• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.10b
• /
• pp.1021-1024
• /
• 2001

침입 및 해킹의 사례가 증가함에 따라 네트워크 침입 탐지 및 해킹 대응을 위한 네트워크 보안의 필요성이 증가하고 있으며, 정책 서버를 구축하는 솔루션이 등장하고 있다. 일반적인 정책 정보 모델은 IETF의 정책 프레임워크 워킹 그룹과 DMTF의 CIM 활동을 통해 활발히 표준화가 되고 있다. 이러한 표준들은 그 동안 QoS를 위해 대부분 사용되었으나 우리는 이러한 표준을 네트워크 보안 정책 시스템에 맞게 확장하여 네트워크 보안 정책 정보 모델을 구축한다. 본 논문은 패킷 헤더 필드들을 변수화하고 네트워크 보안 정책 정보 모델에서 침입 탐지 및 해킹 대응에 대한 정책을 모델링하는 방법을 제시한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.01a
• /
• pp.273-276
• /
• 2022

정보통신 기술의 발달은 보안 위협의 증가라는 결과를 함께 가져왔고 국내뿐만 아니라 국외로도 보안 정책 관리에 대한 필요성이 지속적으로 강조되었다. 본 논문에서는 여러 보안 장비 중 방화벽 정책 관리를 도울 수 있는 보조 시스템을 개발하였다. 이를 위해 오픈소스 방화벽 솔루션을 가상 환경에 구축하고 방화벽 정책을 추출 및 분석하여 미 동작 정책과 중복 정책을 식별하였다. 이러한 점검 보조 도구를 정책 관리에 이용한다면 낮은 이해도로 인한 Human Error의 발생을 가능한 줄이고 그 결과, 외부 위협의 최소화를 이룰 것이라 기대한다.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.113-120
• /
• 2022

Despite the limitations of existing security policies due to technological development, companies are unable to actively respond to changes by maintaining a closed security policy. This study classified information security policy into three types: regulatory type policy, advisory type policy, and informative type policy. For each classified policy type, the effect on the information security policy compliance behavior of organizational members was investigated by applying the extended theory of planned behavior, and the moderating effect of information security stress was investigated. SmartPLS 2.0 and SPSS 21.0, which are structural equation modeling techniques, were used to analyze the relationship affecting each factor. As a result of the study, regulatory type, advisory type, and informative type security policies affected organizational members' information security policy compliance behavior, and security stress had an effect on information security compliance attitudes and subjective norms on information security, which are prerequisites for planned behavior theory. gave. This study suggests that various types of corporate information security policies can be applied and that security stress can affect information security behaviors of members.

• Journal of the Korean Society for Library and Information Science
• /
• v.34 no.4
• /
• pp.143-160
• /
• 2000

The primary purpose of the present study is two-fold: i) to analyze the level of understanding and perception of stakeholders on the dissemination policy of digital geographic information and ii) to explore the policy direction to enhance the user accessibility based upon stakeholder analysis. The study is composed of descriptive analysis with extensive literature review and empirical analysis. The empirical analysis employs qualitative method as well as quantitative one, articulating perception of stakeholders in a comparative manner and suggesting policy directions. Based on the interview and the survey results, the study proposes the overall directions of dissemination policy to facilitate the efficient use of digital geographic information.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.04a
• /
• pp.1084-1088
• /
• 2000

현재 인터넷에서 QoS(Quality of Service )를 보장하기 위해 다양한 메커니즘이 제안되고 있다. 통신망에서 QoS를 지원하기 위해서는 해당 응용 서비스마다 적절한 자원을 할당하고 자원 사용을 모니터링 및 제어하며, 이례적인 사건이 발생하였을 경우 자원을 재할당할 수 있도록 지원하는 자원관리 기능이 요구된다. 본 논문에서는 차등서비스를 제공하는 인터넷에서 QoS를 제공하기 위해 망자원을 관리 및 제어하는 정책기반 자원관리시스템의 설계 및 구현에 대해 기술한다. 정책기반 자원관리 시스템은 도메인 내의 사용자나 망 관리자로부터 QoS 요구를 받으면 도메인 내의 자원사용량과 자원사용정책에 따라서 내부자원을 할당하고, 이웃도메인과는 QoS가 보장되도록 SLA(Service Level Agreement)를 체결하는 기능을 수행한다. 구현한 정책기반 자원관리시스템은 정책정보를 PIB(Policy Information Base)의 형태로 정책 데이터베이스에 저장하며, 정책서버와 정책 클라이언트 사이에는COPS(Common Open Policy Service)프로토콜을 사용하여 정책 정보를 송수신함을 특징으로 한다.

• Journal of the Korean Society for Library and Information Science
• /
• v.54 no.1
• /
• pp.71-88
• /
• 2020

The purpose of this study is to propose the improvement strategies for policy information services of National Library of Korea, Sejong through analysis of their current status and problems. For the study, we conducted interviews with service providers and users and identified some issues in provision and use of the services. Specifically, we found problems of service provision system characterized by dualization and decentralization, and further identified specific issues with provision of individual services. Moreover, the interviews with service users suggested user types, user perception of the service, and problems in the use of individual services. Based on the findings, we proposed improvement strategies in six aspects: collection, services, organization, system, promotion, and cooperation. We hope these strategies contribute to vitalizing the policy information services of National Library of Korea, Sejong.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.43-52
• /
• 1997

정보사회로의 촉진을 유도하기 위한 초고속 정보통신기반 구축은 다양한 서비스 출현을 예상할 수 있게 하면서 이에 따른 위협요소 및 정보 범죄도 반드시 나타나리라 판단된다. 따라서 안전성 확보를 위한 종합적인 정책 수립이 요구되고 있다. 본 논문에서는 정보보호 위협요소와 정보범죄 실태를 살펴보고, 정보보호 정책 수립 지침을 고찰하면서, 국가적으로 정보보호 정착을 위한 정책 방향을 제시한다.

• Spatial Information Research
• /
• v.20 no.6
• /
• pp.91-98
• /
• 2012

In order to efficiently promote a nation's National Spatial Data Infrastructure (NSDI) vision, it is important that a rational NSDI promotion system should be established. For such a NSDI promotion system, cooperation among the related organizations and the consistency of policies are crucial. In these regards, the main purpose of this research is to suggest a desirable model for the NSDI promotion system. Also, this study attempts to demonstrate problems and provide solutions in Korea NSDI promotion system. To accomplish this purpose, the literature reviews and content analysis were used. Following are the major findings of this research. First, a desirable NSDI promotion system should be consisted of the upper system (at the planning level) and the lower system (at the executive or implementing level). Second, the upper and lower system in NSDI promotion system should both be vertically connected and be horizontally connected. Third, the upper system should consist of the NSDI promotion committee, civil advisory committee, and sub-committee. Fourth, the lower system for the execution purposes of NSDI projects should consist of the NSDI top manager, in each central/local government, and professional support institute.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.347-363
• /
• 2024

As the number of cyberattacks against the National Critical Information Infrastructure (NCII) is steadily increasing, many countries are strengthening the protection of National Critical Information Infrastructure (NCII) through the enactment and revision of related policies and legal systems. Therefore, this paper selects countries such as the United States, the United Kingdom, Japan, Germany, and Australia, which have established National Critical Information Infrastructure (NCII) protection systems, and compares and analyzes the promotion system of each country's National Critical Information Infrastructure (NCII) protection policy. This paper compares the National Critical Information Infrastructure (NCII) protection system of each country with the cybersecurity system and analyzes the promotion structure. Based on the policy model theory, which is a modification of Allison's theory and Nakamura & Smallwood's theory, this paper analyzes the model of each country's promotion system from the perspective of policy-making and policy-execution. The United States, Japan, Germany, and Australia's policy-promotion model is a system-strengthening model in which both policy-making and policy-execution are organized around the protection of the National Critical Information Infrastructure (NCII), while the United Kingdom and South Korea's policy-promotion model is an execution-oriented model that focuses more on policy-execution.

• Informatization Policy
• /
• v.25 no.3
• /
• pp.29-51
• /
• 2018

As the core technology of the Fourth Industrial Revolution, the Internet of Things has been developed and has enabled various services, and personal information has been handled freely in the process. However, the infringement threat of personal information is increasing as more convenient services are provided and more information devices including smart devices are connected to the network. Therefore, this study is to analyze prioritizing personal information protection policy indicators in order to provide IoT services by constructing secure environment for implementing the Internet of things as the core technology of the 4th Industrial Revolution. This study reviewed personal information protection policy indicators based on the literature survey, and identified 3 fields, 9 areas, and 25 indicators through Delphi analysis for experts. The weights were calculated based on the AHP survey for 66 experts and the results were used to present the relative importance and priority of the policy indexes. The results of this study found the policy field was the most important, followed by the technical field, and the administrative field. Of the three areas of the policy field, strengthening the personal information protection laws related to IoT is the most important, while among the indicators, promoting and revising the personal information protection law related to IoT is the most important. Comparisons of the fields, areas, and indicators of IoT-related personal information protection policies found consistent values. The personal information protection policy indicators derived this way will contribute to the nation's competitiveness by expanding secure IoT policies in the future.