• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.171-182
• /
• 2014

Common Criteria is a scheme that minimize IT products's vulnerabilities in accordance with the evaluation assurance level. SSDLC(Secure Software Development Lifecycle) is a methodology that reduce the weakness that can be used to generate vulnerabilities of software development life cycle. However, Common Criteria does not consider certificated IT products's vulnerabilities after certificated it. So, it can make a problem the safety and reliability of IT products. In addition, the developer and the evaluator have the burden of duplicating evaluations of IT products that introduce into the government business due to satisfy both Common Criteria and SSDLC. Thus, we researched the relationship among the Common Criteria, the static code analysis tools, and the SSDLC. And then, we proposed how to combine SSDLC into Common Criteria.

• The Bimonthly Magazine for Agrochemicals and Plant Protection
• /
• v.12 no.6 s.105
• /
• pp.48-53
• /
• 1991

화합물의 국제교역시 위험물 평가 및 이와 관련된 정보교환의 기본원칙과 이행방법을 주지시키기 위한 아$\cdot$태(亞$\cdot$太)지역회의로서 $\ulcorner$PIC 이행에 관한 회의$\lrcorner$가 91년 7월 29일부터 8월 2일까지 필리핀의 마닐라에서 개최되었다. 한국에서는 필자와 국립환경연구원의 이민효 연구관이 정부대표로 참석했고 업계에서도 4명이 동참했다. PIC는 무엇이며, 어떻게 운영되고, 이의 도입에 대한 우리의 입장은 어떠한지 알아본다.

• Journal of Advanced Navigation Technology
• /
• v.14 no.6
• /
• pp.970-974
• /
• 2010

According to IT technology has evolved, smart phone rapidly propagates for mobility. A smart phone user acquires useful information, but attackers generate various damage. For example, an attacker must distribute to expose the privacy of others. To solve this problem, various information security products are being developed. In addition, information security has been strengthened. In this paper, we propose a scheme for secure use of smart phone. For development of secure smart phone, the development processes should be secure. In addition, we propose an information security production certification system for secure smart phone security.

• Spatial Information Research
• /
• v.19 no.4
• /
• pp.33-43
• /
• 2011

Countries all over the world have been operating various certification systems to protect their consumers, and these systems have become trade barriers between countries. Also, KS and KCC were not designed to reflect characteristics of Geo-Spatial Information Device. The purpose of this study was to derive the plan of Quality Certification System for Geo-Spatial Information Device through the analyses of the existing Quality Certification System. The results of this study were as follows. Firstly, we defined the concept of Quality Certification System for Geo-Spatial Information Device. Secondly, we set the boundary, factors and process of Quality Certification System for Geo-Spatial Information Device through classifying it in detail. Lastly, we suggested about fundamental concept of Quality Certification System for Geo-Spatial Information Device a the analyses of the existing Quality Certification System.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.107-114
• /
• 2015

Since 2002, information security management system has been implemented (ISMS) certification scheme whilst providing telecommunications services to enhance the level of enterprise information security was ongoing and Prevent accidents and avoid spread of infringement, such as rapid response and there is a lot of it came true. However, this system is the protection of the country or the investment company, as part of the actual information on how management affects the performance came from or how measures are still lacking for. In this study, the companies have their own privacy ISMS certification measures the level of activity continued to improve information security performance measures and methodology are presented. The government is also based on the validity of the certification system to ensure the overall implementation of the ISMS itself is this a step increase effective information security system is to be certified in advance to prevent security incidents and to improve business performance to help.

• Review of KIISC
• /
• v.30 no.1
• /
• pp.7-12
• /
• 2020

비침투보안은 암호모듈 검증제도와 CC 평가 등에서 암호 시스템이 만족해야 하는 보안 요구사항 중 하나이다. 최근 미국 CMVP 제도는 기존 FIPS 140-2 기반의 시험기준을 ISO/IEC 19790, 24759 기반의 FIPS 140-3으로 변경하고 있으며, 2020년 9월 22일부터 실제 시험에 적용할 예정이다. 이러한 변화와 더불어 ISO/IEC 19790, 24759의 비침투공격 보안 요구사항에 대한 구체적인 시험 방법, 시험 도구 요구사항, 시험 도구 설정 방식 등에 관한 표준이 ISO/IEC JTC 1/SC 27에 의해 ISO/IEC 17825와 20085-1, 2으로 각각 발간 혹은 표준 제정 진행중에 있다. 본 논문에서는 비침투보안 시험방법론과 관련된 ISO 표준인 ISO/IEC 17825와 20085-1, 2를 통해 비침투공격 시험방법론 표준화 동향에 대해 살펴보고자 한다.

• Agrochemical news magazine
• /
• v.23 no.5 s.178
• /
• pp.10-13
• /
• 2002

농약은 농산물 생산에 있어서 병해충 및 잡초를 방제함으로써 생산성을 높이는데 필수적인 농업자재로 인식하고 있다. 그런데 모든 화학물질이 그러하듯이 농약도 두 가지 양면성을 지니고 있다. 즉, 약효와 독성이다. 일반적으로 농약은 뿌려진 농약의 $0.1\%$이하만이 목표물이라고 할 수 있는 해충 및 잡초, 이병작물에 떨어지고 그 외는 비표적 생물 및 환경매체에 떨어짐으로써 생태계에 영향을 준다고 한다. 약효는 농약으로서 지녀야 하는 당연한 기능이지만 독성은 가능한 줄여야 할 기능이기 때문에 농약회사에서는 약효는 높으면서 사람과 생태계에는 좀 더 안전한 농약을 개발하기 위해 애쓰고 있다. 우리나라는 전세계적으로 볼 때 농약을 비교적 많이 사용하는 나라로 알려져 있으나 경제규모 및 사용량에 비해서 생태계에 대한 농약관리는 앞서가지 못하고 있는 것이 현실이다. 따라서 농약의 생태위해성 평가에 대한 기본적인 이해를 돕기 위해 이번호부터 연재를 통해 생태위해성에 대한 기본개념을 소개함과 동시에 국내외 농약등록제도에서의 생태위해성 의사결정 과정을 비교하고 마지막으로는 국내 농약관리제도에 있어서 생태독성분야의 의사결정에 대하여 개선방안을 제안하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1293-1314
• /
• 2015

As ICT is becoming a major social infrastructure, the need to strengthen cyber capabilities are emerging. In the major advanced countries including the United States, has a continuing interest in strengthening cyber capabilities and has studied in enhancements of cyber capabilities. The cyber capability assessment is necessary in order to determine the current level of the country, establish policy directions and legislations. The selection of criteria has very important meaning to suggest future policy direction as well as an objective assessment of cybersecurity capabilities. But there are variable criteria for national cyber capabilities assessment such as strategy, legislation, technology, society and culture, and human resources. In this paper we perform the analysis of criteria for the other country's cybersecurity assessments including the U.S. and Europe. And we proposed the criteria for the national cybersecurity assessment reflecting the our country's characteristics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1133-1143
• /
• 2012

Currently, Many Cyber Security Centers(CSC) are established and being operated in our country. But, in the absence of indicators to evaluate activities of the Managed Security Service(MSS), We can't identify the CSC's level of overall job performance. Therefore, we can't derive strengths and weaknesses from the CSC. From these reasons, The purpose of this research is to develop an objective indicator to evaluate activities of the MSS. I studied both international and domestic Information Security Management System(ISMS) as related standards(ISO/IEC 27001, G-ISMS). Moreover, I analysed the NIST Computer Security Incident Handing Guide and the Incident Management Capability Metrics(IMCM) of Carnegie Mellon Software Engineering Institute(SEI). The implications for this analysis and domestic hands-on experience are reflected in the research. So I developed 10 evaluation domains and 62 detail evaluation items. This research will contribute to our understanding the level of the CSC's job performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1269-1277
• /
• 2016

European Union and United States have introduced new Privacy Shield agreement after decision of Court of Justice of the European Union which invalidated Safe Harbor agreement. Privacy Shield agreement contains several clauses to raise the level of personal data protection such as enhanced commitments, stronger enforcement, clear safeguards and transparency obligations, and effective protection of EU citizens' rights with several redress possibilities. This agreement has received positive response as an enhanced measure for personal data protection. This paper examines EU and US discussion history and current situation regarding Privacy Shield and suggests national policy direction such as measures for personal data transborder flow system improvement and international cooperation.