• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.341-353
• /
• 2022

Conglomerates are strengthening cooperative relations by sharing information and dispatching manpower with each other to improve the overall competitiveness and technology of the group, including affiliates, and to enhance synergy. As a result, we are making every effort to increase the level of information protection of the entire group, but information leakage accidents that bypass affiliates and partner companies continue to occur. In addition, the results of the evaluation of the security management system of affiliates conducted by the parent company and the effectiveness of the actual security level have been raised. In addition, each company has limited resources that can be put into security management, so it is time for an more efficient security management system than ever before. In this study, the efficiency of operating the security management system of affiliates of steel companies is reviewed using the DEA-SBM model, and based on the analysis results, improvement measures to improve the level of security management are suggested.

• Journal of Korean Society for Quality Management
• /
• v.51 no.4
• /
• pp.677-689
• /
• 2023

Purpose: The purpose of this study is to design a x-ray screening rating system to improve X-ray screening ability, which is a core job competency of security screener at Incheon International Airport, and to verify its effectiveness through empirical analysis to suggest ways to improve the level management system. Methods: In this study, the effectiveness of the research model was analyzed using T-test tests for effect analysis based on the empirical analysis results derived through the competency evaluation model, the screening rating system. Results: The results of this study are as follows. The average score for regular education before the implementation of the x-ray screening rating system was 94.1 points, but after the implementation of the x-ray screening rating system, the average score for regular education was 95.5 points, an average of 1.4 points increased. In addition, the proportion of those with 95 or more points classified as high scorers also increased significantly from 51.1% to 69.3%. Conclusion: The X-ray screening rating system of security inspectors will systematically manage the level of screening ability, which is a key job competency, and play a strong role in improving competency, while preventing security accidents through early identification and intensive training of level-lowers.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.9-17
• /
• 2002

Traffic engineering function consists of traffic management, capacity management and network planning. In this paper, we present the requirements for each functional traffic management, and also present functional and process model to efficiently to handle the traffic engineering for multimedia internet services. Finally, the traffic management methods for each step are described in detail.

• Industrial Engineering and Management Systems
• /
• v.13 no.1
• /
• pp.87-100
• /
• 2014

Risk management is recognized as a significant element in Information Security Management while the failure mode and effects analysis (FMEA) is widely used in risk analysis in manufacturing industry. This paper aims to present the development work of the Information Security FMEA Circle (InfoSec FMEA Circle) which is used to support the risk management framework by modifying traditional FMEA methodologies. In order to demonstrate the "appropriateness" of the InfoSec FMEA Circle for the purposes of assessing information security, a case study at Hong Kong Science and Technology Parks Corporation (HKSTP) is employed. The "InfoSec FMEA Circle" is found to be an effective risk assessment methodology that has a significant contribution to providing a stepwise risk management implementation model for information security management.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.34 no.3
• /
• pp.155-163
• /
• 2009

We develop a probability model to evaluate information security investment portfolios. We assume that organizations install portfolios of information security countermeasures to mitigate the damage such as loss of the transaction being processed, damage of hardware and data, etc. A queueing model and Its expected value analysis are used to derive the lost cost of transactions being processed, the replacement cost of hardwares, and the recovery cost of data. The net present value for each portfolio is derived and organizations can select the optimal information security investment portfolio by comparing portfolios.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.2
• /
• pp.51-57
• /
• 2017

The first thing to be prioritized is to set the scope of the management system when establishing an information security management system for systematic and effective information security management. It is important to set the scope for an organization's information security goals due to the scope affects the organization's overall information security activities. If the scope is set incorrectly, it might become impossible to protect important services and therefore, the scope of the management system should be determined in consideration of the core business services of the organization. We propose a core service selection model based on the organization's mission-critical service and high risk service in order to determine the effective information security management system scope in this paper. Core service selection criteria include the type of service, contribution to sales, socio-economic impact, and linkage with other services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.131-138
• /
• 2003

With the Internet winning a huge popularity, there rise urgent problems which are related to Network Security Managements such as Protecting Network and Communication from un-authorized user. Accordingly, Using Security equipments have been common lately such as Intrusion Detection Systems, Firewalls and VPNs. Those systems. however, operate in individual system which are independent to me another. Their usage are so limited according to their vendors that they can not provide a corporate Security Solution. In this paper, we present a Hierarchical Security Management Model which can be applicable to a Network Security Policies consistently. We also propose a Policy Negotiation Mechanism and a Prototype which help us to manage Security Policies and Negotiations easier. The results of this research also can be one of the useful guides to developing a Security Policy Server or Security Techniques which can be useful in different environments. This study also shows that it is also possible to improve a Security Characteristics as a whole network and also to support Policy Associations among hosts using our mechanisms.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.407-415
• /
• 2013

Recently, Interest variety of IT services and computing resources are increasing. As a result, the interest in the security of cloud environments is also increasing. Cloud environment is stored that to provide services to a large amount of IT resources on the Cloud. Therefore, Cloud is integrity of the stored data and resources that such as data leakage, forgery, etc. security incidents that the ability to quickly process is required. However, the existing developed various solutions or studies without considering their cloud environment for development and research to graft in a cloud environment because it has been difficult. Therefore, we proposed wire-wireless integrated Security management Model in cloud environment.

• Journal of Information Technology Services
• /
• v.6 no.2
• /
• pp.177-188
• /
• 2007

Policy-based Network Management (PBNM) has been presented as a paradigm for efficient and customizable management systems. The approach chosen is based on PBNM systems, which are a promising and novel approach to network management. These systems have the potential to improve the automation of network management processes. The Internet Engineering Task Force (IETF) has also used policy concepts and provided a framework to describe the concept as the Policy Core Information Model (PCIM) and its extensions. There are policy conflicts among the policies that are defined as the policy information model and they are not easily and effectively detected and resolved. In this paper, we present the brief description of PBNM and illustrate the concepts of policy core information model and its policy implementation for a network security. Especially we describe our framework for detecting and resolving the policy conflicts for network security.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.815-824
• /
• 2003

Many organizations operate security systems and manage them using the intergrated secutity management (ISM) dechnology to secyre their network environment effectively. But current ISM is passive and behaves post-event manner. To reduce cost and resource for managing security and to remove possbility of succeeding in attacks by intruder, the perventive security management technology is required. In this paper, we propose PRISM model that performs preventative security management with evaluating the security level of host or network and the sensitivity level of information asset from potential risks before security incidents occur. The PRISM can give concrete and effective security management in managing the current complex networks.