• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1055-1062
• /
• 2021

As face-to-face education becomes difficult due to the spread of COVID-19, the use of e-learning content and virtual training is increasing. In the case of information security education, practice to learn response techniques is important, so simulation hacking and vulnerability analysis activities have been supported as virtual training for a long time. In order to increase the educational effect, contents should be designed similar to real situation, and learning activities to achieve the learning goals should be designed. In addition, excellent functions and scalability of the system supporting learning activities are required. The researcher developed an LMS evaluation index that supports non-face-to-face education by considering the key elements of non-face-to-face education and training. The developed evaluation index was applied to the information security education platform to verify its practical utility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.675-684
• /
• 2019

Under the wave of the Fourth Industrial Revolution, developed countries around the world recognize Smart Factory as a core base and strive to enhance the nation's industrial competitiveness through related policies and industry development. Domestic ministries have also set up a strategy for manufacturing innovation 3.0 and are pushing for the expansion of smart factories with 30,000 targets by 2025. In this study, we analyze the practical cases of smart factory security related companies and present the application methods for the same industry. we also intend to contribute to the protectetion of important information in Smart Factory and stable operation.

• Korean Security Journal
• /
• no.22
• /
• pp.65-90
• /
• 2010

Recently, alarmed by the frequent international terrorism or safety accidents, the host countries of world sports events are focusing on security activities for the sake of the participants, facilities, events and competitions. They are alarmed because in case any happenings like international terrorism or safety accident, the contest itself can be criticized to be a failure as much as the international reliability of the host nation may well crash. We can see that any failure in coping with terrorism or safety matters can lead to a nation-wise crisis in the case of Indonesia where the October 12th of 2002 terrorist bomb attack in Bali damaged the image of the nation followed by the similar case in Philippine (Oct. 20th, 2002) where the same terrorist attack dramatically scared away the tourists to the nation. Korea is scheduled to hold the World Championship in Athletics in Daegu Metropolitan City in 2011. Also, it is slated to host various world sports events such as Yeosu International Exposition and Incheon Asian Games. In these contexts, this study analyzes counter-terrorism cases related with the recent international sports events that have been organized in a variety of manners in the era of globalization. This study aims to show alternatives for the safety management in these events. In other words, it is focusing on giving directions to the safety policies of the nation -which may become the future hub of north-east Asia and the world - for more perfect guard and defense, and counter-terrorism activities in all the conferences, sports events and international festivals where any private defense and guard companies are allowed to cooperate with the police force or public security agencies.

• Journal of KIISE:Databases
• /
• v.30 no.6
• /
• pp.585-592
• /
• 2003

In the spatial database systems, it is necessary to manage spatial objects that have two or more aspatial information with different security levels on the same layer. If we adapt the polyinstantiation concept of relational database system for these spatial objects, it is difficult to process the representation problem of spatial objects and to solve the security problem that is service denial and information flow by access of subject that has a different security level. To address these problems, we propose a polyinstantiation method for security management of spatial objects in this paper. The proposed method manages secure spatial database system efficiently by creating spatial objects according to user's security level through security-level-conversion-step and polyinstantiation-generation-step with multi-level security policy. Also, in case of user who has a different security level requires secure operations, we create polyinstance for spatial object to solve problems of service denial and information flow.

• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.43-50
• /
• 2013

Recently, Cyber threats that is doing intelligence and sophistication from the organization's information assets to secure order technical disciplines, as well as managerial and environmental sectors, such as mind-response system is must established. In this paper, possible to analyze the case for the theory in network security, such as the logical network and physical network separation suitable for the corporate environment and constantly respond and manage the Information Security Management Model A secure network design is proposed. In particular, the proposed model improvements derived from the existing network, network improvements have been made in order to design improved ability to respond to real-time security and central manageability, security threats, pre-emptive detection and proactive coping, critical equipment in the event of a dual hwalreu through applied features such as high-availability, high-performance, high-reliability, ensuring separation of individual network security policy integrated management of individual network, network security directional.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.969-976
• /
• 2013

The information protection systems of company are intended to detect all weak points, intrusion, document drain. All actions of people in company are recorded and can check persistently. On the other hand, what analyze security log generated by these systems becomes more difficult. Most staff who manages the security systems, and analyze log is more incomprehensible than a user or a person of drain for an information distribution process of the work-site operations and the management procedure of the critical information. Such a reality say the serious nature of the internal information leakage that can be brought up more. While the research on the big data proceeds actively recently, the successful cases are being announced in the various areas. This research is going to present the improved big data processing technology and case of the security field.

• The Journal of the Korea Contents Association
• /
• v.20 no.2
• /
• pp.15-26
• /
• 2020

Secure boot is security technology that verifies the integrity of the computer system in boot stage and controls the boot process accordingly. The computer system can establish a secure execution environment from the threat of various malwares by security boot and also supports the recovery when system in emergency case. Recently, Secure boot has been adopted by various modern computer manufacturers to protect users' information from hacker attacks and to prevent abuse of their products by malicious users. In this paper, we classify security boot developed by various companies and organizations by platform, and analyze the design and development purpose of each security boot and investigate the limitation of design. It can be used as a reference for system security designers in various information of security boot development method and security design of system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.77-87
• /
• 2011

As information services have been widely used in various environments, the knowledge information security sector plays a significant role in development and management of products and services, information privacy management, risk management and safety, etc. Thus, the process of acquiring knowledge information security professionals is getting more attention for promoting the stable and long-term development of the knowledge information security sector. This study identifies and analyzes the promising fields for the KISA Employment-Contract Master Program and suggests promotion strategies for knowledge information security professionals. By surveying participants and would-be participants, and interviewing experts, it is analyzed that 'mobile security' and 'convergence security' are the two most important fields to be included in the program.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.364-374
• /
• 2022

Health information systems (HIS) are facing security challenges on data privacy and confidentiality. These challenges are based on centralized system architecture creating a target for malicious attacks. Blockchain technology has emerged as a trending technology with the potential to improve data security. Despite the effectiveness of this technology, still HIS are suffering from a lack of data privacy and confidentiality. This paper presents a blockchain-based data storage security architecture integrated with an e-Health care system to improve its security. The study employed a qualitative research method where data were collected using interviews and document analysis. Execute-order-validate Fabric's storage security architecture was implemented through private data collection, which is the combination of the actual private data stored in a private state, and a hash of that private data to guarantee data privacy. The key findings of this research show that data privacy and confidentiality are attained through a private data policy. Network peers are decentralized with blockchain only for hash storage to avoid storage challenges. Cost-effectiveness is achieved through data storage within a database of a Hyperledger Fabric. The overall performance of Fabric is higher than Ethereum. Ethereum's low performance is due to its execute-validate architecture which has high computation power with transaction inconsistencies. E-Health care system administrators should be trained and engaged with blockchain architectural designs for health data storage security. Health policymakers should be aware of blockchain technology and make use of the findings. The scientific contribution of this study is based on; cost-effectiveness of secured data storage, the use of hashes of network data stored in each node, and low energy consumption of Fabric leading to high performance.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.127-136
• /
• 2021

In the systems and software modeling field, a conceptual model involves modeling with concepts to support development and design. An example of a conceptual model is a description developed using the Unified Modeling Language (UML). UML uses a model multiplicity formulation approach, wherein a number of models are used to represent alternative views. By contrast, a model singularity approach uses only a single integrated model. Each of these styles of modeling has its strengths and weaknesses. This paper introduces a partial solution to the issue of multiplicity vs. singularity in modeling by adopting UML use cases and class models into the conceptual thinging machine (TM) model. To apply use cases, we adopt the observation that a use-case diagram is a description that shows the internal structure of the part of the system represented by the use case in addition to being useful to people outside of the system. Additionally, the UML class diagram is recast in TM representation. Accordingly, we develop a TMUML model that embraces the TM specification of the UML class diagram and the internal structure extracted from the UML use case. TMUML modeling introduces some of the advantages that have made UML a popular modeling language to TM modeling. At the same time, this approach supplies UML with partial model singularity. The paper details experimentation with TMUML using examples from the literature. Our results indicate that mixing UML with other models could be a viable approach.