• The KIPS Transactions:PartC
• /
• v.9C no.5
• /
• pp.775-782
• /
• 2002

This paper introduces Policy Management Tool which was implemented based on Policy Information Model in network suity system. Network security system consists of policy terror managing and sending policies to keep a specific domain from attackers and policy clients detecting and responding intrusion by using policies that policy server sends. Policies exchanged between policy server and policy client are saved in database in the form of directory through LDAP by using Policy Management Tool based on network security policy information model. NSPIM is an extended policy information model of IETF's PCIM and PCIMe, which enables network administrator to describe network security policies. Policy Management Tool based on NSPIM provides not only policy management function but also editing function using reusable object, automatic generation function of object name and blocking policy, and other convenient functions to user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1191-1204
• /
• 2019

In January 2019, the government revised the regulation on electronic financial supervision to revitalize the use of cloud in the financial sector. However, as cloud policies and regulations cloud undermine financial firms' autonomous security activities or restrict some of the people's basic rights, there has been little movement in the financial sector to use important information as the cloud. In addition, the data localization policy, which requires important information to be kept only in Korea, is a representative regulation that prevents the revitalization of cloud use, which also creates discrimination problems for overseas operators. Therefore, policy and regulatory improvements are needed to enable the cloud to provide a foundation for digital financial innovation through data. This study looked into the current status of cloud policies for domestic and foreign financial companies and analyzed policies and regulations for domestic financial companies. Through these efforts, the government aims to draw up limitations and problems in cloud policies for domestic financial companies and propose policy alternatives, such as measures to improve regulations on localizing data for financial companies to revitalize their use of cloud.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.5B
• /
• pp.486-493
• /
• 2006

As information threats to information systems diffuse, the information security becomes a major concern. Information security manpower who produce and implement information security products, and who are in charge of information security in organizations, has been important. Korean government has implemented various policies to promote the information security manpower. Those policies have been successful to supply enough number of information security manpower, but not successful to supply information security manpower to meet the various requirements of the manpower demand. In this study we adopt analytic hierarchy process(AHP) to analyze the priorities of information security technology categories to meet the demand. Results of the study suggest that the government should concentrate on promotion of manpower for the field of the 'System and Network Security Technology'.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.695-706
• /
• 2018

In recent years, industrial convergence centered on ICBM (internet of things (IoT), cloud, big data, mobile) has been experiencing rapid development in various fields such as agriculture and the financial industry. In order to prepare for cyber threats, one of the biggest problems facing the convergence industry in the future, the development of the industry must proceed in tandem with a framework of information security. In this study, we analyze the details of the current industrial development policy and related information protection policies using cross impact analysis and present policy priorities through the expert questionnaire. The aim of the study was to clarify the priorities and interrelationships within information security policy as a first step in suggesting effective policy direction. As a result, all six information security policy tasks derived from this study belong to key drivers. Considering the importance of policies, policies such as improving the constitution of the security industry and strengthening of support, training of information protection talent, and investing in the information security industry need to be implemented relatively first.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.99-106
• /
• 2014

The most significant change and trend in the information security market in the year of 2014 is in relation to the issue and incidents of personal information security, which leads the area of information security to a new phase. With the year of 2011 as the turning point, the security technology advanced based on the policies and conditions that combine personal information and information security in the same category. Such technical changes in information security involve various types of information, rapidly changing security policies in response to emerging illegal techniques, and embracing consistent changes in the network configuration accordingly. This study presents the result of standardization and quantification of external access inference by utilizing the measurements to fathom the access authorization performance in advance for information security in specialized networks designed to carry out certain tasks for a group of clients in the easiest and most simple manner. The findings will provide the realistic data available with the access authorization inference modes to control illegal access to the edge of a client network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.4
• /
• pp.769-774
• /
• 2013

In order to strengthen the protection of information, public institutions have introduced information security governance system. Public institutions recognizes the importance of information security governance system, and have striven to establish information security governance by establishing institutions and making policies. In this paper, in order to investigate ways that will be the basis for the establishment of information security governance in public institutions, we studied the necessity and model of information security governance. Also, by studying the government policies and cases, we proposed the direction of the policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.39-46
• /
• 2011

This study is conducted to examine the optimal integrated security policy based on network in case of attacks by implementing unique security policies of various network security equipments as an algorithm within one system. To this end, the policies conduct the experiment to implement the optimal security system through the process of mutually integrating the unique defense policy of Firewall, VPN(Virtual Private Network), IDS(Intrusion Detection System), and IPS(Intrusion Prevention System). In addition, this study is meaningful in that it designs integrated mechanism for rapid detection of system load caused by establishment of the security policy and rapid and efficient defense and secures basic network infrastructure implementation.

• Journal of National Security and Military Science
• /
• s.8
• /
• pp.421-465
• /
• 2010

Passwords are used in many ways to protect data, systems, and networks. Passwords are also used to protect files and other stored information. In addition, passwords are often used in less visible ways for authentication. In this article, We provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems. Organizations need to protect the confidentiality, integrity, and availability of passwords so that all authorized users - and no unauthorized users - can use passwords successfully as needed. Integrity and availability should be ensured by typical data security controls, such as using access control lists to prevent attackers from overwriting passwords and having secured backups of password files. Ensuring the confidentiality of passwords is considerably more challenging and involves a number of security controls along with decisions involving the characteristics of the passwords themselves.

• Electronics and Telecommunications Trends
• /
• v.38 no.4
• /
• pp.58-69
• /
• 2023

Cyberspace is emerging as a critical domain requiring national-level governance and international cooperation owing to its potential financial and societal impacts. This research aims to investigate the cybersecurity policies from major countries for understanding with comprehensive perspectives. Global trends emphasize a comprehensive command-centered approach, with top leadership directing cybersecurity policies. Key policy areas include security across technology ecosystems, protection of critical infrastructure, and software supply chain security. Investment is being focused on zero-trust architectures, software bills, and new technologies like artificial intelligence. For countries like Korea, immediate response and adaptation to these trends are crucial to develop and enforce national cybersecurity policies.

• Electronics and Telecommunications Trends
• /
• v.38 no.4
• /
• pp.47-57
• /
• 2023

The competition for technological supremacy is unfolding in the high-tech field, and quantum computing can be determinant for economic and security ripple effects. The United States and China, leaders in quantum computing, have developed this field through adequate policies. The United States has fostered quantum computing through government policies and competition among private companies, while China has secured world-class technology through large-scale government investment and attracting foreign talent. In quantum computing, securing talented people is essential to guarantee independent technology development regarding academic attributes and security. We analyze quantum computing policies in the United States and China on a timeline and determine their policy trends. In addition, the policies for securing talent in these countries are reviewed, and the policy effects are compared based on literature analysis. Through the analysis of policy cases between the United States and China, bilateral policy implications for Korea are delineated.