• Title/Summary/Keyword: Security management system

Search Result 2,750, Processing Time 0.031 seconds

The Proposal of Security Management Architecture using Programmable Networks Technology

  • Kim, Myung-Eun;Seo, Dong-Il;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2004.08a
    • /
    • pp.926-931
    • /
    • 2004
  • In this paper, we proposed security management architecture that combines programmable network technology and policy based network management technology to manage efficiently heterogeneous security systems. By using proposed security management architecture, a security administrator can manage heterogeneous security systems using security policy, which is automatically translated into a programmable security policy and executed on programmable middleware of security system. In addition, programmable middleware that has the features of programmable network can reduce excessive management traffic. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time between the proposed architecture and PBNM architecture.

  • PDF

A Study on the Security Management System Model for the Information Security of the Aviation infrastructure (항공기반시설의 정보보호를 위한 보안관리체계 모델에 관한 연구)

  • Jung, Chang-Hwa;Lee, Joon-Taik;Chung, Dong-Keun
    • The Journal of Society for e-Business Studies
    • /
    • v.16 no.4
    • /
    • pp.87-96
    • /
    • 2011
  • The importance of the security management system for the aviation infrastructure cannot be overemphasized. What is especially important on the security management system for it is the assessment that is detaild and systematic. This article presents a framework based on a Hanulcha-type security management system model for a Information security of the Aviation infrastructure. This system checks, estimates and analyzes the goal of security with effect, especially in case of the security-accident on the aviation infrastructure because this system model gives the integrated security assessment method.

Improvements of Information Security Level in Electronic Financial Infrastructure(By Analyzing Information Security Management Level) (전자금융기반시설 정보보호 수준강화 방안 (정보보호 관리수준 분석을 통한))

  • Park, Keun-dug;Youm, Heung-youl
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.6
    • /
    • pp.1605-1618
    • /
    • 2016
  • In recent years, security incidents - such as personal information leakage, homepage hacking, DDoS and etc. - targeting finance companies(banks, securities companies, credit card companies, insurance companies and etc.) have increased steadily. In this paper, we analyze problems of information security management level in the existing electronic financial infrastructure from perspective of compliance and information security certification system and propose improvements to enable sustainable high level of information security activities under a comprehensive management system for the financial sector characteristics using ISMS, SECU-STAR and CNIVAM system.

The Improvement Strategy of Spatial Information Security Management System to Promote Spatial Information Industry -Focused on Production, Management, Supply Institutions of Spatial information- (공간정보산업 활성화를 위한 공간정보 보안관리체계의 개선전략 - 공간정보의 생산·관리·보급 기관을 중심으로 -)

  • Jeong, In Hun;Park, Hong Gi;Kim, Young Dan;Choi, Yun Soo
    • Spatial Information Research
    • /
    • v.21 no.6
    • /
    • pp.33-42
    • /
    • 2013
  • In a long-term perspective of development of spatial information industry, security regulation, such as limiting public picture resolution of aerial photographs, needs a rational improvement. However, unplanned deregulation of spatial information could lead problematic results such as national security issues because its present security management system is not established in reasonable manner. The main purpose of this research is to suggest the improvement plan of spatial information security management system to meet the reducing security regulation in accordance with changes of political and economic condition including current national spatial information security polices and spatial information industry. From an analytical standpoint, we examined the overall aspects of legal, operation management, and technical system while we maintained especially integrated perspective of spatial information security management. Followed by investigation of spatial information security issues, as well as its regulation and policies in overseas, rational improvement plan of security management is proposed in the aspects of legal, operation management, and technical system. It is also suggested the three-step improvement plan of reducing regulation of security management system.

Design and Implementation of Patch Management System for Improving System Security (시스템 보안성 향상을 위한 패치관리시스템 설계 및 구현)

  • 서정택;윤주범;최대식;박응기;박춘식
    • Convergence Security Journal
    • /
    • v.4 no.2
    • /
    • pp.43-51
    • /
    • 2004
  • Operating systems and application programs have security vulnerabilities derived from the software development process. Recently, incident cases related with the abuses of these vulnerabilities are increasing and the damages caused by them are becoming very important security issues all over the nations. Patch management is one of the most important processes to fix vulnerabilities of softwares and to ensure a security of systems. Since an institute or a company has distributed hierarchical and heterogeneous systems, it is not easy to update patches promptly. In this paper, we propose patch management framework to safely distribute and install the patches on Windows, Linux, and Solaris client systems. Besides, we considered extensibility and hierarchical structure for our patch management framework to support large scaled network environment.

  • PDF

A Design on the Information Security Auditing Framework of the Information System Audit (정보시스템 감리에서의 정보보호 감리모형 설계)

  • Lee, Ji Yong;Kim, Dong Soo;Kim, Hee Wan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.2
    • /
    • pp.233-245
    • /
    • 2010
  • This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

Anti-Crisis Management In The System Of Economic Security Of International Business

  • Blakyta, H.V.;Zubko, T.L.;Zhuk, O.S.;Kasianova, A.O.;Guliaieva, N.M.;Vavdiichyk, I.M.
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.8
    • /
    • pp.269-274
    • /
    • 2022
  • Economy of Ukraine is characterized by the rapidly increased level of financial failures at a corporate level. Conditions of doing business in Ukraine become tighter year after year and it should motivate the business owners not only to watch more accurately the state in which their business is but also to introduce new, more precise, more tight systems of crisis management and economic security. The experience shows that in order to stay afloat and not to suffer losses companies should pay more attention to different areas of economic security, such as production potential, financial indicators, logistics, staff, etc. For this purpose companies should use a system of valuation of the most important for their activity indicators and transform their values in an integral one in order to use this assessment in making managerial decisions. Such a valuation is one of the components which the article presents. The article also reveals the key points which characterize crisis management as an integral part of enterprise development and economic security. There are specified the essence and problems of crisis management and proposed the ways of raising the level of economic security of a company based on the example of an industrial and commercial enterprise. The key focus of the enterprise's economic security management is defined as constructive responses to threats from the external environment and, as a result, ensuring stable functioning and effective realization of untapped potential in the future. The current assumption is to explain the scheme of strategic management of an industrial and commercial enterprise and to calculate the methodology of an express assessment of the level of enterprise economic security, taking into account the components of crisis management. To assess the level of economic security of the enterprise, it is proposed to use the method of point assessment, which is based on a multi-level system of indicators, which covers the main areas of the enterprise's activity.

Research Trends Analysis of Information Security using Text Mining (텍스트마이닝을 이용한 정보보호 연구동향 분석)

  • Kim, Taekyung;Kim, Changsik
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.14 no.2
    • /
    • pp.19-25
    • /
    • 2018
  • With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

The Design of Security Information Management System of CORBA Security with Using (Repository를 활용한 CORBA Security의 보안정보관리 시스템 설계)

  • Ryu, Ki Young;Park, Sang Woo
    • Convergence Security Journal
    • /
    • v.3 no.3
    • /
    • pp.59-66
    • /
    • 2003
  • In this paper the CORBA security services is designed and implemented conforming to the CORBA Security Services Specification. We implemented a Security Information Management system for object-oriented distributed systems based onthe CORBA (Common Object Request Broker Architecture) Security specification baseed on Repository.

  • PDF

Convergence Security Provider Self-Conformity System (융합보안 공급자 자기 적합성 제도)

  • Baik, Namkyun
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.15 no.2
    • /
    • pp.53-61
    • /
    • 2019
  • In this paper, we propose 'a self - conformance system of convergence security provider' to provide basic data for security and reliability of convergence industrial technology, system and service. It is difficult to evaluate convergence security systems, limited to information and communication service providers, unable to check convergence security items, burden of submission documents, difficulty in measuring convergence security service level and we will summarize product and service-based requirements that can be integrated and systematically measure the level of convergence security and define renewed life cycle-based convergence security information and content security and assurance requirements. On the basis of this, each convergence security company declares conformity with the standard itself without the certification of the certification body, and introduces the provider conformity certification system which can manufacture and sell. This will enable the company to strengthen its competitiveness through timely launch and implementation of products and services and cost reduction.