• Annual Conference of KIPS
• /
• 2002.04b
• /
• pp.899-902
• /
• 2002

본 논문에서는 정책기반의 네트워크 보안 프레임워크 내에서 동작하는 침입자 역 추적 방안을 제안하고, 필요한 기능 구성요소에 대해 논한다. 제안한 역 추적 방안에서는 라우터, 스위치 등과 같은 기존의 네트워크 노드에서 tracing 기능을 직접 수행하지 않고도 위조된 유해 패킷의 송신 근원지 파악이 가능하다. 특히 정책기반의 네트워크 보안 프레임워크 내의 구성요소(보안제어서버, 보안게이트웨이)만으로 근원지 주소를 파악할 수 있기 때문에 망 구성 환경에 영향을 받지 않으며 네트워크 서비스 성능에 영향을 끼치지 않고도 침입 근원지를 파악하여 대응 할 수 있는 능동적인 보안 기능이 가능하다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.801-809
• /
• 2024

In the digital age, the importance of personal information has magnified, underscoring the need for enhanced personal information protection, especially within public institutions. Despite ongoing efforts since 2007, significant breaches in public sector information underline persistent vulnerabilities. This study advocates for a transition from a diagnostic to an assessment framework to fortify privacy management in public institutions, as mandated by recent legislative revisions. The amended Personal Information Protection Act introduces an assessment approach, aiming to comprehensively assess and mitigate risks by expanding the scope of evaluation and implementing robust regulatory measures. This study examines the limitations of the current diagnostic practices through literature review and case analysis and proposes a systematic approach to adopting the new assesment system. By enhancing the assessment framework, the study expects to improve the effectiveness of personal information management in public institutions, thereby restoring public trust and ensuring a stable progression into a more secure digital era. The transition to an assessment system is designed not only to address the gaps in the current framework but also to provide a methodical assessment that supports ongoing improvement and compliance with enhanced legal standards.

• Journal of Information Technology Services
• /
• v.7 no.1
• /
• pp.117-130
• /
• 2008

Multi-attribute risk assessments provide a useful framework for systematic quantitative risk assessment that the security manager can use to prioritize security requirements and threats. In the first step, the security managers identify the four significant outcome attributes(lost revenue, lost productivity, lost customer, and recovery cost). Next. the security manager estimates the frequency and severity(three points estimates for outcome attribute values) for each threat and rank the outcome attributes according to AHP(Analytic Hierarchy Process). Finally, we generate the threat index by using muiti-attribute function and make sensitivity analysis with simulation package(Crystal Ball). In this paper, we show how multi-attribute risk analysis techniques from the field of security risk management can be used by security managers to prioritize their organization's threats and their security requirements, eventually they can derive threat index. This threat index can help security managers to decide whether their security investment is consistent with the expected risks. In addition, sensitivity analysis allows the security manager to explore the estimates to understand how they affect the selection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.63-75
• /
• 2009

Recently personal information security breaches by unauthorised access, mistakenly disclosure or stolen become more frequent and the scale of the economic loss of such incidents is growing. Assessing economic loss of personal information security breaches is needed for decision making of information security investment This paper presents a framework to analyze economic impact of personal information security breaches and develops formula for each element to empirically calculate the economic loss. We also compared annual economic loss of Korea with that of Japan to develop some implications.

• Journal of KIISE:Databases
• /
• v.31 no.1
• /
• pp.1-12
• /
• 2004

As network systems are developed rapidly and network architectures are more complex than before, it needs to use PBNM(Policy-Based Network Management) in network system. Generally, architecture of the PBNM consists of two hierarchical layers: management layer and enforcement layer. A security policy server in the management layer should be able to generate new policy, delete, update the existing policy and decide the policy when security policy is requested. And the security policy server should be able to analyze and manage the alert messages received from Policy enforcement system in the enforcement layer for the available information. In this paper, we propose an alert analyzer using data mining. First, in the framework of the policy-based network security management, we design and implement an alert analyzes that analyzes alert data stored in DBMS. The alert analyzer is a helpful system to manage the fault users or hosts. Second, we implement a data mining system for analyzing alert data. The implemented mining system can support alert analyzer and the high level analyzer efficiently for the security policy management. Finally, the proposed system is evaluated with performance parameter, and is able to find out new alert sequences and similar alert patterns.

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1970-1979
• /
• 2017

Computerization of educational administration following educational informatization of government has been steadily improved for the purpose of teachers' offload and job efficiency, finally resulting that NEIS(National Education Information System) has been completed. The NEIS consists of Nationwide service of NEIS, Business portal system of NEIS, Authentication management system and so on. Students, parents and civil petitioners handle civil affairs through Nationwide service of NEIS and teachers and persons of task conduct theirs business by accessing the Business portal system of NEIS. At this time, users have to obtain their certification from Authentication management system. Previous Studies were mainly focused on the evaluation about its performance according to the introduction of NEIS. But from now on there is a growing interest in security assessment and an efficient method for security improvement to check if NEIS works properly. Therefore, in this thesis, we'll propose an analytic framework in which security assessment is carried out after comprehending the fault structures through performing Fault Fishbone Analysis based on the Fault Tree Analysis. As a result of the system applied, the system had the highest rate of improvement to 47.7 percent.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.82-96
• /
• 2003

The Internet has evolved into the global computer network due to the openness of its protocol, but such evolution brings about new risks and threats. To protect computer networks safely, it is the best way that preventing an attacher from intruding beforehand. However, to provision against all attacks causes the degradation of network performance as well as to prevent unknown attacks is very hard. Secure Combination, the framework which establishes a mutual collaboration and cooperation between the trusted zones, could protect systems from the potential attacks. This frameworks can predict attacks by exchanging security information and cooperating with each zone. It is a dynamic and powerful security architecture that rapidly enables updating security policy and deploying response modules.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.244-247
• /
• 2010

In this paper, propose for the international standards of security and reliability SEED block cipher algorithm is applied to the ICMP. This paper is improve security, reliability and user comfort of weakness existing integrated case management system on spring based java framework technology. As a result, part of the user interface to improve performance and can be applied to real world applications.

• International Journal of Computer Science & Network Security
• /
• v.22 no.11
• /
• pp.121-126
• /
• 2022

The number of vehicles has increased exponentially over the past 20 years due to technological advancements. It is becoming almost impossible to manually control and manage the traffic in a city like Karachi. Without license plate recognition, traffic management is impossible. The Framework for License Plate Detection & Recognition to overcome these issues is proposed. License Plate Detection & Recognition is primarily performed in two steps. The first step is to accurately detect the license plate in the given image, and the second step is to successfully read and recognize each character of that license plate. Some of the most common algorithms used in the past are based on colour, texture, edge-detection and template matching. Nowadays, many researchers are proposing methods based on deep learning. This research proposes a framework for License Plate Detection & Recognition using a custom YOLOv5 Object Detector, image segmentation techniques, and Tesseract's optical character recognition OCR. The accuracy of this framework is 0.89.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.11-20
• /
• 2023

The primary aim of this study is to investigate the influence of Service Provider Quality (SPQ), System Quality (SQ), Information Quality (IQ), and Training Quality (TQ) on the interconnected aspect of organizational performance known as growth and development (GD). The study examined the influence of information systems (IS) on organisational performance and provided a theory-based technique for conducting research. The theoretical foundation for this study is derived from the widely employed [1]. IS success model in information systems research. The study's framework incorporates several novel elements, drawn from a comprehensive review of both recent and earlier literature, which researchers have utilized to evaluate the dimensions of [1]. In this study, we collected data from a diverse group of 348 individuals representing various industries through a web-based questionnaire. The collected data were subjected to analysis using SPSS. We conducted a multiple regression analysis involving 15 factors to assess several hypotheses regarding the relationship between the independent construct IS effectiveness and the dependent construct organizational performance. Several noteworthy descriptive statistics emerged, which hold significance for management. The study's findings strongly indicate that information systems exert a significant and beneficial influence on organizational performance. To sustain and continually enhance organizational effectiveness, the study recommends that managers periodically scrutinize and assess their information systems.