• Korean Security Journal
• /
• no.40
• /
• pp.175-207
• /
• 2014

This paper focuses on the study of a development direction of the industrial security Expert system. First of all, in order to manage Industrial security system, we need to have law, criminology, business and engineering professionals as well as IT experts, which are the multi-dimensional convergence professionals. Secondly, industrial organizations need to have workforce who can perform security strategy; security plan; security training; security services; or security system management and operations. Industrial security certification system can contribute to cultivate above mentioned professional workforce. Currently Industrial Security Expert(ISE) is a private qualification. However, the author argued that it have to be changed to national qualification. In addition, it is necessary that the system should be given credibility with verifying the personnel whether they are proper or not in the their field. In terms of quality innovation, it is also necessary that distinguish the levels of utilization of rating system of the industrial security coordinator through a long-term examination. With respect to grading criteria, we could consider the requirements as following: whether they must hold the degree of the industrial security-related areas of undergraduate or postgraduate (or to be); what or how many industrial security-related courses they should complete through a credit bank system. If the plan of completing certain industrial security-related credits simply through the credit bank system, without establishing a new industrial security-related department, has established, then industrial security study would be spreaded and advanced. For private certification holders, the problem of the qualification succeeding process is important matter. Additionally, it is necessary to introduce the certifying system of ISMS(Industrial Security Management System) which is a specialized system for protecting industrial technology. To sum up, when the industrial security management system links the industrial security management certification, industrial security would realize in the companies and research institutions dealing with national key technology. Then, a group synergy effect would occurs.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.67-73
• /
• 2006

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. a general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

• Journal of Digital Contents Society
• /
• v.8 no.4
• /
• pp.483-489
• /
• 2007

The high availability of information security system shall be primarily studied in relation to the Next Generation Network(NGN) Information Security infrastructure, because it is very important to maintain availability at each moment as a variety of intrusions occur continuously. The high availability of the security system can be realized with the topology and configuration properly defined to fully utilize the recovery function of the security system in the thoroughly planned optimized method. The active-active high availability on the NGN information security infrastructure system in is assured by letting the failover mechanism operate upon the entire structure through the structural design and the implementation of functions. The proposed method reduces the system overload rating due to trouble packets and improves the status of connection by SNMP polling trap and the ICMP transport factor by ping packet.

• Journal of information and communication convergence engineering
• /
• v.9 no.4
• /
• pp.353-357
• /
• 2011

U.S. Obama government is submit a motion to consider cyber attacks on State as a war. 7.7DDoS attack in Korea in 2009 and 3.4 DDoS attacks 2011, the country can be considered about cyber attacks. China hackers access a third country, bypassing South Korea IP by hacking the e-commerce sites with fake account, that incident was damaging finance. In this paper, for WiBro service, DDoS attacks, hackers, security incidents and vulnerabilities to the analysis. From hacker's attack, WiBro service's prognostic relevance by analyzing symptoms and attacks, in real time, Divide Red, Orange, Yellow, Green belonging to the risk rating. For hackers to create a blacklist, to defend against attacks in real-time air-conditioning system is the study of security. WiBro networks for incident tracking and detection after the packets through the national incident response should contribute to the development of technology.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.273-279
• /
• 2014

Recently, it was occurred in the nation's largest Information spill about 140 million cases of credit card customers' personal and credit information. As such, it was rapidly to increase in consumer complaints about the privacy of personal information in accordance with outflow of financial companies increased accident. But it is still not clear precaution. Therefore, in financial customer position, it is possible to confirm and determine in advance whether or not superior to the security company. In addition, It is time to be required institutional device that can be a real effort to equip a good security company. This report is considered a model of "Disclosure of corporate security assessment " of these devices institutional study. And We study in realistic and objective stance about why do we need this policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.601-613
• /
• 2012

It is required to design and implement secure web applications to provide safe web services. For this reason, there are several scoring frameworks to measure vulnerabilities in web applications. However, these frameworks do not classify according to seriousness of vulnerability because these frameworks simply accumulate score of individual factors in a vulnerability. We rate and score vulnerabilities according to probability of privilege acquisition so that we can prioritize vulnerabilities found in web applications. Also, our proposed framework provides a method to score all web applications provided by an organization so that which web applications is the worst secure and should be treated first. Our scoring framework is applied to the data which lists vulnerabilities in web applications found by a web scanner based on crawling, and we show the importance of categorizing vulnerabilities according to privilege acquisition.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.3-15
• /
• 2016

Business data means data of all the documents and electronically generated on / off-line form, storage, use, and transfer the company work process. Business, organization, sales, marketing, means any data related to shipping. Many companies are investing in privacy. But not so for business data. In most companies, secret, confidential rating already exists, the basis is insufficient to establish that decisions can be analyzed in detail to reflect the actual business data in use. In this paper we want to present the criteria that can offer ways to design your business data decision matrix to establish the qualitative and quantitative criteria (evaluation indicators) that can be classified business data and protected by each class.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1353-1360
• /
• 2015

With the extreme development of Internet, recently most users refer the sites with the various Recommendation Systems (RSs) when they want to buy some stuff, movie and music. However, the possibilities of the Sybils with the malicious behaviors may exists in these RSs sites in which Sybils intentionally increase or decrease the rating values. The RSs cannot play an accurate role of the proper recommendations to the general normal users. In this paper, we divide the given rating values into the stable or unstable states and propose a system information based recommendation algorithm that minimizes the malicious user's influence. To evaluate the performance of the proposed scheme, we directly crawl the real trace data from the famous movie site and analyze the performance. After that, we showed proposed scheme performs well compared to existing algorithms.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.281-284
• /
• 2005

Kerberos is system that offer authorization in internet and authentication service. Can speak that put each server between client and user in distributed environment and is security system of symmetry height encryption base that offer authentication base mutually. Kerberos authentication is based entirely on the knowledge of passwords that are stored on the Kerberos Server. A user proves her identity to the Kerberos Server by demonstrating Knowledge of the key. The fact that the Kerberos Server has access to the user's decrypted password is a rwsult of the fact that Kerberos does not use public key cryptogrphy. It is a serious disadvantage of the Kerbercs System. The Server must be physically secure to prevent an attacker from stealing the Kerberos Server and learning all of the user passwords. Kerberos was designend so that the server can be stateless. The Kerberos Server simply answers requests from users and issues tickets. This study focused on designing a SIP procy for interworking with AAA server with respect to user authentication and Kerberos System. Kerberos is security system of encryption base that offer certification function mutually between client application element and server application element in distributed network environment. Kerberos provides service necessary to control whether is going to approve also so that certain client may access to certain server. This paper does Credit-Control Server's function in AAA system of Diameter base so that can include Accounting information that is connected to Rating inside certification information message in Rating process with Kerberos system.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.183-191
• /
• 2021

The advanced development of the world's economies requires a detailed study of the impact of factors on the level of digitalization, to ensure economic growth and promote the use of information and communication technologies in the digital economy. Digitalization of the world's economies is ensured through the implementation of relevant regulations and policy decisions to implement public policy and strategy of the digital economy. The purpose of the study is to establish the pattern of the impact of factors on the level of digitalization of world economies by conducting a regression analysis to reflect the dependence of the impact of factors on the level of digitalization in 25 economies (by IMD digital competitiveness), to check the level of digitalization of the world's economies. It is necessary to analyze the ranking of countries in the world according to the DiGiX Index, IMD, and DESI Digital Competitiveness Rating. Research methods: information synthesis method; regression analysis; systematization, and generalization. Results. It was found that because of regression analysis, the value of the coefficient of determination indicates that the regression model by 78% explains the relationship between future readiness of countries to implement digital technologies and information and communication technologies, but there are still a small number of other factors not included in the regression model. It is determined that the greatest progress among EU member states for the period 2015-2020 according to the DESI index belongs to Ireland, the Netherlands, Malta, and Spain. It is established that Estonia, Spain, and Denmark are in the lead in the DESI rating, in terms of e-government implementation. The study found that the impact of factors on the level of digitalization of world economies contributes to solving current economic problems through further implementation of information and communication technologies and improving legislation in the digital economy, which will ensure the implementation of effective digital policy. It is established that ensuring the appropriate level of digitalization of the world's economies should solve the problems in the digital economy sector faced by governments and businesses, which requires the implementation of measures to regulate and ensure the continued operation of the digital economy.