• Title/Summary/Keyword: Security Industry

Search Result 1,723, Processing Time 0.025 seconds

Analysis of problems caused by Big Data's private information handling (빅데이터 개인정보 취급에 따른 문제점 분석)

  • Choi, Hee Sik;Cho, Yang Hyun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.1
    • /
    • pp.89-97
    • /
    • 2014
  • Recently, spread of Smartphones caused activation of mobile services, because of that Big Data such as clouding service able to proceed with large amount of data which are hard to collect, save, search and analyze. Many companies collected variety of private and personal information without users' agreement for their business strategy and marketing. This situation raised social issues. As companies use Big Data, numbers of damage cases are growing. In this Thesis, when Big Data process, methods of analyze and research of data are very important. This thesis will suggest that choices of security levels and algorithms are important for security of private informations. To use Big Data, it has to encrypt the personal data to emphasize the importance of security level and selection of algorithm. Thesis will also suggest that research of utilization of Big Data and protection of private informations and making guidelines for users are require for security of private information and activation of Big Data industries.

Security enhanced privacy-aware two-factor authentication protocol for wireless sensor networks (무선 센서 네트워크 환경을 위한 보안성이 향상된 프라이버시 보호형 two-factor 인증 프로토콜)

  • Choi, Younsung;Chang, Beom-Hwan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.15 no.4
    • /
    • pp.71-84
    • /
    • 2019
  • Various researchers conducted the research on two-factor authentication suitable for wireless sensor networks (WSNs) after Das first proposed two-factor authentication combining the smart card and password. After then, To improve the security of user authentication, elliptic curve cryptography(ECC)-based authentication protocols have been proposed. Jiang et al. proposed a privacy-aware two-factor authentication protocol based on ECC for WSM for resolving various problems of ECC-based authentication protocols. However, Jiang et al.'s protocol has the vulnerabilities on a lack of mutual authentication, a risk of SID modification and a lack of sensor anonymity, and user's ID exposed on sensor node Therefore, this paper proposed security enhanced privacy-aware two-factor authentication protocol for wireless sensor networks to solve the problem of Jiang et al.'s protocol, and security analysis was conducted for the proposed protocol.

Spring Boot-based Web Application Development for providing information on Security Vulnerabilities and Patches for Open Source Software (Spring Boot 기반의 오픈소스 소프트웨어 보안 취약점 및 패치 정보 제공 웹 어플리케이션 개발)

  • Sim, Wan;Choi, WoongChul
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.17 no.4
    • /
    • pp.77-83
    • /
    • 2021
  • As Open Source Software(OSS) recently invigorates, many companies actively use the OSSes in their business software. With such OSS invigoration, our web application is developed in order to provide the safety in using the OSSes, and update the information on the new vulnerabilities and the patches at all times by crawling the web pages of the relevant OSS home pages and the managing organizations of the vulnerabilities. By providing the updated information, our application helps the OSS users and developers to be aware of such security issues, and gives them to work in the safer environment from security risks. In addition, our application can be used as a security platform to greatly contribute to preventing potential security incidents not only for companies but also for individual developers.

How to Cope with Ransomware in the Healthcare Industry (의료산업에서의 랜섬웨어 대응 방법)

  • Jeon, In-seok;Kim, Dong-won;Han, Keun-hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.1
    • /
    • pp.155-165
    • /
    • 2018
  • As medical healthcare industry is growing up rapidly these days, providing various new healthcare service is considered carefully. Health information is considered to be more important than financial information; therefore, protecting health information becomes a very significant task. Ransomware is now targeting industry groups that have high information value. Especially, ransomware has grown in various ways since entering maturity in 2017. Healthcare industry is highly vulnerable to ransomeware since most healthcare organizations are configured in closed network with lack of malware protection. Only meeting the security criteria is not the solution. In the case of a successful attack, restoration process must be prepared to minimize damages as soon as possible. Ransomware is growing rapidly and becoming more complex that protection must be improved much faster. Based on ISO 27799 and 27002 standard, we extract and present security measures against advanced ransomware to maintain and manage healthcare system more effectively.

A Study on the Effectual Operating Device for Private Security Service (민간경호업무의 효율적인 운영방안에 관한 연구)

  • Song, Sang-Wook;Lee, Min-Hyung
    • Korean Security Journal
    • /
    • no.9
    • /
    • pp.133-153
    • /
    • 2005
  • The suggestions that follow are about the effectual operating device for private security service. First, in legal and institutional policy, new establishment by law for private security and more support from government is asked. Moreover, the restructuring or M&A between petty companies and the pricing for security service should be performed. Second, in the structural aspect of private security industry, the professional education center for private security guards should be established and the terms of payment and welfare should be improved to the level above standard. In addition, it should be achieved to change the public to have a new and correct understanding of private security and develop the specialized parts suited to the characteristic and ability of each companies. Third, the construction of operating system for private security service should be achieved; recruit system for competent security guards, marketing strategy and enforcement system, widely known confidence to client, normal training system for security guards and post management system for client. This is also to be suited to the characteristic of each companies.

  • PDF

An Exploratory Study on Extracting Industrial Security Jobs and Competencies in the National Competency Standard(NCS):Focusing on the Unclassified Security Area (국가직무능력표준(NCS)에서의 산업보안 직무 및 직무능력 추출을 위한 탐색적 연구:NCS 미분류 보안영역을 중심으로)

  • Lim, Dongsun;Shin, Eunhee;Chang, Hangbae
    • Convergence Security Journal
    • /
    • v.20 no.1
    • /
    • pp.25-32
    • /
    • 2020
  • In the midst of the rising need for Industrial Security experts, the development of National Competency Standards(NCS) with regards to industrial security is a very important and urgent task. The NCS standardizes university-level academic curriculum and qualification systems and connects them with the industry's needs. This study has extracted, classified and analyzed security-related jobs and tasks requiring security expertise that is required within NCS. Through this study, many tasks have been confirmed to require security competencies that are different from those in IT-security, physical security that already exist as a NCS tasks. It is expected that the industry's needs of industrial security expertise will be reflected in future NCS development, which will be used as basic data for systematizing industrial security jobs and competency.

Development of Skills Framework for Information Security Workforce (정보보호 분야 직무체계 개발)

  • Jun, Hyo-Jung;Kim, Tae-Sung;Yoo, Jin-Ho;Gee, Sang-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.3
    • /
    • pp.143-152
    • /
    • 2009
  • Successful industries that have maintained their competitiveness are characterized by well-established skills framework system. Skills framework establishes the agreed-upon, industry-identified knowledge, skills and abilities required to succeed in the workplace. Skills framework forms a solid foundation for the development of outcomes-based instruction and assessment, thus it benefits industry, students, educators and government. Each group has a major stake in the education of our students and in the efficient development of a productive workforce. Particularly in fast-changing fields like information security, relevant data that accurately reflect current and future knowledge and skills enable timely direction of resources, development and revision of industry-relevant curriculum, and efficient development of career information and job profiles. Skills framework occupies an indispensable position in any dialog concerning education or training in technical fields. In this study, we develop the skills framework for information security professionals.

A Study on Private Security in the 1980s (1980년대의 민간경비연구)

  • Ahn, Hwang Kwon
    • Convergence Security Journal
    • /
    • v.16 no.6_2
    • /
    • pp.43-51
    • /
    • 2016
  • In the 1980s, private security was established in the framework of institutional framework with the Security Industry Act which was enacted in 1976. The agents who brought in the development of the private sector in 1980 enjoyed a boom in the global economy, affected by its high-flying dollar value, low international interest rate, low oil prices, and the blooming economy. In addition, the semiconductor, computers and communications equipment that was promoted in accordance with the e-Literacy plan were raised. Following the economic development of various events such as Seoul International Trade Fair, "86 Asian Games," and "88 Seoul Olympic Games," private security expenses were enhanced by increasing awareness of civilian expenses. Also, in the 1980s, Korean investment in foreign companies, including Japan's Secom, or Korean technology, brought many changes to the private security. Meanwhile, the cost of security, which has been centered around human expenses, has brought about the era of mechanized spending, or machine security expenses. The purpose of this study is to systematically analyze the social environment surrounding the private security in the 1980s and systematically analyze the important factors that contribute to private security.

A Study on Categorization of Accident Pattern for Organization's Information Security Strategy Establish (기업 정보보안 전략 수립을 위한 보안 사고 유형 분류에 관한 연구)

  • Kim, Hee-Ohl;Baek, Dong-Hyun
    • Journal of Korean Society of Industrial and Systems Engineering
    • /
    • v.38 no.4
    • /
    • pp.193-201
    • /
    • 2015
  • Corporation's valuable intelligent asset is being threatened from the skills of threatening subject that has been evolved along with the growth of the information system and the amount of the information asset. Domestically, attempts of various private information attacks, important information extortion, and information damage have been detected, and some of them have abused the vulnerability of security of information system, and have become a severe social problem that generates security incident. When accessing to the security, most of companies used to establish a strategy with a consistent manner and a solution plan. However, this is not a proper way. The order of priorities vary depending on the types of business. Also, the scale of damage varies significantly depending on the types of security incidents. And method of reaction and critical control point vary depending on the types of business and security incidents. In this study, I will define the security incidents by their types and preponderantly examine how one should react to those security incidents. In this study, analyzed many types of security accidents that can occur within a corporation and an organization considering various factors. Through this analysis, thought about factors that has to be considered by corporations and organizations when they intend to access to the information security. This study focuses on the response methodology based on the analysis of the case analysis of the leakage of industrial secret and private secret other than the conceptual response methodology that examines the way to prevent the leakage of the industry security systems and the industry information activities. And based on these factors, want to be of help for corporations to apply a reasonable approach when they establish a strategy to information security.

A Study on Security Requirments Analysis through Security Threat Modeling of Home IoT Appliance (Home IoT 가전의 보안위협모델링을 통한 보안요구사항 분석에 관한 연구)

  • Yun, Suk-Jin;Kim, Jungduk
    • The Journal of Society for e-Business Studies
    • /
    • v.24 no.2
    • /
    • pp.113-124
    • /
    • 2019
  • Today many companies are offering IoT-enabled products and place emphasis on security from the planning stage to protect their products and user information from external threats. The present security levels, however, remain low because the time and resources invested in developing security requirements for each device are far from enough to meet the needs of a wide range of IoT products. Nevertheless, vulnerabilities of IoT devices have been reported continuously, which calls for more detailed security requirements for home IoT devices. In this context, this research identified threats of home IoT systems by using Microsoft Threat Modeling Tool. It then suggested measures to enhance the security of home IoT devices by developing security assessment items through comparative analysis of the identified threats, domestic and global vulnerability assessment standards and related research. It also verified the effectiveness of the developed security requirements by testing them against the existing ones, and the results revealed the security requirements developed in this research proved to be more effective in identifying vulnerabilities.