• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.919-929
• /
• 2014

Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.

• Annual Conference of KIPS
• /
• 2010.11a
• /
• pp.1373-1376
• /
• 2010

최근 국민소득향상, 의학기술의 발달 등 이러한 변화는 건강관리에 관한 연구로 이어져 라이프 케어 모니터링 시스템에 관한 연구가 활발히 진행되고 있다. 라이프 케어 모니터링 시스템은 개인의 특성을 고려하여 맞춤형 건강관리 서비스가 이루어져야 하며 실시간으로 유지 및 관리 되어야 한다. 본 논문에서는 라이프 케어 모니터링 시스템에서 실시간 처리해야하는 태스크가 증가함에 따라 마감시간 준수율이 하락하는 문제점을 해결하는 방안에 관한 연구이다. 즉, 개인의 상태가 고려된 모니터링 요소에 가중치를 부여하고, 상대적으로 중요도가 떨어지는 모니터링 요소는 주기를 증가시키는 방식과 중요도에 비하여 모니터링 자원 낭비가 최대인 모니터링의 주기를 증가시키는 방식을 비교분석하여 실시간 처리율을 향상시키는 것이다. 제안한 방법의 유용성을 검증하기 위해 성능을 평가한 결과 기존 방식에 비해 최대 29%까지 마감시간 준수율이 향상됨을 확인했다.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2023.11a
• /
• pp.343-344
• /
• 2023

본 연구는 국가중요시설의 청사 내에 근무하는 청사보안과 안전유지, 질서유지를 담당하는 방호직 공무원에게 발생하는 다양한 민원인 불량행동의 유형과 국가중요시설에서 일어나는 각 유형에 맞는 민원인 불량행동에 대한 개선방안을 효율적으로 제시하는데 그 목적이 있다. 이에 인터뷰를 통해 국가중요시설에서 근무하는 방호직공무원이 느끼는 민원인 불량행동이 어떠한 유형으로 있는지 조사하였고 개별면담을 통해 나타난 대표적인 민원인 불량행동의 유형들은 첫째, 국가중요시설 내에서 큰 소리를 지르고 욕설을 하는 언어폭력형 둘째, 각 국가기관 및 지자체의 국가중요시설에서 서비스 업무수행 과정 중 다른 타 민원인이 있음에도 본인 자신의 이익과 편의를 위해 행해지는 행위를 하는 이기주의형 셋째, 각 국가중요시설의 규정 및 내규가 있음에도 규정된 규칙을 무시하고 따르지 않는 규칙위반형 등이 있다. 이에 따라 각 유형별 민원인 불량행동에 대한 개선방안 항목들로 첫째, 방호직공무원 교육의 체계화, 둘째, 민원인을 응대할 수 있는 기관의 내규 및 규칙, 셋째, 민원인에게 겪는 스트레스를 해소할 수 있는 환경을 제시하였다.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2022.10a
• /
• pp.119-120
• /
• 2022

본 연구는 국가중요시설의 청사 내에 근무하는 청사보안과 안전유지, 질서유지를 담당하는 방호직 공무원에게 발생하는 다양한 민원인 불량행동의 유형과 국가중요시설에서 일어나는 각 유형에 맞는 민원인 불량행동에 대한 개선방안을 효율적으로 제시하는데 그 목적이 있다. 이에 인터뷰를 통해 국가중요시설에서 근무하는 방호직공무원이 느끼는 민원인 불량행동이 어떠한 유형으로 있는지 조사하였고 개별면담을 통해 나타난 대표적인 민원인 불량행동의 유형들은 첫째, 국가중요시설 내에서 큰 소리를 지르고 욕설을 하는 언어폭력형 둘째, 각 국가기관 및 지자체의 국가중요시설에서 서비스 업무수행 과정 중 다른 타 민원인이 있음에도 본인 자신의 이익과 편의를 위해 행해지는 행위를 하는 이기주의형 셋째, 각 국가중요시설의 규정 및 내규가 있음에도 규정된 규칙을 무시하고 따르지 않는 규칙위반형 등이 있다. 이에 따라 각 유형별 민원인 불량행동에 대한 개선방안 항목들로 첫째, 방호직공무원 교육의 체계화, 둘째, 민원인을 응대할 수 있는 기관의 내규 및 규칙, 셋째, 민원인에게 겪는 스트레스를 해소할 수 있는 환경을 제시하였다.

• Korean Security Journal
• /
• no.62
• /
• pp.347-367
• /
• 2020

Rapid advancement of technology in today's society has allowed for easy access and use of data, promoting the process of informationization. Along with the merits of such development, unintended consequences of security risks involving wiretapping have been increasing as well. The security threats posed by wiretapping technology must be addressed by every organization and individual, as it could be used to leak confidential information about the nation's security, military and diplomatic strategies, industrial technologies, and personal information. Despite increasing threats stemming from the surrounding nations using advanced wiretapping technology, there is a lack of awareness at the government level, and the existing security measures for detecting and counteracting the wiretapping equipment are ineffective. In this research, the authors offered technical suggestions for improving the security strategies against the threats of wiretapping and information leakage by conducting a content analysis. The authors suggested the units of an agency be assigned a security grade based on its importance, and that adequate security equipment should be operated according to the grade. For instance, around-the-clock surveillance is recommended for grade-1 facilities, and portable wiretapping equipment detectors should be used to protect conference rooms and other key sites.

• Journal of the Korea Society for Simulation
• /
• v.16 no.2
• /
• pp.27-35
• /
• 2007

When sensor networks are deployed in open environments, all the sensor nodes are vulnerable to physical threat. An attacker can physically capture a sensor node and obtain the security information including the keys used for data authentication. An attacker can easily inject false reports into the sensor network through the compromised node. False report can lead to not only false alarms but also the depletion of limited energy resource in battery powered sensor networks. To overcome this threat, Fan Ye et al. proposed that statistical on-route filtering scheme(SEF) can do verify the false report during the forwarding process. In this scheme, the choice of a security threshold value is important since it trades off detection power and energy, where security threshold value is the number of message authentication code for verification of false report. In this paper, we propose a fuzzy rule-based system for security threshold determination that can conserve energy, while it provides sufficient detection power in the SEF based sensor networks. The fuzzy logic determines a security threshold by considering the probability of a node having non-compromised keys, the number of compromised partitions, and the remaining energy of nodes. The fuzzy based threshold value can conserve energy, while it provides sufficient detection power.

• Journal of Internet Computing and Services
• /
• v.14 no.4
• /
• pp.35-42
• /
• 2013

Nowadays many tasks are performed using the Web. Accordingly, many web-based application systems with various and complicated functions are being requested. In order to develop such web-based application systems efficiently, object-oriented analysis and design methodology is used, and Java EE(Java Platform, Enterprise Edition) technologies are used for its implementation. The security issues have become increasingly important. For such reasons, Java EE provides mechanism related to security but it does not provide interconnections with object-oriented analysis and design methodology for developing web application system. Consequently, since the security method by Java EE mechanism is implemented at the last step only, it is difficult to apply constant security during the whole process of system development from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology emphasized in the security for secure web application systems from the requirement analysis to implementation. The object-oriented analysis and design methodology adopts UMLsec, the modeling language with an emphasis on security for the requirement analysis and system analysis & design with regard to security. And for its implementation, RBAC (Role Based Access Control) of servlet from Java EE technologies is used. Also, the object-oriented analysis and design methodology for the secure web application is applied to online banking system in order to prove its effectiveness.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.2
• /
• pp.901-908
• /
• 2011

For the available grid environmental realization, the resource supply PC must have to provide an appropriate security function of their operation environments. SKY@HOME is a kind of the grid computing environments. If this has not supervised by administrator handling smoothly, it is inherently vulnerable state to the security level of the grid environments, because the resource supply PC is not update a security function without delay. It is also have the troublesome problems which have to install of an additional security program for support the appropriate security. This paper proposes an integration security model on the policy-based that provides an update each level according to the situation of the resource supply PC for improving its problems as a security aspect of the SKY@HOME. This model analyzes the security state of the resource supply PC respectively, and then the result is available to provide an appropriate security of the resource supply PC using an integration security model. The proposed model is not need additionally to buy and install the software, because it is provided the security management server oriented service. It is also able to set up the suit security function of a characteristic of the each resource supply PC. As a result, this paper clearly show the participation of resource supply PC improved about 20%.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.5
• /
• pp.189-193
• /
• 2024

As cyber threats increase in the defense sector, the security of weapon system software is becoming increasingly important. Currently, most of the embedded software installed in domestic weapon systems operates based on foreign real-time operating systems(RTOS) that have no security. As a result, the localization and security enhancement of embedded software for weapon systems have emerged as urgent tasks. This study aims to propose the application and development strategies of secure RTOS for weapon systems. To this end, we examined the technological trends of domestic and foreign RTOS and secure RTOS, and analyzed the problems of current embedded software in weapon systems. The results revealed major issues such as low localization, vulnerability to cyber attacks, difficulty in maintenance, increased costs, and loss of opportunities for accumulating technological capabilities. An investigation of the current status of embedded software applied to existing weapon systems found that embedded SW are in operation across all fields, including maneuver, firepower, protection, command and control, communication, naval vessels, and aircraft. Among them, 99% rely on foreign RTOS such as VxWorks. A review of the core functions and applicability of secure RTOS to weapon systems suggests that it can be applied to key areas requiring real-time performance and security, such as fire control, navigation devices, and flight control in existing and future weapon systems. However, ensuring performance and reliability, securing verification and compatibility, and systematic government support were raised as prerequisites.

• Convergence Security Journal
• /
• v.12 no.5
• /
• pp.71-77
• /
• 2012

Expenses in the form of personnel expenses in the past, in modern times, machine guards to gradually transition has been. This is because the machine guard is more efficient than personnel expenses. But due to false alarms, despite the high expectations of the effects of electronic security in the operation of the electronic security system due to factors that hinder the development of machine guards growth slows. Defect removal aspects of this paper, using IPA (Importance Performance Analysis) techniques to study the operation of electronic security systems and its importance in the development of machine guards, look at how high the technical aspects of electronic security systems composite type of malfunction to minimize crime sensor are presented.