• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.2
• /
• pp.265-270
• /
• 2022

With the advent of the Fourth Industrial Revolution, the paradigm of finance is also changing. As remote work becomes more active due to cloud computing and coronavirus, the work environment changes and attack techniques are becoming intelligent and advanced, companies should accept new security models to further strengthen their current security systems. Zero trust security increases security by monitoring all networks and allowing strict authentication and minimal access rights for access requesters with the core concept of doubting and not trusting everything. In addition, the use of NAC and EDR for identification subjects and data to strengthen access control of the zero trust-based security system, and strict identity authentication through MFA will be explained. Therefore, this paper introduces a zero-trust security solution that strengthens existing security systems and presents the direction and validity to be introduced in the financial sector.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.05a
• /
• pp.238-239
• /
• 2019

Cyber attacks can be caused by all equipment that perform communication functions, and the link between ship and land due to the development of communication technology means that the ship sector as well as the land sector can be easily exposed to cyber threat vulnerability. In this paper, we analyze cyber threat trend changes to identify cyber security vulnerabilities in the maritime sector and propose measures to enhance cyber security through other industry case studies.

• Annual Conference of KIPS
• /
• 2023.05a
• /
• pp.180-182
• /
• 2023

많은 기업에서 시스템 보안 침해사고가 증가함에 따라 국내에서는 보안성 강화를 위해 정보보호 및 개인정보보호 관리체계(ISMS-P) 인증 의무대상을 확대하고 있다. 이에 중소기업에서도 ISMS-P 인증을 받기 위한 준비가 필요해졌다. 그러나 ISMS-P 인증을 위한 시스템을 구축하기 위해 많은 비용과 인력이 필요하고 이를 중소기업에서 구축하기엔 현실적으로 어려운 부분이 있다. SCAP는 정보시스템의 취약점을 보안기준에 맞춰 자동 관리하는 프로토콜이다. 본 논문에서는 ISMS-P 인증 항목 중 시스템 자동관리가 가능한 부분을 도출하여 상용 소프트웨어와 동작 방식을 비교함으로써, 중소기업에 SCAP를 적용하여 시스템을 구축하는 것이 정보보호 강화에 도움이 될 수 있음을 검증하고자 한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.1027-1034
• /
• 2017

Recently, OTP (One-time-Password) log-in methods have been used in many areas to prevent leakage of personal information and enhance security. The OTP method is primarily used for security of bank personal account, this is one of the sophisticated security ways in which one time password is generated and checked to enhance security. Digital door locks frequently used in everyday life require convenience and safety simultaneously. Meanwhile, related technologies for digital door locks are evolving, but methods for enhancement of security are still unsatisfactory. Generally, the digital door lock using password input type has been most commonly used and especially it provides more convenience, but it has some problems such as password exposure and password oblivion. Therefore, in this study, we propose and implement the OTP-based digital door lock system with enhanced security and convenience features but without the risk of password exposure and oblivion.

• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.997-1000
• /
• 2011

오늘날 전산 시스템 환경에서 보안 문제 해결을 위한 보안 메커니즘이 전 세계적으로 오랜 시간 다양하게 연구 개발되어 왔다. 하지만 이를 문서 보안에 효율적으로 활용하기 위한 기술 개발은 미흡한 실정이며 현재는 DRM 기술을 통해 문서 보안을 실현하고 있으나 효율성 및 안정성, 보안성에 있어서 여타 보안 서비스에 비해 크게 신뢰를 받지 못하고 있다. 본 논문에서는 PC 내 문서에 대한 보안 서비스를 제공하는 PC-DRM 시스템에서 사용자간 문서 전달 기능에 초점을 맞추어 효율성과 보안성을 강화하기 위한 방안을 제시하고 이를 적용하여 설계한 시스템을 소개한다. 제안 시스템은 기존 PC-DRM 의 서버 의존도를 낮춤과 동시에 사외 사용자에게 문서 전달 시에도 문서 기밀성 유지 및 우회적인 문서 내용 유출 방지가 가능하여 PC-DRM 에 대한 신뢰도 향상에 기여할 수 있을 것으로 기대한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.4
• /
• pp.741-752
• /
• 2024

Organizations amplify their information security (IS) technical investments as the demand for IS escalates. This research suggests conditions for enhancing insider compliance with IS, focusing on the potential for behavior modification through techno-stress and organizational justice, based on the theory of planned behavior. To test the proposed hypothesis, this study utilized a survey methodology on 383 employees from companies with implemented IS. The test results showed that IS techno-stress (overload and uncertainty) caused by reduced attitudes of employees, and organizational justice increased subjective norms, influencing IS compliance intentions along with self-efficacy. Additionally, organizational justice has been found to alleviate the adverse effects of IS overload and uncertainty on attitudes. The findings are expected to help clarify measures for achieving IS performance within the organization by proposing organizational justice conditions to improve the negative IS environment of the organization.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.1
• /
• pp.1-12
• /
• 2022

An insider's information security incidents continue to occur, there is a growing demand for strengthening information security within the organization. However, when strict information security policies and rules are applied to employees of the organization, it can result as an information security stress and resistance behavior. The purpose of this study is to suggest the causes of insiders' negative information security behavior and factors that mitigate the cause. In particular, the study identifies how the mutual influence of individual (psychological empowerment) and organizational (justice climate) factors mitigates negative behavior. In this study, a sample was obtained by surveying workers of organizations that reflect information security policies to insiders, and hypothesis testing was performed by structural equation modeling. As a result of the analysis, role stress had a partial mediating effect on the effect of psychological empowerment on security policy resistance, and the justice climate strengthened the effect of psychological empowerment. Our results suggest a direction for reducing insider information security policy resistance, so it helps to establish a strategy for achieving internal information security goals.

• Journal of Korea Port Economic Association
• /
• v.40 no.1
• /
• pp.1-14
• /
• 2024

The port industry has been actively adopting Fourth Industrial Revolution technologies, leading to transformations in port infrastructure, such as automated and smart ports. While these changes have improved port efficiency, they have also increased the potential for Cyber Security incidents, including data leaks and disruptions in terminal operations due to ransomware attacks. Recognizing the need to prioritize Cyber Security measures, a study was conducted, focusing on Busan Port's rapidly automating container terminal in South Korea. The results of the Eisenhower Matrix analysis identified legal and regulatory factors as a top priority in the first quadrant, with educational systems, workforce development, network infrastructure, and policy support in the third quadrant. Subsequently, a Borich Needs Analysis revealed that the highest priority was given to legal improvements in security management systems, while the development of Cyber Security professionals ranked lowest. This study provides foundational research for enhancing Cyber Security in domestic container terminals and offers valuable insights into their future direction.

• Review of KIISC
• /
• v.32 no.5
• /
• pp.21-25
• /
• 2022

디지털 트랜스포메이션(Digital Transformation)으로 인해 소프트웨어에 대한 의존성이 강화되면서 소프트웨어 공급망의 역할이 커지고 있다. 그러나 안전한 소프트웨어 개발 및 이용을 위한 소프트웨어 공급망 보안 관리는 사실상 어려운 실정이다. 공급망이 복잡해질수록 공급망 공격의 유형은 다각화되는 반면 공급망을 구성하는 공급업체 및 구성요소에 대한 식별 및 취약점 분석은 어려워지기 때문이다. 이에 저자는 국내외 소프트웨어 공급망 보안 관리를 위한 기술 동향에 대한 조사 분석을 수행하고 이를 기반으로 향후 적용할 수 있는 공급망 보안 관리 체계의 발전 방향에 대해 작성하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10c
• /
• pp.585-587
• /
• 2000

1994년 국내에 인터넷 붐이 일어나고 사용이 보편화되면서 전자메일은 개인간의 메세징을 가능하게 해주는 기반기술 중 하나로 자리잡고 있다. 기존의 POP(Post Office Protocol) 프로토콜을 이용하던 전자메일 시스템은 POP 프로토콜의 불편함을 제거한 별도의 세팅없이 지역, 언어, 시간에 제약이 없는 웹기반의 메세징 시스템이 등장하게 되었다. 현재 이러한 메세징 시스템에 사용되어지는 MTA(Mail Transper Agent)로는 sendmail을 거의 표준으로 받아 들여지고 있다. 그러나 sendmail은 단일 모듈로 작성되었으며 덩치가 매우 크고 보안상 문제점도 지적되고 있다. 이에 본 논문에서는 sendmail의 문제점을 효율적으로 해결할 수 있는 qmail의 활용방법을 제시하고 웹과 qmail을 연계할 수 있도록 자바를 통한 보안성, 안전성, 효율성이 강화된 인터넷 메세징 시스템을 설계 및 구현한다.