• 정보화정책
• /
• 제23권1호
• /
• pp.3-19
• /
• 2016

본 연구의 목적은 빅데이터 보안 분야의 기존 연구를 분석하고, 향후 연구 방향을 모색하는 것이다. 이를 위해 국내외의 총62편의 논문을 식별하여, 발간년도, 게재 매체, 전반적인 연구접근 방법, 세부적 연구 방법, 연구 주제 등을 분석하였다. 분석 결과, 빅데이터 보안 연구는 매우 초기 단계로서, 비실증 연구가 압도적인 비중을 차지하고 있고, 관련 개념/기법에 대한 이해를 해나가는 과정으로서 기술-관리-통합의 단계로 진화한 정보보안 분야의 연구 동향에 동조하여 기술적인 연구가 주로 진행되고 있다. 연구 주제 측면에서도 빅데이터 보안에 대한 전반적인 이슈를 다룬 총론적인 연구들이 보안 구현 방법론, 분야별 이슈 등의 각론적 연구에 비해 높은 비중을 나타내는 등 초기 단계의 모습을 나타내고 있다. 향후 유망한 연구 분야로는 빅데이터 보안에 대한 전반적인 프레임워크 수립, 업종별 빅데이터 보안에 대한 연구, 빅데이터 보안 관련 정부 정책 분석 등을 들 수 있다. 빅데이터 보안 분야의 연구는 본격적으로 시작된 지 얼마 되지 않아, 연구 결과가 상대적으로 매우 부족한 편이다. 앞으로 다양한 관점에서 빅데이터 보안과 관련해 풍부한 주제를 다루는 연구가 진행되기를 기대한다.

• 한국정보시스템학회지:정보시스템연구
• /
• 제25권2호
• /
• pp.51-77
• /
• 2016

Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

• 지식경영연구
• /
• 제20권4호
• /
• pp.39-55
• /
• 2019

Although Firms have been increasing their information security significantly to handle increased security risks, the effects of information security were not well understood. This study aims to investigate the market value of information security by employing the event study methodology. Our research also explores how market responses vary depending on the type of information security announcements. We collected 177 firm-level information security announcements between 2001 and 2017 in South Korea. For all samples, our results indicate that the stock market positively reacts to information security announcements. We also conducted subsample analysis and found that while information security certification announcement has a positive impact on the stock market, information security activities (e.g. award, information security system) announcement had no impact on the stock market. Our study adopted a novel approach (i.e. event study) for investigating the effects of information security and found that information security investment positively affects firm value. Our results allow managers to measure the effects of information security investment and help them make right decisions on information security investment.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.1586-1589
• /
• 2005

GUMF (Global User Management Framework) that is proposed in this research can be applied to next generation network such as BcN (Broadband convergence Network), it is QoS guaranteed security framework for user that can solve present Internet's security vulnerability. GUMF offers anonymity for user of service and use the user's real-name or ID for management of service and it is technology that can realize secure QoS. GUMF needs management framework, UMS (User Management System), VNC (Virtual Network Controller) etc. UMS consists of root UMS in country dimension and Local UMS in each site dimension. VNC is network security equipment including VPN, QoS and security functions etc., and it achieves the QoSS (Quality of Security Service) and CLS(Communication Level Switching) functions. GUMF can offer safety in bandwidth consumption attacks such as worm propagation and DoS/DDoS, IP spoofing attack, and current most attack such as abusing of private information because it can offer the different QoS guaranteed network according to user's grades. User's grades are divided by 4 levels from Level 0 to Level 3, and user's security service level is decided according to level of the private information. Level 3 users that offer bio-information can receive secure network service that privacy is guaranteed. Therefore, GUMF that is proposed in this research can offer profit model to ISP and NSP, and can be utilized by strategy for secure u-Korea realization.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2003년도 ICCAS
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권10호
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• 한국통신학회:학술대회논문집
• /
• 한국통신학회 2004년도 추계종합학술대회 논문 초록집
• /
• pp.175-175
• /
• 2004

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2001년도 추계학술발표논문집 (하)
• /
• pp.993-996
• /
• 2001

본 논문에서는 정책기반 네트워크보안 프레임워크의 전체적인 구조와 주요 아키텍쳐에 대해서 논하고 특히 보안정책 서버의 역할을 담당하는 네트워크보안제어서버의 구조와 메커니즘에 대해 구체적으로 기술한다.

• 디지털산업정보학회논문지
• /
• 제15권1호
• /
• pp.43-51
• /
• 2019

This research proposed the necessary capability of cyber security professional personnel for cyber security education and training. Cyber security professional personnel were required specialized capability because the curriculum of cyber security education and training is structured around practice and training. Based on the knowledge, skills, and attitudes of professors, we derive candidate capabilities and index through the results of precedent research. As a result, we derived capability such the candidate capability group as teaching qualification, expert knowledge, practical ability, lecture ability, and research ability, and detailed capability index was derived accordingly. Finally, based on the questionnaire results of the professors related to the information security, it was determined that the capability required for the cyber security education and training professional personnel were expert knowledge, practical ability, and lecture ability. Among the capabilities, executive ability means that they have to fulfil abundant executive experience due to the high proportion of practical training due to the characteristics of cyber security education and training.

• 정보보호학회논문지
• /
• 제17권3호
• /
• pp.109-116
• /
• 2007

본 논문에서는 Self-Shrinking 생성기의 변형 구조 SSG-XOR에 대해 guess-and-determine공격을 적용하여 실제 안전성을 분석하고 이에 대한 시뮬레이션 결과를 소개한다. SSG-XOR은 Self-Shrinking 생성기에 비해 더 좋은 암호학적 성질을 가지는 것으로 소개되었으나 본 논문의 분석 결과, guess-and-determine공격 관점에서 Self-Shrinking 생성기에 비해 안전성이 많이 떨어지는 것을 확인할 수 있다.