• Title/Summary/Keyword: 보안 중요도

Search Result 2,285, Processing Time 0.027 seconds

PRISM: A Preventive and Risk-reducing Integrated Security Management Model using Security Label (PRISM: 보안 레이블을 이용한 위험예방 통합보안관리 모델)

  • Kim, Dong-Soo;Kim, Tae-Kyung;Chung, Tai-Myoung
    • The KIPS Transactions:PartC
    • /
    • v.10C no.6
    • /
    • pp.815-824
    • /
    • 2003
  • Many organizations operate security systems and manage them using the intergrated secutity management (ISM) dechnology to secyre their network environment effectively. But current ISM is passive and behaves post-event manner. To reduce cost and resource for managing security and to remove possbility of succeeding in attacks by intruder, the perventive security management technology is required. In this paper, we propose PRISM model that performs preventative security management with evaluating the security level of host or network and the sensitivity level of information asset from potential risks before security incidents occur. The PRISM can give concrete and effective security management in managing the current complex networks.

Factors Affecting the Security Ability of Port Logistics Organization Members (항만물류조직구성원들의 보안능력에 영향을 미치는 요인)

  • Kang, Da-Yeon
    • Journal of Navigation and Port Research
    • /
    • v.43 no.3
    • /
    • pp.179-185
    • /
    • 2019
  • Currently, despite having active movements related to port logistics security, there is lack of awareness, education, and security systems related to port technology. Before implementing port logistics security, a mutual authentication agreement should be reached through the establishment of an integrated network that can share port logistics security information in real time. In order to achieve port competitiveness and strengthen logistics service, establishment of national strategy for logistics security is necessary. However, there is an urgent need to raise the security consciousness among the port logistics organization members and enhance the information security ability which is a crucial feature of the port logistics organization. Therefore, the objective of this study is to analyze the factors affecting the information security capacity of port logistics organization members. Even though the analysis rejected the hypothesis that security regulations affect security awareness, the security activities and security awareness were significantly correlated. It also has a positive impact on the relationship between security norms and security abilities, and security awareness and security abilities.

Development of Measures of Information Security Policy Effectiveness To Maximize the Convergence Security (융합보안 강화를 위한 정보보안 정책 효과성 측정도구 개발)

  • Yim, Myung-Seong
    • Journal of the Korea Convergence Society
    • /
    • v.5 no.4
    • /
    • pp.27-32
    • /
    • 2014
  • The information security policy is one of the most important tools for organization to manage the implementation and ensure the organizational security. However, we do not have metrics for measuring its effectiveness. The ultimate purpose of this study is to develop the measures of information security policy effectiveness. To do this, this study review data quality and information quality literatures and investigate appropriate subfactors for information security policy. Rooted in these concepts, we suggest accuracy, completeness, interpretability, and relevance from content aspect and understandability, concise representation, and amount from form aspect as factors for information security policy effectiveness.

Smart City Security Management in Three Tier Smart City Management System (쓰리 티어 방식의 스마트시티 관리시스템에서의 보안 관리)

  • Hwang, Eui-Dong;Lee, Yong-Woo
    • Journal of the Korea Convergence Society
    • /
    • v.10 no.1
    • /
    • pp.25-33
    • /
    • 2019
  • The security of the data dealt by the smart city system is important because they have many privacy and public information. Therefore, it is necessary to study security in the smart city system. In this paper, we define the security factors for the smart city system composed of three tiers and describe the technologies for each. In addition, the design and implementation of the security layer in the Smart City middleware for the security management of the urban component in the Smart City Infrastructure and middleware, which is one of the most important issues in the Smart City system, is introduced.

Analysis of Threat Information Priorities for Effective Security Monitoring & Control (효과적인 보안관제를 위한 위협정보 우선순위 도출)

  • Kang, DaYeon
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.26 no.5
    • /
    • pp.69-77
    • /
    • 2021
  • This study aims to identify security-based threat information for an organization. This is because protecting the threat for IT systems plays an important role for an corporate's intangible assets. Security monitoring systems determine and consequently respond threats by analyzing them in a real time situation, focusing on events and logs generated by security protection programs. The security monitoring task derives priority by dividing threat information into reputation information and analysis information. Reputation information consisted of Hash, URL, IP, and Domain, while, analysis information consisted of E-mail, CMD-Line, CVE, and attack trend information. As a result, the priority of reputation information was relatively high, and it is meaningful to increase accuracy and responsiveness to the threat information.

Identify Management System with improved security based working time supervising (근태관리 중심으로 보안성을 향상시킨 2-Factor 인증 계정관리시스템)

  • Choi, Kyong-Ho;Kim, Jongmin;Lee, DongHwi
    • Convergence Security Journal
    • /
    • v.17 no.5
    • /
    • pp.71-76
    • /
    • 2017
  • Today, it is an information society where a large number of users access and view important data in a large number of information assets as needed. In this complexity, techniques related Identify Management are being applied, in order to verify authorized user access to important information assets and manage of history. But, the ability access to sensitive information using account has the disadvantage of being able to open the way for information to the attacker when it is hijacked. Thus, in this paper, we propose a secure Identify Management System that can control the use of accounts based on the attitude of the account holder, but also enhances the security and does not hinder the convenience.

A Study on the Design of Security Metrics for Source Code (소스코드의 보안성 메트릭 설계에 관한 연구)

  • Seo, Dong-Su
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.6
    • /
    • pp.147-155
    • /
    • 2010
  • It has been widely addressed that static analysis techniques can play important role in identifying potential security vulnerability reside in source code. This paper proposes the design and application of security metrics that use both vulnerability information extracted from the static analysis, and significant factors of information that software handles. The security metrics are useful for both developers and evaluators in that the metrics help them identity source code vulnerability in early stage of development. By effectively utilizing the security metrics, evaluators can check the level of source code security, and confirm the final code depending on the characteristics of the source code and the security level of information required.

The Model to Implement the Cyber Security Policy and Strategy for Azerbaijan Information System (아제르바이잔 정보시스템에 대한 사이버보안 정책과 전략의 실행모델 구축)

  • Aliyeva, Leyla Mehdi;Hwang, Gee-Hyun
    • Journal of Digital Convergence
    • /
    • v.17 no.5
    • /
    • pp.23-31
    • /
    • 2019
  • This study aims to build an AHP model that evaluates the priority of cyber security policies for the Azerbaijan information system. For this, 4 factors were constructed from components of ITU National Interest Model, whereas 5 alternatives were based on the best practices of the eight developed countries leading the cyber security field. Using the questionnaire, 24 security experts evaluated the strategic priority of such factors or alternatives. The analysis results using the AHP software showed that homeland defense and economic well-being were the dominant aspects of cyber security policy, whereas capacity building and infrastructure were the main concern of cyber security elements for Azerbaijan. This study presents the strategic priority of cyber security policies that can be adopted by Azerbaijan government. This study can contribute to developing the national cyber security guide of Azerbaijan.

CALS/EC Security Framework considering OECD Cryptography Guidelines (OECD 암호정책을 수용한 CALS/EC 보안 기술 체계)

  • 임신영;유창열;송유진;함호상
    • Proceedings of the CALSEC Conference
    • /
    • 1997.11a
    • /
    • pp.143-160
    • /
    • 1997
  • 정보화 사회에서 개인의 프라이버시와 국가 차원의 보안의 균형있는 발전은 매우 중요한 과제이며, 1997년 3월 국제 경제개발 협력기구(OECD)는 암호기능을 적용하기 위한 정책인 ‘OECD 암호정책’을 수립하였으며, 이 지침의 특기할 점은 암호화된 데이터를 국가 등의 제 3자가 강제적으로 해독하는 것을 인정하였다는 것이다. 이러한 OECD 암호정책은 공공의 안전성 확보에 필요한 조치임과 동시에 개인 프라이버시 침해의 위험을 내포한 암호정책으로 세계를 상대로한 CALS/EC 산업에 이러한 기술이 표준화되어 적용될 가능성이 높기 때문에 향후 국내의 CALS/EC 보안 서비스 제공시 중요한 지침이 될 것이다. 본 논문에서는 CALS/EC 보안 서비스를 실현하기 위하여 연구 개발해야 할 보안 기술 중 암호문의 강제 해독 기술 및 인중 기술을 포함한 보안 프레임워크를 제안한다.

  • PDF

A study on the Requirement Analysis for Lifecycle based on Common Criteria (CC기반 생명주기 지원 클래스 요구사항 분석에 관한 연구)

  • 신준호;김행곤;김태훈;김상호
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2003.04c
    • /
    • pp.1-3
    • /
    • 2003
  • 웹 기반의 응용시스템 개발이 보편화되면서 보안은 특히 인터넷과 같은 네트워크 환경에서 정보처리에서 매우 중요한 요소로 대두되고 있다. 공통평가기준은 보안을 중요시하는 시스템의 명가를 위해서 표준화된 요구사항들의 목록이다. 공통평가기준을 사용하여 시스템 자체와 시스템 개발에 않은 보안 요구사항 정의는 가능하지만, 방법론 지원은 제공하지 않는다. 본 논문에서는 보안 클래스를 중심으로 소프트웨어공학 생명주기에서 보안측면을 분석하고 적용하는 방법을 제시한다. 공통평가기준에서의 행위와 문서는 개발된 시스템의 품질을 개선하여. 높은 보안 요구사항을 만족하기 위해 부가적 비용과 노력을 감소시키는 시스템 개발에서 가장 중요한 요소이다 이를 기반하여 프로세스, 자원. 생명주기 분석 모델과 프레임워크를 정의하고 생명주기 지원 클래스의 적용에 대해서 논한다.

  • PDF