• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.25-32
• /
• 2020

In the midst of the rising need for Industrial Security experts, the development of National Competency Standards(NCS) with regards to industrial security is a very important and urgent task. The NCS standardizes university-level academic curriculum and qualification systems and connects them with the industry's needs. This study has extracted, classified and analyzed security-related jobs and tasks requiring security expertise that is required within NCS. Through this study, many tasks have been confirmed to require security competencies that are different from those in IT-security, physical security that already exist as a NCS tasks. It is expected that the industry's needs of industrial security expertise will be reflected in future NCS development, which will be used as basic data for systematizing industrial security jobs and competency.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.85-97
• /
• 2022

With the development of big data technology, data is rapidly entering a hyperconnected intelligent society that accelerates innovative growth in all industries. The convergence industry, which holds and utilizes various high-quality data, is becoming a new growth engine, and big data is fused to various traditional industries. In particular, in the medical field, structured data such as electronic medical record data and unstructured medical data such as CT and MRI are used together to increase the accuracy of disease prediction and diagnosis. Currently, the importance and size of unstructured data are increasing day by day in the medical industry, but conventional data security technologies and policies are structured data-oriented, and considerations for the security and utilization of unstructured data are insufficient. In order for medical treatment using big data to be activated in the future, data diversity and security must be internalized and organically linked at the stage of data construction, distribution, and utilization. In this paper, the current status of domestic and foreign data security systems and technologies is analyzed. After that, it is proposed to add unstructured data-centered de-identification technology to the guidelines for unstructured data and technology application cases in the industry so that unstructured data can be actively used in the medical field, and to establish standards for judging personal information for unstructured data. Furthermore, an object feature-based identification ID that can be used for unstructured data without infringing on personal information is proposed.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.89-97
• /
• 2020

Recently, security issues on industrial technology are undergoing rapid changes around the world. Developed countries are establishing response strategies to protect their own core technologies while creating conflicts with global value chains and foreign capital movement. Also in Korea, we are approaching industrial security issues in the mid- to long-term industrial competitiveness. The purpose of this study is to survey on the awareness of the industrial security ecosystem and derive key policy issues. Based on a three round survey, four policies were suggested as followings : systemization of industrial security control tower, enhancement of security company's technical skills and training of security specialists, improvement of technology leakage prevention system through retirement personnel and M&A, reinforcement of research security in R&D process and proactive technology protection. It is hoped that this study will serve as a basis for policy-making as an evidence-based study reflecting the policy demands of industrial security.

• Korea Information Processing Society Review
• /
• v.22 no.5
• /
• pp.36-45
• /
• 2015

금융과 IT의 융합을 의미하는 핀테크(Fintech) 열풍이 전세계적으로 뜨겁게 불고 있다. 핀테크를 통해 신기술들이 금융 산업 전반에 융합되면서 새로운 형태의 금융서비스가 등장하고 기존의 금융 시스템들이 가져왔던 문제점들을 개선하는데 기여할 것으로 보인다. 하지만 핀테크 산업 활성화를 위한 지속적 규제 완화와 이용자 편의성을 위한 각종 절차의 간소화 그리고 채널 서비스 기술간의 융복합이 일어나는 환경에서 제공되는 핀테크 서비스의 안전성에 대해 우려가 있다. 핀테크 시대에 정보보안은 성장의 인프라이며 금융상품을 선택하는 중요한 기준이 될 것이므로 보안리스크의 정량화와 단계별 통제 방안을 수립하고 사용자 인증, 결제정보 보안, API(Application Programming Interface) 보안 등 필요한 보안요소를 사업모델에 맞게 적용함으로써 편리성과 보안성을 함께 확보할 수 있어야 한다. 본 연구에서는 정보보안 관점에서 핀테크의 서비스의 특징과 보안 취약점을 분석하고 관련 위험을 줄이기 위한 대응방안을 모색해 보았다.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.27-32
• /
• 2014

The information security policy is one of the most important tools for organization to manage the implementation and ensure the organizational security. However, we do not have metrics for measuring its effectiveness. The ultimate purpose of this study is to develop the measures of information security policy effectiveness. To do this, this study review data quality and information quality literatures and investigate appropriate subfactors for information security policy. Rooted in these concepts, we suggest accuracy, completeness, interpretability, and relevance from content aspect and understandability, concise representation, and amount from form aspect as factors for information security policy effectiveness.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.147-159
• /
• 2022

This study conducted a patent analysis to explore the trend of technology development in the field of smart car security. As a result of the analysis, it was confirmed that along with the growth of the smart car market, the development of smart car security related technology is also increasing. In particular, as related technology development has been rapidly taking place in recent years, it has been confirmed that competition among leading smart car countries and major companies is also expanding due to the commercialization of smart car. This study is meaningful in that it examines trends related to smart car security through quantitative analysis using patent data and presents implications accordingly.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.21-30
• /
• 2008

This study researched into the method that allows only the certified user and computational engineer to possibly use network resources and computing resources by implementing the system of the intensified certification and security based on LDAP(Lightweight Directory Access Protocol) directory service, that copes with incapacitation in security program due to making the security program forcibly installed, and that can correctly track down the industrial-technology exporter along with applying the user-based security policy through inter-working with the existing method for the protection of industrial technology. Through this study, the intensified method for the protection of industrial technology can be embodied by implementing the integrated infra system through strengthening the existing system of managing the protection of industrial technology, and through supplementing vulnerability to the method for the protection of industrial technology.

• Information and Communications Magazine
• /
• v.32 no.12
• /
• pp.45-50
• /
• 2015

최근 다양한 산업 군에서 ICT 융합 서비스가 활발히 개발되고 있고 사물인터넷(IoT: Internet of Things) 기술이 신성장 동력의 핵심 기술로 주목받고 있다. IoT는 기존에 연결을 고려하지 않았던 생활 속 모든 것들을(daily life objects) 상호 연결시켜주는 기술이다. 가트너는 현재 1% 미만의 사물만이 인터넷에 연결된 상황으로 보고하고 있고 Cisco의 자료에 따르면 2020년에는 연결된 장치 수가 500억 개 이상으로 증가할 것으로 예측하고 있다. 많은 장치가 연결되는 IoT 환경에는 많은 취약점과 보안 위협이 존재할 것이므로 보안과 개인정보 보호 기술은 반드시 제공되어야 하는 핵심기술이다. 본고에서는 IoT 기반 융합 서비스에서 발생했던 침해 사례를 살펴보고, 안전한 서비스 개발을 위한 기본적인 보안 요구사항을 제시한다.

• Information Systems Review
• /
• v.21 no.3
• /
• pp.49-61
• /
• 2019

As the number of security incidents and damages increase steadily, interest in the security of society is growing, and the amount of academic interest and research is steadily increasing. However, despite these concerns and the quantitative increase in research, the terms 'security' and 'safety' have been mixed and studies have been conducted without the conceptual definition of various security terms being clearly defined. As a result, various forms of security concepts based on ICT environments have been misused. Therefore, we tried to derive the consensus of experts among the various security terms which are mixed in this study, and to summarize the concepts based on the analysis of domestic and foreign documents based on the concept of the terms. Through this research, we intend to contribute to the establishment of the academic identity of security by preventing related mistakes caused by the mixed use of terminology.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.