• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1605-1618
• /
• 2016

In recent years, security incidents - such as personal information leakage, homepage hacking, DDoS and etc. - targeting finance companies(banks, securities companies, credit card companies, insurance companies and etc.) have increased steadily. In this paper, we analyze problems of information security management level in the existing electronic financial infrastructure from perspective of compliance and information security certification system and propose improvements to enable sustainable high level of information security activities under a comprehensive management system for the financial sector characteristics using ISMS, SECU-STAR and CNIVAM system.

• The Journal of Society for e-Business Studies
• /
• v.19 no.1
• /
• pp.63-78
• /
• 2014

This paper is to analyze how the information security leadership of top management affects controls of information security. Controls of information security include the activity related to making information security policy, the activity related to making up information security organizational structure and job responsibilities, the activity related to information security awareness and training, the activity related to technical measures installation and operation, and the activity related to emergency response, monitering and auditing. Additionally we will analyze how Internet incidents affect controls of information security and find implications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.101-108
• /
• 2011

The turnover rate of information security professionals in Korea is over 10% and turnover into non-information security fields accounts for over 50% of all the turnovers [1]. It is not only important to recruit a new quality workforce, but also to make the current workforce perform satisfactorily, to improve their performance, and eventually to attain information security objectives. This study proposes a Markov chain model for the turnover process of information security professionals and forecasts the job duty composition of information security professionals. The results of this study can be applied to secure the justification of government policies for the promotion of information security professionals.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.123-133
• /
• 2008

Information securiry is considered important due to the side effect generated from the expansion of information system and rapid increase of the use of internet. Nevertheless, we are getting unconscious of the importance of information security. The purpose of this research is to empirically analyze that the effects of security policies, security awareness and individual characteristics on password security effectiveness. Based on the analysis of research model using structural equation modeling technique, security policies were influencing individual characteristics and improving user's security awareness. Also individual characteristics and security awareness had positive impact on security effectiveness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.157-169
• /
• 2010

As the information society changes into the ubiquitous computing society, the importance of information security has increased. Governments and enterprises are carrying out various information security activities to operate their information asset effectively. Since 2006, the Korean government has implemented 'Advance Diagnosis' policy to analyze the vulnerability of the information security from the early stage of the information system development to secure the information stability. This study proposes an analyzing framework for the economic effects of Advance Diagnosis for Information Security and presents an illustrative application em a real Advance Diagnosis case. The results of this study can be applied to secure the economic justification of government policies for the security of information systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1291-1312
• /
• 2013

Cloud computing changes the service models of information systems and accelerates the pace of technological innovation of consumer electronics. However, it also brings new security issues. As one of the important foundations of various cloud security solutions, entity authentication is attracting increasing interest of many researchers. This article proposes a layered security architecture to provide a trust transmission mechanism among cloud systems maintained by different organizations. Based on the security architecture, four protocols are proposed to implement mutual authentication, data sharing and secure data transmission in federated cloud systems. The protocols not only can ensure the confidentiality of the data transferred, but also resist man-in-the-middle attacks and masquerading attacks. Additionally, the security properties of the four protocols have been proved by S-pi calculus formal verification. Finally, the performance of the protocols is investigated in a lab environment and the feasibility of the security architecture has been verified under a hybrid cloud system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.12
• /
• pp.5116-5134
• /
• 2015

In this paper, due to the network security defense is mainly static defense, a dynamic classification network security defense strategy model is proposed by analyzing the security situation of complex computer network. According to the network security impact parameters, eight security elements and classification standard are obtained. At the same time, the dynamic classification algorithm based on fuzzy theory is also presented. The experimental analysis results show that the proposed model and algorithm are feasible and effective. The model is a good way to solve a safety problem that the static defense cannot cope with tactics and lack of dynamic change.

• 한국디지털정책학회:학술대회논문집
• /
• 2003.12a
• /
• pp.241-250
• /
• 2003

With an increasing awareness of information security, the market demand for better information security goods and services causes shortage in well trained information security manpower. This study analyzes the priorities of the options available to the qualitative information security manpower training policy. The analysis is conducted through four hierarchies: goals, criteria, sub-criteria and alternatives for each of which priorities are developed through the rating approach of the Analytic Hierarchy Process (AHP). 3 criteria and 8 sub-criteria are involved in the four hierarchies. The analysis result indicates that the fundamental information security technology is the most desirable.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1123-1132
• /
• 2012

Many domestic organizations are introducing and operating various information security management systems capable of coping with technical, administrative, and legal issues comprehensively and systematically, in order to prevent various infringement incidents such as personal information disclosure and hacking preemptively and actively. However, empirical analyses regarding the extent to which an information security management system contributes to information security performance have not been fully conducted, even though enterprises and organizations are actively introducing such systems in order to achieve their information security objectives as a part of their organizational management activities in line with their respective business, by investing considerable effort and resources in developing and operating these systems. This approach can be used to apply, develop, and operate the information management system actively within an organization. this study focused on analyzing how each specific phase of the information security management system affects information security performance, compared with previous studies, which generally focus on the information security control item in analyzing information security performance. The information security management system was analyzed empirically to determine how the Security PCDA cycling model affects information security performance.

• The KIPS Transactions:PartD
• /
• v.17D no.3
• /
• pp.223-232
• /
• 2010

This study was carried out for the purpose of inquiring into the effect of composition and security activities for information security architecture on information asset protection and organizational performance in terms of general information security. This study made a survey on 300 workers in the government, public institutions and private companies, which it showed that management factors of risk identification and risk analysis, in general, have an usefulness to composition and security activities for information security architecture to prevent inside information leakage. And the understanding and training factors of IT architecture and its component were rejected, requiring the limited composition and security activities for information security architecture. In other words, from the reality, which most institutions and organizations are introducing and operating the information security architecture, and restrictively carrying out the training in this, the training for a new understanding of architecture and its component as an independent variable made so much importance, or it did not greatly contribute to the control or management activities for information security as the generalized process, but strict security activities through the generalization of risk identification and risk analysis management had a so much big effect on the significant organizational performance.