• 한국전자거래학회지
• /
• 제16권4호
• /
• pp.109-123
• /
• 2011

최근 정보보안과 관련한 심각한 사태가 발생하면서 정보보안에 대한 사회적 관심이 매우 높아지고 있으며, 사이버 보안 강화는 국가 및 기업의 인프라를 보호하고 경쟁력을 갖기 위해 중요한 부분이 되었다. 그러나 현재 국내 정보보안 소프트웨어 대가기준은 정보보안의 특수성은 배제된 채 일반 소프트웨어 유지보수의 기준으로 대가기준이 산정 되고 있다. 따라서 현실에 맞는 적절한 정보보안 소프트웨어 유지보수 대가 산정 기준이 필요한 실정이다. 본 연구에서는 합리적이고 현실성 있는 정보보안 소프트웨어의 적정 대가기준 산정 방법을 제안하여, 사용자 및 공급자에게 적정한 대가 지급 기준을 수립함으로써 더 나아가 정보보안 소프트웨어 기업의 경쟁력 향상을 도모하고자 한다.

• 한국컴퓨터정보학회논문지
• /
• 제24권8호
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• 한국정보시스템학회지:정보시스템연구
• /
• 제10권2호
• /
• pp.103-128
• /
• 2001

At present, the EDI systems are indispensable software in port logistics industry. Currently, a monopolistic VAN/EDI service provider operates the EDI services. The current EDI client software has the 2-tier fat client/server architecture. However, the current EDI software is lack of Web interface and causes lots of cost for maintenance. Therefore, a variety of implementation architecture has been being tried by using script, XML and distributed object-oriented technology. Web/EDI and XML/EDI are the new EDI systems, However, the EDI systems have some limitations such as speed. This study intends to compare the variety implementation architecture for the EDI systems in the users' perspective and explore the strong and weak points of each architecture. We compared the EDI systems based on our experience of more than 2-years of implementation project for the EDI systems of port logistics. We categorized the EDI systems as client application EDI, Web EDI using script, XML/EDI, and 3-tier distributed object-oriented EDI system. We compared them with criteria such as speed, program maintenance, easiness of implementation and usage, security, and load balancing and fail-over. Finally we discuss the direction of optimal EDI system architecture for the future.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권11호
• /
• pp.4226-4241
• /
• 2014

Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권5호
• /
• pp.2043-2060
• /
• 2020

Developed from Digital Multimedia Broadcasting (DMB), DMB+ changes the application focus fundamentally. The plus symbol "+" indicates that DMB+ is no longer for digital radio/videos, instead it works as a general data transmission technique. The merits of wireless transmission, broad coverage, high quality, information security and low building/maintenance cost make DMB+ suitable for a wide range of applications with numerous terminals and users, such as public information release, alarm and administration etc. The concept of DMB+ base station enables DMB+ to be used in building independent networks and for remote control and management, as well as for Industry 4.0. DMB+ will access into a new field that till now has been dominated by communication techniques, will open a huge commercial opportunity.

• 정보보호학회논문지
• /
• 제30권4호
• /
• pp.757-770
• /
• 2020

산업제어시스템(ICS)은 분산된 다양한 자산을 측정, 감시, 제어하는 시스템으로 에너지, 화학, 교통, 수처리, 제조 공장 등의 산업 시설 및 국가기반시설에서 사용된다. 산업제어시스템의 특성상 보안위협에 노출되면 오동작, 중단 등으로 인해 막대한 인명, 자산 피해 등이 발생할 수 있어 산업제어시스템의 보안위협을 예방하고 최소화하기 위한 연구가 필요하다. 기존의 산업제어시스템의 경우 보안위협을 고려하여 무선통신기기의 사용을 제한하였으나 최근에는 유지보수의 용이성 및 비용의 장점으로 인해 산업용 무선통신기기 도입이 점차 증가하고 있다. 이에 본 논문에서는 WirelessHART와 ISA100.11a를 지원하는 산업용 무선통신기기의 보안위협을 분석하고, 분석 결과를 기반으로 산업용 무선통신기기의 도입 및 운영에 필요한 보안요구사항을 제시하였다. 본 연구에서 제시한 보안요구사항을 활용하여 국가기반시설을 포함한 다양한 산업분야의 산업용 무선통신환경 구축 시 보안위협을 완화할 수 있을 것으로 기대한다.

• 대한디지털의료영상학회논문지
• /
• 제7권1호
• /
• pp.33-38
• /
• 2005

Modern hospitals have been greatly facilitated with information technology (IT) such as hospital information system (HIS). One of the most prominent achievements is medical imaging and image data management so-called Picture Archiving and Communication Systems (PACS). Due to inevitable use of diagnostic images (such as X-ray, CT, MRI), PACS made tremendous impact not only on radiology department but also nearly all clinical departments for exchange and sharing image related clinical information. There is no doubt that better use of PACS leads to highly efficient clinical administration and hospital management. However, due to rapid and widespread acceptance of PACS storage and management of digitized image data in hospital introduces overhead and bottleneck when transferring images among clinical departments within and/or across hospitals. Despite numerous technical difficulties, financing for installing PACS is a major hindrance to overcome. In addition, a mirroring or a clustering backup can be used to maximize security and efficiency, which may not be considered as cost-effective approach because of extra hardware expenses. In this study therefore we have developed a new based on grid of distributed PACS in order to balance between the cost and network performance among multiple hospitals.

• Asia pacific journal of information systems
• /
• 제17권2호
• /
• pp.29-47
• /
• 2007

Owing to the rapid growth of using the Internet, not only click-and-mortar companies but also brick-and-mortar ones have been expanding their distribution channels into online, Moreover, since online channels are more attractive than offline ones in control and maintenance, switching customers into online ones is emerged as one of very important managerial issues in a view of reduction of cost as well as expansion of services. However, the switched customers should be faced by uncertainties which could not have been experienced in offline. Specifically, in online channels, buyers and sellers are separated temporally and spacially and there are always so many kinds of threat for security as well as not enough systems and conventions for them yet. Therefore, trust has been considered as one of the most critical mechanisms for resolution of such uncertainties in online transactions. However, it is not easy to build and maintain the relationships in online since most of them are virtual and indirect generally. Therefore, in order to switch offline customers into online ones, it is very important to make strategies based on identification of the relationship between online transaction and offline trust which has been built in offline business. Generally offline trust, which has been built independent of online, could not include trust for online-dependent activities such as payment security during or after transactions, while most of online trust include it. Therefore, a customer with high offline trust does not always perceive high security and assure safe transactions. Accordingly, while online trust, where technical capabilities for online security is one of main bases, includes control trust implicitly or explicitly, offline trust does not. However. in spite of such clear discrimination and independence between offline trust and perceived security, there can be the significant dependency between these two beliefs. The customers with high offline trust believe that the company would do some activities for online security for customers' safe transactions since it has been believed of doing well for customers' trust. Theoretically, users' perception of security is interpreted as a kind of control trus, which is trust for company's technical control capacities in order to resolve technical uncertainties in online. Therefore, the relationship between two beliefs can be considered as transference from offline trust to another type trust. that is, control trust. The objective of this study is to analyze the effect of offline trust on online transaction uses mediated by perceived security. For this purpose, we suggest a research model based on technology acceptance model (TAM). Reuse intention is adopted as a dependent variable and TAM is modified by adding perceived risk (PR) as well as two beliefs of using Internet banking, perceived usefulness (PU) and perceived ease of use (PEOU). Moreover, perceive security (PS) is adopted as an external variable for PR and PU, while offline trust (OT) is an antecedent of PS. For an empirical test, sampling from 108 visitors to the banks in Daegu, Korea, we analyze our model by partial least square (PLS) approach. In result, our model is shown to explain 51.4% of the variance in reuse intention and all hypothesis are supported statistically. A theoretical implication of this study is to identify a role of PS between offline trust and reuse intention of using online transaction services. According to our result, PS can be considered as a mediation variable for bridging between two different concepts: trust that explains social aspects of customers and companies, and TAM that explains customers' reuse intention.

• 한국산학기술학회논문지
• /
• 제21권1호
• /
• pp.634-640
• /
• 2020

정보보호 관리체계(ISMS)와 개인정보보호 관리체계(PIMS)는 인증제도의 준비를 위해 소요되는 시간과 비용을 줄여달라는 요구에 따라 정보보호 및 개인정보보호 관리체계(ISMS-P) 인증제도로 통합되었다. 인증제도 통합으로 제도 운영자는 ISMS-P 인증제도 관리의 용이성을, 인증 대상기관은 인증취득 및 유지의 간편함이라는 장점을 얻을 수 있게 되었으나, 모든 유형의 인증 대상기관에 동일한 인증기준을 적용하면서 생기는 인증 대상기관별 인증기준 적용기준의 모호성과 인증 대상기관에게 과도한 관리체계 운영을 요구하는 인증기준 통제항목의 모호성, 인증 대상기관에 적용해야 할 법적 근거가 모호한 문제점이 발생하였다. 이러한 문제점을 개선하기 위하여 본 논문에서는 사례연구를 통해 인증기준을 적용하는 인증 대상기관의 유형 구분, 인증 대상기관의 유형에 따라 인증심사 시 적용하는 통제항목의 변경, ISMS 인증만 취득하려는 기관에 대해서는 ISMS-P에서 적용하는 통제항목을 제외하는 세 가지 해결방안을 제시하였다. 본 논문은 효율적인 인증제도의 운영을 위한 방안을 제시하고 향후 ISMS-P의 인증제도에서 발생하는 문제점을 개선할 수 있는 근거로 활용될 수 있을 것이다.

• 융합보안논문지
• /
• 제7권3호
• /
• pp.87-93
• /
• 2007

기존의 중대형 POS 시스템을 무선인터넷 환경에 적용하여 모바일 정보 단말기와 개인용 컴퓨터만으로 구성할 수 있는 방안을 제시한다. 기존의 중대형 POS 시스템이 제공하는 물류, 경영 및 관리 등의 부문에서 얻을 수 있는 많은 이점을 살리면서, 바코드 시스템과 같은 부수적인 장치를 사용할 필요가 없이 모바일 연동을 통한 자동화된 정보수집과 관리가 가능한 POS 시스템을 제안한다. 본 시스템은 주문용 모바일 정보 단말기, 점포내의 메인 서버, 주방의 모니터와 프린터 등에 주문 정보를 유무선으로 전송하여 실시간으로 정보를 공유하도록 한다. 또한 기존의 주문 전용 PDA와는 달리 현장 발생 데이터를 실시간으로 수집 전송하여 기업의 회계, 매출, 자재, 인력 관리 시스템 등에 즉시 연동하여 기업 관리 및 의사 결정에 활용할 수 있도록 편의를 제공한다. 모바일 단말기에는 별도의 프로그램이 필요 없으며, 모바일 단말기에서 발생한 주문 정보는 메인 서버의 웹 서버를 통해 데이터베이스로 입력되며, 메인 서버, 프린터에 정보를 전달한다. 소프트웨어 측면에서도 메인 서버의 매장 관리 프로그램과 모바일 단말기와의 통신을 위한 모듈만으로 POS 시스템의 확장을 위한 추가적인 소프트웨어 제작은 필요하지 않다. 본 논문에서 제안한 방법은 인터넷의 확산에 따른 유통정보화의 요소들 중 판매시점의 모든 정보를 처리하여, 거래 데이터의 정보화를 위한 POS 시스템을 무선 인터넷과 개인용 컴퓨터, 모바일 단말기를 이용하여 별도의 특정 장비 없이 구축비용 및 유지보수 비용을 낮추어 줌으로써 소규모 매장에 확산 적용될 수 있다.