• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.87-101
• /
• 2022

Cyber-attacks occur in the blink of an eye in cyberspace, and the damage is increasing all over the world. Therefore, it is necessary to develop a cyber common operational picture that can grasp the various assets belonging to the 3rd layer of cyberspace from various perspectives. By applying the method for grasping battlefield information used by the military, it is possible to achieve optimal cyberspace situational awareness. Therefore, in this study, the visualization screens necessary for the cyber common operational picture are identified and the criteria (response speed, user interface, object symbol, object size) are investigated. After that, the framework is designed by applying the identified and investigated items, and the visualization screens are implemented accordingly. Finally, among the criteria investigated by the visualization screen, an experiment is conducted on the response speed that cannot be recognized by a photograph. As a result, all the implemented visualization screens met the standard for response speed. Such research helps commanders and security officers to build a cyber common operational picture to prepare for cyber-attacks.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.111-126
• /
• 2022

As operations that were only conducted in physical space in the past change to operations that include cyberspace, it is necessary to analyze how cyber attacks affect weapon systems using cyber systems. For this purpose, it would be meaningful to analyze a tool that analyzes the effects of physical weapon systems in connection with cyber. The ROK military has secured and is operating the US JMEM, which contains the results of analyzing the effects of physical weapon systems. JMEM is applied only to conventional weapon systems, so it is impossible to analyze the impact of cyber weapon systems. In this study, based on the previously conducted cyber attack damage assessment framework, a framework for analyzing the impact of cyber attacks on physical missions was presented. To this end, based on the MOE and MOP of physical warfare, a cyber index for the analysis of cyber weapon system effectiveness was calculated. In addition, in conjunction with JMEM, which is used as a weapon system effect manual in physical operations, a framework was designed and tested to determine the mission impact by comparing and analyzing the results of the battle in cyberspace with the effects of physical operations. In order to prove the proposed framework, we analyzed and designed operational scenarios through domestic and foreign military manuals and previous studies, defined assets, and conducted experiments. As a result of the experiment, the larger the decrease in the cyber mission effect value, the greater the effect on physical operations. It can be used to predict the impact of physical operations caused by cyber attacks in various operations, and it will help the battlefield commander to make quick decisions.

• Annual Conference of KIPS
• /
• 2020.11a
• /
• pp.383-386
• /
• 2020

최근 국가기반시설을 대상으로 하는 사이버 공격이 증가하고 있다. 이에 따라 국내외에서는 시설의 침해영향도를 고려하여 자산을 분류하고 관리적/기술적/물리적 보안조치를 수행하도록 지침 및 정책을 제시하고 있다. 그러나 국내 지침은 자산 특성을 고려치 않아 운영 측면의 효율성을 저하하고 있다. 이에 본 논문은 기존 문서의 내용을 보완한 국가기반시설 정보보안 국가기반시설 정보보안 관리체계 프로그램을 제안한다.

• Annual Conference of KIPS
• /
• 2005.05a
• /
• pp.1241-1244
• /
• 2005

중요 정보시스템에 대한 위험분석 프로세스는 자산 식별을 통해 위협, 취약성을 분석하고 이에 보호대책을 수립한다. 하지만 모든 보호대책을 적용하기에는 비용 대 효과면에서 불가능한 경우가 발생한다. 따라서, 잔여위험에 대한 분석을 통해 해결할 수 없는 위험에 대해서는 보험을 통하여 보호대책을 세워야 한다. 본 논문에서는 위험분석을 통해 계산된 피해 산정으로 사이버침해에 따른 보험 수준을 산정하는 방안을 제안하고자 한다.

• Annual Conference of KIPS
• /
• 2018.10a
• /
• pp.200-203
• /
• 2018

최근 기업, 기관, 개인의 자산들에 대한 사이버 위협이 빈번하게 발생되고 있으며, 시장에는 다양한 업체, 제품의 단말/EDR/네트워크 제품들이 경쟁하고 있따. 이로 인해 사이버 위협에 대한 정보 및 제어 정보, 정책 정보들을 사전에 공유하고 해당 정보의 자동화된 해석을 통한 신속한 대응 처리의 중요성이 높아지고 있다. 본 논문에서는 업체들의 장비/제품에 적용 가능한 제어 정보를 정의하고 이를 공유하기 위한 공유 시스템을 제안한다. 이를 위해 STIX 2.0 표준을 도입하여 제어 정보를 설계하고, 확장 표준을 통해 요구되는 속성들을 추가 정의하여 자동화된 해석 및 대응 처리가 가능하도록 설계한다.

• Annual Conference of KIPS
• /
• 2018.05a
• /
• pp.142-144
• /
• 2018

최근 기반시설의 제어시스템을 대상으로하는 악성코드와 취약점 등이 지속적으로 보고됨에 따라 기반시설의 사이버위협에 대한 긴장감 고조되고 있다. 이와 같은 최신 사이버위협들을 예방하기 위해서는 주기적인 취약점 점검 및 제거가 필수적이다. 이를 위해서는 먼저 해당 제어시스템에 대해 기 알려진 취약점 정보를 수집할 필요가 있다. 이에 본 논문에서는 공개 취약점 정보들을 활용해 제어시스템과 관계된 취약점 정보의 수집, 관리 및 활용을 위한 제어시스템 취약점 정보관리시스템의 설계 및 구축 방안용 제시하였다. 또한, 정보관리시스템 구축 시 필수디지털자산의 정보유출 사고를 예방을 위해 고려해야할 사항을 제안한다.

• Convergence Security Journal
• /
• v.15 no.6_1
• /
• pp.49-57
• /
• 2015

Changes in the national intelligence security industry is becoming increasingly rapidly changing due to the development of the network and the use of the Internet. Information also can be called by critical information assets, as well as social infrastructure of the country's reality is that individuals at risk. These professionals make to prevent terrorists to destroy national defense system and network was absolutely necessary. But, Cyber Terror Response NCOs to be responsible for cyber terrorism requires a professional NCOs with advanced knowledge. National Competency Standards(NCS) using a national information security field tutors to conduct training courses teaching - learning model to develop and to apply.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.161-165
• /
• 2004

기업 네트워크 환경 및 인터넷 상에서 발생할 수 있는 보안상의 취약점들은 악의를 가진 내외부의 공격자들에게 악용될 가능성이 있다. 이러한 상황은 기업으로 하여금 정보 자산의 유출 및 파괴 등의 물리적인 피해와 더불어 복구를 위한 인력 및 시간의 소요 등 금전적인 손해를 야기시킨다. 이에 정확한 네트워크 보안 위험을 분석하여 이러한 피해의 가능성을 사전에 파악하고, 예방할 수 있는 방안을 마련하여 최대한의 보안성을 확보하여야 한다. 본 고는 이를 해결하기 위한 네트워크의 보안 수준을 측정하고 분석할 수 있는 방법론을 살펴보고, 적절한 평가 절차 및 평가 수행 방법, 점검 항목을 해외이 대표사례와 국내 업체의 위험 분석 방법론 관하여 살펴본다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.945-950
• /
• 2017

Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.15-26
• /
• 2022

Various subjects are carrying out cyberattacks using a variety of tactics and techniques. Additionally, cyberattacks for political and economic purposes are also being carried out by groups which is sponsored by its nation. To deal with cyberattacks, researchers used to classify the malware family and the subjects of the attack based on malware signature. Unfortunately, attackers can easily masquerade as other group. Also, as the attack varies with subject, techniques, and purpose, it is more effective for defenders to identify the attacker's purpose and goal to respond appropriately. The essential goal of cyberattacks is to threaten the information security of the target assets. Information security is achieved by preserving the confidentiality, integrity, and availability of the assets. In this paper, we relabel the attacker's goal based on MITRE ATT&CK® in the point of CIA triad as well as classifying cyber security reports to verify the labeling method. Experimental results show that the model classified the proposed CIA label with at most 80% probability.