• Title/Summary/Keyword: 정보자산보호

Search Result 260, Processing Time 0.024 seconds

A Empirical Validation of Risk Analysis Model in Electronic Commerce (전자상거래환경에서 위험분석방법론의 타당성에 대한 연구)

  • 김종기;이동호;서창갑
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.4
    • /
    • pp.61-74
    • /
    • 2004
  • Risk analysis model is systematic and structural process that considers internal security problems and threat factors of the information systems to find optimal level of security control. But, the risk analysis model is just only defined conceptually and there are not so many empirical studies. This research used structural equation modeling(SEM) research methodology with rigorously validated research instrument. Based on results of this study, risk analysis methodology was proved to be practically useful in e-commerce environment. Factors like threat and control were significantly related to risk. In conclusion, the results of this study can be applied to general situation or environment of information security for analyzing and managing the risk and providing new approach to comprehend concept of risk in e-commerce environment.

Research of knowledge-based management activation and knowledge worker training plan (지식경영활성화 및 지식근로자 양성방안에 관한 연구 : A 기관의 사례)

  • Seo, Sang-Cheol;Jang, Gi-Jin
    • 한국디지털정책학회:학술대회논문집
    • /
    • 2003.12a
    • /
    • pp.535-549
    • /
    • 2003
  • 우리가 살아가는 21 세기는 산업화시대와는 달리 급격한 경영환경의 변화 기술융합을 통한 끊임없는 신기술의 등장, 가치사슬의 변화, 프로세스(process)의 통합과 자동화로 인한 가격 등이 파괴되면서 생존을 위한 치열한 경쟁의 시대로 접어들고 있다. 이러한 사회환경의 변화에 따라 지식의 창출 못지 않게 지석의 보호도 중요하게 되었다. 그러나 공공기관의 지식은 체계적인 관리 체계가 이루어지지 않아 담당자의 인사.이동 혹은 퇴직 등으로 인하여 축적된 업무지식이 개인과 함께 그 조직에서 사라져 지식경쟁력이 약화되는 현상을 초래하고 있다. 따라서 본 연구에서는 기존의 단위업무시스템을 통합하여 새롭게 구축된 지식관리시스템을 조기에 정착시키고 이를 활용하여 무형자산의 가치를 극대화하기 위한 방안으로 $2002.12.01{\sim}2003.05.31$ 까지 6 개월 동안 지식관리시스템에 등록된 지식을 분석하여 지식경영을 활성화할 수 있는 방안과 미래사회의 핵심이 될 지석근로자를 양성할 수 있는 방안으로 자신의 능력을 극대화할 수 있는 3 가지 원리와 5 차원 전면교육학습법에 대하여 제시하였다.

  • PDF

Quantitative Risk Assessment on a Decentralized Cryptocurrency Wallet with a Bayesian Network (베이즈 네트워크를 이용한 탈중앙화 암호화폐 지갑의 정량적 위험성 평가)

  • Yoo, Byeongcheol;Kim, Seungjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.4
    • /
    • pp.637-659
    • /
    • 2021
  • Since the creation of the first Bitcoin blockchain in 2009, the number of cryptocurrency users has steadily increased. However, the number of hacking attacks targeting assets stored in these users' cryptocurrency wallets is also increasing. Therefore, we evaluate the security of the wallets currently on the market to ensure that they are safe. We first conduct threat modeling to identify threats to cryptocurrency wallets and identify the security requirements. Second, based on the derived security requirements, we utilize attack trees and Bayesian network analysis to quantitatively measure the risks inherent in each wallet and compare them. According to the results, the average total risk in software wallets is 1.22 times greater than that in hardware wallets. In the comparison of different hardware wallets, we found that the total risk inherent to the Trezor One wallet, which has a general-purpose MCU, is 1.11 times greater than that of the Ledger Nano S wallet, which has a secure element. However, use of a secure element in a cryptocurrency wallet has been shown to be less effective at reducing risks.

The ISO the research also the ISMS security maturity of 27001 regarding a measurement modeling (ISO 27004 information security management measurement and metric system) (ISO 27001의 ISMS 보안성숙도 측정 모델링에 관한 연구 (ISO 27004 정보보호관리 측정 및 척도 체계))

  • Kim, Tai-Dal
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.6
    • /
    • pp.153-160
    • /
    • 2007
  • Recently, the demand against the system risk analysis and security management from the enterprises or the agencies which operate a information system is increasing even from domestic. The international against the standardization trend of information protection management system it investigates from the dissertation which it sees. It analyzed and against information property information protection management system integrated it will be able to manage a danger modeling it did it proposed. Having analyzed as well as compared the matureness of security-measurement models in regard to the global standard of proposal system, the administrative presentation for various IT technology resources. which have been managed singly so far, is now well applied under the united control of the company itself, and enabled the automated management of authentication support and renewal for ISO 27001, ISO 9000, ISO 14000, resulting in much advanced operation for both material and human resources.

  • PDF

Study of Conversions Security Management System, Co-Relation Rule-Set scenario and architecture for incidence detection (융합보안관제환경을 위한 아키텍처 구축 및 활용 방안에 대한 연구)

  • Hwang, Donguk;Lee, Sanghun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.2
    • /
    • pp.353-371
    • /
    • 2014
  • We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

A Study on the Detection Model of Illegal Access to Large-scale Service Networks using Netflow (Netflow를 활용한 대규모 서비스망 불법 접속 추적 모델 연구)

  • Lee, Taek-Hyun;Park, WonHyung;Kook, Kwang-Ho
    • Convergence Security Journal
    • /
    • v.21 no.2
    • /
    • pp.11-18
    • /
    • 2021
  • To protect tangible and intangible assets, most of the companies are conducting information protection monitoring by using various security equipment in the IT service network. As the security equipment that needs to be protected increases in the process of upgrading and expanding the service network, it is difficult to monitor the possible exposure to the attack for the entire service network. As a countermeasure to this, various studies have been conducted to detect external attacks and illegal communication of equipment, but studies on effective monitoring of the open service ports and construction of illegal communication monitoring system for large-scale service networks are insufficient. In this study, we propose a framework that can monitor information leakage and illegal communication attempts in a wide range of service networks without large-scale investment by analyzing 'Netflow statistical information' of backbone network equipment, which is the gateway to the entire data flow of the IT service network. By using machine learning algorithms to the Netfllow data, we could obtain the high classification accuracy of 94% in identifying whether the Telnet service port of operating equipment is open or not, and we could track the illegal communication of the damaged equipment by using the illegal communication history of the damaged equipment.

Comparision and Consideration for Industrial Security Activity of Governmental Agencies (정부기관의 산업보안활동에 관한 비교 및 고찰)

  • Hong, Hyo-Jik;Chang, Hang-Bae
    • Annual Conference of KIPS
    • /
    • 2015.10a
    • /
    • pp.748-750
    • /
    • 2015
  • 지식 정보화 사회의 진입으로 인해 다양한 분야에 걸쳐 핵심기술을 보유하게 됨에 따라 국가경쟁력이 강화되어지고 있다. 국가경쟁력이 강회되어짐에 따라 중요 산업정보나 핵심기술이 발생하였으며 이러한 핵심 산업정보를 지키는 것이 매우 중요해졌다. 이에 따라 정부에서 이러한 산업자산을 보호하기 위해 산업보안 관련 부서를 구성하여 다양한 산업보안활동을 수행하고 있다. 하지만 아직 산업보안의 개념 및 학문의 정체성이 확립되어지지 않아 제대로 된 산업보안 활동이 수행되어지지 않고 있다. 본 연구에서는 정부기관의 산업보안활동을 비교/분석하려고 한다. 그리고 산업보안 개념 분석을 통해 정부기관의 올바른 산업보안활동 방향성을 제언하려고 한다.

Monitoring System of File Outflow through Storage Devices and Printers (저장매체와 프린터를 통한 파일유출 모니터링시스템)

  • Choi Joo-ho;Rhew Sung-yul
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.4
    • /
    • pp.51-60
    • /
    • 2005
  • The riles or intellectual property on computer systems have increasingly been exposed to such threats that they can be flowed out by internal users or outer attacks through the network. The File Outflow Monitoring System monitors file outflows at server by making the toe when users copy files on client computers into storage devices or print them, The monitoring system filters I/O Request packet by I/O Manager in kernel level if files are flowed out by copying, while it uses Win32 API hooking if printed. As a result, it has exactly made the log and monitored file outflows, which is proved through testing in Windows 2000 and XP.

A Study on Increasing Security Following Mutual Interaction and Integration of Dualized Security Category between Information Security and Personal Information Protection (정보보안과 개인정보보호 간의 이원화 보안범주의 상호연계 및 통합에 따른 보안성 증대에 대한 연구)

  • Seo, Woo-Seok
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.13 no.3
    • /
    • pp.601-608
    • /
    • 2018
  • While the legislation on the protection of personal information in public institutions was enacted and amended, the guidelines and laws on information security were focused, contracted and realized with focus on specific institutions. Mutual laws and guidelines have been applied and realized for the dual purpose of securing both the asset of macroscopic information and the asset of personally identification information, which are mutually different media information. However, in a bid to present the definition and direction of the fourth industrial revolution in 2017, a variety of products and solutions for security designed to ensure the best safety line of the 21st century, and the third technology with the comprehensive coverage for all these fields, a number of solutions and technologies, including IOT(: Internet of Things), ICT Internet of Things(: ICT), ICT Cloud, and AI (: Artificial Intelligence) are pouring into the security market as if plastic doll toys were manufactured in massive scale into the market. With the rising need for guaranteeing the interrelation for securities with dualistic physical, administrative, logical and psychological differences, that is, information security and personal information security that are classified into two main categories and for the enhanced security for integrated management and technical application, the study aims to acquire the optimal security by analyzing the interrelationship between the two cases and applying it to the study results.

Tools for Web-Based Security Management Level Analysis (웹기반 보안 관리 수준 분석 도구)

  • Park, Jun-Hyoung;Bang, Young-Hwan;Lee, Gang-Soo
    • Annual Conference of KIPS
    • /
    • 2003.05c
    • /
    • pp.1677-1680
    • /
    • 2003
  • 기존의 보안 관리 수준을 측정하기 위한 방법들이 다양하지만 IT 자산을 중심으로 한 평가만이 이루어지고 있는 관계로 조직 전반에 걸친 분석이 이루어지지 못했다. 따라서 본 논문에서는 보안 관리 수준 점검을 손쉽게 할 수 있도록 웹 기반 보안 관리 수준 분석 도구에 대해 제시한다. 본 도구의 경우는 전사적 정보 보호 관리 방법론인 BS7799의 보안통제 항목들을 기반으로 설문 내용을 구성하였다.

  • PDF