• Journal of the Korea Society of Computer and Information
• /
• v.18 no.3
• /
• pp.59-68
• /
• 2013

In this study, airport security check process is analyzed to modeling a simulation. Simulation is compared with real security system to verify. Utilizing verified simulation, spends time in the current security check is calculated and suggests alternatives. Considering the movement of passengers and security check system of all four cases the results yielded by the experiment. The results show that security check time decreased significantly to 20.8%. The simulation was developed in this study; including the introduction of a new security system at security check can be used as a decision support tool is expected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.127-146
• /
• 2010

This report has continuously improved in Information Security Level of Information Communication Service Companies which are applicable to Information Security Safety Inspection System. Also, it presents a decided methodology after verified propriety and considered the pre-research or expropriation by being developed the way of Information Security Safety Result Measurement. Management territory weighted value was established and it was given according to the point of view and the strategy target and the and outcome index to consider overall to a measurement item. Accordingly, an outome to the Information Security Check Service is analyzed by this paper and measurement model and oucome analysis methodology are shown with this, and gives help to analyze an outcome. Also it make sure the the substantial information security check service will be accomplished, prevent a maintenance accident beforehand and improve an enterprise outcome independently by institutional system performance securement and enterprise.g corporate performance.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.9 no.1
• /
• pp.19-24
• /
• 2009

In these days, security threat is ever increasing as computer systems and networking is everywhere. This paper is on the development of security scanner using search engine, with which site managers can easily check security vulnerability on their systems. Our security server automatically collects security-related information on the Internet, and indexes them in the database. To check the vulnerability of a customer server, the client system collects various system-specific information, and sends necessary queries to our security server for vulnerability checking. Up-to-date and site-specific vulnerability information is retrieved through the viewer, which allows the customer effectively to check and respond to security threat on client systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.73-85
• /
• 2001

Electronic check schemes are more efficient than electronic coin scheme with respect to computational costs and the amount of information exchanged. In spite of these, difficulties in making a refund reusable and in representing the face value of a check have discouraged its development. In this paper, a new online electronic check system is presented, which solves the above problems. This system uses the partially blind signature to provide user anonymity and to represent the face value of a check. The partially blind signature enables us to make the format of refunds and initially withdrawn checks identical. Thus, it allows refunds to be reused to buy goods without any limitatiosn. Both initially withdrawn checks and refunds in our system guarantee untraceability as well as unlinkability. We also use a one-time secret key as the serial number of a check to increase the efficiency of payments. The presented check system also provides multiple offline shopping sessions to minimize the number of online messages handled by a bank. During the multiple offline shopping session, we use a one-way accumulator to provide non-repudiation service. We also analyze our new systems our new system\`s security, efficiency, and atomicity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1585-1594
• /
• 2018

In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.133-145
• /
• 2014

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.3-10
• /
• 2003

In this paper, a partially blind signature schemes baled on EC-KCDSA is proposed and we applied it to design an electronic check payment system. Because the proposed partially blind signature scheme uses elliptic curve cryptosystem, it has better performance than any existing schems using RSA cryptosystem. When issuing a refund check, one-time pad secret key is used between the bank and the customer to set up secure channel. So the symmetric key management is not required.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.549-562
• /
• 2017

In recent years, as the proportion of mobile banking has become bigger with daily usage of mobile banking, security threats are also increasing according to the feeling. Accordingly, the domestic banking system introduces security solution programs in the banking application and sets security check points to ensure the stability of the application in order to check whether it is always executed. This study presents a vulnerability of inactivity bypassing mobile vaccine program operation checkpoints using the intermediate language statically and dynamically analysis when decompiling the android banking applications of major banks in Korea. Also, through the results, it identifies possible attacks that can be exploited and suggest countermeasures.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• Journal of Information Technology Services
• /
• v.21 no.1
• /
• pp.81-102
• /
• 2022

Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.