• 대한임베디드공학회논문지
• /
• 제1권2호
• /
• pp.56-63
• /
• 2006

In this paper, we propose the integrated security management framework supporting the trust for the ubiquitous environments. The proposed framework provides the gathering and analysis of the security related information including the location of mobile device and then dynamically configures the security policy and adopts them. More specially, it supports the authentication and delegation service to support the trusted security management for the ubiquitous networks. This system also provides the visible management tools to give the convenient view for network administrator.

• 한국IT서비스학회지
• /
• 제15권4호
• /
• pp.63-72
• /
• 2016

Critical infrastructure has been operating in a closed environment with a completely separate information system and in the private area. However, with the current ICT environment changes due to convergence and open platforms it has increased the threats and risks to critical infrastructure. The importance of cyber security is increasing in the infrastructure control system, such as the outbreak of Ukraine blackout in 2015 by a malicious code called 'black energy'. This thesis aims to recognize the importance and necessity of protecting the critical infrastructure service, designing a security framework reflecting environmental and characteristic changes, and analyzing the management system suitable for a security framework. We also propose a theoretical basis for constructing a new security framework by comparing and analyzing seven international security management system standards, such as NIST 800-82 and IEC 62443-2-1, which are used in the control system. As a result, the environment surrounding critical infrastructure changes with the characteristics of connectivity, openness, and finality was studied, and as a response to this, many scholars and institutions present critical infrastructure security frameworks as cycle enhancement type structures, risk management structures, and management domain expansion structures. In response, the security framework encompassing these structures, CISF (Critical Infrastructure Security Framework), was designed. Additionally, through the security related international standard and criterion analysis, as a newly designed security standard suitable for CISF, IEC 62443-2-1 is reviewed and suggestions are made.

• 전기학회논문지
• /
• 제66권12호
• /
• pp.1879-1888
• /
• 2017

The Internet of Things (IoT) environment has been gradually approaching reality, and although it provides great convenience, security threats are increasing accordingly. For the IoT environment to settle safely, careful consideration of information security is necessary. Although many security measures in the design and development stages of IoT products have been studied thus far, apart from them, the establishment of systems and countermeasures for post management after the launch of IoT products is also very important. In the present paper, a technical and policy post-security management framework is proposed to provide secure IoT environments. The proposed framework defines the concrete response procedures of individual entities such as users, manufacturers, and competent authorities in the case of the occurrence of security flaws after launching IoT products, and performs appropriate measures such as software updates and recalls based on an assessment of the risk of security flaws.

• 디지털융복합연구
• /
• 제17권1호
• /
• pp.141-148
• /
• 2019

디지털 기술의 발전으로 지능화 및 융합화가 가속화됨에 따라, 비즈니스 모델 및 인프라, 기술 등 여러 측면에서 기존 방식을 초월한 변화가 요구되고 있다. 변화된 비즈니스 환경에서는 다양한 보안 위험이 점증하고 있으며, 보안 위험관리의 중요성이 더욱 커지고 있다. 기존의 정보자산 기반의 위험관리에서 벗어나 비즈니스 중심의 위험관리가 대두되고 있는 시점에서 이를 위해서는 비즈니스 목표 달성을 위한 위험성향(Risk Appetite)을 파악하는 것이 필수적이며, 이는 추후 프로세스에서 발생하는 제반 의사결정 과정에 있어 판단 기준을 제공한다. 따라서 본 논문에서는 기존 위험성향 선행연구 분석 및 보호동기이론을 분석하여, 보안 위험성향 수준을 파악할 수 있는 프레임워크를 개발하였다. 또한 개발된 위험성향 프레임워크의 실무적 타당성을 검토하기 위해, 보안 위험관리 실무 전문가들로 구성된 자문위원회를 통해 적용가능성과 중요성을 검토하였다. 검토 결과, 재무, 운영, 기술, 평판, 컴플라이언스, 문화 6개의 보안 위험성향 고려 위험분야와 인지된 심각성, 인지된 취약성, 자기효능감, 반응효능감 4개의 요인이 보안 위험성향 측정을 위한 프레임워크 구성요소로서 타당한 것으로 검토되었다.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.1586-1589
• /
• 2005

GUMF (Global User Management Framework) that is proposed in this research can be applied to next generation network such as BcN (Broadband convergence Network), it is QoS guaranteed security framework for user that can solve present Internet's security vulnerability. GUMF offers anonymity for user of service and use the user's real-name or ID for management of service and it is technology that can realize secure QoS. GUMF needs management framework, UMS (User Management System), VNC (Virtual Network Controller) etc. UMS consists of root UMS in country dimension and Local UMS in each site dimension. VNC is network security equipment including VPN, QoS and security functions etc., and it achieves the QoSS (Quality of Security Service) and CLS(Communication Level Switching) functions. GUMF can offer safety in bandwidth consumption attacks such as worm propagation and DoS/DDoS, IP spoofing attack, and current most attack such as abusing of private information because it can offer the different QoS guaranteed network according to user's grades. User's grades are divided by 4 levels from Level 0 to Level 3, and user's security service level is decided according to level of the private information. Level 3 users that offer bio-information can receive secure network service that privacy is guaranteed. Therefore, GUMF that is proposed in this research can offer profit model to ISP and NSP, and can be utilized by strategy for secure u-Korea realization.

• 스마트미디어저널
• /
• 제6권4호
• /
• pp.41-49
• /
• 2017

최근 많은 보안 사고의 발생에 따라 SOC(Security Operation Center)과 SIEM(Security Information & Event Management)에 대한 관심이 집중되고 있으며, 이에 따른 다양한 연구들과 정보 보안 업계의 다양한 상업화 제품들이 출시되고 있다. 이러한 상황을 반영하듯이 미국의 NIST에서는 Cybersecurity Framework에 관한 문서의 발간 및 개정을 진행하고 있다. 본 연구에서는 NIST의 Cyberseurity Framework를 고찰하고 SOC 및 SIEM 보안 기술 및 솔루션의 동향에 대해 살펴보고자 한다. 더불어 실시간 빅데이터 보안으로 오픈소스 Apache Metron을 소개한다.

• 디지털산업정보학회논문지
• /
• 제12권1호
• /
• pp.81-87
• /
• 2016

Cloud computing technologies are utilized and merged in various domains. Cloud computing technology-based personal cloud service technologies provide mobility and free access by using user centered storages and smart devices such like smart phones and table PCs. Therefore, we should overcome limits on the storage by solving the capacity problems of devices to provide security services in the personal cloud environments It can be addressable to provide the convenience of various security technologies. However, there are some security threats inherited from existing cloud environments and the possibilities of information leakage when devices are lost or stolen. Therefore, we designed a framework for providing secure cloud services by adding objects, such as user authorization, access tokens, set permissions by key generation, and key management assignments, for user management in personal cloud environments. We analyzed the stability of the proposed framework in terms of irreverent use and abuse, access to insiders, and data loss or leakage. And we evaluated the proposed framework in terms of the security with access control requirements in personal cloud environments.

• 디지털산업정보학회논문지
• /
• 제6권2호
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• 한국방송∙미디어공학회:학술대회논문집
• /
• 한국방송공학회 2009년도 IWAIT
• /
• pp.400-403
• /
• 2009

EAP (Extensible Authentication Protocol) is often used as an authentication framework for two-party protocol which supports multiple authentication algorithms known as "EAP method". And PKMv2 in 802.16e networks use EAP as an authentication protocol. However, this framework is not efficient when the EAP peer executing handover. The reason is that the EAP peer and EAP server should re-run EAP method each time so that they authenticate each other for secure handover. This makes some delays, so faster re-authentication method is needed. In this paper, we propose a new design of the PKMv2 framework which provides fast re-authentication. This new framework and usage of the keys which used as a short-term credential bring better performance during handover process.

• 정보과학회 컴퓨팅의 실제 논문지
• /
• 제23권3호
• /
• pp.177-182
• /
• 2017

정보화 사회는 컴퓨터 및 통신이 발달하여 데이터를 수동으로 관리하기 어려운 정도로 데이터양이 방대해져서 데이터 관리에 어려움을 느끼고, 자연재해 및 해커의 공격 등으로 인해 데이터 손실, 서비스 이용 불가 등 다양한 IT 관련 보안사고가 발생하여 이를 원래대로 복구하기 위한 정보보호 관리체계가 필요하다. 정보보호 관리체계는 다양한 프레임워크들이 존재하는데, IT재해에 의해서 발생한 피해를 복구하기 위한 프레임워크는 Cyber Security Framework, Risk Management Framework, ISO/IEC 27001, COBIT 5.0이 존재하며, 각각의 프레임워크들 중에서 IT재해복구에 해당하는 항목들을 비교분석하고, IT재해가 발생한 경우 신속하게 해결하기 위한 하나의 통합적인 관리 방안에 대해 설명한다.