• Information Systems Review
• /
• v.18 no.3
• /
• pp.137-153
• /
• 2016

Organizations depend on smart working environments, such as mobile networks. This development motivates companies to focus on information security. Information leakage negatively affects companies. To address this issue, management and information security researchers focus on compliance of employees with information security policies. Countermeasures in information security are known antecedents of intention to comply information security policies. Despite the importance of this topic, research on the antecedents of information security countermeasures is scarce. The present study proposes information security intelligence as an antecedent of information security countermeasures. Information security intelligence adapted the concept of safety intelligence provided by Kirwan (2008). Information security intelligence consists of problem solving skills, social skills, and information security knowledge related to information security. Results show that problem solving skills and information security knowledge have positive effects on the awareness of employees of information security countermeasures.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.1051-1055
• /
• 2003

Policies are collections of general principles specifying the desired behavior and state of a system. Network management is mainly carried out by following policies about the behavior of the resources in the network. Policy-based (PB) network management supports to manage distributed system in a flexible and dynamic way. This paper focuses on configuration management based on Internet Engineering Task Force (IETF) standards. Network security approaches include the usage of intrusion detection system to detect the intrusion, building firewall to protect the internal systems and network. This paper presents how the policy-based framework is collaborated among the network security systems (intrusion detection system, firewall) and intrusion detection systems are cooperated to detect the intrusions.

• Journal of information and communication convergence engineering
• /
• v.8 no.5
• /
• pp.544-548
• /
• 2010

The Enterprise Security Management system is a centralized control system based on predefined security policies by organizations. In Korea, there is a Common Criteria security certification according to the strict standards for various features. As the needs of information security product are increasing, the ESM system should be evaluated with quality characteristics. In this paper, we propose evaluation items for functionality and performance of Enterprise Security Management system, and the best practices for evaluation.

• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.299-309
• /
• 2022

Human factor represents a very challenging issue to organizations. Human factor is responsible for many cybersecurity incidents by noncompliance with the organization security policies. In this paper we conduct a comprehensive review of the literature to identify strategies to address human factor. Security awareness, training and education program is the main strategy to address human factor. Scholars have consistently argued that importance of security awareness to prevent incidents from human behavior.

• Journal of the Korea Society for Simulation
• /
• v.11 no.2
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• Review of KIISC
• /
• v.28 no.1
• /
• pp.43-47
• /
• 2018

Textual passwords are widely used for accessing online accounts. Despite the problems of current textual passwords, research has shown that there is no other strong alternatives for a textual password due to its simplicity. There has been significant research to make passwords more secure and usable through password composition policies, password managers, password meters, and multi-factor authentications. In this paper, we focus on several key research that investigates and analyzes widely used password composition policies, and summarize the latest research which aims to improve current password composition policies.

• Korean Security Journal
• /
• no.35
• /
• pp.87-124
• /
• 2013

This paper studies changes in people's social security awareness during Lee Myung-Bak government, and based on the result, suggests future Park Geun-Hye government's social-security-related administration management plan. In specific, the changes in people's social security awareness in the period of 2008 ~ 2012 have been analyzed, and the result has been utilized to draw suggestions on the future social-security-related administration management plan The result is as the following: First, comprehensive social-security-related policy must be continuously pushed. In terms of the fact that social security is closely related to people's daily lives and life itself, every major component of social security cannot be overlooked. Therefore, comprehensive administration management and policies on each of those components are necessary. Second, social security policies must be reinforced enough for people to actually witness. In case of crime rate, 57.1% of people are pointing it as one of the main causes of social unrest; therefore, this national anxiety must be met with focusing awareness on the subject nation-widely and with thorough national defense preparedness. Third, mutual cooperation between social-security-related branches, and systematic management within the each branches are required. In order to systematically manage every aspect of social security, not only the big agencies - such as Ministry of Security and Public Administration, Ministry of National Defense, Prosecution Service, or National Police Agency -, but most of other parts of administration must cooperate as well. Fourth, consistency in social security policies is necessary. As Park Geun-Hye government's administrative slogans are, "secure and integrated society," "establishing a foundation for happy unification era," which are similar to that of previous administration, the administration should be consistent on its social-security-related politics, rather than differentiating themselves from the previous administration.

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.1
• /
• pp.37-42
• /
• 2012

Local governments need to be prepared for emergency response in order to minimize damages caused by disasters, such as typhoon and chemical incidents. In this study, we have researched and analyzed current emergency preparedness status of Korea's local governments by studying laws and policies, and interviewing emergency managers. We have introduced policies to enhance emergency preparedness capabilities of United States' local governments. These policies could be useful for Korean government in developing policies to build up emergency response capabilities of Korea's local governments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.131-138
• /
• 2003

With the Internet winning a huge popularity, there rise urgent problems which are related to Network Security Managements such as Protecting Network and Communication from un-authorized user. Accordingly, Using Security equipments have been common lately such as Intrusion Detection Systems, Firewalls and VPNs. Those systems. however, operate in individual system which are independent to me another. Their usage are so limited according to their vendors that they can not provide a corporate Security Solution. In this paper, we present a Hierarchical Security Management Model which can be applicable to a Network Security Policies consistently. We also propose a Policy Negotiation Mechanism and a Prototype which help us to manage Security Policies and Negotiations easier. The results of this research also can be one of the useful guides to developing a Security Policy Server or Security Techniques which can be useful in different environments. This study also shows that it is also possible to improve a Security Characteristics as a whole network and also to support Policy Associations among hosts using our mechanisms.

• The KIPS Transactions:PartD
• /
• v.9D no.6
• /
• pp.1063-1070
• /
• 2002

With a remarkable growth and expansion of Internet, the security issues emerged from intrusions and attacks such as computer viruses, denial of services and hackings to destroy information have been considered as serious threats for Internet and the private networks. To protect networks from intrusions and attacks, many vendors have developed various security systems such as firewalls and intrusion detection systems. However, managing these systems individually demands too much work and high cost. Thus, integrated and autonomous security management for various security products has become more important. In this paper, we present the architecture of the WISMSF (Web-based Integrated Security Management System for Firewalls) and the merits of centralized approach for managing heterogeneous firewalls and implement the prototype of the central policy database that is a component of the WISMSF engine. The WISMSF engine supports an integrated view for policies, the integrity of polities and the easy recovery and addition of policies. And also, we define the policy conflicts of WISMSF and present the policy recovery process to support to the policies consistence.