• 정보보호학회논문지
• /
• 제20권6호
• /
• pp.221-235
• /
• 2010

특정 서비스를 보다 안전하게 제공받기 위한 사용자가 증가함에 따라 서비스수준협약 (SLA)에 대한 관심이 증가하고 있다. 그러나 침입차단서비스와 같은 보안서비스에 대해 기존의 SLA는 관련 보안 분야가 미비하여 제대로된 수준협약이 어려운 실정이다. 기존의 SLA에서 보안 분야는 권고사항의 수준으로 제공되고 있다. 이에 본 논문에서는 기존 침입차단서비스 제품의 보안 기능을 분석하여 공통보안기능과 개별보안기능을 분류하고, 이를 통해 보안서비스의 품질을 보장하기 위한 보안SLA(S-SLA : Security Service Level Agreement) 등급화 지표를 제안한다. 이를 통해 보안서비스에 대한 세분화된 서비스 협약이 가능할 것이다.

• 한국전자거래학회지
• /
• 제12권4호
• /
• pp.127-144
• /
• 2007

본 논문에서는 RFID 미들웨어와 이에 연결된 정보 서비스(Information Service), 네임 서비스(Object Name Service), 상위 애플리케이션을 위한 웹 서비스 등을 통합적으로 관리하기 위한 보안 관리기를 기술한다. 또한 분산된 RFID 시스템의 개체에 대한 접근제어를 확립하기 위해 기존의 사용 제어 모델과 SAML의 assertion을 확장하여 싱글사인온(Single-Sign On)을 구현하였다. 본 논문에서 제시한 RFID 보안 기술은 미들웨어에 포함되어 RFID 정보보호에 기여하고 향후 유비쿼터스 센서 네트워크 분야에서도 동일하게 적용될 수 있을 것이다.

• International Journal of Contents
• /
• 제11권3호
• /
• pp.14-23
• /
• 2015

This paper presents the findings of a study in which students at a four-year university were surveyed in an effort to analyze and verify the differences in perceived security awareness, security-related activities, and security damage experiences when using smartphones, based on demographic variables such as gender, academic year, and college major. Moreover, the perceived security awareness items and security-related activities were tested to verify whether they affect the students' security damage experience. Based on survey data obtained from 592 participants, the findings indicate that demographic differences exist for some of the survey question items. The majority of the male students replied "affirmative" to some of the questions related to perceived security awareness and "enthusiastic" to questions about security-related activities. Some academic year differences exist in the responses to perceived security awareness and security-related activities. On the whole, freshmen had the lowest level of security awareness. Security alert seems to be very high in sophomores, but it decreases as the students become older. While the difference in perceived security awareness based on college major was not significant, the difference in some security-related activities based on that variable was significant. No significant difference was found in some items such as storing private information in smartphones and frequency of implementation of security applications based on the college major variable. However, differences among the college majors were verified in clicking hyperlinks in unknown SMS messages and in the number of security applications in smartphones. No differences were found in security damage experiences based on gender, academic year, and college major. Security awareness items had no impact on the experience of security damage in smartphones. However, some security activities, such as storing resident registration numbers in a smartphone, clicking hyperlinks in unknown SMS messages, the number of security apps in a smartphone, and the frequency of implementation of security apps did have an impact on security damage.

• 정보학연구
• /
• 제12권4호
• /
• pp.1-10
• /
• 2009

The robustness of communication service should be guaranteed to validate its security of the whole service not just high performance. One kind of practical test-beds is the chinese communication service based on SIM Card and GSM. In paper, we try to experiment the possibility of SIM cards clone in various mobile communications using 2G in china, and hence discovered the security vulnerabilities such as the incoming outgoing, SMS service and additional services on the mobile phones using clone SIM cards. The experiments show that chinese communication service should be prepared the Fraud Management System against the cloning SIM card. and furthermore, regulations related to the communication service should be tuned the realistic security environments.

• 정보보호학회논문지
• /
• 제20권6호
• /
• pp.237-249
• /
• 2010

최근 다양한 사이버 침해사고의 개인정보 유출 사례를 살펴보면 공격 대상이 서비스 제공자를 대상으로 하고 있지만 실제적인 피해 대상은 사용자라고 할 수 있다. 정당한 서비스 계약을 체결하였음에도 불구하고 정상적인 서비스를 받을 수 없거나 서비스를 위해 제공한 개인정보가 유출되는 피해가 발생하고 있다. 이에 따라 사업자 및 사용자간 제공되는 서비스에 대한 SLA와 관련하여 보안SLA가 크게 주목받고 있다. 특히 안타바이러스 서비스를 제공하는 서비스 제공자의 경우 보안SLA를 통해 보다 높은 수준의 보안서비스를 제공해야 한다. 그러나 국내에서는 보안SLA와 관련된 연구가 미비하여 유지보수 수준의 SLA만 제공되는 상황이다. 따라서 본 논문에서는 안티바이러스 시스템의 보안 기능을 분석하여, 보안SLA의 지표를 개발하고 보안기능별 등급화 방안을 제안한다.

• 지식경영연구
• /
• 제18권3호
• /
• pp.181-199
• /
• 2017

Recently, the Fintech industry is growing rapidly, and mobile payment service plays a key role in this growth. The purpose of this study is to investigate factors affecting initial acceptance of mobile payment service using Technology Acceptance Model. In the research model, service-related factors such as economic efficiency and security, user-related factors such as user innovativeness and social factors such as social influence were adopted as external variables, and acceptance intention was introduced as dependent variable. Perceived usefulness and perceived ease of use were selected as mediating variables. The collected data were analyzed using SPSS Statistics v22 and Smart PLS 2.0. The results of the study are as follows. First, service-related factors such as economic efficiency and security did not affect the user acceptance intention. Second, individual innovativeness and social influence have significant effects on perceived usefulness and perceived ease of use respectively. And the perceived usefulness and perceived ease of use, which are mediators, have a significant influence on the acceptance intention of mobile payment service. The results of this study will serve as a useful guide for Fintech industries.

• Asia pacific journal of information systems
• /
• 제26권4호
• /
• pp.489-508
• /
• 2016

Growth in the use of mobile commerce services (MCS) as an enabler to conduct business more effectively has been phenomenal. Technology acceptance model (TAM) has been applied in different contexts to examine a wide range of information technology. As more and more companies are finding ways to utilize MCS, an important issue is to understand what factors will affect the decisions of consumers in adopting the services. Based on TAM with two additional groups of external factors (i.e., service-related factors [ubiquitous access and contextual service] and technology-related factors [perceived security risk and network connectivity]) that are theoretically justified to affect both perceived usefulness and perceived ease of use, which are also considered, a research model for the investigated technology acceptance was developed and empirically examined. The major results of this study are as follows. First, ubiquitous access affects perceived usefulness and perceived ease of use. Contextual service affects perceived usefulness. Second, perceived security risk affects perceived usefulness and perceived ease of use. Finally, network connectivity affects perceived usefulness and perceived ease of use.

• 융합보안논문지
• /
• 제23권2호
• /
• pp.115-120
• /
• 2023

국내 물리보안(기계경비) 시장은 대기업과 중소 및 영세 기업의 인프라로 인한 경비구역의 확장에 있어 편차가 증가하고 있는 실정이다. 즉, 출동 시간에 따른 출동 범위에 대한 물리보안 서비스의 한정으로 기업 간 현장 출동과 관련한 문제가 끊임없이 제기되고 있다. 이에 본 연구에서는 현장 출동과 관련한 시뮬레이션을 통해 출동 시간에 대한 기준으로 출동 범위의 기준에 대한 결과를 바탕으로 향후 물리보안(기계경비) 시장의 활성화 방안에 대하여 제안한다.

• 한국재난정보학회 논문집
• /
• 제3권2호
• /
• pp.55-78
• /
• 2007

Currently, the departments related to security and secretary service exist in 18 universities and 30 colleges in Korea in order to raise professional security and secretary personnel. Among the 18 four-year colleges in Korea, only two of them have the ethics course include in their curriculum. Also, among the 31 two-year colleges, only three of them have the ethics course included in their curriculum. Besides, as some private security and guardian companies were recently utilized in illegal actions of the rich and ruling class, contradicting their original purpose of existence, many people point out their downfall as a ?forced private army.? As a professional job, if security secretaries take advantage of the knowledge and top-secret technologies and use them for non-ethical purposes, the effect of the damage is far more serious than other fields of jobs. Therefore, taking this event as a turning point, the contract contents and the task area between the client and the security and secretary company must become more transparent in order to prevent illegal actions, and also for the people working in the security and secretary service area, it is necessary to establish a firm ethical consciousness in order to behave appropriately in their working environment. Therefore, this study examines the proper direction of work ethics of the people working in the security and secretary service according to the professionalization of their field, and also aims to propose an appropriate work ethic system such that they will not become an unfortunate victim of various scandals anymore. To do so, the concept of work ethics in professional jobs was examined; and after the code of ethics that reflect the ethical value system of each professional job was reviewed, the study suggested a specific solution for establishing the codes of ethics for security and secretary service.

• 디지털융복합연구
• /
• 제12권1호
• /
• pp.405-414
• /
• 2014

IT 자원의 동적 확장과 비용절감이라는 클라우드 서비스의 장점은 IT 사용자의 관심이다. 그러나 클라우드 서비스의 신뢰성은 클라우드 서비스를 적극적으로 사용하는데 걸림돌이 되고 있다. 기존 클라우드 서비스의 평가 프로그램은 ISO/IEC 27001:2005을 참고하여 정보보호 평가 항목을 도출하고 클라우드 서비스 특징을 추가하는 방법으로 연구가 이루어지고 있다. 본 논문은 최근 발표된 ISO/IEC 27001:2013의 추가와 삭제 그리고 변경된 통제영역 및 통제 항목을 살펴본다. ISO/IEC 27001:2013의 통제 항목과 클라우드 서비스 평가 프로그램인 CSA CCM v.3, FedRAMP의 통제 항목을 비교 분석하여 정보보호관리체계에서 클라우드 서비스와 관련된 평가 항목을 제시한다. 도출한 통제 항목은 클라우드 서비스 기반의 정보보호관리체계를 운영하는 기업의 보안 정책에 참고 지표가 될 것이다.