• Journal of the Korean Association of Geographic Information Studies
• /
• v.19 no.1
• /
• pp.167-179
• /
• 2016

The safety of SOC facilities is constantly under threat by the globally increasing abnormal climate. Responding to disasters requires prompt decision-making such as suggesting evacuation paths. For doing so, spatio-temporal information with convergence of disaster information and SOC facility information must be utilized. Such information is being collected separately by the government or related organizations, but not collectively. The collective control of the separately collected disaster information and the generation of SOC facility safety and damage information are required for prompt disaster response. Also, as disaster information requires spatio-temporal convergence in its nature, the construction of an inventory that integrates related information and assists disaster response decision-making is required. A plan to construct a facility importance, risk, and damage estimation inventory for assisting prompt disaster response decision-making is suggested in this study. Through this study, the disaster and SOC facility-related data, which are being managed separately, can be collected and standardized. The integrated information required for the estimation of facility importance, risk, and damage can be provided. The suggested system is expected to be used as a decision-making tool for proactive disaster response.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.11a
• /
• pp.134-136
• /
• 2019

The International Maritime Organization (IMO) issued 2017 Guidelines on maritime cyber risk management. In accordance with IMO's maritime cyber risk management guidelines, each flag State is required to comply with the Safety Management System (SMS) of the International Safety Management Code (ISM) that the cyber risks should be integrated and managed before the first annual audit following January 1, 2021. In this paper, to identify cyber security management targets and risk factors in the maritime sector and to conduct vulnerability analysis, we catagorized the cyber security sector in management, technical and physical sector in maritime sector based on the industry guidelines and international standards proposed by IMO. In addition, the Risk Matrix was used to conduct a qualitative risk assessment according to risk factors by cyber security sector.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.471-484
• /
• 2018

Recently, cyber threats are frequently occurring in ICS(industrial control systems) of government agencies, infrastructure, and manufacturing companies. In order to cope with such cyber threats, it is necessary to apply CTI to ICS. For this purpose, a security information collection system is needed. However, it is difficult to install security solution in control devices such as PLC. Therefor, it is difficult to collect security information of ICS. In addition, there is a problem that the security information format generated in various assets is different. Therefore, in this paper, we propose an efficient method to collect ICS security information. We utilize CybOX/STIX/TAXII CTI models that are easy to apply to ICS. Using this model, we designed the formats to collect security information of ICS assets. We created formats for system logs, IDS logs, and EWS application logs of ICS assets using Windows and Linux. In addition, we designed and implemented a security information collection system that reflects the designed formats. This system can be used to apply monitoring system and CTI to future ICS.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12B
• /
• pp.1489-1497
• /
• 2011

As a way for defending against cyber security threats, there has been a research on cybersecurity information exchange between security management domains in order to raise security performance of the whole network. One of the hottest issues in exchanging cybersecurity information between security management domains is that the requirements of those domains on information sharing are different with each other because each is autonomous domain. This paper proposes a mechanism for effective cybersecurity Information exchange between independent security management domains, which can satisfy their requirements on information sharing through sharing policy and sharing policy control protocol, proposed in this paper. In this paper we have developed an integrated security control system that supports the proposed mechanism. Through the system the performance of the proposed mechanism is measured and evaluated.

• Journal of Digital Convergence
• /
• v.10 no.9
• /
• pp.1-13
• /
• 2012

This study aims to analyze actual conditions of the present national defense information network operation, the structure and management of the system, communication lines, security equipments for the lines, the management of network and software, stored data and transferred data and even general vulnerable factors of our army tactical C4I system. Out of them, by carrying out an extensive analysis of the army tactical C4I system, likely to be the core of future information warfare, this study suggested plans adaptive to better information security, based on the vulnerable factors provided. Firstly, by suggesting various information security factor technologies, such as VPN (virtual private network), IPDS (intrusion prevention & detection system) and firewall system against virus and malicious software as well as security operation systems and validation programs, this study provided plans to improve the network, hardware (computer security), communication lines (communication security). Secondly, to prepare against hacking warfare which has been a social issue recently, this study suggested plans to establish countermeasures to increase the efficiency of the army tactical C4I system by investigating possible threats through an analysis of hacking techniques. Thirdly, to establish a more rational and efficient national defense information security system, this study provided a foundation by suggesting several priority factors, such as information security-related institutions and regulations and organization alignment and supplementation. On the basis of the results above, this study came to the following conclusion. To establish a successful information security system, it is essential to compose and operate an efficient 'Integrated Security System' that can detect and promptly cope with intrusion behaviors in real time through various different-type security systems and sustain the component information properly by analyzing intrusion-related information.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.2
• /
• pp.251-258
• /
• 2012

The conventional network security solutions for manufacturing or factory automation devices are concentrated on protecting the internal networks from the attacks of external networks. Recently, however, so called Day-zero attacks are increased; the threat from internal devices such as notebooks, USB devices are as critical as attacks from external networks. Thus a new security solution is needed to protect manufacturing devices from both external and internal threat. To this purpose, we propose an edge-security system to provide cost effective, integrated, and simple end-point security solution specialized for automated manufacturing devices, which may avoid the shortcomings of NAC.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.43-49
• /
• 2011

Web-based health information provides a lot of conveniences, however the security vulnerabilities that appear in the network environment without the risk of exposure in the use of information are growing. Web-based medical information security issues when accessing only the technology advances, without attempting to seek a safe methodology are to increase the threat element. So it is required. to take advantage of web-based information security measures as a web-based access control security mechanism-based design. This paper is based on software architecture, design, ideas and health information systems were designed based on access control security mechanism. The methodologies are to derive a new design procedure, to design architecture and algorithms that make the mechanism functio n. To accomplish this goal, web-based access control for multiple patient information architecture infrastructures is needed. For this software framework to derive features that make the mechanism was derived based on the structure. The proposed system utilizes medical information, medical information when designing an application user retrieves data in real time, while ensuring integration of encrypted information under the access control algorithms, ensuring the safety management system design.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.2
• /
• pp.142-148
• /
• 2017

Along with economic growth in the 1970s, the nation's economy, railroads, and airports have soared, but the facilities have been aging for 30 years. The aging SOC lowers the national competitiveness and threatens the safety of the people. SOC is a key asset of the national life and economic activity, and is a key factor for evaluating the national competitiveness. Therefore, it is necessary to systematically manage and operate the SOC related to people's lives. In the USA, the SOC report card is issued regularly. Those reports are used as a basis for securing budgets. In Korea, facilities management institutions are different. Therefore, there is no integrated SOC monitoring system. Hence, this study developed a 'SOC information system' that can collect reports scattered throughout the country and support report cards. The demonstration system was implemented through the web and the feasibility of implementing the evaluation support system was confirmed. The collection distributed SOC data should be supported by national policy. Although it takes a long time, it is necessary to improve national competitiveness and public safety.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.2
• /
• pp.374-379
• /
• 2005

In the most of medical institution medical information is totally stored in a database and many number of researchers and staffs of the hospital access these information anytime. This can be caused patient's privacy to be violated. Introducing a tool for security should be considered as one of the most important requirement especially in the case that today's medical information service expands into an integrated one. In this paper we review the matters of security threat on a medical information system and propose a secure medical information service model equipped on mobile device such as PDA. Also we propose a security architecture employing a digital signature mechanism to protect the personal information on the model. Proposed architecture can lead the doctor to diagnose with high responsibility, help to build a reliable medical information system. and through the signed data, we can get some useful information against medical strife.

• Journal of Information Technology and Architecture
• /
• v.9 no.4
• /
• pp.391-400
• /
• 2012

This work describes a derivation of functional architecture of Cooperative Engagement (CE) for a Theater Ballistic Missile Defense (TBMD). The TBMD is composed of multi-layered defense systems as system of systems which includes network-based sensors, shooters and battle management. The Cooperative Engagement Capability (CEC) is a typical real-time battle management system, and the key function of the CEC is CE. The CE is a warfighting concept designed to defeat threats through the synergistic integration of distributed resources among two or more units. In this point of view, this paper proposed functional architecture through analyzing the CE concept, and was conducted as a pre-study to develop a CE based combat system of TBMD.