• Journal of the Korean Operations Research and Management Science Society
• /
• v.38 no.4
• /
• pp.95-112
• /
• 2013

Information system (IS) security continues to present a challenge for firms. Especially, IT security accident is recently taking place successively in the financial sector. Thus, a comprehensive measure on this is demanded. A large part of a research on security relies upon technical design in nature and is restrictive in a consideration of person and organizational issue. To achieve a goal of firm security, it is possible with an effort of organizational management and supervision for maintaining the technical and procedural status. Based on a theory of accountability, we propose that the security countermeasures of organization lead to an increase in accountability and reduction in risk of IT security in a financial firm and further to firm performance like promotion in firm reliability. In addition, we investigate which difference a theoretical model shows by comparison between South Korean and American financial firms. As a result of analysis, it found that South Korea and America have significant difference, but that a measure on the financing IT security is important for both countries. We aim to enhance interpretability of a research on security by comparatively analysis between countries and conducting a study focus on specific firm called financial business. Our study suggest new theoretical framework to a research of security and provide guideline on design of security to financial firm.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.303-309
• /
• 2013

This paper analyzed about operation environment and policy for US military tactical communication, and security policy and transmission performance of tactical link. It is presented operation communication message and framework, which is supported semi automated force, SINCGARS specification of link layer in operation environment, and analyzed COMSEC policy and application layer security in tactical security policy. Also it analyzed in respect to transmission performance and crypto synchronization detection. Security policy of tactical link and COMSEC is analyzed in respect of crypto device such as AFKDMS, AKMS, RBECS, KIV-7/HSB.

• Journal of Information Technology Services
• /
• v.2 no.2
• /
• pp.97-109
• /
• 2003

As the importance and the need for network security is increased, many organization uses the various security systems. They enable to construct the consistent integrated security environment by sharing the vulnerable information among firewall, intrusion detection system, and vulnerable scanner. And Policy-based network provides a means by which the management process can be simplified and largely automated. In this article we build a foundation of policy-based network modeling environment. The procedure and structure for policy rule induction from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Based) is conducted. It also transforms the policy rules into PCIM (Policy Core Information Model).

• Journal of Digital Convergence
• /
• v.8 no.4
• /
• pp.97-108
• /
• 2010

Nowadays, information security governance which is an integral part of corporate governance has become an important issue in protecting valuable business information assets. However, there are few organizations which have implemented information security governance because of its abstract concept. The objective of this paper is to develop CSFs for implementing information security governance. Ten CSFs were developed based on the ISO/IEC 27014 Information Security Governance Framework.

• Asia pacific journal of information systems
• /
• v.23 no.4
• /
• pp.129-149
• /
• 2013

According to the development of new Information Technologies, firms consistently invest a significant amount of money in IT activities, such as establishing internal and external information systems. However, several anti-Information activities-such as hacking, leakage of information and system destruction-are also rapidly increasing, thus many firms are exposed to direct and indirect threats. Therefore, firms try to establish information security systems and manage these systems more effectively via an enterprise perspective. However, stakeholders or some managers have negative opinions about information security systems. Therefore, in this research, we study the relationship between multibusiness firms' performance and information security systems. Information security indicates physical and logical correspondence of information system department against threats and disaster. Studies on information security systems suggested frameworks such as IT Governance Cube and COBIT Framework to identify information security systems. Thus, this study define that information security systems is a controlled system on enterprise IT process and resource on IT Governance perspective rather than independent domain of IT. Thus, Information Security Systems should be understood as a subordinate concept of IT and business processes. In addition, this study incorporates information capability to information security system literature to show the positive relationship between Information Security Systems and Corporate Performance. The concept of information capability suggested that an interaction of human, information, technical and an effect on corporate performance using three types of capability (IT Practice, Information Management Practice, Information Behaviors and Values). Information capability is about firms' capability to manage IT infrastructure and information as well as individual employees who use IT infrastructure and information. Thus, this study uses information capability as a mediating variable for the relationship between information security systems and firms' performance. To investigate the relationship between Information Security Systems and multibusiness firms' performance, this study extends the IT relatedness concept into Information Security Systems. IT relatedness provides understanding of how corporations cope with conflicts between headquarters and business units to create a synergy effect and achieve high performance using IT resources. Based on the previous literature, this study develops the IT Security Relatedness model. IT Security Relatedness is our main independent variable, while Information Capability and Information Security Performance are mediating variables. To control for the common method bias, we collect each multibusiness firm's financial performance and use it as our dependent variable. We find that Information Security Systems influence Information Capability and Information Security Performance positively, and these two variables consequently influence Corporate Performance positively. In addition, this result indirectly shows that corporations under a multibusiness environment can obtain synergy effects using the integrated Information Security Systems. This positive impact of Information Security Systems on multibusiness firms' performance has an important implication to various stakeholders. Therefore, multibusiness firms need to establish Information Security Systems to achieve better financial performance.

• Journal of Information Technology Services
• /
• v.23 no.1
• /
• pp.1-10
• /
• 2024

The IT environment is changing due to the acceleration of digital transformation in enterprises and organizations. This expansion of the digital space makes centralized cybersecurity controls more difficult. For this reason, cyberattacks are increasing in frequency and severity and are becoming more sophisticated, such as ransomware and digital supply chain attacks. Even in large organizations with numerous security personnel and systems, security incidents continue to occur due to unmanaged and unknown threats and vulnerabilities to IT assets. It's time to move beyond the current focus on detecting and responding to security threats to managing the full range of cyber risks. This requires the implementation of asset Inventory for comprehensive management by collecting and integrating all IT assets of the enterprise and organization in a wide range. IT Asset Management(ITAM) systems exist to identify and manage various assets from a financial and administrative perspective. However, the asset information managed in this way is not complete, and there are problems with duplication of data. Also, it is insufficient to update of data-set, including Network Infrastructure, Active Directory, Virtualization Management, and Cloud Platforms. In this study, we, the researcher group propose a new framework for automated 'Comprehensive IT Asset Management(CITAM)' required for security operations by designing a process to automatically collect asset data-set. Such as the Hostname, IP, MAC address, Serial, OS, installed software information, last seen time, those are already distributed and stored in operating IT security systems. CITAM framwork could classify them into unique device units through analysis processes in term of aggregation, normalization, deduplication, validation, and integration.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.277-287
• /
• 1994

많은 정보시스템이 점차적으로 전산망으로 연결되므로서, 보안성에 대한 위협이 더욱 증대되고 있다. 적절한 보안성을 유지하기 위해서는 시스템이 어느 정도 위험한지를 파악하여 이를 관리하는 노력이 필요하다. 이와 같은 노력의 가장 중심이 되는 것은 위험관리의 체계를 세우고 이에 따른 방법론을 개발하는 것이다. 본 논문은 기존의 위험관리 체계를 검토하고 분석하여, 이를 기초로 단순하면서도 실용적인 위험관리의 체계를 제시하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.7 no.4
• /
• pp.141-149
• /
• 2002

Recently, a number of network systems are developed rapidly and network architectures are more complex than before, and a policy-based network management should be used in network system. Especially, a new paradigm that policy-based network management can be applied for the network security is raised. A security policy server in the management layer can generate new policy, delete. update the existing policy and decide the policy when security policy is requested. The security server needs to analyze and manage the alert message received from server Policy enforcement system in the enforcement layer for the available information. In this paper, we implement an alert analyzer that analyze the stored alert data for making of security policy efficiently in framework of the policy-based network security management. We also propose a data mining system for the analysis of alert data The implemented mining system supports alert analyzer and the high level analyzer efficiently for the security.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.35-41
• /
• 2015

Internet of Things has a wide range of vulnerabilities are exposed to information security threats. However, this does not deal with the basic solution, the vaccine does not secure encryption for the data transmission. The encryption and authentication message transmitted from one node to the construction of the secure wireless sensor networks is required. In order to satisfy the constraint, and security requirements of the sensor network, lightweight encryption and authentication technologies, the light key management technology for the sensor environment it is required. Mandatory sensor network security technology, privacy protection technology subchannel attack prevention, and technology. In order to establish a secure wireless sensor networks encrypt messages sent between the nodes and it is important to authenticate. Lightweight it shall apply the intrusion detection mechanism functions to securely detect the presence of the node on the network. From the sensor node is not involved will determine the authenticity of the terminal authentication technologies, there is a need for a system. Network security technology in an Internet environment objects is a technique for enhancing the security of communication channel between the devices and the sensor to be the center.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.8 no.6
• /
• pp.303-309
• /
• 2013

Cloud storage services are used for efficient sharing or synchronizing of user's data across multiple mobile devices. Although cloud storages provide flexibility and scalability in storing data, security issues should be handled. Currently, typical cloud storage services offer data encryption for security purpose but we think such method is not secure enough because managing encryption keys by software and identifying users by simple ID and password are main defectives of current cloud storage services. We propose a secure data access method to cloud storage in mobile environment. Our framework supports hardware-based key management, attestation on the client software integrity, and secure key sharing across the multiple devices. We implemented our prototype using ARM TrustZone and TPM Emulator which is running on secure world of the TrustZone environment.