• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제5권6호
• /
• pp.143-152
• /
• 2016

현재 많은 중앙행정기관 및 지방자치단체, 공공 민간기관들이 사이버 침해사고 대응을 위해 보안관제서비스를 운영하고 있다. 과거와는 달리 서비스 도입보다는 효율적인 운영을 위해 노력하고 있다. 때문에 많은 정책과 방향, 지침들을 수립하고 안정적으로 운영되길 원한다. 하지만 보안관제는 사람이 운영하는 업무이기 때문에 개개인의 능력에 따라 많은 차이를 보이게 된다. 이에 따라 본 논문에서는 보안관제 기술과 방법에 대해 살펴본 후 인적역량에 대한 평가 방법과 예시를 통해 기관의 보안관제 업무 시 인적 관리에 효율적인 운영 방안 및 향후 발전 방향에 대해 모색해 보고자 한다.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.2513-2515
• /
• 2005

Internet attack incidents have steadily increased along with the increase in Internet users. To protect systems and networks from these attacks, advanced security systems have been developed. Now that these security systems are operating, their successful management is more important than the purchase and establishment of new information security systems. The acquisition of good systems is ineffective and financially wasteful unless they are managed properly. Adequate management policy has recently become the focus of users. In other words, for companies and educational institutions with their domains, capital expenses are enormous to bear, and good security staffs are difficult to find, for which reasons outsourcing vendors or Managed Security Service Providers (MSSPs) that manage and operate the information security systems of certain domains become very appealing. Today, customers expect ISPs to perform MSSP services that used to be carried out by the security companies. This document presents the role and necessity of ISPs as MSSPs.

• 융합보안논문지
• /
• 제19권1호
• /
• pp.111-120
• /
• 2019

사이버공격이 지능화되고 고도화되면서 이를 체계적으로 대응하기 위한 보안관제센터(SOC : Security Operations Center)의 중요성이 높아지고 있고, SOC의 규모와 그 수도 늘어나고 있다. 각 기관 및 조직에서 다양한 사이버보안 표준을 활용하여 업무 절차를 만들어 사용하고 있으나 SOC는 자체 인력보다는 보안관제전문기업과 협업하는 경우가 많아 SOC환경에 맞게 개선이 필요하다. NIST 사이버보안 프레임워크(CSF : Cybersecurity Framework)와 정보보호관리체계 그리고 보안관제전문기업의 업무절차를 비교 분석한 결과 NIST CSF가 보안관제에 적용하기 용이한 프레임워크이나 국내 SOC에 적용하기 위해서는 SOC의 운영 및 관리 부분이 추가적으로 보완될 필요가 있다. 따라서 본 연구에서는 NIST CSF를 참조 모형으로 하여 SOC환경에 필요한 관리적 항목을 도출하였으며 각 항목에 대한 필요성, 중요성, 용이성을 델파이 조사방식으로 검증하고 개선된 사이버보안 프레임워크를 제안하였다.

• International Journal of Computer Science & Network Security
• /
• 제23권5호
• /
• pp.65-72
• /
• 2023

Cloud Computing is one of the current research areas in computer science. Recently, Cloud is the buzz word used everywhere in IT industries; It introduced the notion of 'pay as you use' and revolutionized developments in IT. The rapid growth of modernized cloud computing leads to 24×7 accessing of e-resources from anywhere at any time. It offers storage as a service where users' data can be stored on a cloud which is managed by a third party who is called Cloud Service Provider (CSP). Since users' data are managed by a third party, it must be encrypted ensuring confidentiality and privacy of the data. There are different types of cryptographic algorithms used for cloud security; in this article, the algorithms and their security measures are discussed.

• 정보보호학회논문지
• /
• 제22권5호
• /
• pp.1133-1143
• /
• 2012

현재 많은 중앙행정기관, 지방자차단체 및 공공기관, 포탈 및 일반기업, 금융권 등은 사이버안전센터를 구축하여 운영하고 있다. 기관 입장에서 보안관제 업무는 이제 구축 보다는 효과적인 운영이 중요시되고 있다. 하지만 보안관제 업무를 평가할 수 있는 지표 및 제도가 없는 상황에서 사이버안전센터의 전체적 업무수행 수준을 파악할 수 없고 사이버안전센터별 강점과 약점을 도출하기도 어렵다. 이에 따라 본 논문은 보안관제 업무평가를 위한 지표를 개발함으로서 사이버안전센터의 업무수행 수준파악 및 향후 발전 방향 모색에 기여함을 목적으로 한다. 또한 기관의 정보보안 관리실태 평가를 수행함에 있어 보안관제 업무평가를 반영한다면 기관의 보안수준을 정확히 측정하여 체계적인 보안대책을 수립할 수 있다.

• 한국컴퓨터정보학회논문지
• /
• 제5권4호
• /
• pp.161-165
• /
• 2000

기존의 금고업무는 텍스트 방식의 환경하에서 자료관리 성격의 소프트웨어들로 이루어진 패키지로 구성되어 있었다. 주로 자료는 한 장소에서만 집중적으로 관리되었다. 다양한 업무를 효과적으로 처리할 수 있고, 체계적인 섭외 활동을 지원할 수 있는 효과적인 담보물건관리가 중요한 과제가 되었다. 따라서 클라이언트/서버 환경에서 GIS를 이용하여 효과적인 고객관리와 담보물건관리를 하여 경쟁력을 확보할 수 있는 시스템을 개발하였다.

• International Journal of Computer Science & Network Security
• /
• 제23권5호
• /
• pp.89-94
• /
• 2023

Cloud-based technology is used in different organizations around the world for various purposes. Using this technology, the service providers provide the service mainly SaaS, PaaS and while the cloud service consumer consumes the services by paying for the service they used or accessed by the principle of "pay per use". The customer of the services can get any services being at different places or locations using different machines or electronic devices. Under the conditions of being well organized and having all necessary infrastructures, the services can be accessed suitably. The identified problem in this study is that cloud providers control and monitor the system or tools by ignoring the calculation and consideration of various faults made from the cloud provider side during service delivery. There are currently problems with ignoring the consumer or client during the monitoring and mentoring system for cloud services consumed at the customer or client level by SLA provisions. The new framework was developed to address the above-mentioned problems. The framework was developed as a unified modeling language. Eight basic components are used to develop the framework. For this research, the researcher developed a prototype by using a selected cloud tool to simulate and java programming language to write a code as well as MySQL to store data during SLA. The researcher used different criteria to validate the developed framework i.e. to validate SLA that is concerned with a cloud service provider, validate what happened when the request from the client-side is less than what is specified in SLA and above what is specified in SLA as well as implementing the monitoring mechanism using the developed Monitoring component. The researcher observed that with the 1st and 3rd criteria the service level agreement was violated and this indicated that if the Service level agreement is monitored or managed only by cloud service prover, there is a violation of LSA. Therefore, the researcher recommended that the service level agreement be managed by both cloud service providers and service consumers in the cloud computing environment.

• 융합보안논문지
• /
• 제10권4호
• /
• pp.21-30
• /
• 2010

2010년 가장 중요한 보안 이슈 중 하나는 무선 네트워크이었다. 스마트폰의 보급이 본격화되면서 무선 인터넷 사용자가 급증하였고 무선 AP가 전국에 우후죽순으로 설치되었다. 그러나 대부분의 무선 AP가 보안적인 관점에서 제대로 관리되지 않고 있고 무선랜 이용자 또한 보안의 중요성을 인식하지 못하고 있다. 이러한 상황은 심각한 보안위협을 초래할 수 있다. 본 논문에서는 QR 코드를 통해 악성코드를 유포, 모바일 AP 기능 활성화를 통해 대량 과금을 유발하는 새로운 방식의 사이버 공격 기법을 설계하고 분석하였다. 제안한 새로운 취약점은 안드로이드폰의 모바일 AP 기능을 강제로 활성화시킨 후 주변에서 발생하는 모든 Probe Request에 대해서 응답하게 하여 과금 유발 및 통신 장애를 유발한다.

• International Journal of Internet, Broadcasting and Communication
• /
• 제12권4호
• /
• pp.180-187
• /
• 2020

Security threats are increasing with interest due to the mass spread of smart devices, and vulnerabilities in developed applications are being exposed while mobile malicious codes are spreading. The government and companies provide various applications for the public, and for reliability and security of applications, security checks are required during application development. In this paper, among the security threats that can occur in the mobile service environment, we set up the vulnerability analysis items to respond to security threats when developing Android-based applications. Based on the set analysis items, vulnerability analysis was performed by examining three applications of public institutions and private companies currently operating as mobile applications. As a result of application security checks used by three public institutions and companies, authority management and open module stability management were well managed. However, it was confirmed that many security vulnerabilities were found in input value verification, outside transmit data management, and data management. It is believed that it will contribute to improving the safety of mobile applications through the case of vulnerability analysis for Android application security.

• International Journal of Advanced Culture Technology
• /
• 제5권3호
• /
• pp.46-55
• /
• 2017

In recent years, public area CCTV has also begun to become more popular in the Korea. 2011, Korea's Ministry of Public Administration and Security has recommended that other local governments set up an integrated CCTV control center in each of their districts. The ministry was planning to make it compulsory for local governments to install an integrated CCTV control center by 2015. More than 570,000 public cameras are managed by public agencies and local government offices. Currently, the integrated CCTV control center is playing a very positive role in fighting crimes in the district particularly through its liaison with the district police. The CCTVs were operated by a several different agencies and departments in the district, resulting in considerable redundancy in public service, inefficiency and delays in response to crimes, and other emergency situations. Therefore, Control Center should be operated lawfully and efficiently. CCTV Control Center will be managed by three ways: (1) IT Governance through cooperation with civil areas (2) by regulated with proper laws and (3) managed by proper guideline and personal training.