    • Review of KIISC
    • /
    • v.24 no.2
    • /
    • pp.21-27
    • /
    • 2014
  • 사용자의 편리함과 유익함 뒤에는 높은 위험성이 공존한다. 특히 자동차의 경우에는 빠른 속도로 장소를 이동할 수 있다는 장점이 있지만, 사고 발생 시에 생명을 위협할 만큼의 위험을 가지고 있다. 자동차 사고 발생 후에는 시시비비를 가리기 위해서 많은 분쟁이 발생하는 것이 일반적인 판례였다. 자동차용 블랙박스는 자동차 사고 발생 시에 정확한 현장의 영상, 음성 및 기타 센서 정보를 기록한다. 이를 이용해서 전후좌우, 차량의 상태를 분석하여 사건 발생의 실마리를 찾을 수 있는 중요한 단서로 사용된다. 하지만, 아직은 블랙박스 영상만으로는 법적인 자료로 사용될 수는 없다. 즉, 법적인 자료로 채택되기 위한 기밀성과 무결성 측면에서 약점을 가지고 있다. 이에 따라서 기록된 정보를 암호화하고, 접근 자에 대한 기록을 남기는 기능이 연구 및 표준화 제정되고 있다. 차량 내외에서 수집된 정보에 암호화를 적용하여 이종 기기간 데이터 공유를 차단하고, 자동차 정보기기 보안 인증서를 가지고 있는 단체를 통하여 보안키를 이용하여 정보를 활용하기 위한 시스템이 구성되고 있다. 이를 통하여 자동차 융합 정보통신 장치들로부터 기록된 정보를 법적인 객관적 근거로 활용할 수 있도록 자동차용 정보통신 기기들이 기밀성과 무결성을 준수할 수 있도록 발전할 것이다.

A study on Improved Convergence Security Monitoring System model (융합보안관제시스템 개선에 관한 연구)

  • Lee, Dong-Hwi;Ha, Ok-Hyun
    • Convergence Security Journal
    • /
    • v.11 no.5
    • /
    • pp.3-12
    • /
    • 2011
  • According to the NIS, damages due to leaking industrial technology are reaching tens of trillion won. The type of damages are classified according to insider leaks, joint research, and hacking, illegal technology leaks and collaborated camouflaged. But 80% of them turned out to be an insider leak about connecting with physical security. The convergence of IT and non IT is accelerating, and the boundaries between all area are crumbling. Information Security Industry has grown continuously focusing Private Information Security which is gradually expanding to Knowledge Information Security Industry, but Information Security Industry hereafter is concentrated with convergence of IT Security Technology and product, convergence of IT Security and Physical Security, and IT convergence Industry Security. In this paper, for preventing company information leaks, logical security and physical security both of them are managed at the same level. In particular, using convergence of physical security systems (access control systems, video security systems, and others) and IT integrated security control system, convergence security monitoring model is proposed that is the prevention of external attacks and insider leaks, blocked and how to maximize the synergy effect of the analysis.