• 인터넷정보학회논문지
• /
• 제22권3호
• /
• pp.53-58
• /
• 2021

보안관제 분야의 실제 업무활동에 대해서는 거의 연구가 없는 실정이다. 이에 본 논문에서는 보안관제의 위협정보 탐지 대응시간 모델링을 통해 적정 투입인력 규모 산정에 기여하고 최신 보안솔루션 투입시의 효과성 분석 등에 활용할 수 있는 실질적인 연구 방법론을 제시하고자 한다. 보안관제센터에서 수행하는 전체 위협정보 탐지대응시간은 TIDRT(Total Intelligence Detection & Response Time)로 정의한다. 전체 위협정보 탐지 대응시간(TIDRT)는 내부 위협정보 탐지대응시간(IIDRT, Internal Intelligence Detection & Response Time)과 외부 위협정보(EIDRT, External Intelligence Detection & Response Time)의 합으로 구성된다. 내부위협정보 탐지대응시간(IIDRT)는 다섯 단계의 소요시간의 합으로 계산할 수 있다. 본 연구의 궁극적인 목표는 보안관제센터의 주요한 업무활동들을 수식으로 모델링하여 보안관제센터의 사이버 위협정보 탐지대응시간 계산식을 산정하는데 있다. 2장에서는 선행연구를 살펴보고, 3장에서는 전체 위협정보 탐지대응시간의 계산식을 모델링한다. 4장에서 결론으로 끝을 맺는다.

• Journal of Information Technology Applications and Management
• /
• 제18권2호
• /
• pp.91-108
• /
• 2011

Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

• Journal of Positioning, Navigation, and Timing
• /
• 제12권4호
• /
• pp.437-445
• /
• 2023

A space system refers to a network of sensors, ground systems, and space-craft operating in space. The security of space systems relies on information systems and networks that support the design, launch, and operation of space missions. Characteristics of space operations, including command and control (C2) between space-craft (including satellites) and ground communication, also depend on wireless frequency and communication channels. Attackers can potentially engage in malicious activities such as destruction, disruption, and degradation of systems, networks, communication channels, and space operations. These malicious cyber activities include sensor spoofing, system damage, denial of service attacks, jamming of unauthorized commands, and injection of malicious code. Such activities ultimately lead to a decrease in the lifespan and functionality of space systems, and may result in damage to space-craft and, lead to loss of control. The Cybersecurity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix, proposed by Massachusetts Institute of Technology Research and Engineering (MITRE), consists of the following stages: Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command & Control, Exfiltration, and Impact. This paper identifies cybersecurity activities in space systems and satellite navigation systems through the National Institute of Standards and Technology (NIST)'s standard documents, former U.S. President Trump's executive orders, and presents risk management activities. This paper also explores cybersecurity's tactics attack techniques within the context of space systems (space-craft) by referencing the Sparta ATT&CK Matrix. In this paper, security threats in space systems analyzed, focusing on the cybersecurity attack tactics, techniques, and countermeasures of space-craft presented by Space Attack Research and Tactic Analysis (SPARTA). Through this study, cybersecurity attack tactics, techniques, and countermeasures existing in space-craft are identified, and an understanding of the direction of application in the design and implementation of safe small satellites is provided.

• International Journal of Computer Science & Network Security
• /
• 제21권4호
• /
• pp.47-51
• /
• 2021

The article analyzes and studies that pedagogical design of the educational process using information and communication technologies in educational institutions of higher education based on the development of a model and methodology personalization of training will improve the quality of the educational process at the university and solve the identified contradiction. A qualitative analysis of foreign countries in the possibility of using information and communication technologies in educational institutions of higher education is carried out.

• International Journal of Computer Science & Network Security
• /
• 제22권8호
• /
• pp.275-279
• /
• 2022

The growth of technology nowadays has made many things easy for humans. These things are from everyday small task to more complex tasks. Such growth also comes with the illegal activities that are perform by using technology. These illegal activities can simple as displaying annoying message to big frauds. The easiest way for the attacker to perform such activities is to convenience user to click on the malicious link. It has been a great concern since a decay to classify URLs as malicious or benign. The blacklist has been used initially for that purpose and is it being used nowadays. It is efficient but has a drawback to update blacklist automatically. So, this method is replace by classification of URLs based on machine learning algorithms. In this paper we have use four machine learning classification algorithms to classify URLs as malicious or benign. These algorithms are support vector machine, random forest, n-nearest neighbor, and decision tree. The dataset that is used in this research has 36694 instances. A comparison of precision accuracy and recall values are shown for dataset with and without preprocessing.

• 디지털산업정보학회논문지
• /
• 제17권4호
• /
• pp.95-102
• /
• 2021

As social interest in the metaverse increases, various metaverse platforms and services are appearing, and various security issues are emerging accordingly. In particular, since all activities are performed in a variety of virtual spaces, and the metaverse utilizes sensing data using various hardware devices, more information is accumulated than other Internet services, and more damage can occur if information security is not guaranteed. Therefore, in this paper, we propose a metaverse security model that considers the major issues mentioned in previous papers and the necessary evaluation factors for the security functions required in the metaverse platform. As a result of performing the performance evaluation of the proposed model and the existing attribute information collection model, the proposed model can provide security functions such as anonymity and source authentication, which were not provided by the existing models.

• 한국콘텐츠학회논문지
• /
• 제9권1호
• /
• pp.388-399
• /
• 2009

이 연구는 시큐리티 요원의 여가관을 규명하고자 한다. 즉, 여가관을 규명하기 위하여 여가인식과 여가실태를 분석하고자 한다. 이 연구는 2008년 수도권(서울 경기) 소재 시큐리티 회사에 재직하고 있는 시큐리티 요원을 연구대상으로 선정한 후 판단표집법을 이용하여 총 333명의 표본을 추출 사용되었다. 측정도구는 설문지로서, 크게 사회인구통계학적 특성, 여가인식, 여가실태로 구성되었다. 설문지의 타당도는 문헌고찰과 함께 전문가회의를 통하여 검증하였다. 자료처리는 $x^2$ 검증 기법이 활용되었다. 결론은 다음과 같다. 첫째, 시큐리티 요원은 대체로 여가를 “휴식”이라고 생각하였으며, “스트레스 해소”를 위해 여가가 필요한 것으로 평가 하였다. 그리고 시큐리티 요원은 대개 여가와 일의 중요성에 있어서 “여가와 일 모두 중요하다”라고 평가 하였다. 둘째, 시큐리티 요원은 여가활동으로 “사교활동”에 많이 참가하였으며, 여가활동 빈도는 “한달 2-3회”, 여가활동 시간은 “1-2시간”, 여가활동 기간은 “4-7년”이 많았다.

• 정보보호학회논문지
• /
• 제29권6호
• /
• pp.1463-1475
• /
• 2019

현대의 첨단 무기 체계는 과거와 달리 복잡하고 많은 구성품들이 결합되어 하나의 무기체계를 형성한다. 또한, 하드웨어가 주 구성이었던 과거와 달리 소프트웨어 비중이 매년 증가하고 있어 무기체계의 보안 보증 활동이 과거보다 더 어려워지고 있다. 미국은 1960년대부터 자신들이 개발하는 무기체계의 보안을 보증하기 위해 연구를 진행해왔다. 이 연구 결과는 미국 내부 표준으로 만들어졌고 정기적으로 업데이트 되었으며 현재는 RMF로 적용되고 있다. 국내에서는 미국의 RMF를 기반으로 2010년경부터 연구 활동을 해왔다. 그러나 미국 내 RMF 적용 실 사례는 기밀로 분류해 얻을 수 없고, 국내에서도 공식적인 적용사례는 없다. 본 논문에서는 지금까지 연구된 한국형 RMF 연구를 활용하여 최근 개발된 실제 무기체계에 적용해 본다. 그리하여 RMF를 적용할 수 있는 상세 가이드라인을 제시한다.

• 한국재난관리표준학회지
• /
• 제1권1호
• /
• pp.35-43
• /
• 2008

본 연구는 우리나라의 재난관리체계를 고찰하고 국제 재난관리표준화 동향, 선진국의 재난관리표준화 활동 및 국내 재난관리표준화의 현황을 분석하였다 국제표준화기구(ISO)는 ISO/TC 223 Societal Security을 통하여 국제 재난관리규격을 개발하고 있으며, 미국, 영국 및 일본과 같은 선진국들은 자국의 재난관리표준을 국제 표준화 하기위해 경쟁하고 있다. 우리나라는 국가 재난관리표준이 제정되지 않아 재난관리 책임 기관별로 별도의 표준화를 추진하고 이에 따른 재난관리 활동을 수행하고 있다. 재난관리의 효율성을 높이고 국제적인 재난관리표준화에 적극 대용하기 위해서 우리나라에서도 국가재난관리표준의 제정과 재난관리시스템의 표준화가 구축되어야 한다.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2001년도 ICCAS
• /
• pp.59.1-59
• /
• 2001

The attackers on Internet-connected systems we are seeing today are more serious and more technically complex than those in the past. Computer security incidents are different from many other types of crimes because detection is unusually difficult. So, network security managers need a IDS and Firewall. IDS (Intrusion Detection System) monitors system activities to identify unauthorized use, misuse or abuse of computer and network system. It accomplishes these by collecting information from a variety of systems and network resources and then analyzing the information for symptoms of security problems. A Firewall is a way to restrict access between the Internet and internal network. Usually, the input ...