• Title/Summary/Keyword: development security

Search Result 4,144, Processing Time 0.039 seconds

Information Security Activity of Analysis Phase in Information Security Model in Accordance with SDLC

  • Shin, Seong-Yoon;Lee, Tae-Wuk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.21 no.11
    • /
    • pp.79-83
    • /
    • 2016
  • In this paper, we define four levels of analysis, design, implementation, and testing of the configuration of the development phase by S/W development life cycle. In particular, it dealt with the stage of the analysis phase to prepare an information system developed intensively. Details of the derivation of the information security requirements, it can be seen that comes from the perspective of confidentiality, integrity, availability and accountability, etc. It dealt with from the first manifestations of the projects planning to final planning to establish information security in activities of the Information Security requirements. As an example exhibited by assessing the information security analysis phase activities of S corporations, it can be seen that the improved sales rise in information security activities.

A Study on Optimal Developmental Cost for Quality Factors of Integrated Information Security Systems (통합정보보호시스템의 최적 품질 확보를 위한 최소개발비용 탐색에 관한 연구)

  • Park, You-Jin;Choi, Myeong-Gil
    • Journal of Korean Society of Industrial and Systems Engineering
    • /
    • v.33 no.3
    • /
    • pp.1-9
    • /
    • 2010
  • To protect information resources, many organizations including private corporate and government employ integrated information security systems which provide the functions of intrusion detection, firewall, and virus vaccine. So, in order to develop a reliable integrated information security system during the development life cycle, the managers in charge of the development of the system must effectively distribute the development resources to the quality factors of an integrated information security system. This study suggests a distribution methodology that minimizes the total cost with satisfying the minimum quality level of an integrated information security system by appropriately assigning development resources to quality factors considered. To achieve this goal, we identify quality factors of an integrated information system and then measure the relative weights among the quality factors using analytic hierarchy process (AHP). The suggested distribution methodology makes it possible to search an optimal solution which minimizes the total cost with satisfying the required quality levels of processes by assigning development resources to quality factors during the development life cycle.

Ontology Based-Security Issues for Internet of Thing (IoT): Ontology Development

  • Amir Mohamed Talib
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.8
    • /
    • pp.168-176
    • /
    • 2023
  • The use of sensors and actuators as a form of controlling cyber-physical systems in resource networks has been integrated and referred to as the Internet of Things (IoT). However, the connectivity of many stand-alone IoT systems through the Internet introduces numerous security challenges as sensitive information is prone to be exposed to malicious users. In this paper, IoT based-security issues ontology is proposed to collect, examine, analyze, prepare, acquire and preserve evidence of IoT security issues challenges. Ontology development has consists three main steps, 1) domain, purpose and scope setting, 2) important terms acquisition, classes and class hierarchy conceptualization and 3) instances creation. Ontology congruent to this paper is method that will help to better understanding and defining terms of IoT based-security issue ontology. Our proposed IoT based-security issue ontology resulting from the protégé has a total of 44 classes and 43 subclasses.

Research on the Level Evaluation Model of the Organization Research Security (조직의 연구보안 수준평가 모형 연구)

  • Na, Onechul;Chang, Hangbae
    • The Journal of Society for e-Business Studies
    • /
    • v.25 no.3
    • /
    • pp.109-130
    • /
    • 2020
  • Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

A Study on the Formation and Development of Collective Security System and the Possibility of Security System Shift in East Asia (집단안보체제의 형성 및 발전요인과 동아시아 안보체제의 변화 가능성 연구)

  • Oh, Dongkeon
    • Maritime Security
    • /
    • v.7 no.1
    • /
    • pp.1-29
    • /
    • 2023
  • For the last 70 years, the U.S.-led bilateral security system, or "Hub-and-Spokes" system, has been applied to Northeast Asia, and the system has been successfully settled in terms of stability and economic achievements of the region. Given the increasing complexity of the security environment of East Asia, it is plausible to consider the possibility of a security system shift from bilateral alliances to collective security. In order to analyze the driver of collective security system, this study developed three factors of formation and development of collective security system - main threat, intensity of the threat, and confidence among countries in the system - by reviewing international political theories related to security cooperation. Comparing the formation, development, and achievements of NATO and SEATO, the study figures out that the existence of the main threat, the high intensity of the threat, and the strong confidence among countries in the security system are the primary drivers for a successful collective security system. Based on the result, the study also analyzed the possibility of a security system shift in East Asia. Considering contemporary international conflicts such as U.S.-China strategic competition, Russia-Ukraine War, and growing threats posed by North Korean nuclear and missiles, the study anticipates that the necessity of a collective security system that will replace the current security system of the region would arise. Still, although some issues between countries should be overcome, the growing intensity of the threats will promote cooperation among countries by improving their confidence.

  • PDF

A study on develop plan for special security system (특수경비제도의 발전방안에 관한 연구)

  • Lee, Sang-Won;Park, Ju-Hyun
    • Korean Security Journal
    • /
    • no.13
    • /
    • pp.305-326
    • /
    • 2007
  • Coming to 21st century, the dangerous causes which threaten for safety of citizen's life is increasing. The national importance of facilitates which is dealing by special security officers are becoming target for enemy or terrorist. Therefore, securities in Korea are developing strongly. This study investigates for status and problem of the special security and aim to suggest the plan for development. The development of special security connects to the development of private security industry, the improvement of work environment for special security officers who are working in this ares, securing of man's ability, reality of salary, introduction of professional qualification system, reorganization of education system and the search system for preparing terror need to improve.

  • PDF

A STUDY ON THE GROWTH OF PRIVATE SECURITY IN THE UNITED STATES (미국(美國) 민간경비의 성장요인 분석)

  • Lee, Chang-Mu
    • Korean Security Journal
    • /
    • no.6
    • /
    • pp.273-289
    • /
    • 2003
  • The purpose of this study is to explore the underlying causes of the development of private security in the United States. These include the increasing crime rates and fear of crime, the poor performance of public policing, the decentralization of political authority, the increase of mass private property, economic growth and increase of personal income, commodification of security, insurance companies' demand for tighter security and fear of litigation, and historical events such as World War I & II. Based on the findings of this study, it is suggested that no single factor would account for the growth of private security in the United States. In other words, the rapid growth of private security in the United States should be attributed to the interrelated influences of the factors given above. Finally, it might be the contribution of this study that the future development of private security in Korea would be guided by understanding the case of the United States because of the similarities of the developmental process in private security industry of two countries.

  • PDF

Effects of Mentoring Function on Career Development and Organizational Effectiveness in Private Security Service Organization (경호경비조직의 멘토링기능이 경력개발 및 조직유효성에 미치는 영향)

  • Yoo, Young-Chang;Kim, Hyo-Joon;Kim, Chan-Sun
    • The Journal of the Korea Contents Association
    • /
    • v.11 no.6
    • /
    • pp.326-336
    • /
    • 2011
  • The Purpose of this study was to examine effects of mentoring function on career development and organizational effectiveness in private security service organization. Example number used on interpretation finally using purposive sampling method after this study establishes 5 places private security service company's security guard by population in Seoul on March, 2010 is total 227 people. Reliability of questionnaire appeared Cronbach's ${\alpha}$ value more than .667. Conclusions that appears in this study is as following. First, private security service organization's Mentoring function affects in career development. That is, if friendship, patronage, career management, society mind, and role model are mobilized, innovative own development, special capacity development, and information competitive power development are helped. Second, private security service organization's Mentoring function affects in organization effectiveness. If friendship, patronage, career management, society mind, and role model are mobilized, career satisfaction, organization immersion, and job satisfaction increase. On the other hand, change of jobs intention decreases if function of society mind is mobilized. Third, private security service organization's career development affects in organization effectiveness. If reform and special capacity development are helped, career satisfaction, organization immersion, and job satisfaction increase. While change of jobs intention decreases as development of information competition is helped. Fourth, Mentoring function exerts influence of causality on career development and organization effectiveness. That is, Mentoring exerts direct influence on organization effectiveness, but it exerts indirect effect through career development.

An Analysis of Cyber Attacks and Response Cases Related to COVID-19 (코로나19 관련 사이버 공격 및 대응현황 분석)

  • Lee, Yongpil;Lee, Dong-Geun
    • Journal of Information Technology Services
    • /
    • v.20 no.5
    • /
    • pp.119-136
    • /
    • 2021
  • Since the global spread of COVID-19, social distancing and untact service implementation have spread rapidly. With the transition to a non-face-to-face environment such as telework and remote classes, cyber security threats have increased, and a lot of cyber compromises have also occurred. In this study, cyber-attacks and response cases related to COVID-19 are summarized in four aspects: cyber fraud, cyber-attacks on companies related to COVID-19 and healthcare sector, cyber-attacks on untact services such as telework, and preparation of untact services security for post-covid 19. After the outbreak of the COVID-19 pandemic, related events such as vaccination information and payment of national disaster aid continued to be used as bait for smishing and phishing. In the aspect of cyber-attacks on companies related to COVID-19 and healthcare sector, we can see that the damage was rapidly increasing as state-supported hackers attack those companies to obtain research results related to the COVID-19, and hackers chose medical institutions as targets with an efficient ransomware attack approach by changing 'spray and pray' strategy to 'big-game hunting'. Companies using untact services such as telework are experiencing cyber breaches due to insufficient security settings, non-installation of security patches, and vulnerabilities in systems constituting untact services such as VPN. In response to these cyber incidents, as a case of cyber fraud countermeasures, security notices to preventing cyber fraud damage to the public was announced, and security guidelines and ransomware countermeasures were provided to organizations related to COVID-19 and medical institutions. In addition, for companies that use and provide untact services, security vulnerability finding and system development environment security inspection service were provided by Government funding programs. We also looked at the differences in the role of the government and the target of security notices between domestic and overseas response cases. Lastly, considering the development of untact services by industry in preparation for post-COVID-19, supply chain security, cloud security, development security, and IoT security were suggested as common security reinforcement measures.

Overview of the Sambodana Project: Development of Mobile Communication Security System using Hardening Android

  • Cahyo, Darujati;Moh Noor Al, Azam
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.12
    • /
    • pp.57-62
    • /
    • 2022
  • The Sambodana project is a mobile communication security system development project using Hardening Android. The initial idea for this project is that information leakage occurs outside of a communications application with end-to-end cryptographic security. Android hardening prevents unwanted applications and bloatware from being installed, such as unavailable Google Play Store or install restrictions.