• Journal of Korea Multimedia Society
• /
• v.10 no.8
• /
• pp.1052-1059
• /
• 2007

Network security system used in the large scale network composes individual security system which protects only own domain. Problems of individual security system are not to protect the backbone network and to be hard to cope with in real-time. In this paper we proposed a security system which includes security function at the router, and the access point, which exist at the backbone network, to solve the problems. This security system sends the alert messages to an integrated security management system after detecting intrusions. The integrated security management system releases confrontation plan to each suity system. Thus the systematic and immediate confrontation is possible. We analyzed function verification and efficiency by using the security system and the integrated security management system suggested in this paper. We confirmed this integrated security management system has a possibility of a systematic and immediate confrontation.

• Journal of the Korea Convergence Society
• /
• v.11 no.9
• /
• pp.229-242
• /
• 2020

The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.12
• /
• pp.179-185
• /
• 2021

Private security has the common job characteristics of the police and crime prevention, and is responsible for the safety of our society. However, the hiring process for private security is very different from that of the police. Therefore, in this study, the problems of the private security recruitment process were identified through the police recruitment process and improvement points were suggested. As a result of comparing and examining the recruitment process of the police, the recruitment of private security guards is carried out through education and training, and problems such as the training process and physical strength verification required for security work were investigated. In order to improve the problems in the private security recruitment process, the curriculum of criminal law and criminology, physical examination such as 100m running and left and right grip strength, and practical cases of security work should be added. It is hoped that this study will serve as a basic data for the development of the private security industry along with the recruitment of excellent security guards.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1355-1369
• /
• 2018

As smart bands make life more convenient and provide a positive lifestyle, many people are now using them. Since smart bands deal with private information, security design and implementation for smart band system become necessary. To make a trustworthy smart band, we must derive the security requirements of the system first, and then design the system satisfying the security requirements. In this paper, we apply threat modeling techniques such as Data Flow Diagram, STRIDE, and Attack Tree to the smart band system to identify threats and derive security requirements accordingly. Through threat modeling, we found the vulnerabilities of the smart band system and successfully exploited smart bands with them. To defend against these threats, we propose security measures and verify that they are secure by using Scyther which is a tool for automatic verification of security protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.141-154
• /
• 2022

In the data economy era, various policies are being implemented to create an active data distribution environment. In South Korea, the formation of a big data distribution platform and data trading began with the launch of the Financial Data Exchange under public data governance. In the case of major advanced countries in the data field, they have built a data distribution environment based on the data broker industry for decades and have strengthened national data competitiveness through added values generated from the industry. However, behind the active data distribution through data brokers, there are numerous information security issues, which have resulted in various privacy issues and national security threats. These problems can occur sufficiently in the process of domestic financial data exchange. In our study, we analyzed various information security issues of data trading caused by data brokers and derived information security requirements to be considered when trading data. We verified whether information security requirements are well reflected in the information security policy for each transaction stage of the domestic financial data exchange. Based on the verification, measurements to strengthen information security for financial data exchange are presented in our paper.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.797-800
• /
• 2008

Online signature verification system is widely used in banking account, credit card and so on, because system for online signature verification is easy to implementation and inexpensive. Therefore there are a lot of study on online signature verification. However there is little research about online signature is safe or not. This paper shows a way of online signature estimation using various information of signature. This paper make a experiment about relation sorority grade of online signature and 2-D information of online signature like the number of strokes and cross points, density of points, standard deviation of direction, velocity and acceleration, lengths of signature and convex hull etc. Finally, this paper presents several features of safe online signature.

• Journal of Korea Multimedia Society
• /
• v.15 no.2
• /
• pp.242-249
• /
• 2012

Recently, value added location based service and convergence monitoring and control system is growing. The cases include increasing usage of smart-phone for taking picture, wireless network, GPS and digital map. Especially, Smart-phone is appropriate for using image information and location information. However it is possible to be exploited for forgery and manipulation. So we experimented on transferring modified data on the smart-phone as image and location information in EXIF and researched the technology for data verification. In addition, we have designed security monitoring and control prototype considering axis-address matching analysis used geocoding, watermarking verification, encryption.

• Journal of Korea Multimedia Society
• /
• v.14 no.8
• /
• pp.1029-1040
• /
• 2011

Electronic identity (e-ID) card based on smartcard is a representative identity credential for on-line and off-line personal identification. The e-ID card can store the personal identity information securely, so that the information can be accessed fast, automated identity verification and used to determine the cardholder's authorization to access protected resources. Due to such features of an e-ID card, the number of government organizations and corporate enterprises that consider using e-ID card for identity management is increasing. In this paper, we present an authentication framework for access control system using e-ID cards by discussing the threat environment and security requirement against e-ID card. Specifically, to accomplish our purpose, we consider the Personal Identity Verification system as our target model.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.25-31
• /
• 2012

The SSE-CMM model is how to verify the level of information protection as a process-centric information security products, systems and services to develop the ability to assess the organization's development. The CMM is a model for software developers the ability to assess the development of the entire organization, improving the model's maturity level measuring. However, this method of security engineering process improvement and the ability to asses s the individual rather than organizational level to evaluate the ability of the processes are stopped. In this research project based on their existing research information from the technical point of view is to define the maturity level of protection. How to diagnose an information security vulnerabilities, technical security system, verification, and implementation of technical security shall consist of diagnostic status. The proposed methodology, the scope of the work place and the current state of information systems at the level of vulnerability, status, information protection are implemented to assess the level of satisfaction and function. It is possible that measures to improve information security evaluation based on established reference model as a basis for improving information security by utilizing leverage.

• The Journal of Society for e-Business Studies
• /
• v.23 no.1
• /
• pp.89-102
• /
• 2018

In this paper, the security characteristics of healthcare institutions were derived through analysis of previous research, and the characteristics and status of small and medium sized healthcare institutions were surveyed through field surveys of small and medium sized healthcare institutions. The security management evaluation model for small and medium sized healthcare institutions was designed and verified based on the security characteristics of small and medium healthcare institutions. For the design, we compared and analyzed existing security management system and evaluation certification system of healthcare institutions. We also confirmed the proposed security management evaluation model and the degree of sharing. In addition, we conducted validation for the statistical verification of the proposed security management evaluation model for small and medium sized healthcare institutions, and we performed the relative priority analysis through AHP analysis to derive the weight for each item. The result of this study is expected to be used as a standard of security management evaluation model that can be practiced in small and medium sized healthcare institutions.