Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Definition of Security Requirements of Vulnerability Management in Analysis Step

분석단계에서 취약점 관리의 보안 요건 정의에 관한 연구

  • Shin, Seong-Yoon (School of Computer & Information Communication Engineering, Kunsan National University) ;
  • Lee, Hyun-Chang (School of Information and Electronic Commerce(Institute of Convergence and Creativity), Wonkwang University)
  • 신성윤 (군산대학교 컴퓨터정보통신공학부) ;
  • 이현창 (원광대학교 정보전자상거래학부(융복합창의연구소))
  • Received : 2015.01.06
  • Accepted : 2015.02.11
  • Published : 2015.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Vulnerability management is in compliance with security policies, and then, this is to ensure the continuity and availability of the business. In this paper, the application vulnerability management and IT infrastructure of the system is that it must be identified. And a viable vulnerability management plan should be drawn from the development phase. There are many that are not defined vulnerability in the area of identification and authentication, encryption, access control in identification and classification of vulnerabilities. They define the area without missing much in technical, managerial, and operational point of view. Determining whether the response of the identified vulnerability, and to select a countermeasure for eliminating the vulnerability.

취약점 관리란 보안 정책을 준수하여 사업의 연속성과 가용성을 보장하는 것이다. 본 논문에서는 시스템의 어플리케이션 및 IT 인프라에 대한 취약점 관리는 식별되어야 한다는 것이다. 그리고 개발 단계에서 실행 가능한 취약점 관리 방안이 도출되어야 한다는 것이다. 취약점의 식별 및 분류에서 식별 및 인증, 암호화, 접근제어의 영역에서 정의되지 않은 취약점들이 많다. 이들은 기술적, 관리적, 운영적 관점에서 해당 영역별로 누락 없이 정의하도록 한다. 식별된 취약점의 대응여부를 판단하고, 해당 취약점을 제거하기 위한 대응방안을 선택하도록 한다.

Keywords

References

  1. Gwang-Hyun Kim, "Implementation and Design of Proxy System for Web vulnerability Analysis", JKIECS, Vol. 9, No. 9, pp. 1011-1018, 2014
  2. Kim ChinGo, "(A)study on the verification of improved security vulnerability when building website", Master Thesis, Graduate School of Namseoul University, 2014
  3. Jae-Chan Moon, Seong-Je Cho, "Vulnerability Analysis and Threat Mitigation for Secure Web Application Development," JKSCI, Vol.17, No. 2, pp. 127-137, 2012
  4. Mi-Young Park, Hyen-Woo Seung, Yang-mi Lim, "The Vulnerability Analysis for Virtualization Environment Risk Model Management Systematization," JKSII, Vol. 14, No. 3, pp. 23-33, 2013
  5. Sunghyuck Hong, "Vulnerability of Directory List and Countermeasures," Journal of Digital Convergence, Vol. 12, No. 10, pp. 259-264, 2014 https://doi.org/10.14400/JDC.2014.12.10.259
  6. Do-Yeon Kim, "Vulnerability Analysis for Industrial Control System Cyber Security," JKIECS, Vol. 9, No. 1, pp. 137-142, 2013
  7. Dong-Jin Kim, Sung-Je Cho, "An Analysis of Domestic and Foreign Security Vulnerability Management Systems based on a National Vulnerability Database," Internet and Inormation Security, Vol. 1, No. 2, pp. 130-147, 2011
  8. Young-Gi Min, Kab-Seung Ko, "A Designed of Virtual Machine Security Vulnerability Detection Tool in a Cloud Computing Environment," Journal of Security Engineering, Vol. 9, No. 6, pp. 519-530, 2012
  9. Jin-Seok Yang, Tai-Myoung Chung, "An Efficient Agent Framework for Host-based Vulnerability Assessment System in Virtualization Environment," KIPS Tr. Comp. and Comm. Sys., Vol. 3, No. 1, pp. 23-30, 2014 https://doi.org/10.3745/KTCCS.2014.3.1.23
  10. Woo-Sung Chun, Dea-Woo Park, "A Study of Security Measures and Vulnerability Analysis on the Application using WiBro Service" JKIICE, Vol. 16, No. 6, pp. 1217-1222, 2012
  11. Jang Seung-Ju, "Implementation of User Account Vulnerability Checking Function System using MS-SQL Database," JKIICE, Vol. 18, No. 10, pp. 2482-2488, 2014
  12. Ji Hong Kim, Huy Kang Kim, "Automated Attack Path Enumeration Method based on System Vulnerabilities Analysis," JKIISC, Vol. 22, No. 5, pp.1079-1090, 2012
  13. http://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?seq=18181