• Title, Summary, Keyword: Security

Search Result 20,469, Processing Time 0.078 seconds

A Cost-Optimization Scheme Using Security Vulnerability Measurement for Efficient Security Enhancement

  • Park, Jun-Young;Huh, Eui-Nam
    • Journal of Information Processing Systems
    • /
    • v.16 no.1
    • /
    • pp.61-82
    • /
    • 2020
  • The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

Incident Response Competence by The Security Types of Firms:Socio-Technical System Perspective (기업 보안 유형에 따른 보안사고 대응역량 : 사회기술시스템 이론 관점에서)

  • Lee, Jeonghwan;Jung, Byungho;Kim, Byungcho
    • Journal of Information Technology Services
    • /
    • v.12 no.1
    • /
    • pp.289-308
    • /
    • 2013
  • This study proceeded to examine the cause of the continuous secret information leakage in the firms. The purpose of this study is to find out what type of security among administrative, technological and physical security would have important influence on firm's security performance such as the security-incident response competence. We established the model that can empirically verify correlation between those three types of security and the security-incident response competence. In addition, We conducted another study to look at relation between developing department of security in the firms and reaction ability at the accidents. According to the study, the administrative security is more important about dealing with the security-incident response competence than the rest. Furthermore, a group with department of security has better the security-incident response competence and shows higher competence in fixing or rebuilding the damage. Therefore, this study demonstrates that investing in administrative security will be effective for the firm security.

Limit of interpreting 'security service' in current 「Security Services Industry Act」 and direction of legislating and revising private security industry (현행 「경비업법」상 경비개념과 경비업무 해석의 한계 및 민간보안산업 관련 입법의 제·개정 방향)

  • Choi, Eun-Ha;Kim, Na-Ri;Yoo, Young-Jae
    • Korean Security Journal
    • /
    • no.50
    • /
    • pp.35-57
    • /
    • 2017
  • Security Act has been partially revised many times since it was revised to "Security Service Act". Main contents of such revision consist of the addition of security work such as protection or special security, responsibility enforcement of security company or security guard and systematic management of security service based on security work of previous security service act. But, it needs to be checked out that the fundamental matter about the concept of 'security' is directly related as double-edged sword in such flow of legal revision. That is because security service satisfies the multiple needs for security in the modern risky society and is based on the concept of active management whose goal is to forster and develop the function of actual security service comparing that current "Security Service Act" regulates the formal security service whose goal is permission of security service and systematic management based on article 2 as previous facilities and manned security that is guard duty-centered security service in another respect. So, this study pointed out the limit of interpreting security and security service in "Security Services Industry Act" in respect of providing private security service and drew the conclusion that the legislation and efforts are required for 'security for citizen' by reinterpreting the legislation and revision of private security service-related law as the normal regulation of "Security Services Industry Act" and the special law of "Private Security Services Industry Act".

  • PDF

The Operating Status of Security Alarm Systems and the Polices for Inproving the Operational Quality (기계경비시스템 운용현황 고찰과 운용품질개선 방안)

  • Sin, Sang-Yeop
    • Korean Security Journal
    • /
    • no.8
    • /
    • pp.197-218
    • /
    • 2004
  • This study has been conducted to provide data that contribute to increasing efficiency of 'Private Security', which is cooperated by customer, security companies and the police which carried out 'Public Law Enforcement' and controls security companies. To reach this purpose, we investigated the status of the 'Security Alarm Systems' operated by security service companied in Korea, analyzed arising problems, considered the polices for improving the operational quality. 'Electronic Security Systems' will increase working efficiency in performing 'Private Security'. There can be no two opinions on this matter. Therefore, it can be supposed that the improvement of operational quality of 'Electronic Security System' is an important factor to accomplish security services. 'Security Alarm System' is one of the 'Electronic Security System'. The critical problems in operating 'Security Alarm system' are unnecessary response by false alarm and nuisance alarm. To reduce the problems, it is suggested that security specialist officially licensed should improve security planning, installation and maintenance, and the 'Alarm Verification System' should be introduced with appropriate facilities.

  • PDF

Problems of Security Act and Solutions (경비업법의 현안과 해결방안)

  • Park, Byung-Sick
    • Korean Security Journal
    • /
    • no.29
    • /
    • pp.87-113
    • /
    • 2011
  • Korean security industry has history of more than half a century, and it is growing fast. Private security industry contributes not only to livelihood safety, but also to national security. The area of the industry is being expanded. Security Act is closely related to the security industry, and has contributed to the growth of private security industry sector. Security Act of Korea, which was established in 1976, was originally made after Japanese Security Act. But nowadays, Korean Security Act is as systematic as the Japanese act. However, for 10 years, Security Act of Korea has been stagnant, not able to reflect security industries' demand. The writer has contributed to the development of Security Act. In 1995, the writer wrote the basic framework of Security Instructor Qualifications System and drafted Security Act in 2002. There are currently many problems in existing Security Act, but there are four representative problems. (1) No more establishment of new security sector, (2) excessively slack qualification criteria, (3) the education system for guards, (4) the security Instructor examination system. This paper derives problems of current Security Act, and suggests solutions for them. Not only the academic world, but all of us should pay attention to the revision of Security Act.

  • PDF

A Study on Policy for cost estimate of Security Sustainable Service in Information Security Solutions (정보보안솔루션 보안성 지속 서비스 대가 산정 정책 연구)

  • Jo, Yeon-ho;Lee, Yong-pil;Lim, Jong-in;Lee, Kyoung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.905-914
    • /
    • 2015
  • Once information security solution is implemented, it requires many services other than just general user management, such as malicious code analysis and security updated for consistent security against external threats or attacks, analysis of threat and attack, effectivity management of obtained security assurance, and advisory activities of security technical professionals. However, even if information security solutions provide those extra services, they are not properly treated in real market. Thus, for the security sustainable services, this study analyzes the service status of domestic information security, and suggest policy measure of price which could reflected the characteristics of information security solutions.

The Proposal of Problems in Private Security Law (경비업법령의 문제와 개정방향)

  • Ahn, Hwang Kwon;Choi, Kyung Chul
    • Convergence Security Journal
    • /
    • v.16 no.1
    • /
    • pp.39-48
    • /
    • 2016
  • In 1976, privative security law in Korea was enacted. Through the law has been revised 23 times, and it reflected changing security environment. Since the private security is now in charge of the daily safety as well as the police, private security law should be revised in overall dimension. First, the name of private security service and terms should be reorganized with applying the current environment of security. For instance, there should be an appropriate range of security service which could contain security consulting, planner, private investigator, and convergence security. Second, the errors of private security law should be corrected and applied to the revised law. Third, some inappropriate contents in the private security law should be revised. Forth, revising the private security law should consider to solve problems in selection, education, and election of security instructor.

Construction of Security MIB for EDI System

  • Park Tae-Kyou
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.8 no.1
    • /
    • pp.23-37
    • /
    • 1998
  • This paper considers the design and management of security MIB for EDI system. EDI system has to establish various securety wervices and mechanisms to protect against security threats. Hence, the EDIsystem requires appropriate security management to monitor and control the security obhects for its security services and mechanisms. In this paper, I identify security objects for management of secueity services defined in the EDIsystem, and propose the design of a security MIB and describe the use of SNMPnetwork management protocol in its management.

  • PDF

Analysis of a Security Survey for Smartphones

  • Nam, Sang-Zo
    • International Journal of Contents
    • /
    • v.11 no.3
    • /
    • pp.14-23
    • /
    • 2015
  • This paper presents the findings of a study in which students at a four-year university were surveyed in an effort to analyze and verify the differences in perceived security awareness, security-related activities, and security damage experiences when using smartphones, based on demographic variables such as gender, academic year, and college major. Moreover, the perceived security awareness items and security-related activities were tested to verify whether they affect the students' security damage experience. Based on survey data obtained from 592 participants, the findings indicate that demographic differences exist for some of the survey question items. The majority of the male students replied "affirmative" to some of the questions related to perceived security awareness and "enthusiastic" to questions about security-related activities. Some academic year differences exist in the responses to perceived security awareness and security-related activities. On the whole, freshmen had the lowest level of security awareness. Security alert seems to be very high in sophomores, but it decreases as the students become older. While the difference in perceived security awareness based on college major was not significant, the difference in some security-related activities based on that variable was significant. No significant difference was found in some items such as storing private information in smartphones and frequency of implementation of security applications based on the college major variable. However, differences among the college majors were verified in clicking hyperlinks in unknown SMS messages and in the number of security applications in smartphones. No differences were found in security damage experiences based on gender, academic year, and college major. Security awareness items had no impact on the experience of security damage in smartphones. However, some security activities, such as storing resident registration numbers in a smartphone, clicking hyperlinks in unknown SMS messages, the number of security apps in a smartphone, and the frequency of implementation of security apps did have an impact on security damage.

Security Evaluation Criteria for Firewalls in Kirea

  • Lee, Cheol-Won;Hong, Ki-Yoong;Kim, Hak-Beom;Oh, Kyeong-Hee;Kwon, Hyun-Jo;Sim, Joo-Geol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.8 no.3
    • /
    • pp.63-78
    • /
    • 1998
  • Recently, to use the evaluated firewall is recognized as a solution to achieve the security and reliability for government and organizarions in Korea. Results of firewall evaluation using ITSEC(Information Technology Security Evaluation Criteria) and CCPP(Common Criteria Protection Peofile)have been announced. Because there are problems to apply ITSECor CCPP for the firewall evaluation in korea environment, korea government and korea Information security Agency (KISA) decided to develop our own security dvaluation critrtia fir firewalls.As a result of the efforts, Korea firewall security evaluation criteria has been published on Feb. 1998. In this paper, we introduce Korea security evaluation criteria for firewalls. The ceiteria consists of functional and assurance requirements that are compatible with CC Evaluation Assurance Levels(EALs)

  • PDF