• 디지털콘텐츠학회 논문지
• /
• 제5권2호
• /
• pp.95-100
• /
• 2004

정보보호 수준을 향상시키기 위해 정보보호시스템 평가$\cdot$인증에 대한 필요성이 높아지고 있으며 선진국에서는 정보화 역기능 위험 방지를 위해 제도적 일환으로 자국의 환경에 적합한 평가$\cdot$인증제도를 마련하여 정보보호시스템을 평가해 오고 있다. 그러나 상이한 평가기준의 적용으로 인한 시간 및 비용 소모의 문제점이 발생되었으며 이를 해결하기 위한 노력으로 현재 정보보호 시스템 평가를 위한 상호인증을 위해 공통평가기준(CC : Common Criteria)과 공통평가방법론(CEM : Common Evaluation Methodology)을 사용하고 있다. 선진화된 평가제도의 조기 정착과 효율적인 평가 준비 및 수행방법을 위한 정보보호시스템 평가 참여자들의 평가기준 및 방법론에 대한 유연하고 능동적인 해석이 필요하다.

• 한국전자거래학회지
• /
• 제10권3호
• /
• pp.67-83
• /
• 2005

CC(공통평가기준: Common Criteria, ISO/IEC 15408)는 국가간에 서로 다른 평가기준을 적용하여 평가함으로써 발생되는 문제점을 해결하기 위해 1999년 6월에 발표되었으며, 현재 공식버전은 v2.2이며 드래프트 버전으로 v3.0이 나와 있다. 국내외적으로 CC기반의 평가 수요가 증가되고 있으며 이에 따라 평가시장 창출이 예상되고 실제 평가지침 및 평가활동의 자동화, 평가프로젝트의 관리가 필요하다. 본 논문에서는 평가자원(예: 제출물, 평가기준, 평가자 등)을 관리하고 평가환경에서 효율적으로 이용 가능한 CC 기반 보안평가관리시스템 ( CC-SEMS: CC based Security Evaluation Management System)을 제시하였다. CC-SEMS는 프로젝트관리. 워크플로우관리, 프로세스관리의 어플리케이션을 통합한 것이며 제출물, 평가업무 프로그램, 관리 객체, 평가워크플로우 엔진으로 구성되어 있다.

• 정보보호학회논문지
• /
• 제13권5호
• /
• pp.57-67
• /
• 2003

보안정책모델은 평가대상제품(Target of Evaluation, TOE)의 보안정책을 비정형적, 준정형적, 또는 정형적 방법을 사용하여 구조적으로 표현하는 한 것이다. 보안정책모델은 보안기능요구사항과 기능명세간의 일관성 및 완전성을 제공함으로써 평가대상제품이 요구사항과 기능명세간 불명확성으로 인한 보안결점을 최소화할 수 있도록 보증성을 보장한다. 이러한 이유로 ISO/IEC 15408(공통평가기준. CC) 등 IT 제품 및 시스템의 보안성 평가기준의 고등급 평가에서 보안정책모델을 요구하고 있다. 본 논문에서는 보안정책모델의 개념과 관련 연구 및 공통평가기준의 보안정책모델 보증요구사항을 분석하여 보안정책모델 평가방법을 제시한다.

• 한국철도학회:학술대회논문집
• /
• 한국철도학회 2004년도 추계학술대회 논문집
• /
• pp.1731-1736
• /
• 2004

The purpose of this article is to introduce a useful methodology of effective goal-setting for the team-level units. As a way to overcome some common symptoms in terms of Strategic Performance Evaluation System such as lack of knowledge on goal-setting, disconnection of process, problem of judging the degree of difficulty about objectives, limits of staff departments evaluation, fairness and authority of evaluators, weakness in coaching technique, and quantity or figure-oriented evaluation, to name a few, and to seek a more plausible goal-setting methodology, the author suggests a persuasive goal-setting concept: VAR(Value-Added Results). VAR, as the end-results, is the team contributions that add value to the organization, and it results from the team's activities. In addition to these goal-setting technique based on the concept of value-added results, several aspects should be improved for Strategic Performance Evaluation System to be implemented more effectively. They are: 1) shift from MBO to MP & D(Managing Performance & Development), 2) impartial exercise of evaluation authority as a organizational public assets, 3) reinforcement of maternal leadership and servantship instead of paternal leadership, 4) utilization of IT-based evaluation system.

• Journal of Nuclear Fuel Cycle and Waste Technology
• /
• 제1권1호
• /
• pp.83-92
• /
• 2013

A novel methodology to evaluate remote dismantling equipment for a reactor pressure vessel (RPV) in a decommissioning project is presented in this paper. The remote dismantling equipment, mainly composed of cutting tools and positioning equipment, is absolutely required to cut and handle highly radioactive and large components in nuclear power plants (NPPs); this equipment has a great effect on the overall success of the decommissioning project. Conventional evaluation methods have only focused on cutting technologies or positioning equipment, although remote dismantling equipment cannot achieve its goal without organic interaction between the cutting tools and the positioning equipment. In this paper, the cutting tools and the positioning equipment are evaluated by performance parameters according to their original characteristics, the relationship between the two systems, and common factors. Finally, the remote dismantling equipment used in recent decommissioning projects has been evaluated based on the proposed methodology. The results of this paper are expected to be useful for future decommissioning projects.

• 융합보안논문지
• /
• 제8권3호
• /
• pp.19-24
• /
• 2008

침입차단 시스템, 침입탐지 시스템 등 정보보호제품이 얼마나 안전하게 개발되고 구현되었는지 검증하기 위한 방안으로 공통평가기준(CC)를 제정 하여 제품을 평가한다. 이에 기존까지 적용된 CC v2.3에서 버전이 3.1로 전환이 되며 가장 큰 차이점인 정보보호 제품에 대한 평가방법론을 사전 확보하여 버전 3.1 수용 준비가 요구되고 있다. 이에 본 연구에서는 CC v3기반 합성제품 시험 및 취약성 분석 방법에 대한 연구를 진행하였다. 특히 합성형 정보보호제품 시험방법론을 기존원칙과 세부 방법론으로 분류하여 구체적 방안을 제시하고자 한다.

• Annals of Clinical Neurophysiology
• /
• 제22권1호
• /
• pp.1-7
• /
• 2020

Neuromuscular ultrasonography has emerged over the last decade as a useful tool for diagnosing peripheral nerve disorders. It has been studied extensively with a particular focus on the assessment of compression neuropathies. Neuromuscular ultrasonography complements electrodiagnostic studies well by visualizing both the nerve anatomy and surrounding structures, providing useful data that cannot be obtained using the latter methodology only. This review article summarizes and synthesizes the literature focusing on the diagnostic role of neuromuscular ultrasonography in common compression neuropathies of the upper limb.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권6호
• /
• pp.2354-2376
• /
• 2020

SmartThings is one of the most popular open platforms for home automation IoT solutions that allows users to create their own applications called SmartApps for personal use or for public distribution. The nature of openness demands high standards on the quality of SmartApps, but there have been few studies that have evaluated this thoroughly yet. As part of software quality practice, code reviews are responsible for detecting violations of coding standards and ensuring that best practices are followed. The purpose of this research is to propose systematically designed quality metrics under the well-known Goal/Question/Metric methodology and to evaluate the quality of SmartApps through automatic code reviews using a static analysis. We first organize our static analysis rules by following the GQM methodology, and then we apply the rules to real-world SmartApps to analyze and evaluate them. A study of 105 officially published and 74 community-created real-world SmartApps found a high ratio of violations in both types of SmartApps, and of all violations, security violations were most common. Our static analysis tool can effectively inspect reliability, maintainability, and security violations. The results of the automatic code review indicate the common violations among SmartApps.

• Advances in Computational Design
• /
• 제2권1호
• /
• pp.15-28
• /
• 2017

One of the major developments in seismic design over the past few decades is the increased emphasis for limit states design now generally termed as Performance Based Engineering. Performance Based Seismic Design (PBSD) uses Displacement Based Design (DBD) methodology wherein structures are designed for a target level of displacement rather than Force Based Design (FBD) methodology where force or strength aspect is being used. Indian codes still follow FBD methodology compared to other modern codes like CalTrans, which follow DBD methodology. Hence in the present study, a detailed review of the two most common design methodologies i.e., FBD and DBD is presented. A critical evaluation of both these methodologies by comparing the seismic performance of bridge models designed using them highlight the importance of adopting DBD techniques in Indian Standards also. The inherent discrepancy associated with FBD in achieving 'seismic regularity' is highlighted by assessing the seismic performance of bridges with varied relative height ratios. The study also encompasses a brief comparison of the seismic design and detailing provisions of IRC 112 (2011), IRC 21 (2000), AASHTO LRFD (2012) and CalTrans (2013) to evaluate the discrepancies on the same in the Indian Standards. Based on the seismic performance evaluation and literature review a need for increasing the minimum longitudinal reinforcement percentage stipulated by IRC 112 (2011) for bridge columns is found necessary.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2002년도 추계학술발표논문집 (하)
• /
• pp.2087-2090
• /
• 2002

최근 보안성 평가기준의 국제 표준인 공통평가기준(Common Criteria, ISO/IEC 15408)의 국내 도입이 활발하게 진행되고 있다. 따라서 개발자들은 개발초기부터 공통평가기준에 대비하여 보안 제품을 개발하는 것이 필요하다. 본 논문에서는 공통평가기준과 공통평가방법론(Common Evaluation Methodology, CEM)을 참고하여 개발자들이 공통평가기준에 대비하여 보안 제품을 개발할 수 있도록 하기 위한 개발 지침을 제시한다.