• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.77-86
• /
• 2015

The organization shall minimize business risks associated with customer information leaks. Enhance information security activities through voluntary pre-check and must find a way to detect the personal information leakage caused by carelessness and neglect accident. Recently, many companies have introduced an information leakage prevention solution. However, there is a possibility of internal data leakage by the internal user who has permission to access the data. By this thread it is necessary to have the environment to analyze the habit and activity of the internal user. In this study, we use the SFI analytical technique that applies RFM model to evaluate the insider activity levels were carried out case studies is applied to the actual business.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1110-1112
• /
• 2007

내부 정보 유출 방지체계는 침입탐지시스템이나 방화벽 같은 외부 공격자에 대한 방어 대책으로는 한계가 있어 새로운 정보보호 체계가 필요하다. 본 논문은 내부정보 유통 구조에 내재되어 있는 내부 정보 유출 취약점을 분석하고 이에 대한 대책으로서 새로운 정보보호 모델을 제안하며, 제안된 정보보호 모델을 구현하는 한 방법으로서 DRM 기술을 적용한 정보보호 기술구조를 제안한다.

• Journal of Digital Convergence
• /
• v.10 no.6
• /
• pp.341-347
• /
• 2012

Network Access Control system of medical asset protection solutions that installation and operation on system and network to provide a process that to access internal network after verifying the safety of information communication devices. However, there are still the internal medical-data leakage threats due to spoof of authorized devices and unauthorized using of users are away hours. In this paper, Network 2-Factor Access Control Model proposed for prevention the medical-data leakage by improving the current Network Access Control system. The proposed Network 2-Factor Access Control Model allowed to access the internal network only actual users located in specific place within the organization and used authorized devices. Therefore, the proposed model to provide a safety medical asset environment that protecting medical-data by blocking unauthorized access to the internal network and unnecessary internet access of authorized users and devices.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.215-228
• /
• 2020

M&As are continuing to grow globally and are expected to increase in the future. With the fourth industrial revolution and the strengthening of neo-protection trade between countries, technology is cited as the core of national competitiveness, and the trend of M&A's increase, which is aimed at securing technology, is expected to continue. However, the risk of technology leakage, which is difficult to determine clearly illegally in the process of M&A, is still growing, and there is not enough prevention or response to this problem. the purpose of this paper was to divide the M&A process into seven stages and to ensure that important information of the enterprises during M&A between the countries and the domestic companies was not leaked unfairly, and each step analyzed the risk factors and causes of the leakage of important information in the M&A process and presented a risk-specific management plan for minimizing the leakage of important information based on the importance of the risk factors. Companies that pursue M&A in the future will reflect the M&A step-by-step risk and risk management measures derived based on case analysis and expert surveys. I hope to use risk management measures to help minimize unintentional leakage of important corporate information into the outside.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.37-48
• /
• 2017

As the risk of technical leakage is increasing, technology protection support systems for small and medium-sized businesses have gained attention. This paper analyzed the perception gap of the user and policy-maker regarding technology protection support systems. First, to identify key elements of technology protection support systems and construct measurement factors, interviews with experts are conducted. Then, surveys are conducted to analyze the perception differences between the users and policy-makers. Factor analysis and ANOVA have been utilized to analyze survey results. The result shows that the perception gaps exist in the following areas: management system, cost reduction, copyright protection, customer satisfaction, leakage prevention, and awareness. To enhance the effectiveness of technology protection support systems, this paper suggests technology protection support systems should be customized in terms of the company's size and type of busines.

• Journal of Convergence for Information Technology
• /
• v.7 no.1
• /
• pp.99-106
• /
• 2017

Research on technology security has been limited to technology leakage prevention. Companies recognize technology security as an investment. so It is a passive situation for recruitment and equipment installation. Therefore, the amount of damage caused by the technology leakage is regarded as profit, The purpose of this study is to investigate the effect of technology security on the domestic economy by using the inter-industry relations table. The inter-industry relations table was created by Vasily Leontiyev. In 1960, the Bank of Korea made it for the first time in Korea. Korea introduced the ISMS in 2001 and conducted a study on the technology security economy. Through this study, we hope that technology security will be recognized as income, not investment.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.283-290
• /
• 2015

As society has evolved to the knowledge and information society, the importance of internal information of the company has increased gradually. Especially in financial institutions which must maintain the trust of customers, the disclosure of inside information is a big problem beyond the a company's business information disclosure level to break down sales-based businesses because it contains personal or financial transaction information. Recently, since massive outflow of internal information are occurring in several enterprises, many companies including financial companies have been working a lot in order to prevent the leakage of customer information. This paper describes the internal information leakage incidents occurred in the finance companies, the PC security vulnerabilities exists despite the main security system and internal information leakage prevention and suggests countermeasures against increasing cyber infringement threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.321-330
• /
• 2019

Prevention of corporate confidentiality leakage by insiders in enterprises is an essential task for the survival of enterprises. In order to prevent information leakage by insiders, companies have adopted security solutions, but there is a limit to effectively detect abnormal behavior of insiders with access privileges. In this study, we use the Unsupervised Learning algorithm of the machine learning technique to effectively and efficiently cluster the normal and abnormal access logs of the worker's work screen in the manufacturing information system, which includes the company's product manufacturing history and quality information. We propose an optimal feature selection model for anomaly detection by studying clustering methods.

• Convergence Security Journal
• /
• v.18 no.5_2
• /
• pp.21-27
• /
• 2018

Most of the Internet users in Korea are issued certificates and use them for various tasks. For this reason, it is recommended that accredited certification authorities and security related companies and use public certificates on USB memory and portable storage devices rather than on the user's desktop. Despite these efforts, the hacking of the certificate has been continuously occurring and the financial damage has been continuing. Also, for security reasons, our military has disabled USB to general military users. Therefore, this study proposes a two-factor method using the unique information of the USB memory and the PC which is owned by the user, and suggests a method of managing the private key file secure to the general user. Furthermore, it will be applied to national defense to contribute to the prevention of important data and prevention of access by unauthorized persons.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.143-158
• /
• 2010

The illegal leakage of enterprise digital confidential information will threaten the enterprise with bankruptcy. Today since most small-and-medium companies have no capability to fight against illegally compromising their critically confidential documents in spite of knowing the leakage of them, strongly safe distribution system of the digital confidential documents should be designed so in secure as to prevent any malicious intent of embezzlement from accessing the critical information. Current DRM-based protection system is not always perfect to protect the digital secrets, even seems to leave the secrets open. Therefore our study has analyzed the illegal leakage paths that hackers attack against and the vulnerability of the current protection systems. As result, we study the group communication based system architecture satisfying the security conditions to make even legitimate working employee keep out of the confidential documents, without performance degradation. The main idea of this architecture is to stay every secrets in encrypted form; to isolate the encrypted documents from the crypto-key; to associate every entity with one activity and to authenticate every entity with DSA-based public key system; multiple authentication method make hackers too busy to get a privilege to access the secrets with too many puzzle pieces. This paper deal with the basic architectural structure for the above issues.