• 정보보호학회논문지
• /
• 제22권4호
• /
• pp.901-911
• /
• 2012

개발단계에서의 보안취약점 제거는 운영단계에서 실행하는 것보다 훨씬 더 효율적이고 효과적으로 적용될 수 있다. 소프트웨어에 내재된 보안취약점이 사이버 침해사고의 주요 원인이 되고 있어서 소스코드 수준에서의 보안취약점을 최소화하기 위한 일환으로 시큐어코딩이 주목받고 있다. 소프트웨어 개발과정에서 보안취약점을 제거하는 것이 보다 효과적이면서도 근본적인 해결책이 될 수 있다. 본 논문에서는 개인 단체 조직에서 모바일 시큐어코딩 적용에 따른 보안수준을 평가하기 위한 모바일 시큐어코딩 자가평가(Mobile-Secure Coding Self Assessment) 방법을 연구 제안한다.

• 대한전기학회논문지
• /
• 제43권2호
• /
• pp.179-188
• /
• 1994

This paper deals with implementation of an expert system to obtain an optimal plan of load transfer for fault restoration with the capability of security monitoring and assessment in distribution systems. Based on the technique of load transfer tree analysis, the proposed expert system can afford to assist system operators in proposing an optimal plan of load transfer for fault restoration, In paticular, an application of the proposed ES to practical distribution systems yields an optimal load transfer plan which ensures system security by considering security assessment for contingency of feeders and main transformers in the knowledge based sense.

• 품질경영학회지
• /
• 제51권3호
• /
• pp.435-444
• /
• 2023

Purpose: To attain advanced performance certification, safety aspects along with functionality and performance are essential. Hence, this study suggests radiation leakage assessment methods for aviation security equipment during its performance certification. Methods: Detection technology guided the choice of radiation leakage assessment targets. We then detailed measurement and evaluation methods based on equipment type and operation mode. Equipment was categorized as container or box types for establishing measurement procedures. Results: We've developed specific radiation leakage assessment procedures for different types of aviation security equipment, crucial for ensuring airport safety. Using these procedures allows efficient evaluation of compliance with radiation leakage standards. Conclusion: The suggested radiation leakage assessment method aims to enhance aviation security and reliability. Future research will focus on identifying risks in novel aviation security equipment detection technologies and establishing safety standards.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권12호
• /
• pp.4531-4544
• /
• 2021

Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

• Asia pacific journal of information systems
• /
• 제15권1호
• /
• pp.115-133
• /
• 2005

This study is to develop an information security management model(ISMM) for small and medium sized enterprises(SMEs). Based on extensive literature review, a five-pillar twelve-component reference ISMM is developed. The five pillars of SME's information security are: centralized decision making, ease of management, flexibility, agility and expandability. Twelve components are: scope & organization, security policy, resource assessment, risk assessment, implementation planning, control development, awareness training, monitoring, change management, auditing, maintenance and accident management. Subsequent survey designed and administered to expose experts' perception on the importance of these twelve components revealed that five out of tweleve components require relatively immediate attention than others, especially in SME's context. These five components are: scope and organization, resource assessment, auditing, change management, and incident management. Other seven components are policy, risk assessment, implementation planning, control development, awareness training, monitoring, and maintenance. It seems that resource limitation of SMEs directs their attention to ISMM activities that may not require a lot of resources. On the basis of these findings, a three-phase approach is developed and proposed here as an SME ISMM. Three phases are (1) foundation and promotion, (2) management and expansion, and (3) maturity. Implications of the model are discussed and suggestions are made for further research.

• 정보처리학회논문지:소프트웨어 및 데이터공학
• /
• 제8권6호
• /
• pp.223-234
• /
• 2019

첨단 무기체계들이 고도로 연동되어 수행되는 네트워크 중심전에서는 사이버 공격이 전쟁의 승패를 좌우하는 커다란 위협으로 대두되었다. 또한 최신예 전투기로 발전할수록 증가하는 소프트웨어 의존도는 사이버 공격에 대한 전투기 소프트웨어의 강화된 보안대책을 요구하고 있다. 본 논문에서는 항공기 감항 보안 인증 표준인 DO-326A를 적용함에 있어 전투기의 특성 및 운용환경을 반영하여 위험기반 보안위협 평가 프로세스를 설계한다. 이를 위하여 DO-326A의 감항 보안 인증 프로세스의 보안위협 평가 단계에서 전투기 보안위협을 도출하고 사이버 공격의 발생 가능성과 전투기에 미치는 영향력의 관점에서 위협을 점수화하며 보안위험 심각도를 결정하는 단계를 추가하여 적용한다.

• 한국항행학회논문지
• /
• 제13권5호
• /
• pp.763-772
• /
• 2009

정보화 사회가 추진됨에 따라 다양한 행정정보보호시스템의 개발이 이루어지고, 국가 및 공공기관에서도 안전한 서비스 제공을 위해 행정정보보호시스템의 도입이 증가하고 있다. 특히 행정정보보호시스템은 보안성에 대한 검증이 무엇보다 중요시 되므로 행정정보보호시스템의 보안성 평가 서비스에 대한 관심이 증가하고 있다. 이에 따라 국 내외적으로 다양한 보안성 평가 서비스에 대한 연구가 진행되고 있다. 이에 본 논문에서는 영국 및 캐나다의 보안성 평가 서비스를 분석하고, 이를 바탕으로 국내의 국가 및 공공기관의 사용자에게 신뢰성을 제공할 수 있는 행정정보보호시스템의 사전 검증 도입방안에 대해서 제안한다.

• 대한전기학회:학술대회논문집
• /
• 대한전기학회 2003년도 추계학술대회 논문집 전력기술부문
• /
• pp.28-30
• /
• 2003

Probabilistic Load Flow(PLF) solution based on the method of moments is used for security assessment of bus voltages in power systems. Bus voltages, line currents, line admittances, generated real and reactive power, and bus loads are treated as complex random variables. These complex random variables are known in terms of probability density functions(PDF). Also, expressions for the convolutions of complex random variables in terms of moments and cumulants have been derived. Proposed PLF solution using the method of moments is fast, because the process of convolution of various complex random variables is performed in moment and cumulant domain. Therefore, the method is applied to security assessment of power systems in this paper. Finally, system operator also can be used information of security assessment to improve reliability of power systems.

• 한국안전학회지
• /
• 제12권3호
• /
• pp.67-75
• /
• 1997

This paper presents a study on the application of Asynchronous Team(A-Team) theory for QVC(Reactive power control) and security assessment in a power system. Reactive power control problem is the one of optimally establishing voltage level given reactive power sources, which is very important problem to supply the demand without interruption and needs methods to alleviate a bus voltage limit violation more quickly. It can be formulated as a mixed-integer linear programming(MILP) problem without deteriorating of solution accuracy to a certain extent. The security assessment is to estimate the relative robustness of the system and deterministic approach based on AC load flow calculations is adopted to assess it, especially voltage security. A distance measure, as a measurement for voltage security, is introduced. In order to analyze the above two problem, reactive power control and static security assessment, In an integrated fashion, a new organizational structure, called an A-team, is adopted. An A-team is well-suited to the development of computer-based, multi-agent systems for operation of large-scaled power systems. In order to verify the usefulness of the suggested scheme herein, modified IEEE 30 bus system is employed as a sample system. The results of a case study are also presented.

• Journal of Electrical Engineering and Technology
• /
• 제1권4호
• /
• pp.414-422
• /
• 2006

Deterministic techniques have been applied in power system planning for many years and there is a growing interest in combining these techniques with probabilistic considerations to assess the increased system stress due to the restructured electricity environment. The overall reliability framework proposed in this paper incorporates the deterministic N-1 criterion in a probabilistic framework, and results in the joint inclusion of both adequacy and security considerations in system planning. The combined framework is achieved using system well-being analysis and traditional adequacy assessment. System well-being analysis is used to quantify the degree of N-1 security and N-1 insecurity in terms of probabilities and frequencies. Traditional adequacy assessment is Incorporated to quantify the magnitude of the severity and consequences associated with system failure. The concepts are illustrated by application to two test systems. The results based on the overall reliability analysis framework indicate that adequacy indices are adversely affected by a generation deficient environment and security indices are adversely affected by a transmission deficient environment. The combined adequacy and security framework presented in this paper can assist system planners to realize the overall benefits associated with system modifications based on the degree of adequacy and security, and therefore facilitate the decision making process.