• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.9-18
• /
• 2008

Information security is a critical issue for network centric warfare(NCW). This paper provides defense information system security guidelines for NCW, which is a result of the research through a group decision making process. The purpose of the research is to intended to help military officers establish information system security measures within their organization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1269-1279
• /
• 2015

Korea is recognized as the most advanced nation in regards to capabilities or environments of informatization throughout the world. Nevertheless, Korea brings on itself such stigmas as a nation vulnerable to information security. Now the globe ushered in an era requiring political balances. Yet, issues of legislative supports or system adjustments for information security policies are always pushed back on the priority list. There is a need to face problems at the center of changes departing from such frames. In order to establish a proper system for information security policies, the most urgent issues are reviews of concepts and reorganizations of systems, and then to legislate information security polities by being harmonious with public opinions. This paper is to remind what measures are needed to improve the system of priority policies depending on public backgrounds and why such measures are needed. Furthermore, the paper suggests a new legislation, 'Information Security Policy Act' as one of the specific measures.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.340-347
• /
• 2001

Security operating system applied to MAC(Mandatory Access Control) or to MLS(Multi Level Security) gives both subject and object both Security Level and value of Category, and it restrict access to object from subject. But it violates Security policy of system and could be a circulated course of illegal information. This is correctly IPC(Interprocess Communication)mechanism and Covert Channel. In this thesis, I tried to design and implementation as OS kernel in order not only to give confidence of information circulation in the Security system, but also to defend from Covert Channel by Storage and IPC mechanism used as a circulated course of illegal information. For removing a illegal information flow by IPC mechanism. I applied IPC mechanism to MLS Security policy, and I made Storage Covert Channel analyze system call Spec. and than distinguish Storage Covert Channel. By appling auditing and delaying, I dealt with making low bandwidth.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.97-105
• /
• 2011

With the advancement of network, privacy information as well as confidential information that belongs to government and company are exposed to security incident like spreading viruses or DDoS attack. To prevent these security incident and protect information that belongs to government and company, Security system has developed such as antivirus, firewall, IPS, VPN, and other network security system. Network security systems should be selected based on purpose, usage and cost. Verification for network security product's basic features performed in a variety of ways at home and abroad, but consumers who buy these network security product, just rely on the information presented at companies. Therefore, common user doing self performance evaluation for perform Verification before buying network security product but these verification depends on inaccurate data which based on some user's criteria. On this paper, we designing methodology of network security system performance evaluation focused on Korean using other cases of performance evaluation.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.99-107
• /
• 2019

The "Risk management" and "Security monitoring" activities for cyber security are deeply correlated in that they prepare for future security threats and minimize security incidents. In addition, it is effective to apply a pattern model that visually demonstrates to an administrator the threat to that information asset in both the risk management and the security system areas. Validated pattern models have long-standing "control chart" models in the traditional quality control sector, but lack the use of information systems in cyber risk management and security systems. In this paper, a cyber Security Risk Monitoring (SRM) system that integrates risk management and a security system was designed. The SRM presents a strategy for applying 'security control' using the pattern of 'control charts'. The security measures were integrated with the existing set of standardized security measures, ISMS, NIST SP 800-53 and CC. Using this information, we analyzed the warning trends of the cyber crisis in Korea for four years from 2014 to 2018 and this enables us to establish more flexible security measures in the future.

• The Journal of Information Systems
• /
• v.25 no.3
• /
• pp.117-146
• /
• 2016

Purpose The purpose of this paper is to examine factors and mechanism inducing end users' faithful appropriation of information security behavior through the information security system. This study is also trying to find out the role of Employees' adaptive activities like learning and feedback seeking behavior for the information security in organizations. Design/methodology/approach An empirical study was carried out with a sample of employees working in the financial service company. Employees(n = 268) completed a written questionnaire. Structural equation modeling was used to analyze the data. Findings Results indicated that employees' learning activities and feedback seeking behavior fully mediated the effect of major information security factors toward end users' faithfulness of appropriation of information security systems. In order to increase the level of employees information security behavior in accordance with security guideline, organizations should facilitate interactions that support the feedback seeking process between employees on information security awareness and behavior. Additionally, organizations may reinforce these behaviors by periodical training and adopting bounty hunter systems.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• Journal of Information Technology Services
• /
• v.12 no.3
• /
• pp.151-163
• /
• 2013

It is no doubt that information technology is the key factor of national safety. Information technology is positively useful for national security such as crime prevention and detection, criminal investigation, disaster management, and national defense. However, it might be a threat to the security as we saw in the examples such as '3.4 DDoS attacks' and 'Nong-hyup Computer Network Failure.' Although the effect that information technology makes upon the national security is immense, the current legal system does not reflect these changes well. National security should be kept during 'prevention-response-recovery' process regardless it is in the online on offline. In addition, public administration for national security should be based on laws. However, the current legal system is lack of legislative basis on cyber and physical disaster, and the laws on the response to disaster might cause confusing. Therefore, this study examines the limitation of the current legal system on national security, and suggests directions for the development of the system based on the new establishment of the legal concept for 'national security'.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2097-2100
• /
• 2003

Many studies have been done on secure operating system using secure kernel that has various access control policies for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policies like DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role Based Access Control), and so on. But, even if secure operating system is running under various access control policies, network traffic among these secure operating systems can be captured and exposed easily by network monitoring tools like packet sniffer if there is no protection policy for network traffic among secure operating systems. For this reason, protection for data within network traffic is as important as protection for data within local system. In this paper, we propose a secure operating system trusted channel, SOSTC, as a prototype of a simple secure network protocol that can protect network traffic among secure operating systems and can transfer security information of the subject. It is significant that SOSTC can be used to extend a security range of secure operating system to the network environment.

• Knowledge Management Research
• /
• v.22 no.1
• /
• pp.309-330
• /
• 2021

The information security disclosure system (ISDS) has been implemented since 2016 to ensure the protection of stakeholders and the right to know, and to promote voluntary investment in information protection by companies. Regarding the information security disclosure system, there have been studies that urge the implementation of the system, but studies that analyze the contents disclosed after the implementation of the system or suggest improvement directions are few. In this study, the contents of the information security disclosure system that had been announced on the information security industry promotion portal until 2019 were analyzed, the current status was summarized, and the direction of system improvement was suggested. In some cases, companies that disclosed information through the disclosure system increased the number of personnel in charge and obtained certifications related to information security, but did not find any effect on the increase/decrease in investment. The current disclosure system has not been activated because it has difficulty in giving individual companies incentives to disclose. Thus, this study suggests the inclusion of ISDS to information security management system (ISMS), which is currently mandatory for certain companies. In the current disclosure system, it is difficult for the company's stakeholders or customers to check the contents of the disclosure. As a way to do this, a method of including in the contents of the personal information processing policy or the notification of the use of personal information was suggested.