• Journal of Korea Society of Digital Industry and Information Management
• /
• v.17 no.4
• /
• pp.95-102
• /
• 2021

As social interest in the metaverse increases, various metaverse platforms and services are appearing, and various security issues are emerging accordingly. In particular, since all activities are performed in a variety of virtual spaces, and the metaverse utilizes sensing data using various hardware devices, more information is accumulated than other Internet services, and more damage can occur if information security is not guaranteed. Therefore, in this paper, we propose a metaverse security model that considers the major issues mentioned in previous papers and the necessary evaluation factors for the security functions required in the metaverse platform. As a result of performing the performance evaluation of the proposed model and the existing attribute information collection model, the proposed model can provide security functions such as anonymity and source authentication, which were not provided by the existing models.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• ETRI Journal
• /
• v.31 no.5
• /
• pp.554-564
• /
• 2009

In information security and network management, attacks based on vulnerabilities have grown in importance. Malicious attackers break into hosts using a variety of techniques. The most common method is to exploit known vulnerabilities. Although patches have long been available for vulnerabilities, system administrators have generally been reluctant to patch their hosts immediately because they perceive the patches to be annoying and complex. To solve these problems, we propose a security vulnerability evaluation and patch framework called PKG-VUL, which evaluates the software installed on hosts to decide whether the hosts are vulnerable and then applies patches to vulnerable hosts. All these operations are accomplished by the widely used simple network management protocol (SNMP). Therefore, system administrators can easily manage their vulnerable hosts through PKG-VUL included in the SNMP-based network management systems as a module. The evaluation results demonstrate the applicability of PKG-VUL and its performance in terms of devised criteria.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.7
• /
• pp.282-287
• /
• 2007

Information society is dramatically developing in the various areas of finance, trade, medical service, energy, and education using information system. Evaluation for risk analysis should be done before security management for information system and security risk analysis is the best method to safely prevent it from occurrence, solving weaknesses of information security service. In this paper, Modeling it did the evaluation-base CBD function it will be able to establish the evaluation plan of optimum. Evaluation-based CBD(case-based reasoning) functions manages a security risk analysis evaluation at project unit. it evaluate the evaluation instance for beginning of history degree of existing. It seeks the evaluation instance which is similar and Result security risk analysis evaluation of optimum about under using planning.

• Journal of radiological science and technology
• /
• v.31 no.4
• /
• pp.347-353
• /
• 2008

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• Journal of Information Technology Services
• /
• v.19 no.1
• /
• pp.173-185
• /
• 2020

It is very important to evaluate training because it can systematically grasp the current status of training. Evaluation includes getting ongoing feedback from the learner, trainer and learner's supervisor, to improve the quality of the training and identify if the learner achieved the goals of the training. It also provides a justification for the implementation of training. Nonetheless, there is a lack of studies that attempt to evaluate information security training programs. In this study, we utilize the Philips model to evaluate the public training programs for the people who are in charge of the information security duties in the public sector and propose the training improvement plans. Research result has shown that it is necessary to evaluate the level of the trainees in advance and conduct training programs according to the information security skill level. In addition, it needs to conduct training according to duties such as information security management, information security operate and maintain. The limitation of this study is that each education program was not assessed individually because this study had developed an evaluation tool that could be used comprehensively.

• Journal of Korean Society for Quality Management
• /
• v.51 no.3
• /
• pp.435-444
• /
• 2023

Purpose: To attain advanced performance certification, safety aspects along with functionality and performance are essential. Hence, this study suggests radiation leakage assessment methods for aviation security equipment during its performance certification. Methods: Detection technology guided the choice of radiation leakage assessment targets. We then detailed measurement and evaluation methods based on equipment type and operation mode. Equipment was categorized as container or box types for establishing measurement procedures. Results: We've developed specific radiation leakage assessment procedures for different types of aviation security equipment, crucial for ensuring airport safety. Using these procedures allows efficient evaluation of compliance with radiation leakage standards. Conclusion: The suggested radiation leakage assessment method aims to enhance aviation security and reliability. Future research will focus on identifying risks in novel aviation security equipment detection technologies and establishing safety standards.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1133-1143
• /
• 2012

Currently, Many Cyber Security Centers(CSC) are established and being operated in our country. But, in the absence of indicators to evaluate activities of the Managed Security Service(MSS), We can't identify the CSC's level of overall job performance. Therefore, we can't derive strengths and weaknesses from the CSC. From these reasons, The purpose of this research is to develop an objective indicator to evaluate activities of the MSS. I studied both international and domestic Information Security Management System(ISMS) as related standards(ISO/IEC 27001, G-ISMS). Moreover, I analysed the NIST Computer Security Incident Handing Guide and the Incident Management Capability Metrics(IMCM) of Carnegie Mellon Software Engineering Institute(SEI). The implications for this analysis and domestic hands-on experience are reflected in the research. So I developed 10 evaluation domains and 62 detail evaluation items. This research will contribute to our understanding the level of the CSC's job performance.

• The Korean Journal of Health Service Management
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2015

In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.