• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2018.11a
• /
• pp.355-356
• /
• 2018

본 연구에서는 국내 항만보안 효율성을 측정하기 위한 사전연구로 항만보안에 있어서 중요 평가항목을 선정하고 평가하는데 목적이 있다. 이를 위해 문헌조사 및 관계자들의 인터뷰를 통해 평가항목을 선정하였고, 이들 항목을 4개의 대분류와 12개의 중분류로 분류하였다. 다음으로 해양수산부 공무원, 항만공사 직원, 학계 관계자들로 구성된 전문가들의 설문조사를 통해 평가항목에 대하여 AHP 기법을 이용하여 중요도를 산출하였다. 상위 수준의 중요도 산출결과, 해양수산부 공무원 그룹과 항만공사 직원 그룹은 시설 지원 항목의 중요도가 높았으며 학계 관계자 그룹의 경우 인력예산 지원 항목의 중요도가 높았다. 하위 수준 항목의 종합중요도 분석 결과, 해양수산부 공무원 그룹과 항만공사 직원 그룹에서는 항만 내 통합시스템 구축 및 유관기관 간의 협조를 통한 운영시스템 강화의 순위가 가장 높았으나, 학계 관계자 그룹의 경우 보안인력들의 처우개선이 가장 높은 순위로 나타났다.

• Proceedings of the Korea Database Society Conference
• /
• 1999.10a
• /
• pp.119-127
• /
• 1999

본 연구는 정보보안 수준을 효과적이고 효율적으로 측정할 수 있는 간편한 지표를 개발하는 목적으로 수행되었다. 기존 관련연구 및 지표를 분석하여 문제점을 도출하고 개선 방향을 설정한 후, 관련전문가들에게 예비조사를 실시하여 후보지표 항목을 선정하였다. 선정된 후보지표 항목에 대한 타당성 검증을 위해 보안 전문가 집단에게 설문조사를 실시하였다. 요소로서의 타당성, 상대적 중요성, 항목 결여시 보안사고 발생확률, 사고의 심각성 등 4가지 기준에 의한 설문조사 결과를 분석하여 각 후보 지표 항목에 대한 요소로서의 타당성을 도출하였다. 대부분의 후보 항목이 바람직한 항목인 것으로 나타났다. 향후 요인 분석과 상관 분석 등을 추가로 수행하고, 보안 수준을 계량화하는 연구로 발전시킬 필요가 있다.

• Review of KIISC
• /
• v.26 no.3
• /
• pp.22-29
• /
• 2016

최근 다양한 모바일 기기의 보급과 함께 향상된 모바일 컴퓨팅 환경으로 인해 게임서비스의 트렌드가 빠르게 모바일 환경으로 변화하고 있다. 그러나 모바일 게임서비스의 그 역사가 아직까지 길지 않아 보안 수준평가를 위한 점검항목들이 충분히 개발되지 못하였다. 이에 기존에 알려진 모바일 게임 관련 보안 취약점을 분석하여 게임 내 보안수준을 평가하기 위한 사전 점검항목을 열거해보도록 한다.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.19-24
• /
• 2021

The purpose of this study was to add CPTED to the information security area. The control items of ISO 27001 (11 types) and the application principles of CPTED (6 types) were mapped. And the relevance between the items was verified through the FGI meeting through 12 security experts. As a result of the survey, the control items with a relevance of at least 60% on average are security policy, physical and environmental security, accident management, and conformity. As a result, the comprehensive policy was shared with CPTED's items as a whole. The specialized control items are security organization, asset management, personnel security, operation management, access control, system maintenance, and continuity management. However, specialized control items were mapped with each item of CPTED. Therefore, information security certification and septed are related. As a result, environmental security can be added to the three major areas of security: administrative security, technical security, and physical security.

• Journal of Platform Technology
• /
• v.11 no.5
• /
• pp.126-135
• /
• 2023

Demand for NFT is expanding along with Blockchain. And cyber security threats are also increasing. Therefore, this study derives security level inspection items by analyzing status related to NFT security such as NFT features, security threats, and compliance for the purpose of strengthening NFT security. Based on this, the relative importance was confirmed by applying it to the AHP model. As a result of the empirical analysis, the priority order of importance was found in the order of Security management system establishment and operation, encryption, and risk management, etc. The significance of this study is to reduce NFT security incidents and improve the NFT security management level of related companies by deriving NFT-related security level check items and demonstrating the research model. And If you perform considering relative importance of the NFT check items, the security level can be identified early.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.113-127
• /
• 2014

The use of mobile devices offers a variety of services to the individuals and companies. On the other hand, security threats and new mobile security threats that exist in IT infrastructure to build the environment for mobile services are present at the same time. Services such as mobile and vaccine management services, such as MDM (Mobile Device Management) has attracted a great deal of interest in order to minimize the threat of security in mobile environment. These solutions can not protect an application that was developed for the mobile service from the threat of vulnerability of mobile application itself. Under these circumstances, in this paper, we proposed mobile application security checklists based on application security review items in order to prevent security accidents that can occur in a mobile service environment. We collected and analyzed Android applications, we performed a total inspection of the applications for verification of the effectiveness of the check items. And we checked that the check items through a survey of experts suitability was verified.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.877-884
• /
• 2019

As technology advances, equipment installed in Nuclear facilities are changing from analog system to digital system. Nuclear facilities have been exposed to cyber threats as the proportion of computers and digital systems increases. As a result, interest in cyber security has increased and there has been a need to protect the system from cyber attacks. KINAC presented 101 cyber security controls for critical digital asset. However, this is a general measure that does not take into account the characteristics of digital assets. Applying all cyber security controls to critical digital assets is a heavy task and can be lower efficient. In this paper, we propose an effective cyber security controls by identifying the characteristics of critical digital assets and presenting proper security measures.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.10
• /
• pp.1866-1872
• /
• 2007

Information system contains various components, md these components can be categorized into some types. When preparing security level management activity, it is most important to define the target of management activity. And after deciding these targets, security level management activity can be started. This paper defines management targets by dividing information system into some parts, and these targets can be managed variously according to operation environments and characteristics. By doing so, security level management activity can be processed easily.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1293-1314
• /
• 2015

As ICT is becoming a major social infrastructure, the need to strengthen cyber capabilities are emerging. In the major advanced countries including the United States, has a continuing interest in strengthening cyber capabilities and has studied in enhancements of cyber capabilities. The cyber capability assessment is necessary in order to determine the current level of the country, establish policy directions and legislations. The selection of criteria has very important meaning to suggest future policy direction as well as an objective assessment of cybersecurity capabilities. But there are variable criteria for national cyber capabilities assessment such as strategy, legislation, technology, society and culture, and human resources. In this paper we perform the analysis of criteria for the other country's cybersecurity assessments including the U.S. and Europe. And we proposed the criteria for the national cybersecurity assessment reflecting the our country's characteristics.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.3-9
• /
• 2019

Most of security countermeasures have been implemented to cope with continuous increase leakage of technology, but almost security countermeasures are focused on securing the boundary between inside and outside. This is effective for detecting and responding to attacks from the outside, but it is vulnerable to internal security incidents. In order to prevent internal leakage effectively, this study identifies activities corresponding to technology leakage activities and designes technology leakage activity detection items. As a design method, we analyzed the existing technology leakage detection methods based on the previous research and analyzed the technology leakage cases from the viewpoint of technology leakage activities. Through the statistical analysis, the items of detection of the technology leakage outcomes were verified to be appropriate, valid and reliable. Based on the results of this study, it is expected that it will be a basis for designing the technology leaking scenarios based on future research and leaking experiences.