• 제목/요약/키워드: Security Management Policy

검색결과 1,096건 처리시간 0.027초

On Enhanced e-Government Security - Network Forensics

  • Wei, Ren
    • 한국디지털정책학회:학술대회논문집
    • /
    • 한국디지털정책학회 2004년도 International Conference on Digital Policy & Management
    • /
    • pp.173-184
    • /
    • 2004
  • E-Government security is crucial to the development of e-government. Due to the complexity and characteristics of e-government security, the viable current approaches for security focus on preventing the network intrusion or misusing in advanced and seldom concern of the forensics data attaining for the investigation after the network attack or fraud. We discuss the method for resolving the problem of the e-government security from the different side of view - network forensics approaches? from the thinking of the active protection or defense for the e-government security, which can also improve the ability of emergence response and incident investigation for e-government security.

  • PDF

Evaluation Model of the Contracting Company's Security Management Using the DEA Model (DEA 모형을 이용한 도급회사 보안관리 평가모델)

  • Kim, In-hwan;Lee, Kyung-ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • 제27권3호
    • /
    • pp.687-704
    • /
    • 2017
  • As Korea's industrial competitiveness and technological prowess increase, collaboration and technical exchanges with contracting companies are increasing. In an environment where cooperation with the contracting company is unavoidable ordering companies are also striving to prevent leakage of technologies through various security systems, policy-making and security checks. However, although the contracting companies were assessed to have a high level of security management the leakage of technical datas are steadily increasing. Issues are being raised about the effectiveness of the security management assessment and the actual security management levels. Therefore, this study suggested a security management system model to improve security management efficiency in the general contract structure. To prove this, analyze the efficiency of 36 contractor companies for the technical datas security management system using the DEA model. The results of the analysis are reflected in the assessment results. Lastly, suggestions for improving the effectiveness of the technical datas security system are proposed.

A Study of Security Policy for U-Healthcare Service (U-Healcare 서비스를 위한 보안정책에 관한 연구)

  • Lee, Keun-Ho
    • Journal of Digital Convergence
    • /
    • 제11권11호
    • /
    • pp.747-751
    • /
    • 2013
  • Researches on U-Healthcare service integrating medical information and IT technologies are actively conducted. U-Healthcare service is the next generation's medical paradigm that ensures conveniences to many users so that the society recognizes the importance and attempts for commercialization through various business model are performed. To form such U-Healthcare service market safely, various policies on the social structure should be established through the standard and the medical law to systemize of the medical information led by the governmen. Especially, the government's security policy to ensure the safety for the government leading visualization of U-Healthcare should be firmly established. Firstly, this paper presents U-healthcare Service and policy guideline. Secondly, it analyzes security threatening factors for the safe U-Healthcare service. By classifying the analyzed security threatening factors based on three major elements of the security, Confidentiality, Integrity and Availability of security policy for each element is proposed.

Future Education Skills Needs Analysis through Patent Analysis in the field of Information Security (특허분석을 통한 정보보안 부문 미래교육 수요분석)

  • Hwang, Gyuhee;Rim, Myung-Hwan;Song, Kyungseok;Lee, Jung Mann
    • Korean Management Science Review
    • /
    • 제31권4호
    • /
    • pp.1-13
    • /
    • 2014
  • This study aims to expand the future study methodology and to develop a methodology of future-oriented curriculum analysis with future skills needs derived from patent analysis. With the case of information security, the methodology is applied to the 16 universities, which have information security department in undergraduate course. From the results, the followings are suggested : 1) for the increasing importance area including hacking, infiltration and PC security, a practical exercise should be emphasized; 2) for the convergence area including security policy, security legislation and OS security, proper faculties should be filed with recruiting field-based experts; 3) for the increasing importance area including professional area including security audit and information security protocol, the advanced curriculum related to graduate level should be provided.

Multilevel Security Management for Global Transactions

  • Jeong, Hyun-Cheol
    • Proceedings of the IEEK Conference
    • /
    • 대한전자공학회 2000년도 ITC-CSCC -2
    • /
    • pp.735-738
    • /
    • 2000
  • The most important issue in database security is correct concurrency control under the restrictive security policy. The goal of secure transaction management is to keep security and provide many concurrent users with the high availability of database. In this paper, we consider the security environment of multidatabase system with replicated data. The read-from relationship in the existed serializability is improper in security environment. So, we define new read-from relationship and propose new secure 1-copy quasi-seriailzability by utilizing this relationship and display some examples. This security environment requires both the existed local autonomy and the security autonomy as newly defined restriction. To solve covert channel problem is the most difficult issue in developing secure scheduling scheme. The proposed secure 1-copy quasi-serializability is very proper for global transactions in that this serializability not violates security autonomy and prevents covert channel between global transactions.

  • PDF

Value Chain Analysis on Business Difficulties of Information Security Industry (가치사슬분석을 통한 지식정보보안산업의 애로사항 분석)

  • Jun, Hyo-Jung;Kim, Tae-Sung
    • Journal of Information Technology Services
    • /
    • 제12권1호
    • /
    • pp.229-245
    • /
    • 2013
  • The information security industry market is sluggish despite high expectation for its growth, and thus policies are required to define the causes and to address these issues. The policy formulation requires various historical market and human resource data for analyzing the industry, which cannot be guaranteed secured. This study executed face-to-face in-depth interviews with the frontline businesses in order to gather live opinions and to analyze industry's value chain, problems, and difficulties with a view to defining policy tasks for the development of the industry. The findings of the study revealed the current technical level of the information security industry, the frontline difficulty, and industrial ecosystem status. Based on these findings, the industry revitalization policy was devised and proposed. Objectives of the policy included the fostering of capacity to conceptualize, plan, and design industrial strategies based on the analysis of the industry's value chain and ecosystem, the expansion of the industry's value-added through the enhanced securing and management of the Intellectual Property Rights (IPR), and the nurturing of the security Human Resources (HR) in line with the industrial demand.

System Design and Implementation for Security Policy Management of Windows Based PC and Weakness Inspection (Windows 기반의 PC 보안 정책 관리 및 취약성 점검을 위한 시스템 설계 및 구현)

  • Park, Byung-Yeon;Yang, Jong-Won;Seo, Chang-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • 제18권1호
    • /
    • pp.23-30
    • /
    • 2008
  • Attempt to protect personal computer from hacking, virus, worm, and the troy wooden horse is progressed variously. Nevertheless, it is very difficult fer public users to understand configurations to enhance security stability in windows based personal computer, and many security problem is due to there lack of recognize about information accessability, various kind of configuration, these necessity, and efficiency. Accordingly, it is demandded to develop an efficient system to protect networks and personal computer with automated method. In this paper, we derive problems of personal computer by analyzing various vulnerableness and policy on security, through which we design and implement the system to solve various windows system problem conveniently.

An Effect of Organizational Security Climate on Individual's Opportunistic Security Behavior: An Empirical Study (조직의 보안 분위기가 개인의 기회주의 행동에 미치는 영향에 관한 실증 연구)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • 제10권10호
    • /
    • pp.31-46
    • /
    • 2012
  • Drawing upon Griffin and Neal's safety climate and performance model, this study developed an information security climate model. Research model is composed of three research variables that include information security climate, information security compliance attitude, and opportunistic security behavior. Results of the study strongly support the fundamental proposition that the organizational security climate has significant positive influence on the individual's opportunistic security behavior. However, the study also reveals that the organizational climate may not directly associate with the reduction of opportunistic security behavior. Rather the organizational security climate nurtures the favorable attitude of the employee towards the compliance of information security, which in turn discourages opportunistic security behavior.

A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013 (클라우드 서비스 평가 프로그램과 ISO/IEC 27001:2013의 비교 연구)

  • Choi, Ju-Young;Choi, Eun-Jung;Kim, Myuhng-Joo
    • Journal of Digital Convergence
    • /
    • 제12권1호
    • /
    • pp.405-414
    • /
    • 2014
  • It is very important to IT users that the Cloud service provides dynamic extension of IT resources and cost-saving. However, the reliability for Cloud service hinders utilizing Cloud service actively. Existing studies on assessment program for Cloud Service are executed by extracting information security assessment articles and adding features of cloud services by referencing ISO/IEC 27001:2005. This paper will review the recently released ISO/IEC 27001:2013 for the addition, reduction, and changing of articles for Controls and Control objectives. Comparative analysis for the Controls of ISO/IEC 27001:2013 with those of CSA CCMv.3, FedRAMP which is an assessment program for Cloud service will suggest Control Objects of Information Security Management System for related Cloud service. The suggestion of Controls will be an important reference index for the security policy of companies which manage the information security management system based on Cloud service.

Violations of Information Security Policy in a Financial Firm: The Difference between the Own Employees and Outsourced Contractors (금융회사의 정보보안정책 위반요인에 관한 연구: 내부직원과 외주직원의 차이)

  • Jeong-Ha Lee;Sang-Yong Tom Lee
    • Information Systems Review
    • /
    • 제18권4호
    • /
    • pp.17-42
    • /
    • 2016
  • Information security incidents caused by authorized insiders are increasing in financial firms, and this increase is particularly increased by outsourced contractors. With the increase in outsourcing in financial firms, outsourced contractors having authorized right has become a threat and could violate an organization's information security policy. This study aims to analyze the differences between own employees and outsourced contractors and to determine the factors affecting the violation of information security policy to mitigate information security incidents. This study examines the factors driving employees to violate information security policy in financial firms based on the theory of planned behavior, general deterrence theory, and information security awareness, and the moderating effects of employee type between own employees and outsourced contractors. We used 363 samples that were collected through both online and offline surveys and conducted partial least square-structural equation modeling and multiple group analysis to determine the differences between own employees (246 samples, 68%) and outsourced contractors (117 samples, 32%). We found that the perceived sanction and information security awareness support the information security policy violation attitude and subjective norm, and the perceived sanction does not support the information security policy behavior control. The moderating effects of employee type in the research model were also supported. According to the t-test result between own employees and outsourced contractors, outsourced contractors' behavior control supported information security violation intention but not subject norms. The academic implications of this study is expected to be the basis for future research on outsourced contractors' violation of information security policy and a guide to develop information security awareness programs for outsourced contractors to control these incidents. Financial firms need to develop an information security awareness program for outsourced contractors to increase the knowledge and understanding of information security policy. Moreover, this program is effective for outsourced contractors.