• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.3-6
• /
• 2002

권한 관리 기반 구조(PMI: Privilege Management Infrastructure)란 공개키 기반 구조(PKI: Public key Infrastructure) 와 연동되어 온라인 상에서 사용자의 신원정보와 권한 또는 속성 정보를 연결하여 자원에 대한 접근 관리를 효율적이고 안전하게 할 수 있도록 해주는 정보 보호 인프라이다. 이러한 권한 관리 기반 구조에서 사용되는 인증서를 속성 인증서(Attribute Certificate) 또는 PMI 인증서라고 부른다. 속성 인증서가 기반 구조 내에서 통용되어 사용되기 위해서는 표준화 기관에서 정의한 표준 규격을 따라야 하며 유효성을 해치지 않는 올바른 값들로 인증서 내용이 채워져 있어야 한다. 이와 같이 특정 단체나 어플리케이션에 의해 생성·사용되는 속성 인증서 등이 기반 구조내의 개체들 간에 서고 호환되어 사용될 수 있는지 검사하는 것을 적합성 평가라고 한다. 본 연구에서는 속성 인증서 및 인증서 요청 메시지의 적합성 평가를 위한 평가 시스템을 구성하고 평가 시 요구되는 평가 항목 및 평가 기준을 정의한다.

• Journal of the Korea Safety Management & Science
• /
• v.16 no.3
• /
• pp.433-441
• /
• 2014

Increasing the outsourcing of personal information treatment, the safe management and director for fiduciary is very important. In this paper, under the personal information protection management systems the current situation of fiduciary management and direction was reviewed and the certification system was analysed in terms of availability of the controled items. Under the basis of legal compliance at the time of the Privacy Act, the characteristics of outsourcing type was also analyzed and derived new controled items. As a result of the proposed research, new controled items for fiduciary could be used as a standard for the managing Director.

• International Journal of Computer Science & Network Security
• /
• v.21 no.1
• /
• pp.55-63
• /
• 2021

The design functionality put forward by mapping the interactiveness of information. The presentation of such information with the user interface model indicates that the guidelines, concepts, and workflows form the deliverables and milestones for achieving a visualized design, therefore forming the right trend is significant to ensure compliance in terms of changing consideration and applying evaluation in the early stages. It is evidenced that prototype design is guided by improvement specifications, includes modes, and variables that increase improvements. The study presents five user interface testing methods. The testing methods are heuristic evaluation, perspective-based user interface testing, cognitive walkthrough, pluralistic walkthrough, and formal usability inspection. It appears that the five testing methods can be combined and matched to produce reasonable results. At last, the study presents different mobile application designs for student projects besides the evaluation of mobile application designs to consider the user needs and usability.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.332-338
• /
• 2021

Civil aviation cybersecurity challenges are global in nature and must be addressed using global best practices and the combined efforts of all stakeholders. This requires the development of comprehensive international strategies and detailed plans for their implementation, with appropriate resources. It is important to build such strategies on a common methodology that can be applied to civil aviation and other interrelated critical infrastructure sectors. The goal of the study was to determine the methodological basis for developing an international civil aviation cybersecurity strategy, taking into account existing experience in strategic planning at the level of international specialized organizations. The research was conducted using general scientific and theoretical research methods: observation, description, formalization, analysis, synthesis, generalization, explanation As a result of the study, it was established the specifics of the approach to formulating strategic goals in civil aviation cybersecurity programs in the documents of intergovernmental and international non-governmental organizations in the aviation sphere, generally based on a comprehensive vision of cybersecurity management. A comparative analysis of strategic priorities, objectives, and planned activities for their implementation revealed common characteristics based on a single methodological sense of cybersecurity as a symbiosis of five components: human capacity, processes, technologies, communications, and its regulatory support. It was found that additional branching and detailing of priority areas in the strategic documents of international civil aviation organizations (by the example of Cybersecurity Strategy and Cybersecurity Action Plan) does not always contribute to compliance with a unified methodological framework. It is argued that to develop an international civil aviation cybersecurity strategy, it is advisable to use the methodological basis of the Cyber Security Index.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.3
• /
• pp.61-67
• /
• 2024

Soldiers serving in military units and institutions are subject to strict security policies and technologies because they handle sensitive and confidential information related to national security, so they are likely to experience security stress. The purpose of this study is to recognize the need to manage the security stress of military personnel and to suggest management measures. To this end, a literature study was conducted on 12 KCI(Korean Journal Citation Index) journals dealing with security stress. Since 2016, research on security stress has been conducted mainly through empirical analysis through surveys. Studies related to security stress were divided into studies dealing with factors that affect stress, the relationship between security stress and security compliance intentions, and factors that reduce security stress. In particular, it was confirmed that factors such as organizational justice, organizational technical support, and security feedback can alleviate security stress. Next, by applying the results of this literature study to the defense security environment, we presented security stress management measures for military personnel in terms of improving security-related organizational justice awareness, technical support, and security feedback. The significance of this study is that we recognized the need to manage military personnel's security stress and reviewed practical measures related to this.

• Journal of the Korea Convergence Society
• /
• v.11 no.6
• /
• pp.37-42
• /
• 2020

In the field of public informatization maintenance business, the attacks of external illegal users such as unauthorized leakage, destruction, and alteration due to intentional or inadequate management of personal information are increasing. In order to prevent such security incidents in advance, it is necessary to develop and quantitatively manage SLA indicators. This study presents the privacy SLA indicators and suggests specific methods such as information collection method and timing of the privacy SLA indicators. In order to confirm the validity and reliability of the proposed SLA indicators, an online survey was conducted with a group of experts. As a result, it was evaluated that compliance rate of personal information destruction and compliance rate of personal information protection system would be effective when applied to new and revised SLA indicators in terms of importance and validity. In the future, using SLA indicators for personal information protection as a standard for public information maintenance will contribute to improving SW quality and securing safety.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1607-1620
• /
• 2015

The server privilege account must be operated through law and regulation. However, due to regulation non-compliance and inadequate operation on financial company server privilege, an incident that every server data being deleted by hacker occur which is later being named as 'NH Bank Cyber Attack'. In this paper, the current operation status on financial company privilege accounts is being analysed to elicit problems and improvement. From the analysis, important evaluation factors will be also selected and applied generating the decision making model for financial company server privilege account operation. The evaluation factor deducted from privilege account status analysis will be used to present and verify the decision making model and formula through AHP(Analytic Hierarchy process).

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.1
• /
• pp.49-56
• /
• 2012

As ISO22301 (Societal security-Business continuity management systems-Requirements) related to BCM (BCP) was established in May 2012, KS A ISO22301 (National Standards) will be enacted at the end of the year. Foreign certification agencies at home and abroad are expanding their business, accordingly. And it is expected that there will be a trade barrier such as a demand for compliance with the Standards in the trade between companies. Hence I am trying to find the countermeasures of domestic companies and ways to invigorate Top Company Certification System in the reduction law (The Legislative bill on the support of voluntary activities of enterprises for disaster reduction).

• Journal of Families and Better Life
• /
• v.31 no.6
• /
• pp.39-51
• /
• 2013

Because of the increasing demand for day care centers, The Korean government has enforced childcare accreditation. The government has created the evaluation certification system for child care facilities. But the system includes variable items, and the physical rules are not sufficient for ensuring security and quality amenities. So this study, through literature search, examined the rules of Child Care Centers in the U.S. and compared them with those in Korea focusing on the provision of security and amenities. The standards found in 4 U.S. states were investigated, and the results are as follows. The rule pertaining to the size of indoor activity spaces in C.C.C. allows the spaces to be smaller in Korea than in the U.S. There is no specific criterion for infants and toddlers in our standard. When comparing the standards of Korea with those of the United States, Korea's standards do not state specific rules about child care facilities such as indoor furniture, finishes and space planning. Additionally, the binding force ensuring compliance with the standards of physical facilities is weak. Thus, the ratings of child care standards for the physical environment should be presented in detail. And if a center does not comply with the criteria, stronger penalties will have to be imposed.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.171-176
• /
• 2021

The article considers some issues of criminal law protection of information relations. With the emergence of new types of threats to Ukraine's national security in the field of protection and defense of the state border, the issues of development and strengthening of information protection become especially important. Proper compliance with information legislation also depends on the established responsibility for its violation, which rests on certain provisions of the Criminal Code of Ukraine. It is stated that these norms are placed in different sections and do not have a proper systematization. The article singles out the subjects of information relations in the border area, which are subject to criminal law protection: persons who are not bound by stable relations with the SBGS (who cross the state border of Ukraine, etc.); persons who are members of the SBGS (servicemen and employees); SBGS as a public authority (official and secret information, information about the activities of the agency, its officials, etc.).