• Korean Security Journal
• /
• no.40
• /
• pp.175-207
• /
• 2014

This paper focuses on the study of a development direction of the industrial security Expert system. First of all, in order to manage Industrial security system, we need to have law, criminology, business and engineering professionals as well as IT experts, which are the multi-dimensional convergence professionals. Secondly, industrial organizations need to have workforce who can perform security strategy; security plan; security training; security services; or security system management and operations. Industrial security certification system can contribute to cultivate above mentioned professional workforce. Currently Industrial Security Expert(ISE) is a private qualification. However, the author argued that it have to be changed to national qualification. In addition, it is necessary that the system should be given credibility with verifying the personnel whether they are proper or not in the their field. In terms of quality innovation, it is also necessary that distinguish the levels of utilization of rating system of the industrial security coordinator through a long-term examination. With respect to grading criteria, we could consider the requirements as following: whether they must hold the degree of the industrial security-related areas of undergraduate or postgraduate (or to be); what or how many industrial security-related courses they should complete through a credit bank system. If the plan of completing certain industrial security-related credits simply through the credit bank system, without establishing a new industrial security-related department, has established, then industrial security study would be spreaded and advanced. For private certification holders, the problem of the qualification succeeding process is important matter. Additionally, it is necessary to introduce the certifying system of ISMS(Industrial Security Management System) which is a specialized system for protecting industrial technology. To sum up, when the industrial security management system links the industrial security management certification, industrial security would realize in the companies and research institutions dealing with national key technology. Then, a group synergy effect would occurs.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.1-11
• /
• 2010

The purpose of this study is, by recognizing that recently, as crimes using information and various adverse-effect phenomena such as hacking and virus occur frequently with rapid development of information network such as Internet in every field of industry, the range of security is widening to the field of industrial areas for preventing the leaking of industrial technology and protecting that technology as well as information security only limited to IT area, and by establishing common concept about industrial security through education on the industrial security at the point of increasing importance of industrial security, to prepare the base of comprehensive risk management system for protecting company's assets (physical factor, technical factor and managerial factor) safely from the random threats or attacks inside and outside the company through assessment of important assets of the company, evaluation of threats and weak points, and risk assessment by building industrial security management system in order to protect company's information assets and resources which are connected to the existence of the company safely from the threats or attacks from inside or outside the company and to spread stable business activities.

• Journal of Korean Institute of Industrial Engineers
• /
• v.28 no.1
• /
• pp.44-56
• /
• 2002

For the risk analysis and risk assessment techniques to be effectively applied to the field of information technology (IT) security, it is necessary that the required activities and specific techniques to be applied and their order of applications are to be determined through a proper risk management model. If the adopted risk management model does not match with the characteristics of host organization, an inefficient management of security would be resulted. In this paper, a risk management model which can be well adapted to Korean domestic IT environments is proposed for an efficient security management of IT. The structure and flow of the existing IT-related risk management models are compared and analysed, and their common and/or strong characteristics are extracted and incorporated in the proposed model in the light of typical threat types observed in Korean IT environments.

• Journal of the Korea Safety Management & Science
• /
• v.17 no.3
• /
• pp.205-213
• /
• 2015

This study aims to verify the structural correlation empirically between information security performance and information management performance. To verify the correlation, three factors such as managerial controlled activity, technical controlled activity, and physical controlled activity are divided for the information security activities variable. the security performance are divided into accident prevention and accident response variables. As a result, security organization activity is a unique factor being positively significant to information security and management performance. And three activities such as human security, security training, development security do not affect at all on both information security and management performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.491-494
• /
• 2019

The results from the analysis of recent security breach cases of industrial control systems revealed that most of them were caused by the employees of a partner company who had been managing the control system. For this reason, the majority of the current company security management systems have been developed focusing on their performances. Despite such effort, many hacking attempts against a major company, public institution or financial institution are still attempted by the partner company or outsourced employees. Thus, the institutions or organizations that manage Industrial Control Systems (ICSs) associated with major national infrastructures involving traffic, water resources, energy, etc. are putting emphasis on their security management as the role of those partners is increasingly becoming important as outsourcing security task has become a common practice. However, in reality, it is also a fact that this is the point where security is most vulnerable and various security management plans have been continuously studied and proposed. A system that enhances the security level of a partner company with a Virtual Desktop Infrastructure (VDI) has been developed in this study through research on the past performances of partner companies stationed at various types of industrial control infrastructures and its performance outcomes were statistically compiled to propose an appropriate model for the current ICSs by comparing vulnerabilities, measures taken and their results before and after adopting the VDI.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.4
• /
• pp.664-673
• /
• 2018

The industrial control system (ICS) has operated as a closed network in the past, but it has recently been linked to information and communications services and has been causing damage due to cyber attacks. As a countermeasure, the Information Communication Infrastructure Protection Act was enacted, but it cannot be applied to various real control environments because there is only a one-way policy-from a control network to a business network. In addition, IEC62443 defines an industrial control system reference model as an international standard, and suggests an area security model using a firewall. However, there is a limit to linking an industrial control network, operating as a closed network, to an external network only through a firewall. In this paper, we analyze the security model and research trends of the industrial control system at home and abroad, and propose an industrial control system security model that can be applied to the actual interworking environments of various domestic industrial control networks. Also, we analyze the security of firewalls, industrial firewalls, network connection equipment, and one-way transmission systems. Through a domestic case and policy comparison, it is confirmed that security is improved. In the era of the fourth industrial revolution, the proposed security model can be applied to security management measures for various industrial control fields, such as smart factories, smart cars, and smart plants.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.55-62
• /
• 2009

Industrial Security is a management activity protecting industrial asset of enterprise by application of security elements(physical, IP, conversion security tools) and can be understood as a comprehensive term including software aspect(establishment of policy and strategy, maintenance operation, post- response act, etc.) as well as the operation of hardware elements. In this paper, after recognizing the definition and relative concept of industrial security, the role and its relative laws of the industrial security organizations, the management system and the reality, I will find some problems and submit a reform measure. Furthermore I would like to propose the policy direction to enhance the national competitiveness and to become one of the advanced nations in 21st industrial security through the effective industrial security activities of our enterprises.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.177-191
• /
• 2015

Recently, the necessity of systematic security management system that consider company' character and environment has appeared because of increasing security accident continuously in domestic companies. However, most of companies has applied to only K-ISMS which is existing information security management system, although They are different from object, purpose and way of security level evaluation by companies. According to this situation, Many experts have questioned that there are many problems with effectiveness of introducing security management system. In this study, We established definition of information security management system, industrial security management system and research security management system through analysis of previous study and developed evaluation item which can implement security in whole industry comparing and analyzing the control items of them. Also, we analyzed existing security level evaluation and suggest design direction of industry-centric security level evaluation model considering character of industry.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.1-6
• /
• 2009

Current paradigm of industrial security is changing into the effective operation and management from simple establishment of security equipments. If the physical security system(entry control system, video security system, etc.) and the IT integrated security control system are conversed, it makes us possible to prevent, disrupt and track afterwards the insider's information leakage through the risk and security management of enterprise. That is, Without the additional expansion of the existing physical security and IT security manpower, the establishment of systematic conversion security management process in a short time is possible and can be expected the effective operation of professional organization system at all times. Now it is needed to build up integrated security management system as an individual technique including the security event collection and integrated management, the post connected tracking management in the case of security accident, the pattern definition and real time observation of information leakage and security violation, the rapid judgement and response/measure to the attempt of information leakage and security violation, the establishment of security policy by stages and systematically and conversion security.

• Industrial Engineering and Management Systems
• /
• v.13 no.1
• /
• pp.87-100
• /
• 2014

Risk management is recognized as a significant element in Information Security Management while the failure mode and effects analysis (FMEA) is widely used in risk analysis in manufacturing industry. This paper aims to present the development work of the Information Security FMEA Circle (InfoSec FMEA Circle) which is used to support the risk management framework by modifying traditional FMEA methodologies. In order to demonstrate the "appropriateness" of the InfoSec FMEA Circle for the purposes of assessing information security, a case study at Hong Kong Science and Technology Parks Corporation (HKSTP) is employed. The "InfoSec FMEA Circle" is found to be an effective risk assessment methodology that has a significant contribution to providing a stepwise risk management implementation model for information security management.