• 정보보호학회논문지
• /
• 제13권5호
• /
• pp.57-67
• /
• 2003

보안정책모델은 평가대상제품(Target of Evaluation, TOE)의 보안정책을 비정형적, 준정형적, 또는 정형적 방법을 사용하여 구조적으로 표현하는 한 것이다. 보안정책모델은 보안기능요구사항과 기능명세간의 일관성 및 완전성을 제공함으로써 평가대상제품이 요구사항과 기능명세간 불명확성으로 인한 보안결점을 최소화할 수 있도록 보증성을 보장한다. 이러한 이유로 ISO/IEC 15408(공통평가기준. CC) 등 IT 제품 및 시스템의 보안성 평가기준의 고등급 평가에서 보안정책모델을 요구하고 있다. 본 논문에서는 보안정책모델의 개념과 관련 연구 및 공통평가기준의 보안정책모델 보증요구사항을 분석하여 보안정책모델 평가방법을 제시한다.

• 정보처리학회논문지C
• /
• 제15C권3호
• /
• pp.173-190
• /
• 2008

국내에서는 정보보호 수준평가를 위해 정보보호 관리체계 인증제도와 정보보안 관리수준평가를 운영하고 있다. 하지만 정보보호 관리체계 인증제도와 정보보안 관리수준평가는 기존의 평가인증제도, 정보통신기반보호제도, 정보보호 안전진단제도 등과의 유기적인 연결성이 부족하여 중복 진단, 비효율적인 진단 방법 등의 문제점이 있다. 또한 기존 제도들은 주로 주요정보통신기반시설의 보호에 초점을 맞추고 있어 공공기관의 수준평가에는 적합하지 않다. 본 논문은 공공기관의 정보보호 목표를 효과적으로 달성하기 위해서 기존의 다양한 정보보호제도를 분석하여 새로운 모델을 제안한다.

• Journal of Information Technology Applications and Management
• /
• 제11권2호
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• 한국병원경영학회지
• /
• 제10권4호
• /
• pp.98-112
• /
• 2005

The purpose of this study is to develop a framework for evaluating security levels in hospitals. We classify security indicators into administrative, technical and physical safeguards. The security evaluation model for hospital information systems was applied to three general hospitals. The analysis of the results showed a low security level in information systems. In particular, requirements for administrative and physical safeguards were very low. Hospitals need strict security policies more than other organizations because their information systems contain patients' highly confidential data. The evaluation model developed in this study can be used for guidelines and as a checklist for hospitals. The security evaluation in hospital informational systems needs to be an essential element of hospital evaluation.

• 한국정보과학회논문지:컴퓨팅의 실제 및 레터
• /
• 제11권2호
• /
• pp.192-207
• /
• 2005

정보 보호에 대한 평가가 중요시 되고 있으며 보안 평가 방법론이 제안되었다. 이러한 보안 평가 방법론들은 크게 제품, 프로세스, 통제 중심의 세 가지 관점으로 분류될 수 있다본 논문에서는 제품, 프로세스, 통제 각기 하나의 관점에서 보안 평가할 때에 발생하는 문제점과 위협의 실례를 파악한다. 이 문제점을 해결하기 위하여 제품, 프로세스, 통제의 세 가지 관점을 통합한 보안평가 모델을 제안한다.

• Journal of Communications and Networks
• /
• 제11권6호
• /
• pp.634-644
• /
• 2009

A diversity of wireless networks, with rapidly evolving wireless technology, are currently in service. Due to their innate physical layer vulnerability, wireless networks require enhanced security components. WLAN, WiBro, and UMTS have defined proper security components that meet standard security requirements. Extensive research has been conducted to enhance the security of individual wireless platforms, and we now have meaningful results at hand. However, with the advent of ubiquitous service, new horizontal platform service models with vertical crosslayer security are expected to be proposed. Research on synchronized security service and interoperability in a heterogeneous environment must be conducted. In heterogeneous environments, to design the balanced security components, quantitative evaluation model of security policy in wireless networks is required. To design appropriate evaluation method of security policies in heterogeneous wireless networks, we formalize the security properties in wireless networks. As the benefit of security protocols is indicated by the quality of protection (QoP), we improve the QoP model and evaluate hybrid security policy in heterogeneous wireless networks by applying to the QoP model. Deriving relative indicators from the positive impact of security points, and using these indicators to quantify a total reward function, this paper will help to assure the appropriate benchmark for combined security components in wireless networks.

• 디지털산업정보학회논문지
• /
• 제17권4호
• /
• pp.95-102
• /
• 2021

As social interest in the metaverse increases, various metaverse platforms and services are appearing, and various security issues are emerging accordingly. In particular, since all activities are performed in a variety of virtual spaces, and the metaverse utilizes sensing data using various hardware devices, more information is accumulated than other Internet services, and more damage can occur if information security is not guaranteed. Therefore, in this paper, we propose a metaverse security model that considers the major issues mentioned in previous papers and the necessary evaluation factors for the security functions required in the metaverse platform. As a result of performing the performance evaluation of the proposed model and the existing attribute information collection model, the proposed model can provide security functions such as anonymity and source authentication, which were not provided by the existing models.

• 디지털산업정보학회논문지
• /
• 제12권4호
• /
• pp.59-69
• /
• 2016

We proposed a specialized model of performance measurement to measure the training performance of the trainees in cyber practical training. Cyber security professionals are cultivating their expertise, skills, and competencies through cyber practical training in specialized education and training institutions. The our proposed process of trainee evaluation is consisted of an evaluation component discovery, evaluation item selection, evaluation index catalog, ratings and criteria decision, and calculation formula. The trainee evaluation is consisted of a formative evaluation during the training and an overall evaluation after finished training. Formative evaluation includes progress evaluation and participation evaluation, and overall evaluation includes practice evaluation and learning evaluation. The evaluation is weighted according to the importance of evaluation type. Because it is evaluated actual skills and abilities, competencies are assigned a high weight, while knowledge and attitudes are assigned a low weight. If cyber security trainees are evaluated by the proposed evaluation model, cyber security professionals can be cultivated by each skill and knowledge level and can be deployed by importance of security task.

• 디지털산업정보학회논문지
• /
• 제5권4호
• /
• pp.109-116
• /
• 2009

In the paper, we designed an automatic security diagnostic evaluation System(SeDES) based on a security diagnostic evaluation model(SeDEM) for an organization's security assurance. The SeDEM evaluates a security level of an organization quantitatively by a security evaluation formula which is composed of security variables and security index as applying the statistical CAEL model for evaluate risk level of banks. The SeDES has a good expandability as changing security variables according to an organization scale, characteristics and so on. And it also has a excellent usage because it inputs only numeric data got from statistical technique to security index. We can understand more a security level correctly than the existent risk assessment system because it is possible to assess quantitatively with an security grade as well as score. analysis.

• 한국IT서비스학회지
• /
• 제12권4호
• /
• pp.77-90
• /
• 2013

As Cyber threats are rising, the scope of information Security (IS) is extending from technical protection of a single information system to organizational comprehensive IS capability. The ministry of National Defense (MND) has established the IS evaluation for defense organization in 'the Directive for Defense Informatization Affairs.' However, no information about an evaluation method, process and organization is provided. We surveyed information security management system (ISMS) and related best practices in public sector and other countries, and analysed the military information security affairs. Thus, this paper recommends the IS evaluation method and process. The trial IS evaluation is in progress this year and the MND will expand this IS evaluation to the entire organization.