• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.578-579
• /
• 2021

According to a survey on the infringement of SMEs, the level of technology protection capability is improving every year, but technology leaks and damage continue to occur. This shows that there is a need for a security management and supervision system that can strengthen the security awareness of SME executives and employees and maintain the security level continuously. The Personal Information & Information Security Management System(ISMS-P) authentication systems is the latest related standard, which has the problem of applying the same certification criteria without considering the types of certification target organizations such as ISPs, IDC, hospitals and schools, and SMEs.. In this paper, 73 evaluation items that can be specialized and applied to SMEs were derived by referring to ISMS-P certification and Personal Information Protection Management System (PIMS) certification. The results of the study show that the number of evaluation items decreased by 28.4% compared to the existing ISMS-P certification.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.154-160
• /
• 2003

대리인증경로관리는 대리인증경로구축과 대리인증경로검증을 함께 지칭하는 개념이다. 휴대폰과 같이 한정된 컴퓨팅 파워를 갖는 클라이언트는 상대적으로 높은 계산능력이 요구되는 인증경로관리기능을 스스로 처리하지 않고 서버로 위임하여 경량화된 클라이언트를 지향할 수 있다. 본 논문에서는 대리인증경로관리 프로토콜의 하나인 SCVP에 대해 RFC 3379에서 정의한 대리인증경로관리 프로토콜 평가기준을 적용하여 그 적합성 여부를 살펴본다. 아울러 개선된 SCVP를 제안하여 평가기준을 만족하지 않는 사항을 보완하는 동시에 프로토콜의 안전성과 확장성을 증대하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1309-1318
• /
• 2014

In the past few years, data leakage of information assets has become a prominent social issue. According to the National Industrial Security Center in South Korea, 71 percent who suffer from technology leakage are small and medium sized enterprises. Hence, establishment and operation of ISMS (Information Security Management System) for small and medium sized enterprises become an important issue. Since it is not easy to obtain ISMS certification for a small or medium sized enterprise by itself, consultation with an expert firm in information security is necessary before the security implementation. However, how to select a proper security consulting company for a small or medium sized firm has not been studied yet. In this study, we analyze empirically the selection factors of ISMS certification consulting company for a small or medium sized firm through exploratory factor analysis (EFA). Our study identified the following four important factors in selecting a security consulting company: expertise of the staffs and human resource management proficiency, market leading capability, competence to make progress during the consultation, and the performance and the size of the physical assets and human resources.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.47-60
• /
• 2013

This paper focuses on the role of international standards related to industrial technology and to analyze determinants to affect ISMS and its performance. Particularly its financial and operational performance were measured by survey aiming at an influence of certification and its performances. The variables explaining the performance were drawn out from factor analysis and then critical variables to affect performance were discovered by ANOVA and regression analysis. As a result of the analysis considering heteroscedastic and factor analysis, type of business and firm size were not significantly related to the performance but the existence of information security unit, investment in information security and the status of security consciousness in executives and employees were positively related. As a result, this study shows that security certification should be implemented with suitable capabilities and the investments to protect from leaking industrial technology and proved the importance of the security certification as an infrastructures and system.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.6
• /
• pp.223-234
• /
• 2019

Cyber attacks are an important factor that determines the victory and defeat of Network-centric wars in which advanced weapon systems are highly interlinked. In addition the increasing dependability on software as its develop as the latest fighter is demanding enhanced security measures for fighter software to Cyber attacks. In this paper, we apply the DO-326A, which is an airworthiness security certification standard, to design a risk-based security threat assessment process by reflecting characteristics and operational environment of fighter aircraft. To do this, we add the following steps in security threat assessment stage of DO-326A's airworthiness security certification process. First, we derive security threats of fighter. And then, we scored the security threat in terms of possibility and impact on the fighter. Finally, we determine the security risk severity.

• Proceedings of the IEEK Conference
• /
• 2000.06a
• /
• pp.217-220
• /
• 2000

With the expansion of E-commerce, Public Key Infrastructure (PKI) solutions are requited to resolve Internet security problems. But the certification mechanism for each organization has been independently developed under its own circumstances, so the cooperation of heterogeneous certification mechanisms must be carefully taken into account. In this paper, we propose an efficient protocol for the cross certification based on the path validation. The proposed “cross certification gateway” provides flexibility and convenience with the initial establishment protocol for the cross certification among different certification domains.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.19-30
• /
• 2019

Many organizations need to comply with ISMS-P for information systems and personal information management for ISMS-P certification. Organizations should safeguard vulnerablities to information systems. However, as the kinds of information systems are diversified and the number of information systems increases, management of such vulnerabilities manually accompanies with many difficulties. SCAP is a protocol to manage the vulnerabilities of information system automatically with security standards. In this paper, for the introduction of SCAP in domestic domains we verify the applicability of server-oriented system which is one of ISMS-P certification targets. For SCAP applicability, For obtaining this goal, we analyze the structures and functions of SCAP. Then we propose schemes to check vulnerabilities of the server-oriented system. Finally, we implement the proposed schemes with SCAP to show the applicability of SCAP for verifying vulnerabilities of the server-oriented system.

• Journal of Advanced Navigation Technology
• /
• v.13 no.1
• /
• pp.113-119
• /
• 2009

In this study we analyzed and gauged the information security needs for the new IT service which will be proceeding. Then we designed Information Security Rank Authentication System to raise the level of information security. To achieve this study, we analyzed rank authentication system of the inside and outside of the country and developed the practical propulsive system and the evaluation model which reflects IT service's own feature differing from the general evaluation of IS information security. The result of this study can be utilized to assess the level of domestic IT service information security objectively, and it can be applied as the means of rational decisionmaking for establishing a policy to raise degree of information security of corporations providing IT service.

• Journal of the Korea Convergence Society
• /
• v.7 no.6
• /
• pp.237-247
• /
• 2016

This study analyzed quantitative effects of ISMS certification. To measure the company value change the stock data was used and the methodology of event study was also applied. Event study methodology is a method of analyzing the effects of information or public announcement about certain events on the stock market through abnormal return of stock price. First, ISMS certification was acquired followed by the measurement of abnormal excess return of company. Based on the increase or decrease of abnormal excess return, the group was classified. There are 3 types of groups("Increase", "Reduce", "Maintain"). Next, the cluster analysis was performed for each group. Cluster analysis or clustering is the task of grouping a set of objects in such a way that objects in the same group (called a cluster) are more similar (in some sense or another) to each other than to those in other groups(clusters). The purpose of this study is to have a quantitative measurement of performance of ISMS certification. So, the result of this study will be promoted a company's ISMS certification acquisition. And it would further be beneficial to your company's information security activities.

• Journal of Information Technology Services
• /
• v.18 no.2
• /
• pp.55-73
• /
• 2019

The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.