• Journal of the Society of Disaster Information
• /
• v.3 no.2
• /
• pp.55-78
• /
• 2007

Currently, the departments related to security and secretary service exist in 18 universities and 30 colleges in Korea in order to raise professional security and secretary personnel. Among the 18 four-year colleges in Korea, only two of them have the ethics course include in their curriculum. Also, among the 31 two-year colleges, only three of them have the ethics course included in their curriculum. Besides, as some private security and guardian companies were recently utilized in illegal actions of the rich and ruling class, contradicting their original purpose of existence, many people point out their downfall as a ?forced private army.? As a professional job, if security secretaries take advantage of the knowledge and top-secret technologies and use them for non-ethical purposes, the effect of the damage is far more serious than other fields of jobs. Therefore, taking this event as a turning point, the contract contents and the task area between the client and the security and secretary company must become more transparent in order to prevent illegal actions, and also for the people working in the security and secretary service area, it is necessary to establish a firm ethical consciousness in order to behave appropriately in their working environment. Therefore, this study examines the proper direction of work ethics of the people working in the security and secretary service according to the professionalization of their field, and also aims to propose an appropriate work ethic system such that they will not become an unfortunate victim of various scandals anymore. To do so, the concept of work ethics in professional jobs was examined; and after the code of ethics that reflect the ethical value system of each professional job was reviewed, the study suggested a specific solution for establishing the codes of ethics for security and secretary service.

• KSCI Review
• /
• v.15 no.1
• /
• pp.141-150
• /
• 2007

There's been a difficulty for general corporate to adopt recent incident response study because those studies focus on nation wide CERT Coordination Center or large organization aspect. This study is focus on study and design on security ticket based CERT system through analysis Security management's threat element, attack element. response element and it also help general corporate establish incident response process that is adjusted on IT operation. Confirmed CERT model's effectiveness and effect of quantitative Security incident management wav that propose executing Security incident response experiment on the basis of this way. This study which Provides general corporate oriented CERT model can be used to improve corporate's capability of responding incident by quantified management technique and select incident response SLA indicator. Already, formation which operate CERT can heighten corporation's information protection level by measure Security incident response result as metrical and analyze and improve problem continuously.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.83-102
• /
• 2024

Recently, as the use of the cloud increases year by year and remote work within the enterprise has become one of the new types of work, the security of the cloud-based remote work environment has become important. The introduction of zero trust is required due to the limitations of the existing perimeter security model that assumes that everything in the internal network is safe. Accordingly, NIST and DoD published standards related to zero trust architecture, but the security requirements of that standard describe only logical architecture at the abstract level. Therefore, this paper intends to present more detailed security requirements compared to NIST and DoD standards by performing threat modeling for OpenStack clouds. After that, this research team performed a security analysis of commercial cloud services to verify the requirements. As a result of the security analysis, we identified security requirements that each cloud service was not satisfied with. We proposed potential threats and countermeasures for cloud services with zero trust, which aims to help build a secure zero trust-based remote working environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.149-162
• /
• 2004

Until now the study of computer forensics has been focused only system forensics which carried on keeping, processing and collecting the remained evidence on computer. Recently the trend of forensic study is proceeding about the network forensics which analyze the collected information in entire networks instead of analyzing the evidence on a victim computer. In particular network forensics is more important in Automated Computer Emergency Response System because the system deals with the intrusion evidence of entire networks. In this paper we defined the information of network forensics that have to be collected in Automated Computer Emergency Response System and verified the defined information by comparing with the collected information in experimental environments.

• Information Systems Review
• /
• v.25 no.3
• /
• pp.179-197
• /
• 2023

As a sufficient workforce supports the industry's growth, workforce training has also been carried out as part of the industry promotion policy. However, the market still has a shortage of skilled mid-level workers. The information security disclosure requires organizations to secure personnel responsible for information security work. Still, the division between information technology work and job areas is unclear, and the pay is not high for responsibility. This paper compares job keywords in advertisements for the information security workforce for 2014, 2019, and 2022. There is no difference in the keywords describing the job duties of information security personnel in the three years, such as implementation, operation, technical support, network, and security solution. To identify the actual needs of companies, we also analyzed and compared the contents of job advertisements posted on online recruitment sites with information security sector knowledge and skills defined by the National Competence Standards used for comprehensive vocational training. It was found that technical skills such as technology development, network, and operating system are preferred in the actual workplace. In contrast, managerial skills such as the legal system and certification systems are prioritized in vocational training.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.1
• /
• pp.51-61
• /
• 2011

A smartphone is a mobile phone that offers more advanced computing ability and connectivity than a contemporary basic feature phone. Unlike feature phone, a smartphone allows the user to install and run more advanced applications based on a specific platform. Smartphones run complete operating system software providing a platform for application developers. A smartphone will become the default computing method for many point activities in the not-too-distant future, such as e-mail, online shopping, gaming, and even video entertainment. For smartphone that contains sensitive information and access the Internet, security is a major issue. In the 1980s, security issues were hardly noticed; however, security is a major issue for users today, which includes smart phones. Because security is much more difficult to address once deployment and implementation are underway, it should be considered from the beginning. Recently our government recognized the importance of smartphone security and published several safety tips for using the smartphone. However, theses tips are user-oriented measures. Maintaining the security of a smartphone involves the active participation of the user. Although it is a important users understand and take full advantage of the facilities afforded by smarphone, it is more important developers distribute the secure smartphone application through the market. In this paper we describe some scenarios in which user is invaded his/her privacy by smartphone stolen, lost, misplaced or infected with virus. Then we suggest the security considerations for securing smartphone applications in respect with developers. We also suggest the methods applying domestic encryption algorithms such as SEED, HIGHT and ARIA in developing secure applications. This suggested security considerations may be used by developers as well as users (especially organizations) interested in enhancing security to related security incidents for current and future use of smartphones.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.743-744
• /
• 2016

Information Security is a management problem, not just a technical issue. Information security management is an ongoing activity rather than consisting of a solitary business. Analysis step has to be done with the start information is also protected by the steps of preparing the activity information system development. At this stage, the risk assessment should be carried out together with the expected information technology systems analysis and user requirements are derived.

• Annual Conference of KIPS
• /
• 2011.11a
• /
• pp.854-857
• /
• 2011

전자 결재 시스템은 오프라인 문서 결재보다 효율적인 문서 관리가 가능 하고 예산 낭비를 방지할 수 있으며, 작업 능률을 극대화 할 수 있다는 장점 때문에 현재 많은 기업에서 도입하여 사용하고 있다. 하지만 상용화되어 있는 전자 결재 시스템에서 사용되는 이미지 서명은 복제 및 위조가 가능하다는 위협이 존재한다. 이러한 문제를 해결하기 위해서 단순 서명 방식을 적용한 전자 결재 시스템이 제안되었다. 하지만 단순 서명 방식을 이용한 전자 결제 시스템은 단 한 명의 결재자만을 고려한 시스템으로 실제 기업에는 다양한 직책의 결재자가 존재하기 때문에 적용하기가 어렵다. 이에 본 논문에서는 C.Boyd 의 순차 다중서명 방식을 사용하여 다수의 결제자가 서명할 수 있는 전자 결제 시스템을 제안한다.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.101-111
• /
• 2016

The recent cyber threats are becoming real threats to our lives. This gloomy situation from cyber threats necessarily demands the establishment of the cyber threat information sharing system between the public and private area. Key countries, like the US, Japan and the UK, are stabilizing the cyber threat information sharing systems by founding exclusive organizations for sharing information and setting up and implementing relevant measures. In this thesis, I would like to propose the model for cyber threat information sharing in order to cope efficiently with the ever-intensifying cyber threats. My model would include key elements for the efficient information sharing, such as the clear designation of main operator of information sharing system, the management of collaboration system between the public and private sector, the build-up of the integrated and automated system and the supplementation of legal system including the grant of privilege, and so on.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.11
• /
• pp.1544-1553
• /
• 2018

Recently internal information leakage in industries is severely increasing in spite of industry security policy. Thus, it is essential to prepare an information leakage prevention measure by industries. Most of the leaks result from the insiders, not from external attacks. In this paper, a real-time internal information leakage prevention system via both storage and network is implemented in order to protect confidential file leakage. In addition, a Hadoop-based user behavior analysis and statistics system is designed and implemented for storing and analyzing information log data in industries. The proposed system stores a large volume of data in HDFS and improves data processing capability using RHive, consequently helps the administrator recognize and prepare the confidential file leak trials. The implemented audit system would be contributed to reducing the damage caused by leakage of confidential files inside of the industries via both portable data media and networks.