• Journal of Advanced Navigation Technology
• /
• v.15 no.3
• /
• pp.372-377
• /
• 2011

Until now, the study and research on the projects which have internationally conducted are in poor condition with regard to the security vulnerability analysis of web application. This is due to a lack of precedent study for improving the quality of the web services in order to provide better services for the future. In this paper, I analyze the types of the web application vulnerabilities which have been studied and mapped out a plan for protecting them.

• Proceedings of the IEEK Conference
• /
• summer
• /
• pp.355-360
• /
• 2004

With the growing acceptance of XML technologies, XML will be the most common tool for all data manipulation and data transmission. Meeting security requirements for privacy, confidentiality and integrity is essential in order to move business online and it is important for security to be integrated with XML solutions. Many policies require certain conditions to be satisfied and actions to be performed before or after a decision is made. Binary yes/no decision to an access request is not enough for many applications. These issues were addressed and formalized as provisions and obligations by Betti et Al. In this paper, we propose an authorization model with provisions and obligations in XML. We introduce a formal definition of authorization policy and the issues involving obligation discussed by Betti et Al. We use the formal model as a basis to develop an authorization model in XML. We develop DTDs in XML for main components such as authorization request, authorization policy and authorization decision. We plan to develop an authorization system using the model proposed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.10a
• /
• pp.493-496
• /
• 2018

Wi-Fi Protected Access2 (WPA2), a recommended Wi-Fi communication security technology, vulnerabilities are found and Users' personal information may also be exposed. In this paper, we analyze security vulnerabilities of public Wi-Fi by attack and seek to find ways to securely use Wi - Fi by users.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.05a
• /
• pp.224-227
• /
• 2018

국민의 편의성과 효율성 제고를 위한 온라인 대국민 서비스가 증가함에 따라 보안 사고들이 빈번하게 일어나며, 인적작원을 통해 많은 개인정보가 유출되고 있다. 이에 따라서 정부에서 ISMS와 PIMS 인증제도를 통하여 안정성을 확보하기 위한 제도를 내놓았다. 하지만 두 가지 인증제도의 중복항목으로 담당자들의 업무 부담이 늘며 이를 통합을 발표하였다. 저자는 인증제도의 인력항목을 좀 더 효율적으로 관리 할 수 방안을 제시하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.745-746
• /
• 2016

The design phase is a process that is embodied to be interpreted and implemented in a requirement of the system information in the analysis phase. In the design phase, the design privacy, information security test plan is established, activities are carried out.

• Korean Security Journal
• /
• no.16
• /
• pp.161-187
• /
• 2008

The purpose of this study is to suggest a development method of current Korean security system by analyzing the problems shown in the performance of security work in relation to the terrorism, which is enlarging in the word, from various aspects. In order to perform the study, the researcher considered the basic theory concerned to current Korean law concerned to security, principle and methodology of security, terror and new terrorism. The researcher performed the study by selecting qualitative case study focused on Park Geun-Hye case. Through the study, the methods to develop Korean security system are as follows. First, from the legal aspect, it is necessary to establish the law concerned to terrorism prevention and important person security. Moreover, it is necessary to search for the development of private security by revising Security Industry Act, which is a legal ground of private security. Second, it is necessary to improve and reinforce education & training program, which is not still divided in detail from the aspect of private security cultivation. Moreover, it is necessary to activate personal protection work and enlarge market through Security Industry Act and make an effort to change social recognition over security, which is devaluated in the society. From the viewpoint, national license about private security shall be adopted. The department of president security, which is a representative of official security, shall transfer the advanced technology to private security organization. Third, from the aspect of operation, the operation of security based on SCE principle, human shield principle, the nearest person's protection principle, body extension principle, linear protection principle and evacuation priority principle is required. Therefore, the priority shall be given to preventive security and thorough security plan shall be made for the operation.

• Convergence Security Journal
• /
• v.13 no.5
• /
• pp.129-135
• /
• 2013

The revised security industry law revised 17 provisions among 31 provisions in order to root out the violent event. The main contents of the revised security industry law is the intensitfication of the required condition of permission, intensitfication of the obligation, management strengthening of the public resentment of group field, official, reason of expansion of the expenses instructor and guard, dress and equipment, vehicle, intensitfication of the managing director, intensitfication of the punishment, and etc. However, there is the problem including the putting under an obligation of the arrangement new appointment education, cause provider punishment of the service company violence, awareness of the police to the security company, excessive regulation, intensification of punishment problem, supervision power intensitfication of the revised security industry law is excessive the police, and etc. The individual responsibility education completion method and public resentment of group field in addition to is thought in order to solve this that exclusion of the prior education obligation, revision of the security industry law, burden on tax payers of the extra charge, punishment of the violence request contract trader, introduction of the guard qualification certificate system, and etc. are needed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.889-903
• /
• 2015

As the number of recent information security incident occurrence increases, more and more workload and liability pressure are given to info-security professionals, which results in decrease of morale level of working groups in the field. In order to solve this problem, Korean government is providing various action plans to improve the morale level of info-security professionals, and also requiring financial companies to submit its own action plan of increasing morale of info-security professionals to Financial Service Agency. For this study, based on the previous studies and relevant professionals' interviews, we selected 16 critical morale increase variables, and performed survey for empirical analysis. As a result, 3 features; role, system, and relationship were presented as the main factor of morale increasement of info-security professionals. This study also suggests a decision making method of utilizing the developed morale measurement model for individual organizations.

• Convergence Security Journal
• /
• v.14 no.6_2
• /
• pp.35-44
• /
• 2014

Private Security Guard Certification Exam that initiated as the eligibility of private in 2006, has been requested more fulfilling management because that becomes to be recognized at the national certified qualification system in 2013. The findings of this study were as follows: First, it is necessary to expand more exemptions, currently some are mainly police officers. Secondly, it is needed to make to announce the final successful candidates through the opposition proceedings by publishing assumptions answer of the problem and by improving the procedure for determining the successful candidates, and so forth.

• Journal of National Security and Military Science
• /
• s.5
• /
• pp.131-172
• /
• 2007

Government duties in the cases of crisis are aimed at supporting efficient military operations in the fields of non-military affairs and resource mobilization, maintenance of government functions, and search for the public security of living during the war. In crisis, the government must change its functions into the total-war system with all resources available for the efficient performance of military operations, war economy, public safety and security as well as government continuance. The main contents of "Chung-Mu Plan" include the alternative measures to control the circulation of life necessities, emergency electricity, water and gas; recover public facilities from the disaster; and accommodate the wounded and refugees. Governments have practiced Ul-chi and ChungMoo exercises to improve government's management capabilities and master standard operating procedures including systematic distribution plans in the national and local level. However, such plans have not yet sufficient enough for the maintenance of public security of living. In addition to the conceptual ambiguity, major problems are the inappropriate system of the war economy, legal institutions, and administrative SOPs for the efficient maintenance of it. Thus, for the betterment of national crisis management system, the government should have the manual stated from every step and level dealing with crisis to the legal institutions. It is important to empower the National Emergency Planning Commission for the policy consistency and efficient/effective implementation. The comprehensive plans must have an integrated cooperative system of the central/local governments, military and civil society with actual practices and exercises for the maintenance of the public security of living.