• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.699-707
• /
• 2023

DevSecOps is a concept that adds security procedures to the operational procedures of DevOps to respond to the short development and operation cycle. Multi-step vulnerability scanning process should be considered to provide reliable security while supporting rapid development and deployment cycle in DevSecOps. Many open-source vulnerability scanning tools available can be used for each stage of scanning, but there are difficulties in evaluating the security level and identifying the importance of information in integrated operation due to the various functions supported by the tools and different security results. This paper proposes an integrated security metric design plan for scurity results and the combination of open-source scanning tools that can be used in security stage when building the open-source based DevSecOps system.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• Journal of the Society of Disaster Information
• /
• v.10 no.4
• /
• pp.536-547
• /
• 2014

With the changing safety services and social order systems accompanied by the economic development and changing public security environment since the Chinese economic reform, the security service industry in China is growing daily and related problems are increasing. For the Chinese security service market to be activated, the monopoly of security services by the public security agencies must be removed. In addition, the research and development, expansion, and applications of safety and crime prevention technologies regarding the safety and protection of exhibition, sales, culture, sports, commerce activities, combinations of safety technologies and crime prevention processes, the provision of relevant technical operations, and the expansion of security service areas are required. Furthermore, the administration rights, property rights, and business management rights of security companies must be separated, the security headquarters must be integrated and coordinated for optimization of various resources solely by market needs, and their rights and affiliation relations must be clear. Besides, the competitiveness of security companies in the security service market must be enhanced by unifying the business management, and optimizing and sharing their resources. The security service ordinances of China that have been implemented now must be applied realistically, methods to activate the true market economy for security services must be researched, and various ordinances related to security services must be realigned in line with the characteristics of security services. Finally, for the mutual cooperation system between public and private security services, the public security agencies must acknowledge the importance of private security services and the status of security service providers in crime prevention and social order maintenance. They must establish partnership relations with each other beyond the unilateral direction and management system for security services and drive with positive attitudes the security service industry which is still in its infancy.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.3
• /
• pp.7-14
• /
• 2005

There are lots of XML security researches as growing importance of XML. Apvrille and Girier proposed a XML signature schema with a time stamping protocol(TSP) to support timeliness. However, the security of the timeliness in their schema depends on only a trusted security authority(TSA). To solve this problem, they suggested a solution by the distributed and linked model, but their solution has a big overhead. This paper proposes a new XML signature schema to solve the overhead problem. The proposed signature schema can offer the timeliness by the XML signature schema with user's timestmap and it solve the TSA's security problem.

• Korean System Dynamics Review
• /
• v.4 no.2
• /
• pp.5-44
• /
• 2003

The focus of this paper is comparing relative effects of government policies for upbringing information security industry from the dynamic point of view. For the purpose of simplicity, these policies are classified into three groups, and then the relative effectiveness of these policy groups is examined using System Dynamics. The three policy groups are composed of technology development policies (TDP), human resource development policies (HDP), and direct supporting policies for overseas expansion (DSP). From the result of the analysis, DSP appears to be the most effective and HDP is the second-best group. By the way, for successful carrying into effect of DSP, marketing manpower should be strengthen. However, current HDP has been focusing on the bringing up technical experts. Therefore, overseas marketing manpower should be reared as well as technicians. Also, the existing infrastructure for overseas expansion for other industries should be shared for DSP of information security industry, because this is essential for success of DSP in terms of timing and costing. Finally, in spite of its low effect, TDP should be maintained continuously. The importance of information security technology is increasing and some countries have already considered these technologies as a core of future national defense. Therefore, we should acquire the competitiveness for a few technologies through continuous development of selected technologies at least.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.109-115
• /
• 2008

As a new facet of international security realm in 21C, Information Warfare(IW) has rised new way of warfare and demostrated its efficiency in battelfield. With the rapid development of information technology, indeed, it is difficult to estimate the future of IW. While there are a lot of discussion on the clear concep of IW, it is clear that IW has the factor of psychological warfare, so-called cyber psychological warfare. Considering the security environment of Republic of Korea(ROK), the cyber psychological warfare has the significant importance for national security. While it has to deal with the cyber psychological warfare of North Korea, it also try to cope with the various threaten of international conflicts to protect Korean people and national interest.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.6
• /
• pp.267-273
• /
• 2011

The importance of networking capability is gaining more weight for enterprise business and high-speed Internet access with guaranteed security management is essential to companies. This paper presents a unified network security management solution to support high-speed Internet access, active security management, traffic classification and control. The presented system provides firewall, VPN, intrusion detection, contents filtering, traffic management, QoS management, and history log functions in unified manner implemented in a single appliance device located at the edge of enterprise networks. This will enable cost effective unified network security solution to companies.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.2 s.34
• /
• pp.11-19
• /
• 2005

The importance of this Paper is to develop a standard Performance evaluation model and scenario for the secure OS. According to the scenario that was conducted for Performance evaluation, benchmarking was Performed. All the benchmarking result was thoroughly analyzed. Our result contribute to evaluating Secure 05 that contains various security policy affecting system Performance. In this paper, it is expected to Provide guidelines of secure operating system for the consumer, developer and evaluator. It will also contribute to the systematic basis for evaluation of security 05 and the promotion of domestic information security industry by retaining basic technology for international trends.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.199-206
• /
• 2015

Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.1034-1037
• /
• 2013

ICT infrastructure is electronic control systems or communication network related to national security, public administration, defense, policing, finance. Water resources sector has been building a system of control that can be performed electronically, communications, management, energy, and other work-related. Water resources sector has been a paradigm shift in water management and the control system is integrated into a single network. The control system security vulnerabilities are exposed - other control networks, business networks, linking with outside agencies, etc. Cyber terrorist society can cause a huge mess economically, The importance of security for control systems is becoming. In this paper, ICT infrastructure - the water resources in the field of control systems will analysis security measures.