• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1179-1189
• /
• 2019

Cyber security evaluation is a series of processes that estimate the level of risk of assets and systems through asset analysis, threat analysis and vulnerability analysis and apply appropriate security measures. In order to prepare for increasing cyber attacks, systematic cyber security evaluation is required. Various indicators for measuring cyber security level such as CWSS and CVSS have been developed, but the quantitative method to apply appropriate security measures according to the risk priority through the standardized security evaluation result is insufficient. It is needed that an Scoring system taking into consideration the characteristics of the target assets, the applied environment, and the impact on the assets. In this paper, we propose a quantitative risk assessment model based on the analysis of existing cyber security scoring system and a method for quantification of assessment factors to apply to the established model. The level of qualitative attribute elements required for cyber security evaluation is expressed as a value through security requirement weight by AHP, threat influence, and vulnerability element applying probability. It is expected that the standardized cyber security evaluation system will be established by supplementing the limitations of the quantitative method of applying the statistical data through the proposed method.

• 한국디지털정책학회:학술대회논문집
• /
• 2004.11a
• /
• pp.173-184
• /
• 2004

E-Government security is crucial to the development of e-government. Due to the complexity and characteristics of e-government security, the viable current approaches for security focus on preventing the network intrusion or misusing in advanced and seldom concern of the forensics data attaining for the investigation after the network attack or fraud. We discuss the method for resolving the problem of the e-government security from the different side of view - network forensics approaches? from the thinking of the active protection or defense for the e-government security, which can also improve the ability of emergence response and incident investigation for e-government security.

• Korean Security Journal
• /
• no.6
• /
• pp.147-165
• /
• 2003

Since Electronic Security System is introduced in Korea in 1981 by foreign technology, Security market has been increasing considerably during short period, and It performs it's security roles well in place of security guards. As electronic and communication technology is highly developed, Electronic Security System and security market structure is changing naturally. Especially high-tech mobile communication technology will change the method of Electronic Security business. Also the pattens of residence and life style, such as the trend toward nuclear family and single life could effect security market. In recent year, new business models that apply the mobile phone and internet is appeared. Although Electronic Security System is changed by the changes of technology, It is very difficult to change the basic elements, such as sensing, alarm signal transfering, and response. The rate of increase of Electronic Security market is expected to matain it's increase pace for the time being. But the development of new system for new protectes such as childeren, old person, vehicle rather than immovable facility is necessary to prepare for the continuous competition.

• Journal of the Korean Society of Safety
• /
• v.20 no.2 s.70
• /
• pp.146-150
• /
• 2005

According to the current record of Private Security in Korea, more than 110,231 private security guards and around 2,213 security guard associations are engaged in the private security industries. However, there is no a professional license for the private security. In order to be provided a high quality service from private security industries, the security guard should be required his/her professional qualification which can be upgraded by establishing a professional license system. For introducing the license system the government and security guard associations need to support the suitable training program including curriculum and method, and all associations related to the private security have to require people involved in any kinds of private security matters to complete obligatorily some educational training programs. And also, to complete a college should be the minimum requirement.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.19-25
• /
• 2018

Endpoint security is a method of ensuring network security by thoroughly protecting multiple individual devices connected to the network. In this study, we survey the functions and features of various commercial products of endpoint security. Also we emphasizes the importance of endpoint security to respond to the increasingly intelligent and sophisticated security threats against the cloud, mobile, artificial intelligence, and IoT based sur-connection era. and as a way to improve endpoint security, we suggest the ways to improve the life cycle of information security such as preemptive security policy implementation, real-time detection and filtering, detection and modification.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.25 no.2
• /
• pp.77-82
• /
• 2017

Currently the international flight passenger visit at Incheon International Airport increased 12.4% compared to January 2017. Such increase affects on the congestion of an airport and the security check is one of the most congested area. There is a prejudice that airport security is not related to the airport service and is only a type of control that limits the quality of service. However, considering the huge impact that airport security agents have on passenger move within the airport, trustworthy, fast and kind service at airport security check is one of the most important part of airport service quality improvement. This research is an importance performance analysis of Incheon International Airport security service passenger satisfaction and its significance using IPA method. This research will contribute to the improvement of airport operation and service quality, by proving the relation between airport security and service.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.123-129
• /
• 2012

A secured building where only approved personnel can access is sometimes not secured because of the lack of recognition of security. Unapproved personnel enter and access freely to the internal system of the building, and this makes security risks. In order to deal with these problems, the existing entrance-control system had developed by using the RFID card certification and the infrared sensor to measure distance. However, it is difficult for the system to guarantee security due to the weakness of each method. Therefore, this study aimed at providing a new method of guaranteeing security by comparing the double entrance-control system and the existing entrance-control system.

• Korean Security Journal
• /
• no.2
• /
• pp.5-32
• /
• 1999

Private security will be of great importance in the coming 21st century. In the future, most of the crimes will be violent and frequent. In order to prevent crimes private security must be dealt with in public service area and private area. For this reason, nowadays studies on private security is going on actively. But in reality, serious studies on theoretical backgrounds of private security has not been made yet. Currently, almost all of the theories propose various grounds, such as administrative, economic, and social grounds. And they are based on five backgrounds, that is, profit-oriented enterprise theory, economic reduction theory, vacuum theory, interest group theory, and private management theory. The article furnishes several grounds in addition to these. They are local self-government, management of local self-government, and task-force of guard enterprise. In this article, I am going to present some perspectives in classifying the theories. They are administrative, economic, and social perspective. They are shown as follows by figure. In conclusion, based on theoretical backgrounds mentioned above, private security will be advanced constantly in the future. But in carrying out studies on private security, approaching method of proposing the developmental model is more important than theoretical approaching method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.11
• /
• pp.5588-5613
• /
• 2018

Virtualization technology has been widely applied in the area of computer security research that provides a new method for system protection. It has been a hotspot in system security research at present. Virtualization technology brings new risk as well as progress to computer operating system (OS). A multi-level perception security model using virtualization is proposed to deal with the problems of over-simplification of risk models, unreliable assumption of secure virtual machine monitor (VMM) and insufficient integration with virtualization technology in security design. Adopting the enhanced isolation mechanism of address space, the security perception units can be protected from risk environment. Based on parallel perceiving by the secure domain possessing with the same privilege level as VMM, a mechanism is established to ensure the security of VMM. In addition, a special pathway is set up to strengthen the ability of information interaction in the light of making reverse use of the method of covert channel. The evaluation results show that the proposed model is able to obtain the valuable risk information of system while ensuring the integrity of security perception units, and it can effectively identify the abnormal state of target system without significantly increasing the extra overhead.

• Journal of KIISE:Databases
• /
• v.30 no.6
• /
• pp.585-592
• /
• 2003

In the spatial database systems, it is necessary to manage spatial objects that have two or more aspatial information with different security levels on the same layer. If we adapt the polyinstantiation concept of relational database system for these spatial objects, it is difficult to process the representation problem of spatial objects and to solve the security problem that is service denial and information flow by access of subject that has a different security level. To address these problems, we propose a polyinstantiation method for security management of spatial objects in this paper. The proposed method manages secure spatial database system efficiently by creating spatial objects according to user's security level through security-level-conversion-step and polyinstantiation-generation-step with multi-level security policy. Also, in case of user who has a different security level requires secure operations, we create polyinstance for spatial object to solve problems of service denial and information flow.