Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

Current Status of Information Security against Cyber Attacks in Universities and Its Improvement Methods

사이버 공격에 대비한 대학의 정보보안 현황 및 개선 방안

  • Kang, Young-Sun (Dept. of Computer Education, Sookmyung Women's University) ;
  • Choi, Yeong-Woo (Dept. of Computer Science, Sookmyung Women's University)
  • 강영선 (숙명여자대학교 전산교육) ;
  • 최영우 (숙명여자대학교 컴퓨터과학과)
  • Received : 2011.07.16
  • Accepted : 2011.10.24
  • Published : 2011.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper suggests several methods of improving information securities of universities through the investigations of the current status of information securities in universities, which is becoming a hot topic in knowledge and information societies. In this paper, universities were randomly selected according to their size, and surveyed through email questionnaire to the persons in charge of security in each university, and 27 universities and 18 colleges were replied. From the survey results we confirmed that the pre-prevention is the most important thing in securing information assets, also in universities, and, in this paper, systematic support must be strengthened to establish a comprehensive security management policy and guidelines for the universities, and the importance of information assets and the necessity of security needs to be shared with the members in the universities. Moreover there must be full administrative and financial support, including recruitment and training of information security professionals and the establishing a separate security division.

본 논문은 지식정보화사회에서 최근 화두가 되고 있는 정보보안 문제를 대학 실태조사를 통한 보안 현황을 살펴봄으로써 고등교육기관으로서 대학이 향후 모색해야 할 정보보안 개선 방안을 마련하는데 있다. 본 연구는 국내 대학 중 재학생 규모별로 임의로 선별하여 각 대학 보안담당자들을 대상으로 이메일을 통한 설문 조사를 실시하였다. 조사표본 대상 중 회신을 준 대학은 총 45개교로 27개의 4년제 대학과 18개의 2년제 대학이 설문에 응해 주었다. 본 연구의 설문 조사 결과, 정보자산에 대한 보안은 사전예방이 가장 중요하다는 것을 다시 한 번 확인할 수 있었으며, 정보보안 개선 방안으로 대학의 통합보안 관리 정책 수립과 가이드라인 제시 등의 제도적 지원 강화와 정보자산의 중요성 및 보안의 필요성을 내부 구성원과 함께 공유해야 함을 제안한다. 또한 정보보안 전문 인력의 충원 및 양성과 전담부서 설계 등 행정적 재정적 지원 방안 마련에 함께 모색되어야 함을 알 수 있었다.

Keywords

References

  1. S. J. Shin, D. H. Ryu, J. H. Na, S. W. Kim, "Information Risk Management", Intervision, 2004.
  2. S. O. Kang, "Informatization Status of 58 Universities in Korea", Datanet, October, 2005.
  3. K. K. Kim, H. K. Shin, S. S. Park, B. S. Kim, "Study on Influences of Information Asset Protection Outcomes to Organization Outcomes: Focusing on Management Activities and Statistical Activities", Information Management Studies, Vol. 40, No. 3, pp. 61-77, 2009. https://doi.org/10.1633/JIM.2009.40.3.061
  4. Korea Information Security Agency, "2010 Status and Actions of Information System Hacking and Virus", KISA-RP-2010-0051, 2010.
  5. Computer Emergency Response Team, "Monthly Magazine: Trends and Analysis of Security Incidents", 2009.
  6. H. Y. Kim, C. S. Park, "Security Issues & Issues: Response Procedures of Security Incidents", AhnLab, 2007.
  7. Korea Information Security Agency, "Guidelines to Responses and Recovery of Security Incidents", 2007.
  8. K. H. Sung, "Numerous Damages Happen to Enterprise Information Systems By Hacking Attacks From China", Money Today, June, 2008. (http://news.mt.co.kr)
  9. H. S. Oh, "Numerous Stops in Businesses by Cyber Attacks even in Blue House, National Defense Ministry and Government Agencies", Data Net, July, 2009.
  10. Y. J. Lee, "Rapid Increase of Site Security Accidents: Preparing Government and Non-Government Emergency Actions", Digital Daily (http://www.ddaily.co.kr), August, 2007.
  11. J. T. Seo, M. H. Lee, J. S. Choi, K. H. Han, H. S. Hwang, et al, "Cases of Various Cyber Intrusion Incidents", National Cyber Security Center, April, 2007.
  12. Ministry of Public Administration and Security, "2011 National Information White Paper", 2011.
  13. Korea Information Security Agency, "2008 Investigation of Information Security - Enterprise", 2008.
  14. Network Times, "2009 Information Security Al Guide V.4", pp. 34-42, 2009.
  15. Ministry of Education, Science and Technology, "2010 Directions of Information Security", 2010.
  16. Pohang University of Science and Technology, "Regulations of Information Security", 2008.
  17. Korea Institute of Information Security & Cryptology, "Information Security Managements and Policies", Korea Information Security Agency, 2002.
  18. S. Y. Lee, "Responsibilities of Enterprise Information Security Managers", Information Security 21c, Vol. 85, September, 2007.

Cited by

  1. DNS 정보 검색 연동 기법을 이용한 침해 사고 예방 시스템 설계 vol.16, pp.9, 2011, https://doi.org/10.6109/jkiice.2012.16.9.1955
  2. 역할기반 응급의료정보보안시스템 REMISS의 설계 vol.19, pp.10, 2011, https://doi.org/10.9708/jksci.2014.19.10.185
  3. Cybersecurity awareness in Zimbabwean universities: Perspectives from the students vol.4, pp.2, 2011, https://doi.org/10.1002/spy2.141