• Title/Summary/Keyword: development security

Search Result 4,144, Processing Time 0.03 seconds

A DEVELOPMENT FRAMEWORK FOR SOFTWARE SECURITY IN NUCLEAR SAFETY SYSTEMS: INTEGRATING SECURE DEVELOPMENT AND SYSTEM SECURITY ACTIVITIES

  • Park, Jaekwan;Suh, Yongsuk
    • Nuclear Engineering and Technology
    • /
    • v.46 no.1
    • /
    • pp.47-54
    • /
    • 2014
  • The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

A Study on the Verification Tool for the Security Level in Development Environment (개발 환경 보안수준 점검도구 연구)

  • Ko, Il-Seok
    • Convergence Security Journal
    • /
    • v.6 no.4
    • /
    • pp.133-140
    • /
    • 2006
  • For the verification of the security level against a IT product development environment, we should analyze the vulnerability and the various threatening factors which exists in the IT product development environment. Also we need the evaluation criteria and tools for the evaluation and improvement of the level of information security. For that, we need evaluation indices and the standard it will be able to improve the evaluation methodology in the actual IT product development environment which will reach it will be able to apply must be researched. In this study, our aims are the development of verification tools for the security level of IT product development environment.

  • PDF

Meeting Real Challenges in Eliciting Security Attributes for Mobile Application Development

  • Yusop, Noorrezam;Kamalrudin, Massila;Yusof, Mokhtar Mohd;Sidek, Safiah
    • Journal of Internet Computing and Services
    • /
    • v.17 no.5
    • /
    • pp.25-32
    • /
    • 2016
  • There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.

A Study on Development of Multi-level Security Architecture(MLSA) (Multi-level 보안 아키텍처(MLSA) 구축 방안)

  • Choi, Kyong-Ho;Lee, Dong-Hwi;Kim, Kui-Nam J.
    • Convergence Security Journal
    • /
    • v.7 no.4
    • /
    • pp.107-114
    • /
    • 2007
  • We need development methodology of security architecture which offered various levels of security management in case of the organization required more than two security certifications. In this study, therefore, development methodology of Multi-level Security Architecture(MLSA) proposed. Specifically, we should consider factors of commonness and difference between information security management level evaluation of multiple security architecture. This kinds of endeavor can suggest the direction of the improvement of the evaluating security management and the dynamic plan for the security architecture, and it will make the continuous and systematic security management.

  • PDF

Development of Freelance System for Private Security Work (민간경비업무 프리랜서제도 발전방안)

  • Ha, Jeong Hoon
    • Korean Security Journal
    • /
    • no.60
    • /
    • pp.137-153
    • /
    • 2019
  • The private security industry in Korea has developed considerably with the development of economic growth and IT technology. The purpose of this study is to explore the development method of the freelance system for private security work based on the problems of the freelance system that CEO of the security company in the private security work field recognize. To accomplish the purpose of this study, we interviewed 3 professors and 6 CEO of the security company to analyze the data. They suggested the development of the freelance system of private security work as follows. First, the systematic management of freelance security guards is needed. Secondly, the training for the manager of the freelance security guards should be done. Third, a minimum wage compliance check is required. Fourth, the contents of freelance system should be added to the reality in accordance with the security law. Fifth, the social security system of freelance security guards should be improved. Sixth, the establishment of a freelance security guard cooperative is necessary.

A Security Metrics Taxonomization Model for Software-Intensive Systems

  • Savola, Reijo M.
    • Journal of Information Processing Systems
    • /
    • v.5 no.4
    • /
    • pp.197-206
    • /
    • 2009
  • We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

Modern Management Technologies in the System of Ensuring the Security in the Context of Socio-Economic Development and the Digital Economy

  • Panchenko, Vladimir;Dombrovska, Svitlana;Samchyk, Maksym;Mykhailyk, Nataliia;Chabaniuk, Odarka
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.3
    • /
    • pp.213-219
    • /
    • 2022
  • The main purpose of the study is to determine the main aspects of the introduction of modern management technologies into the security system in the context of socio-economic development and digitalization of the economy. Socio-economic development and a high level of security include growth in income, labor productivity, production volumes, increased competitiveness, changes in the institutional environment, consciousness, activity, social security, the quality of the education system, healthcare, etc. Despite the root cause of economic development, it is not an end in itself, but a tool for ensuring social development. Gaining access for citizens to education, health care, observance of the principles of equality and justice, ensuring protection are directly dependent on the level of economic well-being, the level of economic potential of the country or regions. The research methodology involved the use of both theoretical and practical methods. As a result of the study, the key elements of the introduction of modern management technologies into the security system in the context of socio-economic development and digitalization of the economy were identified.

The Economic Security System in the Conditions of the Powers Transformation

  • Arefieva, Olena;Tulchynska, Svitlana;Popelo, Olha;Arefiev, Serhii;Tkachenko, Tetiana
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.7
    • /
    • pp.35-42
    • /
    • 2021
  • In the article, the authors investigate the economic security system in the conditions of the powers transformation. It is substantiated that economic security acts as a certain system that includes components and at the same time acts as a subsystem of the highest order. It is determined that the economic security system of regions acting as a system has its subsystems, which include: production, financial, environmental, innovation, investment and social subsystems. The parameters of the economic security system include relative economic independence, economic stability and self-development of economic systems, and it is proved that an important feature of economic security in addition to its systemic nature is multi-vector. It is substantiated that the monitoring of ensuring the economic security system of the development of economic systems of different levels in the conditions of the powers transformation should contain the analysis of social, economic and ecological development of regions; spheres of possible dangers of the development of regional economic systems; the nature of the threats; the degree of the possibility of threats; time perspective of economic development threats; possible consequences of losses for economic entities; the impact of threats to the object of the economic entities' activity; possible asymmetry of economic development of regional economic entities. Possible threats as a consequence of the powers transformation have been identified. A PEST analysis of the impact of factors of different nature on economic security and the development of regional economic systems in the powers transformation is carried out. A recurrent ratio is proposed for the economic security system in the conditions of the powers transformation.

Security Education Training Program Characteristics needed to Development Task of Security Software in Security Majors of 5 Universities of Seoul Region (서울지역 5개 대학 보안 전공들의 보안소프트웨어의 개발 직무에 필요한 보안 교육 훈련 프로그램 특성)

  • Hong, Jin-Keun
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.5
    • /
    • pp.16-22
    • /
    • 2020
  • In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

Development of Security System in the OSI Transport Layer (OSI 트랜스포트 계층에서의 보호시스템 개발)

  • Park, Young-Ho;Kim, Ki-Hyun;Moon, Sang-Jae;Gang, Shin-Gak
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.5 no.1
    • /
    • pp.65-84
    • /
    • 1995
  • The information security is needed to guarantee the safety and the confidence to users in open system. This paper analyzes transport layer security protocol and security association protocol, which are standards proposed by ISO/IEC, to provide a security service in the transport layer and particulars, not in the standard, are defined for development. And this paper suggests a development model and develps security system based upon the suggested model. The ONP of USL is used as the development environment.