• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1585-1594
• /
• 2018

In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.

• Proceedings of the IEEK Conference
• /
• 2002.06b
• /
• pp.341-344
• /
• 2002

The importance of protection for information is increasing by the rapid development of information communication and network. Asymmetric crypto-system is the mainstream in encryption system rather than symmetric cryptosystem by above reasons. But asymmetric cryptosystem is restricted in applying to application fields by the reason it takes more times to process than symmetric cryptosystem. In this paper, the proposed cryptosystem uses an algorithm that combines block cipherment with stream ciphcrment. Proposed cryptosystem has a high stability in aspect of secret rate by means of transition of key sequence according to the information of plaintext while asymmetric /symmetric cryptosystern conducts encipherment/decipherment using a fixed key Consequently, it is very difficult to crack although unauthenticator acquires the key information. So, the proposed encryption system which has a certification function of asymmetric cryptosystcm and a processing time equivalent to symmetric cryptosystcm will be highly useful to authorize data or exchange important information.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.8
• /
• pp.249-258
• /
• 2022

Since the advent of Bitcoin, various virtual assets have been actively traded through virtual asset services of virtual asset exchanges. Recently, security accidents have frequently occurred in virtual asset exchanges, so the government is obligated to obtain information security management system (ISMS) certification to strengthen information protection of virtual asset exchanges, and 56 additional specialized items have been established. In this paper, we compared the domain importance of ISMS and CryptoCurrency Security Standard (CCSS) which is a set of requirements for all information systems that make use of cryptocurrencies, and analyzed the results after mapping them to gain insight into the characteristics of each certification system. Improvements for 4 items of High Level were derived by classifying the priorities for improvement items into 3 stages: High, Medium, and Low. These results can provide priority for virtual asset and information system security, support method and systematic decision-making on improvement of certified items, and contribute to vitalization of virtual asset transactions by enhancing the reliability and safety of virtual asset services.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.3
• /
• pp.19-26
• /
• 2023

Critical information infrastructure designations for cloud service providers continue to spread around the world as energy, financial services, health, telecommunications, and transportation sectors move to the cloud. In addition, in the case of Ukraine, the removal of restrictions on the use of cloud for national critical facilities and the rapid transition of critical data to the cloud enabled the country to effectively respond to cyberattacks targeting Russian infrastructure. In Korea, the ISMS-P is operated to implement a systematic and comprehensive information protection management system and to improve the level of information protection and personal information protection management in organizations. Control items considering the cloud environment have been modified and added to the audit of companies. However, due to the different technical levels of clouds between domestic and global, it is not easy to obtain information on the findings of cloud providers such as Microsoft for the training of domestic certification auditors on hyperscale scale. Therefore, this paper analyzes findings in hyperscale clouds and suggests ways to improve cloud-specific control items by considering the compatibility of hyperscale environments with ISO/IEC 27001 and SOC(System and Organization Control) security international standards.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.4C
• /
• pp.290-295
• /
• 2005

When a Certification Authority (CA) issues X.509 public-key certificate to bind a public key to a user, the user is specified through one or more subject name in the 'subject' field and the 'subjectAltName' extension field of a certificate. The 'subject' field or the 'subjectAltName' extension field may contain a hierarchically structured distinguished name, an electronic mail address, If address, or other name forms that correspond to the subject. In this paper, we present the requirements for certificate holder's privacy protection and propose the methods to protect the user's privacy information contained in the 'subject' field or the 'subjectAltName' extension field of a public-key certificat

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.81-89
• /
• 2003

With the rapid development of information and communication technology, online dissemination increases rapidly. So, It becomes more important to protect information. Recently the authentication system using public key infrastructure (PKI) is being utilized as an information protection infrastructure for electronic business transactions. And the smartcard system makes the most use of such an infrastructure. But because the certification based on the current PKI provides oかy basic user certification information, the use has to be limited in various application services that need the identification and authorization information as well as face-to-face information of the user. In order to protect a system from various kinds backings and related treats, we have proposed angular and private key multiplexing for prevention of smartcard forgery and alteration based on a photopolymer cryptosystem. When smartcard becomes prone to forgery and alteration, we should be able to verify it. Also, our parer proposes a new authentication system using multi authentication based on PKI. The smartcard has an excellent advantage in security and moving.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.123-132
• /
• 2019

Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1692-1706
• /
• 2004

Recently, there are rapid development of information and communication and rapid growth of e-business users. Therefore we try to solve security problem on the internet environment which charges from wire internet to wireless internet or wire/wireless internet. Since the wireless mobile environment is limited, researches such as small size, end-to-end and privacy security are performed by many people. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which conned wire and wireless communication. certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil Paring. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol solves the privacy protection and Non-repudiation p개blem. We solve not only the safety and efficiency problem but also independent of specific wireless platform. The protocol requires the certification organization attent the certification process of payment. Therefore, other domain provide also receive an efficient and safe service.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.412-415
• /
• 2014

본 논문은 전자책 제작 Sigil 환경과 C 프로그램 환경을 이용하여 전자책 ePub과 서버, 클라이언트 통신을 통해 인증정보를 사용한 전자책의 저작권 보호 시스템을 설계한다. 서버와 클라이언트 통신을 통해 전자책의 인증정보를 이용하여 사용 권한 유무를 판별한다. 나날이 불법적인 방법으로 전자책을 구입하는 경우 저작권의 보호를 받지 못해 큰 피해를 입는 사람들이 많다. 본 논문은 전자책 ePub의 인증정보를 이용한 저작권 보호 프로그램을 개발하여 전자책의 인증정보가 조건에 만족한다면 전자책을 열람하고, 조건에 만족하지 않는다면 프로그램을 종료함으로서 악의적인 사용자가 전자책의 접근을 할 수 없도록 한다.

• Korean Journal of Organic Agriculture
• /
• v.9 no.4
• /
• pp.71-93
• /
• 2001

Within the paper, an overview of organic farming in Europe countries is given and the Principle and skills of organic agriculture is shortly reported with special regard to Germany. The overview information on European organic forming is covered such as \circled1 development of organic farming, \circled2organic farming organizations, \circled3standards and certification, \circled4implementation of EU council regulation, \circled5state support, \circled6implementation of Agenda 2000, \circled7training and education, \circled8advisory service and research situation. In the paper the principle and skills for organic farming which are practiced actually in the German organic farms is also reported. How to maintain and increase the fertility and microbiological activity of the soil by \circled1cultivation of legumes, green manures or deep-rooting crops in multi-annual rotation system, \circled2incorporation in the soil organic material, by-products from livestock farming is one of the major principle to organic crop production. Pest and diseases and weeds are controlled by any one, or a combination of the following measure ; \circled1choice of appropriate species and varieties, \circled2appropriate rotation programs, \circled3mechanical cultivation, \circled4protection of natural enemies of pests through provision of favourable habitat and ecological buffer zone, \circled5diversified ecosystems, \circled6flame weeding, \circled7natural enemies, \circled8bio-dynamic preparations, \circled9mulching and mowing, \circled10grazing of animals, ⑪mechanical controls, ⑫steam sterilization.