• 한국전자거래학회지
• /
• 제23권4호
• /
• pp.137-152
• /
• 2018

기존 금융정보유출 행위를 탐지하기 위해 보안솔루션에서 생성한 행위 로그를 수집하여 패턴분석으로 정보유출 이상행위를 탐지하고 차단하는 활동에서 발생되는 한계점을 극복하고, 효과적으로 대응하기 위한 방안으로 첫 번째, PC에서 정보유출 경로(외부에서 읽기, 외부로 저장하기, 외부로 전송하기 등)로 이용되는 PC내 실행 프로그램들을 실시간으로 모니터링하고 두 번째, 해당 프로그램이 실행하는 시점에 연관된 보안 통제 프로세스와 상호 연동하여 정상 통제예외 통제우회 행위인지를 파악한 다음 마지막 단계인 시나리오 기반으로 생성한 처리 절차를 통해 금융정보유출 위험을 통제할 수 있는 위험 관리 모델을 제안함으로서 정보 보호 측면의 보안성 강화 및 업무 효율성 향상의 기대효과를 창출하고자 한다.

• 정보처리학회논문지C
• /
• 제12C권7호
• /
• pp.989-998
• /
• 2005

최근 대부분의 정보시스템은 대규모 및 광역화되고 있으며 이에 따른 사이버 침해사고와 해킹의 위험성이 증대되고 있다. 이를 해결하기 위하여 정보보호 기술중에서 보안위험분석 분야의 연구가 활발하게 이루어지고 있다. 하지만 다양한 자산과 복잡한 네트워크의 구조로 인하여 위험도를 현실에 맞게 산정한다는 것이 사실상 불가능하다. 특히, 취약성과 위협의 증가는 시간에 따라 계속 증가하며 이에 대응하는 보호대책은 일정 시간이 흐른 뒤 이루어지므로 제시된 결과가 효과적인 위험분석의 결과로 볼 수 없다. 따라서. 정보시스템에 대한 모델링 기법을 통하여 정보시스템의 구조를 단순화하고 사이버 침해의 방향성을 도식화함으로써 위험분석 및 피해 파급 영향 분석을 보호대책 수립의 허용 시간 내에서 이루어질 수 있도록 해야 한다 이에 따라, 본 논문에서는 보안 위험을 분석할 수 있도록 SPICE와 Petri-Net을 이용한 정보시스템의 모델링 기법을 제안하고, 이 모델링을 기반으로 사례연구를 통하여 위험분석 시뮬레이션을 수행하고자 한다.

• 디지털산업정보학회논문지
• /
• 제6권4호
• /
• pp.307-317
• /
• 2010

The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.

• 디지털산업정보학회논문지
• /
• 제5권4호
• /
• pp.109-116
• /
• 2009

In the paper, we designed an automatic security diagnostic evaluation System(SeDES) based on a security diagnostic evaluation model(SeDEM) for an organization's security assurance. The SeDEM evaluates a security level of an organization quantitatively by a security evaluation formula which is composed of security variables and security index as applying the statistical CAEL model for evaluate risk level of banks. The SeDES has a good expandability as changing security variables according to an organization scale, characteristics and so on. And it also has a excellent usage because it inputs only numeric data got from statistical technique to security index. We can understand more a security level correctly than the existent risk assessment system because it is possible to assess quantitatively with an security grade as well as score. analysis.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 1996년도 종합학술발표회논문집
• /
• pp.65-74
• /
• 1996

Risk analysis is time-consuming and expensive process〔1〕〔6〕. Automated risk analysis tools have been widely used in industry and government to support decision making process and reduce cost. However, difficulties in materializing impact of threats and fast-changing network environments make analysis process more complicated and less trusted since impacts are relative in network environments. HAWK system is developed to improve the accuracy of analysis result in network-oriented environment. It provides user-friendly environments and considers network environments as primary assets.

• 복식문화연구
• /
• 제18권1호
• /
• pp.118-132
• /
• 2010

The purpose of this study is to understand factors of risk perception and purchase obstruction by consumer characteristics and purchase experience of clothing in online. The collection of the research materials was progressed by online and offline. Out of 374 usable questionnaires used for examining this study, 278 questionnaires were collected from offline and 107 questionnaires were collected from online. Frequency analysis, factor analysis, reliability analysis, t-test, One-way ANOVA and multiple regression analysis using SPSS WIN 12.0 were conducted. Three factors of perceived risk were extracted: harmonic/image, quality/shopping process, payments. Based on these dimensions, ANOVA was conducted. The results indicated that the more purchasing experience people had, the less the extent of perceived risk they got, and quality/shopping process risk mostly among them. As the factors which obstruct purchasing decision, a security obstruction, a reliability obstruction, a convenient obstruction and an information insufficient obstruction are extracted. Also, the factors have got the result of same aspects as the perceived risk recognized by the Internet shopping experience. Meaningful differences between groups appear at security obstruction, reliability obstruction, and convenient obstruction. Perceived risk almost influenced on purchase obstruction when purchasing clothes in Internet shopping mall. When consumers perceiving harmony/image risk highly make decisions, they usually hesitate or abandon due to reliability obstruction, convenient obstruction. All the factors: including security obstruction, reliability obstruction, convenient obstruction and information insufficient obstruction made consumers perceiving quality/shopping process risk highly obstruct purchase decision.

• 한국멀티미디어학회논문지
• /
• 제18권2호
• /
• pp.199-206
• /
• 2015

Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

• 융합보안논문지
• /
• 제15권5호
• /
• pp.9-15
• /
• 2015

클라우드 컴퓨팅은 서버의 추가 구축에 대한 비용절감, 데이터 스토리지 확대에 대한 비용 절감, 컴퓨터 자원에 대한 공유, 새로운 기술의 적용에 대한 편의성 등의 장점을 가지고 있다. 그러나 서비스 모델의 다양성으로 인하여 새로운 보안의 우려사항이 높아지고 있어, 이용자가 서비스의 안정성을 신뢰할 수 있도록 인증제도가 운영되고 있다. 이에 본 논문에서는 인증제도의 신뢰성을 확보하기 위해 기존 IT환경에서 적용되던 위험 분석 방법과 달리 공공 IaaS(Infrastructure as a Service) 클라우드 서비스 특징을 고려, 새로운 위험분석 방법을 제안한다.

• International Journal of Computer Science & Network Security
• /
• 제22권6호
• /
• pp.390-399
• /
• 2022

Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.

• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제1권2호
• /
• pp.103-108
• /
• 2012

최근 IT 거버넌스 개념이 기업경영 현장에 적용되고 있다. 본 논문에서는 클라우드 컴퓨팅 환경에서 IT 거버넌스를 기반으로 기업의 정보보호 위험을 최소화할 수 있는 비즈니스 모델에 대해 연구한다. 특히, 정보보호 거버넌스 세부 주제인 위험관리를 연계하는 상호작용 모델(IT 거버넌스 프레임워크인 COBIT과 연계하여 시너지를 높일 수 있는 구조)을 제안하고자 한다. 여기서, 시너지는 효과적, 전략적이고 안전한 비즈니스 지원을 의미하며, BMIS의 4가지 요소, 6가지 역동 연결자와의 상호작용성에 대해 분석이 요구된다. 따라서 COSO ERM이나 COBIT Risk IT Framework를 기반으로 위험관리와 연계될 수 있는 상호작용 모델을 제안한다.