• Journal of Convergence for Information Technology
• /
• v.10 no.8
• /
• pp.1-6
• /
• 2020

The government is carrying out information security consulting support projects to solve the difficulties of SME information protection activities. Since the information security consulting methodology applied to SMEs does not apply the proven methodology such as the critical information and communication infrastructure(CIIP), ISMS, ISO27001, etc. It applies various methods for each consulting provider. It is difficult to respond appropriately depending on the organizational situation such as the type and size of SMEs. In order to improve such problems of SME information security consulting and to improve more effective, effective and standard methodology, the information security consulting methodology applied in the current system was compared and analyzed. Through the improvement plan for SME information security consulting method suggested in this study, it is possible to provide information security consulting suitable for all enterprises regardless of SME size or business type.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.145-152
• /
• 2009

SCADA(Supervisory Control And Data Acquisition) systems are widely used for control and monitoring of critical infrastructures including electricity, gas and transportation. Any compromise in the security of SCADA systems could result in massive chaos and disaster at a national level if a malicious attacker takes the control of the system. Therefore, sound countermeasures must be provided when the SCADA systems are being developed as well as when they are being operated. Unlike general information processing system, SCADA systems have different service responses, communication protocols and network architectures and therefore a different approach should be applied to each SCADA systems that takes into consideration of each system's security characteristics and architectures. In addition, legal basis should be established to ensure the nationwide management of the systems security. This paper examines the vulnerabilites of SCADA systems and proposes action plans to protect the systems against cyber attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.699-707
• /
• 2023

DevSecOps is a concept that adds security procedures to the operational procedures of DevOps to respond to the short development and operation cycle. Multi-step vulnerability scanning process should be considered to provide reliable security while supporting rapid development and deployment cycle in DevSecOps. Many open-source vulnerability scanning tools available can be used for each stage of scanning, but there are difficulties in evaluating the security level and identifying the importance of information in integrated operation due to the various functions supported by the tools and different security results. This paper proposes an integrated security metric design plan for scurity results and the combination of open-source scanning tools that can be used in security stage when building the open-source based DevSecOps system.

• Korean System Dynamics Review
• /
• v.8 no.1
• /
• pp.49-66
• /
• 2007

Due to criminal aspects spreading nation wide, their intelligence level increasing and becoming digitalized, the citizens' interest in and desire for crime security have increased. Until now, the preceding researches have been focused on finding the specific variables that have direct effects on the demand for police manpower through regression analysis and attempted to predict number of needs. However, there have never been any researches producing the accurate number of demands for crimes and human resources needed for each work load. Therefore, this research have analyzed each police station functions by interviewing the persons in charge and selected the main duty for each functions. From this, by using the method of system dynamics, this research was able to predict the standard number of manpower needed for each police station functions. Also, by making a model for each 235 police stations, the best efficient employment plan for police stations and district agencies have been further discussed based on the computer simulation results.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2022.10a
• /
• pp.423-424
• /
• 2022

본 연구에서는 미국의 국가핵심기반보호제도의 변화에 대해 고찰하고 시사점을 도출한다. 이를 위해 9/11 테러 공격 이후 국가핵심기반보호계획(National Infrastructure Protection Plan)을 중심으로 관련 법률 및 제도와 조직변화를 추적하고 고찰하였고, 이들의 관계를 도식화하여 타임라인(timeline)분석을 실시하였다. 본 연구를 통해 국토안보대통령령-8호(HSPD-8), 대통령령-21호(PDD-21), 사이버보안과 핵심기반법(Cybersecurity & Infrastructure Act)등의 관련 법제 변화를 통해 총 3가지 버전의 NIPP이 있음을 확인할 수 있었으며, 2018년에 사이버보안과 주요인프라청(CISA)이 창설되어 국가핵심기반보호제도업무를 이곳으로 이관하여 운영되고 있음을 알 수 있었다. 또한 국가핵심기반을 보는 관점이 9/11 테러 공격 이후 주요 핵심기반 보호(Protection)에서 주요핵심기반의 복원력(Resilience)제고로 변화하고 있음을 도출하였다.

• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.229-245
• /
• 2013

The information security industry market is sluggish despite high expectation for its growth, and thus policies are required to define the causes and to address these issues. The policy formulation requires various historical market and human resource data for analyzing the industry, which cannot be guaranteed secured. This study executed face-to-face in-depth interviews with the frontline businesses in order to gather live opinions and to analyze industry's value chain, problems, and difficulties with a view to defining policy tasks for the development of the industry. The findings of the study revealed the current technical level of the information security industry, the frontline difficulty, and industrial ecosystem status. Based on these findings, the industry revitalization policy was devised and proposed. Objectives of the policy included the fostering of capacity to conceptualize, plan, and design industrial strategies based on the analysis of the industry's value chain and ecosystem, the expansion of the industry's value-added through the enhanced securing and management of the Intellectual Property Rights (IPR), and the nurturing of the security Human Resources (HR) in line with the industrial demand.

• Proceedings of the KIEE Conference
• /
• 2008.10b
• /
• pp.209-210
• /
• 2008

In the case of unauthorized individuals, systems and entities or process threatening the instrumentation and control systems of nuclear facilities using the intrinsic vulnerabilities of digital based technologies, those systems may lose their own required functions. The loss of required functions of the critical systems of nuclear facilities may seriously affect the safety of nuclear facilities. Consequently, digital instrumentation and control systems, which perform functions important to safety, should be designed and operated to respond to cyber threats capitalizing on the vulnerabilities of digital based technologies. To make it possible, the developers and licensees of nuclear facilities should perform appropriate cyber security program throughout the whole life cycle of digital instrumentation and control systems. Under the goal of securing the safety of nuclear facilities, this paper presents the KINS' regulatory position on cyber security program to remove the cyber threats that exploit the vulnerabilities of digital instrumentation and control systems and to mitigate the effect of such threats. Presented regulatory position includes establishing the cyber security policy and plan, analyzing and classifying the cyber threats and cyber security assessment of digital instrumentation and control systems.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.1-7
• /
• 2010

One of celebrities using Social media caught public's eye and interest in Korea. Thereby the number of the user has grown rapidly and by last year it had reached to about 770 million. But at the same time, it has brought us social issues such as invasion of privacy, spreading of malicious code, and stealing of ID. To solve these problems, first the government need to establish adequate law and policy. Second, Service provider should remove vulnerability in the security system and filter illegal information. Third, individual user should put more effort to protect their own privacy. This paper will suggest a solution of using the Social media more sound and secure.

• Korean Security Journal
• /
• no.3
• /
• pp.306-335
• /
• 2000

The desires for safety of body and life can be said to be fundamental and natural in human beings. But the rapid industrialization and urbanization phenomena in our modern society is accelerating the treand for increasing diverse social pathology. Rise of serious crimes such as robbery and rape has already become an especially serious social problem and is at the point of threatening our welfare and social order. But the police, which is primarily responsible for the maintenance of welfare and social order of the public, is unable to respond actively to the increasing demand for policing due to the lack of available manpower and overwork. Thus, the purpose of this thesis is to look for a plan to actively respond to the daily increasing outcry for law and order so that the public may maintain safe and happy lifestyles without the threat of crime. One concrete and practical strategy is to resolutely separate and transfer some of the many functions of the police that can be handled by citizen organizations to those groups so that the police can be relied upon to become functionally efficient. This will decrease the work of the police, thereby allowing the police to concentrate on its inherent responsibilities. As its primary example, 'transferring the function of security' of the police to the private security industry is suggested in this thesis.

• Journal of the Korean Society of Safety
• /
• v.27 no.3
• /
• pp.77-82
• /
• 2012

The leakage of toxic chemicals impact seriously on human being and environment, therefore during their treatment process, a proper management system is necessary to control their toxic effect. This study was designed to suggest the management regulation that supports business managers and facilities management. There are no extra regulation to control emergency accidents and terrors in chemical facilities. Developed countries like USA operate the management standards to control the toxic chemical and facilities according to their toxicity and processes. In order to solve this problem, we have analysed the advanced nations standard methods of security in chemical plants to study the new security management regulation which helps to prevent the chemical accidents. Especially, in USA, CCPS (Center for Chemical Process Safety), SVA (Security Vulnerability Assessment) and RBPSs (Risk-Based Performance Standards) of DHS (Department of Homeland Security) were invest I gated. On the basis of the results, we have suggested the application methods of the security and safety regulation in Korea.