• Journal of the Korea Society of Computer and Information
• /
• v.12 no.4
• /
• pp.239-248
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element, response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management way that propose executing Security incident response experiment on the basis of this way. This study which provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.139-142
• /
• 2011

해외 기술 유출 사고로 인하여 한국 경제에 약 수조원의 피해가 발생하였다. 기업의 기술 유출과 사고 책임 소재를 증명하기 위한 e-Discovery시스템과 기업CERT/CC에 연구가 필요하다. 본 논문에서는 e-Discovery의 개념과 관련법안 및 권고안, 포렌식 수사절차에 대해 연구하고, 국내 e-Discovery 사고 사례와 해외 e-Discovery 사고 사례를 연구한다. e-Discovery가 도입되면 기업 CERT/CC에서 필요한 e-Discovery 시스템을 설계한다. e-Discovery 시스템의 접근과 인증을 위한 사용자인증과 기기 인증에 대한 기술과 암호화 기술을 연구한다. 본 논문 연구를 통하여 e-Discovery 제도의 도입과 포렌식 기술 발전에 기초자료로 활용될 것이다.

• KSCI Review
• /
• v.15 no.1
• /
• pp.141-150
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element. response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management wav that propose executing Security incident response experiment on the basis of this way. This study which Provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.249-258
• /
• 2012

Cyber attacks expose sensitive information and cause fatal damage in both the public and the private sectors. Therefore, MKE (Ministry of Knowledge Economy) Cyber Security Center was founded on July 25, 2008, to perform three major roles. First, it detects and analyzes cyber attacks for the both sectors. Second, its ISAC (Information Sharing & Analysis Center) service analyzes and evaluates the vulnerability of the communication and network infrastructure to security threats, including control systems. Third, it provides CERT/CC (Computer Emergency Response Team Coordination Center) service to prevent and to respond to computer security incidents. This study focuses on the MKE Cyber Security Center's service analysis, which is playing an increasingly larger role in the both sectors. Based on this analysis, after grasping the response services activity and pointing out the problems, this study suggests improvements to the MKE Cyber Security Center.

• 한국IT서비스학회:학술대회논문집
• /
• 2003.11a
• /
• pp.467-478
• /
• 2003

국제공통평가기준(Common Criteria)2.1을 기반으로 한 국제공통평가인정협정(Common Criteria Recognition Arrangement)은 21세기 정보보호 산업 전반에 수출입 장벽 및 국제적 표준으로 자리매김 할 것이다. 이미 국제공통평가상호인정협정(CC-MRA)에서부터 적극적으로 기술을 축적하고 세계적 표준을 선도한 미국, 캐나다, 영국, 독일, 프랑스 등의 주요 선진국들은 국제공통평가인정협정 인증서발행국(CCRA-CAP)으로서의 우월적 지위를 확보한 상태이다. 이에 본 연구는 CCRA-CAP국가들에 대한 스킴(Skim) 분석을 통하여 우리나라 의 스킴 개발이 국제적인 선도국과 비교하여 어떤 차이를 보이는지와 우리나라의 문제점을 도출해보고자 한다. 이를 통하여 향후, CCRA-CAP국가로 세계적 평가, 인증체계의 선도국이 되기 위한 준비과정에서 얻을 수 있는 통찰력과 시사점을 제공하고자 한다. 본 연구에서는 여러 스킴 중 정보보호시스템 평가, 인증 제도 관련 기관 책임 및 임무에 관한 1번 스킴을 주요 논의의 대상으로 하여 분석 연구한다.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.427-434
• /
• 2006

Broadband Convergence Network(BcN) is a critical infrastructure to provide wired-and-wireless high-quality multimedia services by converging communication and broadcasting systems, However, there exist possible danger to spread the damage of an intrusion incident within an individual network to the whole network due to the convergence and newly generated threats according to the advent of various services roaming vertically and horizontally. In order to cope with these new threats, we need to analyze the vulnerabilities of BcN in a system architecture aspect and classify them in a systematic way and to make the results to be utilized in preparing proper countermeasures, In this paper, we propose a new classification of vulnerabilities which has been extended from the ITU-T recommendation X.805, which defines the security related architectural elements. This new classification includes system elements to be protected for each service, possible attack strategies, resulting damage and its criticalness, and effective countermeasures. The new classification method is compared with the existing methods of CVE(Common Vulnerabilities and Exposures) and CERT/CC(Computer Emergency Response Team/Coordination Center), and the result of an application to one of typical services, VoIP(Voice over IP) and the development of vulnerability database and its management software tool are presented in the paper. The consequence of the research presented in the paper is expected to contribute to the integration of security knowledge and to the identification of newly required security techniques.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.91-97
• /
• 2020

Recently, phishing attacks targeting those involved in defense, security and unification have been on the rise. In particular, hacking attack organization Kimsuky has been engaged in activities to collect important information from public organizations through phishing attacks since 2013. In this paper, profiling analysis of phishing mail attack organization was performed. Through this process, we estimated the purpose of the attack group and suggested countermeasures.