• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1045-1048
• /
• 2012

스마트 뱅킹을 사용하는 인구가 늘어나고 있으며 보안상의 위협이 대두되고 있다. 스마트 뱅킹의 경우 작은 보안상의 위험이 큰 금전적인 피해를 줄 수 있기 때문에 강력한 보안이 요구된다. 본 논문에서는 2-Factor 인증과 클라우드에 저장된 인증서를 통해서 스마트 뱅킹 서비스를 안전하게 사용하는 방법을 제안하였다. 인증서 중복저장에 의한 문제점을 해결하고자 인증서를 클라우드 서비스를 통해 제공하고, 저장된 인증서의 제3자에 의한 접근을 막기 위해 2-Factor 인증 기법으로 사용자를 인증한다.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2015.11a
• /
• pp.311-314
• /
• 2015

본 연구에서는 학교 폭력을 방지하고 학교 안전을 위한 다양한 제도들 중 배움터지킴이와 학교보안관에 관한 선행연구 및 사건사례를 분석하였다. 그리고 지금 논의되고 있는 학교 안전지도사 자격제도에 관해 조사하였다. 그 결과 기존의 제도들에 대해 다양한 문제점들이 두각 되었고 학교 안전지도사 제도가 이러한 문제점들에 대한 방안으로 모색되었다. 하지만 학교 안전지도사 제도가 기존의 다양한 제도들을 일원화할 수 있어야 하며 교직원에게 한정하는 부분은 수정 보완 되어져야 한다. 또한 교내의 학교범죄방지와 학교안전뿐만 아니라 교외 활동시에도 관련 부처와 상호 유기적으로 대응 할 수 있는 시스템이 이뤄져야한다.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2022

Recently, the concept of zero trust has been introduced, and it is necessary to strengthen the security elements required for the next-generation security control system. Also, the security paradigm in the era of the 4th industrial revolution is changing. Cloud computing and the cybersecurity problems caused by the dramatic changes in the work environment due to the corona 19 virus continue to occur. And at the same time, new cyber attack techniques are becoming more intelligent and advanced, so a future security control system is needed to strengthen security. Based on the core concept of doubting and trusting everything, Zero Trust Security increases security by monitoring all communications and allowing strict authentication and minimal access rights for access requesters. In this paper, we propose a security enhancement plan in the security control field through a zero trust security model that can understand the problems of the existing security control system and solve them.

• Review of KIISC
• /
• v.30 no.3
• /
• pp.37-45
• /
• 2020

사물인터넷 시장의 엄청난 확대와 기술의 발전 및 융합에 따라 기존 ICT 환경은 급속도로 발전하여 새롭게 신 ICT 환경이 형성되고 있다. 하지만, 신 ICT 환경은 다양한 기술과 통신 환경 및 수많은 기기로 구성되어 공격자들의 공격 방법 및 공격 경로가 다양화 되고 있는 추세이며, 특히, 기존 ICT 환경에서 사용하던 암호 알고리즘을 그대로 차용하고 기존의 프로토콜 또한 그대로 사용하고 있다. 이에 정보보안제품의 무분별한 도입을 방지하고 국가 및 공공기관의 안전성을 확보하기 위하여, 유·무선 인터넷 환경에 적용 가능한 암호모듈을 검증 시험함으로써 정보보안 산업의 활성화에 기여하고 있다. 본 논문에서는 국내 암호 산업의 활성화를 위해 관련 암호 정책을 이끌어 나가는 암호모듈 검증제도의 발전을 위해 국내·외 암호모듈 검증제도의 비교 내용을 소개한다.

• Review of KIISC
• /
• v.28 no.6
• /
• pp.63-69
• /
• 2018

방위산업기술보호법의 대상기관인 각 군(軍)은 방위산업기술보호 인식 및 역량 제고를 위한 방위산업기술보호 교육이 필요하다. 방위산업기술 즉 기밀기술정보, 비기밀통제기술정보, 핵심기능(CPI)에 대한 보호조치 등 군(軍) 방위력개선사업 실무절차와 관련된 특징을 고려하여 전력소요제기~운용시험평가~후속양상 구매 배치에 이르는 전(全) 단계에 방위산업기술 보호 지침에 따라 보안조치가 이루어져야 한다. 이러한 보안조치는 교육을 통해 효과가 극대화 된다. 따라서 본 연구는 각 군(軍)의 방위산업기술 보호에 관한 교육의 발전방안을 제시하는데 주안을 두었다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.371-373
• /
• 2024

디지털 헬스케어 기술이 고도화되면서 디지털 치료제와 원격 의료 서비스가 의료 산업과 일상생활에 널리 활용되고 있다. 그러나 빅데이터 기반의 AI 서비스가 보편화될 수 있도록 데이터 수집, 가공, 활용 과정에서 개인정보가 남용되거나 유출되는 보안 위협도 증가하고 있다. 본 논문에서는 AI 챗봇을 활용한 정신건강 서비스를 위한 보안 위협 대응책을 마련하고 개인정보보호 가이드라인을 수립하여 사용자들에게 안전한 서비스를 제공하고 개인정보보호를 강화하는 AI 챗봇 서비스를 위한 데이터 보안 가이드라인을 제안한다.

• Korean Security Journal
• /
• no.40
• /
• pp.175-207
• /
• 2014

This paper focuses on the study of a development direction of the industrial security Expert system. First of all, in order to manage Industrial security system, we need to have law, criminology, business and engineering professionals as well as IT experts, which are the multi-dimensional convergence professionals. Secondly, industrial organizations need to have workforce who can perform security strategy; security plan; security training; security services; or security system management and operations. Industrial security certification system can contribute to cultivate above mentioned professional workforce. Currently Industrial Security Expert(ISE) is a private qualification. However, the author argued that it have to be changed to national qualification. In addition, it is necessary that the system should be given credibility with verifying the personnel whether they are proper or not in the their field. In terms of quality innovation, it is also necessary that distinguish the levels of utilization of rating system of the industrial security coordinator through a long-term examination. With respect to grading criteria, we could consider the requirements as following: whether they must hold the degree of the industrial security-related areas of undergraduate or postgraduate (or to be); what or how many industrial security-related courses they should complete through a credit bank system. If the plan of completing certain industrial security-related credits simply through the credit bank system, without establishing a new industrial security-related department, has established, then industrial security study would be spreaded and advanced. For private certification holders, the problem of the qualification succeeding process is important matter. Additionally, it is necessary to introduce the certifying system of ISMS(Industrial Security Management System) which is a specialized system for protecting industrial technology. To sum up, when the industrial security management system links the industrial security management certification, industrial security would realize in the companies and research institutions dealing with national key technology. Then, a group synergy effect would occurs.

• Journal of Navigation and Port Research
• /
• v.36 no.1
• /
• pp.9-14
• /
• 2012

Maritime security incidents by pirates and by terrorists increase, but maritime incidents investigation models are limited to figure out the maritime security incidents. This paper provides the analysis model for maritime security incidents. To develop this analysis model, this categorizes five threat factors, the ship, the cargo type, port system, human factor, information flow system, makes the risk assessment matrix to quantify the risk related to threat factors and classifies four priority categories of risk assessment matrix. Also, this model makes from the frameworks which include a variety of security initiatives implementing in stakeholder levels like international organizations, individual governments, shipping companies, and the ship. Therefore, this paper develops the Analysis for Maritime Security Management model based on various security initiatives responding to the stakeholder levels of maritime security management and top-bottom/bottom-up decision trees, and shows the validity through verifying the real maritime security incident of M/V Petro Ranger.

• Korean Security Journal
• /
• no.53
• /
• pp.83-105
• /
• 2017

The purpose of this study is to identify the problems of In-Flight Security Officer responsible for the security of the aircraft in the situation where Acts of Unlawful Interference in Aircraft shows an increasing tendency and the aircraft security is threatened by the terror threat of IS(Daesh) and to suggests its policy implications. Based on the problems of In-Flight Security Officer system found in the media reports and laws, the US Air Marshal system and the domestic similar system were presented to the In-Flight Security Officer developmental implications. First, it is necessary to revise the "Operational Guidelines for Airline Operators' In-Flight security officer" and the related qualifications to the "National Technical Qualifications" system. Second, the plan to change the national civil servants of In-Flight Security Officer in the aircraft, Third, it is a plan to use the registered security guard system in the aircraft. Although this study has limitations the accessibility of information related to aviation security. But, contributions of this study is that the government's efforts to create the public sector jobs, the "strengthening of public services in the country", "the establishment of national accountability for safety accident prevention and disaster safety management" in the "A five-year plan for Government Operation" that it has a timeliness in that it is together. In addition, since there are not many researches related to In-Flight Security Officer, this study also has another contribution as a basic study of the researchers in the aviation security aircraft in the future.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.945-950
• /
• 2017

Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.