• Journal of Korean Society of Disaster and Security
• /
• v.5 no.2
• /
• pp.43-48
• /
• 2012

As the major information communication infrastructure had been getting more important, 'Act on the Protection of Information and Communications Infrastructure'(APICI) was legislated in Korea 2001. Consequently, the major information system, nationwide monitering service systems and government administration operation & management systems have been registered and managed under the APICI. The authorized organizations related to above service and system, perform vulnerability analysis and evaluation for chief communication infrastructures by themselves or registered agencies. In this research, we propose an advanced model for vulnerability analysis and evaluation and apply it to the main information and communication infrastructures through the case study. We hope each related organization could apply this model for analysis and evaluation of vulnerability in these infrastructures.

• Journal of the Society of Disaster Information
• /
• v.14 no.2
• /
• pp.203-210
• /
• 2018

Purpose: The purpose of this study is to build a model for the meta - evaluation of the national infrastructure system and to improve the evaluation system of the national infrastructure system using the model. Method: For the study, the disaster-related laws and regulations, the evaluation report of the national infrastructure system published by the government, the guideline for the establishment of the national infrastructure protection plan, the meta-evaluation previous research data, To analyze the actual state of the evaluation. Results: Among the indices of evaluation of the current national infrastructure system, the supplementary requirements were derived from seven indicators such as appropriateness of education and training plan and implementation of disaster response, evaluation and communication with stakeholders, and evaluation committee training time. Conclusion: It is expected that the improvement plan derived from this study can be used to improve the evaluation index of the national infrastructure system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.2
• /
• pp.371-378
• /
• 2004

As an agent is applied into various fields, it is suggested as the paradigm of new application technology in the area of computer communication. However, the mobile agent brines the problem of security on an agent due to mobility. This study proposals the mobile agent protection protocol framework for more effective protection and safety. The designed Framework of protocol uses the public ky, the private key and the digital signature in PKI environment based on JAVA. This is the mechanism accomplishing safely the work of an agent by tracking the pattern of execution and the mobility plan through the VS(verification server). This also secures the suity and the flawlessness of an agent through the VS guaranteeing safety from malicious attacks.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.61-66
• /
• 2019

Cyber space is a place where free activities are guaranteed. However, it is also true that not all individuals and countries strive for peaceful cyberspace, and that there is a growing tendency to gain unfair advantage through this space. Therefore, the state should reform laws and institutions to keep cyberspace safe. By establishing the "Basic Law on Cyberspace" which includes the law of the state law on cyberspace, it is necessary to be able to recognize and respond to the direction of the national legal discipline on cyberspace. The development of digital forensics is an urgent task due to the rapid development of IT. However, if the law is delayed for various reasons, some of the existing laws should be amended to improve the stability of the law in accordance with the circumstances. To this end, it is necessary to revise the "Information and Communication Infrastructure Protection Act", "Information and Communication Network Enhancement and Information Protection Act", "Integrated Defense Law", "Establishment of Defense Information Infrastructure Infrastructure and Defense Information Resource Management Act".

• Journal of Convergence for Information Technology
• /
• v.10 no.8
• /
• pp.1-6
• /
• 2020

The government is carrying out information security consulting support projects to solve the difficulties of SME information protection activities. Since the information security consulting methodology applied to SMEs does not apply the proven methodology such as the critical information and communication infrastructure(CIIP), ISMS, ISO27001, etc. It applies various methods for each consulting provider. It is difficult to respond appropriately depending on the organizational situation such as the type and size of SMEs. In order to improve such problems of SME information security consulting and to improve more effective, effective and standard methodology, the information security consulting methodology applied in the current system was compared and analyzed. Through the improvement plan for SME information security consulting method suggested in this study, it is possible to provide information security consulting suitable for all enterprises regardless of SME size or business type.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.705-717
• /
• 2020

Cities in the world are rushing to develop smart cities to create a sustainable and happy city by solving many problems in cities using information and communication technologies such as big data and IoT. However, in Korea's smart cities and smart city certification systems, the focus is on platform-oriented hardware infrastructure, and the information security aspect is first considered to build and authenticate. It is a situation in which a response system for the risk of leakage of big data containing personal information is needed through policy research on the aspect of personal information protection for smart city operation. This paper analyzes the types of personal information in smart cities, problems associated with the construction and operation of smart cities, and the limitations of the current smart city law and personal information protection management system. As a solution, I would like to present a model of a personal information protection management system in the smart city field and propose a plan to strengthen personal information protection through this. Since the management system model of this paper is applied and operated in the national smart city pilot cities, demonstration cities, and CCTV integrated control centers, it is expected that citizens' personal information can be safely managed.