• Title/Summary/Keyword: Security Policy Model

Search Result 504, Processing Time 0.022 seconds

An Evaluation Method for Security Policy Model Based on Common Criteria (공통평가기준에 의한 보안정책모델 평가방법)

  • 김상호;임춘성
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.5
    • /
    • pp.57-67
    • /
    • 2003
  • Security Policy Model is a structured representation using informal, semiformal or formal method of security policy to be enforced by TOE. It provides TOE to get an assurance to mitigate security flaws resulted from inconsistency between security functional requirements and functional specifications. Therefore, Security Policy Model has been required under an hish evaluation assurance level on an evaluation criteria such as ISO/IEC 15408(Common Criteria, CC). In this paper, we present an evaluation method for security policy model based on assurance requirements for security policy model in Common Criteria through an analysis of concepts, related researches and assurance requirements for security policy model.

The Implementation of Policy Management Tool Based on Network Security Policy Information Model (네트워크 보안 정책 정보 모델에 기반한 정책 관리 도구의 구현)

  • Kim, Geon-Lyang;Jang, Jong-Soo;Sohn, Sung-Won
    • The KIPS Transactions:PartC
    • /
    • v.9C no.5
    • /
    • pp.775-782
    • /
    • 2002
  • This paper introduces Policy Management Tool which was implemented based on Policy Information Model in network suity system. Network security system consists of policy terror managing and sending policies to keep a specific domain from attackers and policy clients detecting and responding intrusion by using policies that policy server sends. Policies exchanged between policy server and policy client are saved in database in the form of directory through LDAP by using Policy Management Tool based on network security policy information model. NSPIM is an extended policy information model of IETF's PCIM and PCIMe, which enables network administrator to describe network security policies. Policy Management Tool based on NSPIM provides not only policy management function but also editing function using reusable object, automatic generation function of object name and blocking policy, and other convenient functions to user.

A Study on Employee's Compliance Behavior towards Information Security Policy : A Modified Triandis Model (조직 구성원의 정보보안정책 준수행동에 대한 연구 : 수정된 Triandis 모델의 적용)

  • Kim, Dae-Jin;Hwang, In-Ho;Kim, Jin-Soo
    • Journal of Digital Convergence
    • /
    • v.14 no.4
    • /
    • pp.209-220
    • /
    • 2016
  • Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees' information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model's factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual's information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members' expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members' information security behavior, and will be able to provide measures to establish organization's information security policy and increase members' compliance behavior.

A Study of Hierarchical Policy Model of Policy-based Integrated Security Management for managing Heterogeneous Security Systems (이종의 보안시스템 관리를 위한 정책 기반의 통합보안관리시스템의 계층적 정책모델에 관한 연구)

  • Lee, Dong-Yeong;Kim, Dong-Su;Jeong, Tae-Myeong
    • The KIPS Transactions:PartC
    • /
    • v.8C no.5
    • /
    • pp.607-614
    • /
    • 2001
  • With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from those attacks, many vendors have developed various security systems such as firewalls, intrusion detection systems, and access control systems. However, managing those systems individually requires too much work and high cost. Thus, in order to manage integrated security management and establish consistent security management for various security products, the policy model of PN-ISMS (Policy Based Integrated Security Management System) has become very important. In this paper, present the hierarchical policy model which explore the refinement of high-level/conceptual policies into a number of more specific policies to form a policy hierarchy. A formal method of policy description was used as the basis of the mode in order to achieve precision and generality. Z-Notation was chosen for this propose. The Z-Notation is mathematical notation for expressing and communicating the specifications of computer programs. Z uses conventional notations of logic and set theory organized into expressions called schemas.

  • PDF

Security Policy Negotiation Model Design Using Mobile Agent System (이동 에이전트 시스템을 이용한 보안정책 협상모델 설계)

  • Park, Jin-Ho;Chung, Jin-Wook
    • Convergence Security Journal
    • /
    • v.4 no.3
    • /
    • pp.37-46
    • /
    • 2004
  • This paper presents the design of a certain highly efficient security policy negotiation of SPS(Security Policy System) using mobile agent system. The conventional IP security systems have some problems. A drawback to these systems is that the required policy between each security area is different. Another problem is not possible to guarantee whether a packet is transmitted through the same path by both directions and is protected by the same policy due to the topology of the network. Unlike conventional systems, the model developed herein can be resolved by using a mobile agent technology. If each domain needs a negotiation of security policy, a mobile agent manages the result of the negotiation in the form of a passport and guarantees the authentication and reliability each other by using the passport.

  • PDF

Detection and Recovery of Policy Conflicts in Policy-based Network Management Systems (정책기반 네트워크 관리 시스템의 정책 충돌 탐지 및 복구)

  • Lee, Kyu-Woong
    • Journal of Information Technology Services
    • /
    • v.6 no.2
    • /
    • pp.177-188
    • /
    • 2007
  • Policy-based Network Management (PBNM) has been presented as a paradigm for efficient and customizable management systems. The approach chosen is based on PBNM systems, which are a promising and novel approach to network management. These systems have the potential to improve the automation of network management processes. The Internet Engineering Task Force (IETF) has also used policy concepts and provided a framework to describe the concept as the Policy Core Information Model (PCIM) and its extensions. There are policy conflicts among the policies that are defined as the policy information model and they are not easily and effectively detected and resolved. In this paper, we present the brief description of PBNM and illustrate the concepts of policy core information model and its policy implementation for a network security. Especially we describe our framework for detecting and resolving the policy conflicts for network security.

The big data analysis framework of information security policy based on security incidents

  • Jeong, Seong Hoon;Kim, Huy Kang;Woo, Jiyoung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.10
    • /
    • pp.73-81
    • /
    • 2017
  • In this paper, we propose an analysis framework to capture the trends of information security incidents and evaluate the security policy based on the incident analysis. We build a big data from news media collecting security incidents news and policy news, identify key trends in information security from this, and present an analytical method for evaluating policies from the point of view of incidents. In more specific, we propose a network-based analysis model that allows us to easily identify the trends of information security incidents and policy at a glance, and a cosine similarity measure to find important events from incidents and policy announcements.

Prototype Design and Security Association Mechanism for Policy-based on Security Management Model (정책기반 보안관리 모델을 위한 프로토타입과 정책 협상 메커니즘)

  • 황윤철;현정식;이상호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.1
    • /
    • pp.131-138
    • /
    • 2003
  • With the Internet winning a huge popularity, there rise urgent problems which are related to Network Security Managements such as Protecting Network and Communication from un-authorized user. Accordingly, Using Security equipments have been common lately such as Intrusion Detection Systems, Firewalls and VPNs. Those systems. however, operate in individual system which are independent to me another. Their usage are so limited according to their vendors that they can not provide a corporate Security Solution. In this paper, we present a Hierarchical Security Management Model which can be applicable to a Network Security Policies consistently. We also propose a Policy Negotiation Mechanism and a Prototype which help us to manage Security Policies and Negotiations easier. The results of this research also can be one of the useful guides to developing a Security Policy Server or Security Techniques which can be useful in different environments. This study also shows that it is also possible to improve a Security Characteristics as a whole network and also to support Policy Associations among hosts using our mechanisms.

An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance (보안 대책이 지속적 보안 정책 준수에 미치는 영향)

  • Park, Chul-Ju;Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.10 no.4
    • /
    • pp.23-35
    • /
    • 2012
  • The goal of this study is to identify factors that influence on the persistent information security compliance intention of employees. Antecedents suggested in research model are security awareness training and perceived effectiveness of information security policy. Research results show that security awareness training has a positive effect on persistent information security compliance intention as well as effectiveness of information security policy. While policy breadth, which is one of the effectiveness of information security policy, influences on persistent information security compliance attitude and intention, policy brevity does not effect on persistent information security compliance intention. Conclusions and implications are discussed.

Security Policy Model for the Intrusion Detection and Response on Enterprise Security Management System (통합보안 관리시스템의 침입탐지 몇 대응을 위한 보안 정책 모델)

  • 손우용;송정길
    • Journal of the Korea Society of Computer and Information
    • /
    • v.9 no.2
    • /
    • pp.81-87
    • /
    • 2004
  • Very various intrusion by development of systems that is based on network is spread. To detect and respond this intrusion, security solutions such as firewall or IDS are bringing and management of security system that load these becomes more harder. Moreover, because environment of systems that require security is various, hard to manage establishing suitable security policy Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

  • PDF