• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.27-34
• /
• 2017

In recent years, major security data such as research data and confidential documents have been leaked to the outside due to the carelessness of the companies and research institutes performing IT related services such as information technology projects and research and development of financial institutions, companies and public institutions is. Leakage cases are caused by leakage of personal information due to lack of security management of information system maintenance companies, such as unauthorized leakage or storage of related materials in outsourcing service process. In this paper, we analyzed the types and management status of service business through the environmental survey of corporate informatization business and analyzed the problems in development and maintenance using external service companies. Furthermore, in this paper, we provide an information system service that focuses on the business activities based on the items considered, and at the same time, it provides the informatization service for companies that can prevent infiltration of viruses and hacking from the outside. This paper presents a methodology for enhancing security for the system construction.

• Convergence Security Journal
• /
• v.14 no.1
• /
• pp.71-76
• /
• 2014

In modern society, a social economic change is brought about, because time space limitation regarded to be restrictive in times past was overcome owing to its rapid development on the basis of IT technology. The creation of new knowledge became the basis of competitiveness of nations and companies. As competition intensifies among nations and countries in relation to the development of core technology, companies make investment with placing much weight on the development of new technology, but on the other hand, technology leakage incident continuously occurs due to a lack of understanding to protect technology. This is the largest cause of impeding the competitiveness of nations and companies. And now, it is urgent to take security measures against this. Therefore, this paper analyzes institution and system weakness in the physical security area in the integrated security environment, and then identifies all problems about this, and proposes a plan for solving these.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.67-75
• /
• 2022

Due to the COVID-19 pandemic, many companies have introduced remote work. However, the introduction of remote work has increased attacks on companies to access sensitive information, and many companies have begun to use cloud services to respond to security threats. This study used LDA topic modeling techniques by collecting news data with the keyword 'cloud security' to analyze changes in domestic cloud security trends before and after the COVID-19 pandemic. Before the COVID-19 pandemic, interest in domestic cloud security was low, so representation or association could not be found in the extracted topics. However, it was analyzed that the introduction of cloud is necessary for high computing performance for AI, IoT, and blockchain, which are IT technologies that are currently being studied. On the other hand, looking at topics extracted after the COVID-19 pandemic, it was confirmed that interest in the cloud increased in Korea, and accordingly, interest in cloud security improved. Therefore, security measures should be established to prepare for the ever-increasing usage of cloud services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1191-1204
• /
• 2019

In January 2019, the government revised the regulation on electronic financial supervision to revitalize the use of cloud in the financial sector. However, as cloud policies and regulations cloud undermine financial firms' autonomous security activities or restrict some of the people's basic rights, there has been little movement in the financial sector to use important information as the cloud. In addition, the data localization policy, which requires important information to be kept only in Korea, is a representative regulation that prevents the revitalization of cloud use, which also creates discrimination problems for overseas operators. Therefore, policy and regulatory improvements are needed to enable the cloud to provide a foundation for digital financial innovation through data. This study looked into the current status of cloud policies for domestic and foreign financial companies and analyzed policies and regulations for domestic financial companies. Through these efforts, the government aims to draw up limitations and problems in cloud policies for domestic financial companies and propose policy alternatives, such as measures to improve regulations on localizing data for financial companies to revitalize their use of cloud.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.10C
• /
• pp.1033-1044
• /
• 2003

In this paper, we propose security management architecture that manages efficiently security systems that are produced by different companies and programmable middleware that can reduce the load of management traffic. The proposed architecture applies programmable networks technology to policy based network management (PBNM). The proposed architecture manages and cooperates various security systems using security policy. Also, the programmable middleware provides convenience of management and reduces the overhead of a policy server by translating security policy into execution command. In addition, using programmable middleware, an administrator can manage various security systems that are produced by different companies. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time for enforcing and transferring of policies/messages between the proposed architecture and PBNM architecture.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.941-950
• /
• 2018

The form of information security organization of a financial company has various organizational forms in accordance with the responsibilities and roles of the Chief Information Officer (CIO), the Chief Information Security Officer (CISO) and the Chief Privacy Officer (CPO). However, it is necessary to examine whether these various types of information protection organizations are the optimal organizational forms. In this study, six types of information security organizations among the various types of information security organizations in terms of CISO, CIO, and CPO relationship were selected as candidates. This paper aims to study and elucidate the optimal organizational form of information security for financial companies.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.491-494
• /
• 2019

The results from the analysis of recent security breach cases of industrial control systems revealed that most of them were caused by the employees of a partner company who had been managing the control system. For this reason, the majority of the current company security management systems have been developed focusing on their performances. Despite such effort, many hacking attempts against a major company, public institution or financial institution are still attempted by the partner company or outsourced employees. Thus, the institutions or organizations that manage Industrial Control Systems (ICSs) associated with major national infrastructures involving traffic, water resources, energy, etc. are putting emphasis on their security management as the role of those partners is increasingly becoming important as outsourcing security task has become a common practice. However, in reality, it is also a fact that this is the point where security is most vulnerable and various security management plans have been continuously studied and proposed. A system that enhances the security level of a partner company with a Virtual Desktop Infrastructure (VDI) has been developed in this study through research on the past performances of partner companies stationed at various types of industrial control infrastructures and its performance outcomes were statistically compiled to propose an appropriate model for the current ICSs by comparing vulnerabilities, measures taken and their results before and after adopting the VDI.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.45-64
• /
• 2020

In the rapidly changing business environments, Internet companies have the characteristics of organizational culture that emphasize the flexible, open and autonomous nature of organizational culture, and are transforming into flexible smart working environment that is independent of time and place. Despite such an Internet business environment, the security management system still fails to reflect the business environment and organizational culture of the Internet company, and the control-focused security management system in the Internet company is facing limitations. Therefore, this study designed and developed Corporate members' autonomy-centered security items that considering the characteristics of the business environment and organizational culture of the Internet company. The results of this study are expected to be used to implement and operate corporate members' autonomy-centered security management system in internet companies with an agile business environment and an autonomous organizational culture.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.239-247
• /
• 2024

This study analyzed the impact of strategic human resource management on organizational effectiveness and corporate performance targeting security personnel working in a physical security company. To this end, a survey was conducted from April 15 to May 17, 2024 targeting 130 security managers working in physical security-related companies. In the survey, the variables were divided into "strategic human resource management, organizational effectiveness, and corporate performance." As a result of the analysis, among the research hypotheses, "Strategic human resource management ⇨ organizational effectiveness, organizational effectiveness ⇨ corporate performance, strategic human resource management ⇨ corporate performance" were all adopted. In order to increase the performance of security companies, organizational effectiveness must be improved, and to this end, efforts must be maintained to improve strategic human resource management within the company. In order to improve strategic human resource management in the future, it is necessary to present all the job skills that new employees must have and provide sufficient training opportunities on the job before being put into the field.