• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.99-104
• /
• 2018

Modern society has entered the era of the fourth industrial revolution beyond the information age. In other words, technology innovations such as life science, unmanned automobiles, drone, artificial intelligence, big data, robot technology, Internet of things, and nano-technology are leading the change of the world. In these technologies use and delivery of information is playing a key role, and the field of information security for the safe use of information has become an indispensable discipline. In this sense, it is necessary to standardize the curriculum of universities to foster security manpower to meet the needs of the era. In this paper, we develop and present a model to standardize the curriculum in the field of information security. Using this model, each educational institution will be able to select the necessary track or field to guide the students and cultivate information security manpower effectively.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.573-584
• /
• 2001

Policy-Based Network Management (PBNM) architecture is to meet various needs of network users and to provide effective management facilities in distributed and large scale networks to network managers. In PBNM, network managers perform network management operations by stipulating a set of rules rather than control each network component. On the other hand, providing security services such as authentication, privacy of messages as well as a new flexible and extensible administration framework, SNMPv3 enables network managers to monitor and control the operation of network components more secure way than ever before. Despite of its enhanced security services, SNMPv3 has difficulties in managing distributed, large-scaled network because it does not provide centralized security management facilities. In this paper, we propose a new security model called Role-based Security Management model (RSM) with security management policy to support scalable and centralized security management for SNMP-based networks. Also, the structure and the operation of the security system as well as the efficiency analysis of RSM in terms of security management are also described.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.43-50
• /
• 2013

Recently, Cyber threats that is doing intelligence and sophistication from the organization's information assets to secure order technical disciplines, as well as managerial and environmental sectors, such as mind-response system is must established. In this paper, possible to analyze the case for the theory in network security, such as the logical network and physical network separation suitable for the corporate environment and constantly respond and manage the Information Security Management Model A secure network design is proposed. In particular, the proposed model improvements derived from the existing network, network improvements have been made in order to design improved ability to respond to real-time security and central manageability, security threats, pre-emptive detection and proactive coping, critical equipment in the event of a dual hwalreu through applied features such as high-availability, high-performance, high-reliability, ensuring separation of individual network security policy integrated management of individual network, network security directional.

• The Journal of Korean Association of Computer Education
• /
• v.7 no.5
• /
• pp.93-99
• /
• 2004

The most important technology in the electronic commerce based on Internet is to guarantee the security of trading information exchange. Many technologies are proposed as a standard to support this security problem. One of them is an XML (eXtensible Markup Language). This is used in various applications as the document standard for electronic commerce system. The XML security has become very important topic. In this paper an XML security model for web services based electronic commerce system to guarantee the secure exchange of trading information. To accomplish the security of XML, the differences of XML signature, XML encryption and XML key management scheme respect to the conventional system should be provided. The new architecture is proposed based on unique characteristics of XML. Especially the method to integrate the process management system need to the electronic commerce is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.109-122
• /
• 2022

The purpose of information security activities is to reduce large-scale material and human accidents that are concerned about hacking damage to important systems, such as control systems, through periodic preventive activities in addition to finding the cause and taking follow-up measures after damage caused by hacking. For this reason, although each institution is using a security work audit model in accordance with the relevant regulations, it is not easy to conduct company-wide inspection activities due to the constraints of manpower and time. Therefore, in this paper, we will analyze the major vulnerabilities of public institutions over the past 10 years and present a security audit model that can perform efficient security activities compared to the models for domestic and foreign security audits.

• Review of KIISC
• /
• v.13 no.1
• /
• pp.68-76
• /
• 2003

네트웍 기반의 컴퓨터 보안이 컴퓨터 보안분야의 중요한 문제점으로 인식이 된 이래 네트웍 기반의 침입탐지 방법 중 클러스터링(Clustering)을 이용한 비정상 탐지기법(Anomaly detection)을 사용하는 시도들이 있었다. 네트웍 데이터 같은 대량의 데이터의 처리에 클러스터링을 통한 방법이 효과적인 결과를 나타내었음이 다수의 논문에서 제기되어왔으나 이 모델에서의 클러스터링 방법은 네트웍 정보로부터 추출한 정보들을 정상적인 클러스터들과 그렇지 않은 클러스터들 크게 두 집단으로 나누는 방법을 택했었는데 침입탐지율에서 만족할만한 결과를 얻지 못했었다. 본 논문에서 제안하고자 하는 모델에서는 이를 좀 더 세분화하여 네트웍 서비스(Network service)별로 정상적인 클러스터들과 그렇지 않은 클러스터들을 가지게되는 방법을 적용하여 기존 모델에서의 침입탐지율 결과의 개선을 도모해 보고자한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.01a
• /
• pp.101-102
• /
• 2023

본 연구에서는 인터넷 상에서 발생되는 부정행위를 탐지할수 있는 신뢰 모델을 생성하고 개인의 프라이버시를 보장할수 있는 모델을 제시하였다. 인터넷 상에 게시판에 올려진 부정해위를 탐지하기 위해 앙상블 접근 방식 기반의 분류 모델을 제시하고 자동화된 도구를 제안하였다. 본 연구는 데이터에 대한 탐색적 데이터 분석을 수행하고 얻은 통찰력을 사용해 자연어처리 가반 텍스트를 기반으로 앙상블 기반의 위조 탐지 알고리즘을 제안하였다. 제안 알고리즘의 정확도는 99%로 자연어 처리에 높은 탐지율을 보였다.

• Review of KIISC
• /
• v.8 no.2
• /
• pp.85-90
• /
• 1998

중요한 정보가 컴퓨터를 저당.처리되면서 이들을 안전하게 유지. 관리하여야 할 필요성이 크게 부각되고 있다. 본 고에서는 다양한 정보를 안전하게 유지.관리하기 위한 보안 모델을 소개하고 이를 기반으로 안전한 DBMS의 설계를 위한 커널 구조, 중복, 구조, 분산구조 등의 구축기술과 상용 DBMS 보안제품의 평가 동향을 소개하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.237-240
• /
• 2011

Voice over Internet Protocol calls using administrative agency to build a national information and communication service, 'C' group, providers, the KT, SK Broadband, LG U+, Samsung SDS, as there are four operators. To prepare for an attack on Voice over Internet Protocol for administrative agency, security is a need for research to support the model. In this paper, the Internet telephone business of Administrative Agency to investigate and analyze the specific security measures to respond. Should set priorities around confidentiality about five security threats from NIS to Study of Voice over Internet Protocol Security Response Model for Administrative Agency. (1) Illegal wiretapping, (2) call interception, (3) service misuse, (4) denial of service attacks, (5) spam attacks, write about and analyze attack scenarios. In this paper, an analysis of protection by security threats and security breaches through a step-by-step system to address the research study is a step-by-step development of the corresponding model.

• Information Systems Review
• /
• v.25 no.4
• /
• pp.27-45
• /
• 2023

The importance of information security has grown alongside the development of information and communication technology. However, companies struggle to select suitable countermeasures within their limited budgets. Sönmez and Kılıç (2021) proposed a model using AHP and mixed integer programming to determine the optimal investment combination for mitigating information security breaches. However, their model had limitations: 1) a lack of objective measurement for countermeasure efficacy against security threats, 2) unrealistic scenarios where risk reduction surpassed pre-investment levels, and 3) cost duplication when using a single countermeasure for multiple threats. This paper enhances the model by objectively quantifying countermeasure efficacy using the beta probability distribution. It also resolves unrealistic scenarios and the issue of duplicating investments for a single countermeasure. An empirical analysis was conducted on domestic SMEs to determine investment budgets and risk levels. The improved model outperformed Sönmez and Kılıç's (2021) optimization model. By employing the proposed effectiveness measurement approach, difficulty to evaluate countermeasures can be quantified. Utilizing the improved optimization model allows for deriving an optimal investment portfolio for each countermeasure within a fixed budget, considering information security costs, quantities, and effectiveness. This aids in securing the information security budget and effectively addressing information security threats.