• Title/Summary/Keyword: information security system

Search Result 6,591, Processing Time 0.037 seconds

A Design on the Information Security Auditing Framework of the Information System Audit (정보시스템 감리에서의 정보보호 감리모형 설계)

  • Lee, Ji Yong;Kim, Dong Soo;Kim, Hee Wan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.2
    • /
    • pp.233-245
    • /
    • 2010
  • This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

Design of Financial Information Security Model based on Enterprise Information Security Architecture (전사적 정보보호 아키텍처에 근거한 금융 정보보호 모델 설계)

  • Kim, Dong Soo;Jun, Nam Jae;Kim, Hee Wan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.4
    • /
    • pp.307-317
    • /
    • 2010
  • The majority of financial and general business organizations have had individual damage from hacking, worms, viruses, cyber attacks, internet fraud, technology and information leaks due to criminal damage. Therefore privacy has become an important issue in the community. This paper examines various elements of the information security management system and discuss about Information Security Management System Models by using the analysis of the financial statue and its level of information security assessment. These analyses were based on the Information Security Management System (ISMS) of Korea Information Security Agency, British's ISO27001, GMITS, ISO/IEC 17799/2005, and COBIT's information security architecture. This model will allow users to manage and secure information safely. Therefore, it is recommended for companies to use the security management plan to improve the companies' financial and information security and to prevent from any risk of exposing the companies' information.

A Study on establishing countermeasures to security threats due to the introduction of information protection system. (정보보호시스템도입에 따른 보안위협요소 대응방안수립에 관한 연구)

  • Kyung, ji-hun;Jung, Sung-Jae;Bae, Yu-Mi;Sung, Kyung
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2013.05a
    • /
    • pp.693-696
    • /
    • 2013
  • Information protection system (Information protection system)-based IT environment built popularity in public agencies and businesses take advantage of the resources for the integration of the information system one essential environment began to recognize, cloud systems (Cloud System), cloud security (Cloud Security), big data (Big Data), big data security (Big Data Security), industrial security (Security Industry), as well as the issue. Due to the influence of these information protection system (Information protection system) in response to my external security threats based on the analysis plan. In this paper, data protection systems (Information protection system), resulting in the introduction, there are a number of security threats and particularly industrial security aspects and internal and external security threats in response by lighting about aspects of the plan is based on knowledge.

  • PDF

Enhancement of Internal Control by expanding Security Information Event Management System

  • Im, DongSung;Kim, Yongmin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.20 no.8
    • /
    • pp.35-43
    • /
    • 2015
  • Recently, internal information leaks is increasing rapidly by internal employees and authorized outsourcing personnel. In this paper, we propose a method to integrate internal control systems like system access control system and Digital Rights Managements and so on through expansion model of SIEM(Security Information Event Management system). this model performs a analysis step of security event link type and validation process. It develops unit scenarios to react illegal acts for personal information processing system and acts to bypass the internal security system through 5W1H view. It has a feature that derives systematic integration scenarios by integrating unit scenarios. we integrated internal control systems like access control system and Digital Rights Managements and so on through expansion model of Security Information Event Management system to defend leakage of internal information and customer information. We compared existing defense system with the case of the expansion model construction. It shows that expanding SIEM was more effectively.

Developing a Framework for the Implementation of Evidence Collection System: Focusing on the Evaluation of Information Security Management in South Korea

  • Choi, Myeonggil;Kang, Sungmin;Park, Eunju
    • Journal of Information Technology Applications and Management
    • /
    • v.26 no.5
    • /
    • pp.13-25
    • /
    • 2019
  • Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

Event Log Validity Analysis for Detecting Threats by Insiders in Control System

  • Kim, Jongmin;Kang, Jiwon;Lee, DongHwi
    • Journal of information and communication convergence engineering
    • /
    • v.18 no.1
    • /
    • pp.16-21
    • /
    • 2020
  • Owing to the convergence of the communication network with the control system and public network, security threats, such as information leakage and falsification, have become possible through various routes. If we examine closely at the security type of the current control system, the operation of the security system focuses on the threats made from outside to inside, so the study on the detection system of the security threats conducted by insiders is inadequate. Thus, this study, based on "Spotting the Adversary with Windows Event Log Monitoring," published by the National Security Agency, found that event logs can be utilized for the detection and maneuver of threats conducted by insiders, by analyzing the validity of detecting insider threats to the control system with the list of important event logs.

Design and Implementation of Enterprise Information Security Portal(EISP) System for Financial Companies (금융회사를 위한 기업 정보보호 포털(EISP) 시스템의 설계 및 구현)

  • Kim, Do-Hyeong
    • Convergence Security Journal
    • /
    • v.21 no.1
    • /
    • pp.101-106
    • /
    • 2021
  • To protect financial information, financial companies establish strategies and plans for information security, operate information security management systems, establish and operate information security systems, check vulnerabilities, and secure information. This paper aims to present an information security portal system for financial companies that can gain visibility into various information security activities being undertaken by financial companies and can be integrated and managed. The information security portal system systemizes the activities of the information security department, providing an integrated environment for information security activities to participate from CEOs to executives and employees, not just from the information security department. Through this, it can also be used as information security governance that can be used by top executives to reflect information security in corporate management.

Design and Implementation of NSM based Security Management System in Smart Grid (스마트그리드 전력망의 NSM 기반 보안관리시스템 설계 및 구현)

  • Chang, Beom Hwan
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.9 no.3
    • /
    • pp.107-117
    • /
    • 2013
  • In this paper, we designed the security management system based on IEC 62351-7 in the Smart Grid environment. The scope of IEC 62351-7 focuses on network and system management (NSM) of the information infrastructure as well as end-to-end security through abstract NSM data objects for the power system operational environment. However, it does not exist that security management system based on IEC 62351-7 manages the security of the power system in the Smart Grid environment, because power equipment or SNMP agents providing NSM data do not exist yet. Therefore, we implemented the security management system to manage the information infrastructure as reliably as the power system infrastructure is managed. We expect that this system can perform the security management of IEC 61850 based digital substation and can be a prototype of the security system for the Smart Grid in the future.

A study on method of setting up the defense integrated security system (군 통합보안시스템 구축 방안 연구)

  • Jang, Worl-Su;Choi, Jung-Young;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.3
    • /
    • pp.575-584
    • /
    • 2012
  • A established military security tast based on existing manual and off-line needs the change and development to support effective and systematic task performance according to environment change of informational and scientific project in the military. Therefore this study suggests to set up the standard model of the defense integrated security system to automate and informationize major defense security task based on actual and problem in the area of major defense of security task and case analysis of these in America, England and other countries. The standard model consist of unit systems were made up integrated security system, security management system, man entrance system, vehicle entrance system, high-tech guard system, terror prevention system and the security accident analysis system, and this suggested model based on possible technology and system. If this model is apply to each real military unit, we will expect the development of defense security.

The security requirements suggestion based on cloud computing security threats for server virtualization system (클라우드 컴퓨팅 보안 위협에 기반 한 서버 가상화 시스템 보안 요구 사항 제안)

  • Ma, Seung-Young;Ju, Jung-Ho;Moon, Jong-Sub
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.1
    • /
    • pp.95-105
    • /
    • 2015
  • In this paper, we propose the security requirements for developing the security functions of server virtualization system. The security requirements are based on the security threats of server virtualization system, and we verified the validity by defending the security threats of server virtualization system. For inducting the security threats damaging server virtualization system from cloud computing security threats, we analyze and suggest the relations between security threats and security issue of server virtualization system.