• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.1-10
• /
• 2015

The main objective of this study was to identify the factors that can maximize the effect of preventing technology leakage by government support. Therefore we used the 2013 small business technology protection capabilities and level of research which is conducted by the Small and Medium Business Administration, and have analyzed the presence of small business technological assets leakage protection eand skills. Multiple logistic regression analysis was performed to identify 1,518 small companies (43 big companies are excluded) which are divided into 155 technological assets leaked small business and non-leaked 1363 small business. The most important factors associated with technology leakage were entrant control system, security audit, employee absence of security activities and important data protection measures. This result shows that if the government can support more for these details, technological asset leakage prevention effect is expected to be maximized.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.139-148
• /
• 2008

Information technology have led to change the automation of large industrial control system as well as business system and environments. Industrial control system(ICS) is vital components of most nation's critical infrastructures such as electricity, natural gas, water, waste treatment, transportation and communication that are based of national security, safety of citizen and development of national economy According to the change of business environment, organizational management pushed integration all of the system include MIS and ICS. This situation led to use standard information technologies for ICS, this transition has been to expose ICS to the same vulnerabilities and threats that plague business system. Recently government obliged owners of the public information system to audit for safety, efficiency and effectiveness, and also obliged the owners of national infrastructure to improve their system security as a result of vulnerability analysis. But there doesn't prepare a security architecture and information security auditing framework of ICS fur auditing. In this paper, I suggested the security architecture and information security auditing framework for ICS in order to prepare the base of industrial system security auditing.

• The Korean Journal of Archival Studies
• /
• no.60
• /
• pp.317-358
• /
• 2019

Blockchain technology has emerged as one of the key technologies of the fourth industrial revolution. Blockchain technology is characterized by being able to verify the authenticity of stored information in a block and whether it is false or falsified, cannot arbitrarily manipulate or delete a particular record, and is capable of transparent audit trail. This study is designed to explore how to apply blockchain technology to record management. For this purpose, we want to approach the code area, the physical area of the blockchain technology, to explore some of the key physical structures, and to derive the applicability of the blockchain technology. By implementing the part of 'Cloud-Record Management System', future record management system model and currently in the process of phasing out step by step, as a modular block chain, I suggest a blockchain network model that can simplify or replace various functions of the current record management process.

• The Journal of Information Technology and Database
• /
• v.3 no.1
• /
• pp.25-43
• /
• 1996

정보시스템이 효과적이기 위해서는 정보가 도출되는 자료의 무결성이 우선 전제되어야 한다. 특히 오늘날과 같이 사회가 다양한 활동들을 지원하기 위해 컴퓨터를 이용한 정보시스템에 점점 더 의존해감에 따라 정보시스템에서 사용되는 자료의 질을 적절한 수준으로 유지 및 관리해야 할 필요성이 더욱 절실히 대두되게 되었다. 그럼에도 불구하고 여전히 관리자들은 효과적인 의사결정 및 활동을 위해 필요한 최신의 정확한 자료들을 제공 받지 못하고 있으며 [Nesbit 1985], 정보시스템이 기대 이하의 성능을 나타내는 가장 단순하고 일반적인 원인은 정보시스템에 입력된 자료가 부정확하거나 불완전하기 때문인 것으로 나타나고 있다 [Ballou and Pazer 1989]. 낮은 질의 자료는 즉각적인 경제적 손실뿐만 아니라 보다 많은 간접적이고 경제적으로 측정하기 어려운 손실들을 초래한다. 그리고 아무리 잘 관리되는 시스템에도 시간이 흐름에 따라 여러가지 원인에 의해 저장된 자료에 오류가 발생하게 된다. 자료의 질을 적절한 수준으로 유지하기 위해서는 이와 같은 오류는 주기적으로 발견 및 수정되어야 한다. 이와 같은 작업을 데이타베이스 감사라고 한다. 본 논문에서는 데이타베이스에 저장된 자료의 질을 주기적으로 향상시키기 위한 최적 데이타베이스 감사시점을 일반적인 비용모형을 통해 결정하는 과정을 제시하고, 그와 관련된 사항들에 대해 논의하였다. 데이타베이스는 오류 발생률도 다르고 오류의 결과도 상당히 다른 여러개의 자료군들로 구성되어 있다고 가정하였다. 그리고 각 자료군에서의 오류 누적과정은 확정적이 아닌 확률적인 과정으로 모형화하고, 단순한 오류의 발생뿐만 아니라 오류의 크기도 확률적으로 변하는 상황을 모형에 반영하여 보다 현실성있게 모형화하였다.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.239-246
• /
• 2021

This article substantiates the scientific provisions for modelling the level of Ukraine's public financial security taking into account the impact of budget policy, in the process of which identified indicators of budget policy that significantly affect the public financial security and the factors of budget policy based on regression analysis do not interact closely with each other. A seven-factor regression equation is constructed, which is statistically significant, reliable, economically logical, and devoid of autocorrelation. The objective function of maximizing the level of public financial security is constructed and strategic guidelines of budget policy in the context of Ukraine's public financial security are developed, in particular: optimization of the structure of budget revenues through the expansion of the resource base; reduction of the budget deficit while ensuring faster growth rates of state and local budget revenues compared to their expenditures; optimization of debt serviced from the budget through raising funds from the sale of domestic government bonds, mainly on a long-term basis; minimization of budgetary risks and existing threats to the public financial security by ensuring long-term stability of budgets etc.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.10
• /
• pp.1873-1879
• /
• 2007

As the mobile terminal which uses P2P service increases and it comes to be applied to many fields, mobile agent technology has been applied to P2P and its innovative services has been offered to various fields. However, free mobility of mobile agent technology works like worm, the problem which is contaminated by malicious attacker's attack quickly has appeared and fundamental solution has not been developed yet. This paper proposes STAS (Security Tracking and Auditing Server) system which can offer verification for security of mobile agent in structured P2P environments. Mobile Agent will send data value to STAS via peer so that STAS can verify secure audit and integrity and Mobile agent initiator will obtain the final value of the data from STAS. It can minimize overload of mobile terminal which is occurred by verification of mobile agent and its accomplishment.

• Journal of Advanced Navigation Technology
• /
• v.15 no.5
• /
• pp.823-832
• /
• 2011

Recently, as the project becomes larger and the number of project increases by the information system integration in the public and financial sectors, it is necessary to have a proper plan to manage the information system project. There have been many researches about the project management, success elements and failure elements, but the research on the interrelation between project management areas leaves much to be desired. This research deduces the scope, schedule, quality, work force and risk as the project management areas from the preceding research and the questionnaire and interview with PM developers, information system builders and data processing experts. And, it analyzes the interrelation and the relative importance between management areas, classifies the progress of the management areas under plan, implementation and completion stage and presents the frame to evaluate the accomplishment of each progress.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.3-12
• /
• 2004

Secure operating system is a special operating system that integrates some security functions(i.e. access control, user authentication, audit-trail and etc.) with normal operating system in order to protect system from various attacks. But it doesn't consider my security of network traffic. To guarantee the security of the whole system, network traffic must be protected by a certain way and IPsec is a representative technology for network security. However, it requires administrator's carefulness in managing security policies and the key management mechanism is very heavy as well as complicated. Moreover, it doesn't have a suitable framework for delivery of security information for access control mechanism. So we propose a simple trusted channel mechanism for secure communication between secure operating systems. It provides confidentiality md authentication for network traffic and ability to deliver security information. It is implemented at the kernellevel of IP layer and the simplicity of the mechanism can minimize the overhead of trusted channel processing.

• Journal of KIISE:Information Networking
• /
• v.30 no.3
• /
• pp.397-406
• /
• 2003

As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, has been raised. In the field of anomaly-based IDS several artificial intelligence techniques such as hidden Markov model (HMM), artificial neural network, statistical techniques and expert systems are used to model network rackets, system call audit data, etc. However, there are undetectable intrusion types for each measure and modeling method because each intrusion type makes anomalies at individual measure. To overcome this drawback of single-measure anomaly detector, this paper proposes a multiple-measure intrusion detection method. We measure normal behavior by systems calls, resource usage and file access events and build up profiles for normal behavior with hidden Markov model, statistical method and rule-base method, which are integrated with a rule-based approach. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

• Journal of Information Technology Services
• /
• v.21 no.4
• /
• pp.63-74
• /
• 2022

Globally researchers at medical institutions are actively sharing COHORT data of patients to develop vaccines and treatments to overcome the COVID-19 crisis. OMOP-CDM, a common data model that efficiently shares medical data research independently operated by individual medical institutions has patient personal information (e.g. PII, PHI). Although PII and PHI are managed and shared indistinguishably through de-identification or anonymization in medical institutions they could not be guaranteed at 100% by complete de-identification and anonymization. For this reason the security of the OMOP-CDM database is important but there is no detailed and specific OMOP-CDM security inspection tool so risk mitigation measures are being taken with a general security inspection tool. This study intends to study and present a model for implementing a tool to check the security vulnerability of OMOP-CDM by analyzing the security guidelines for the US database and security controls of the personal information protection of the NIST. Additionally it intends to verify the implementation feasibility by real field demonstration in an actual 3 hospitals environment. As a result of checking the security status of the test server and the CDM database of the three hospitals in operation, most of the database audit and encryption functions were found to be insufficient. Based on these inspection results it was applied to the optimization study of the complex and time-consuming CDM CSF developed in the "Development of Security Framework Required for CDM-based Distributed Research" task of the Korea Health Industry Promotion Agency. According to several recent newspaper articles, Ramsomware attacks on financially large hospitals are intensifying. Organizations that are currently operating or will operate CDM databases need to install database audits(proofing) and encryption (data protection) that are not provided by the OMOP-CDM database template to prevent attackers from compromising.