• Title/Summary/Keyword: security controls

Search Result 208, Processing Time 0.022 seconds

Risks and Safeguards of the Spywares (스파이웨어의 위험관리에 대한 연구)

  • Kim, Sang-Kyun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.4 s.36
    • /
    • pp.305-313
    • /
    • 2005
  • Spyware is any software which employs a user's Internet connection in the background without their knowledge or explicit permission. The installation of spywares is generally done in a sneaky, misleading or unannounced manner. It does not only compromise the security and privacy of affected users but also be an obstruction to the digital convergence and ubiquitous computing environments. This paper provides a summary of the definition, status, risk analysis, and security controls of the spywares. Furthermore, this paper suggests additional controls which should be considered at an individual, organizational and national perspective.

  • PDF

The Design of Router Security Management System for Secure Networking

  • Jo, Su-Hyung;Kim, Ki-Young;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2005.06a
    • /
    • pp.1594-1597
    • /
    • 2005
  • A rapid development and a wide use of the Internet have expanded a network environment. Further, the network environment has become more complex due to a simple and convenient network connection and various services of the Internet. However, the Internet has been constantly exposed to the danger of various network attacks such as a virus, a hacking, a system intrusion, a system manager authority acquisition, an intrusion cover-up and the like. As a result, a network security technology such as a virus vaccine, a firewall, an integrated security management, an intrusion detection system, and the like are required in order to handle the security problems of Internet. Accordingly, a router, which is a key component of the Internet, controls a data packet flow in a network and determines an optimal path thereof so as to reach an appropriate destination. An error of the router or an attack against the router can damage an entire network. This paper relates to a method for RSMS (router security management system) for secure networking based on a security policy. Security router provides functions of a packet filtering, an authentication, an access control, an intrusion analysis and an audit trail in a kernel region. Security policy has the definition of security function against a network intrusion.

  • PDF

A Study on Applying Information Security Requirement for WiBro System (와이브로 시스템의 정보보호 요구분석)

  • Kim, Min-Sun
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.8
    • /
    • pp.2801-2808
    • /
    • 2010
  • The technology of WiBro, combining advantages of high speed internet and wireless internet provides the effectiveness and convenience provided by broadband and convergence. WiBro has developed due to supports of the related industries. The advancement of WiBro have created driving force for network advancement. WiBro is a niche market among high speed Internet, wireless LAN, Mobile phone, wireless internet. Through building relationship between market share and the existed telecommunication service, WiBro could improve the convenience of users. The security controls have to be built considering vulnerabilities of WiBro. Based on the study, the architecture of WiBro was suggested through reviewing the vulnerabilities and security controls in the wireless network and wire network. The appropriate security measures to be applied in the environment of WiBro. The outcomes of the study could improve the usage of WiBro.

A Study on Improvement Measures for Internal Controls in Cryptocurrency (가상자산 운영의 위험관리를 위한 내부통제 개선방안에 관한 연구)

  • Byoung Hoon Choi;JinYong Lee;Sam Hyun Chun
    • Convergence Security Journal
    • /
    • v.24 no.3
    • /
    • pp.51-57
    • /
    • 2024
  • Cryptocurrency service providers and virtual asset operators, built on blockchain technology, face transaction risks such as cyber threats, wallet theft by internal personnel, theft of customers' private keys, and fraudulent cryptocurrency transfer signatures. To ensure secure operations against these threats, their security is validated through the ISMS-P certification. This study to analyze the risks presented in ISO TR 23576, which is specialized for cryptocurrency service providers and operators, in addition to the ISMS-P certification they obtain. The study will focus on the detailed inspection items of ISMS-P and ISO TR 23576 for cryptocurrency service providers and assess their importance. Based on this analysis, the study proposes an internal security control process for cryptocurrency service providers to address the top-priority risks, enabling practitioners to perform security control tasks more efficiently.

Design of a Role-Based Access Control Model for Web-based Applications (웹 기반 응용을 위한 직무 기반 접근 제어 모델의 설계)

  • Lee, Ho
    • Convergence Security Journal
    • /
    • v.2 no.2
    • /
    • pp.59-66
    • /
    • 2002
  • The access controls are the methods which are generally used in such systems as computer operating systems, workflow systems, information security systems and etc.. In the paper, is proposed a role-based access control model which not only has fundamental security functions such as security, integrity and flow control, but also meets the access control requirements of role-based social organizations. The proposed role-based access control model is designed in order to perform its functions in simple and secure way, largely in the environment of web-based applications.

  • PDF

A Study on Risk Management for Export Control on Strategic Trade in Supply Chain Management

  • Roh, Tae-Hyun;Park, Jin-Hee
    • Journal of Navigation and Port Research
    • /
    • v.37 no.6
    • /
    • pp.709-718
    • /
    • 2013
  • In this study, AHP analysis was conducted through a survey that was organized by 9 job categories. The results show that sustainable operation risks have the highest priority level among all criteria with management interest having the highest priority level within sustainable operation risks related attributes. The most important risk attributes among stakeholder risks appeared to be asset security and cargo and conveyance security, with education and training being the most important among regulatory risks. Effective management and response to the risks from export controls on strategic trade require an understanding of supply chain security and compliance programs, effective training programs, investments for development of security systems that meet international standards. In addition, the government needs to focus on developing professionals and providing support for companies with compliance programs, working closely with businesses.

A study on the Stream Cipher System using Error Correcting Codes (오류정정부호를 이용한 스트림 암호시스템에 관한 연구)

  • 태영수
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.1 no.1
    • /
    • pp.66-78
    • /
    • 1991
  • In this paper, this paper, the stream cipher systems and the error propagation are analyzed. During the ciphertext transmission. for the error control of errors occurred in the channel, the DSEC(31, 27) RS codes will be used for bothe internal and external error controls for the self-synchromizing cipher system with ciphertext feedback.

Business Performance Impact Caused by Display Restriction of Customer Information Identifier: Focusing on Domestic Securities Business (고객정보 식별자 표시제한으로 인한 업무영향에 관한 연구 - 국내 증권 업무를 중심으로 -)

  • Shin, Sangchul;Lee, Youngjai
    • The Journal of Information Systems
    • /
    • v.22 no.4
    • /
    • pp.49-69
    • /
    • 2013
  • Recently, enterprises have reinforced security control in order to prevent infringement of personal information and abuse of customer information by insiders. However, the reinforcement of security control by enterprises makes it difficult for internal users to perform business by using a business information system. There is, therefore, a need for research on various fields, which makes it possible to establish an appropriate security control policy while minimizing an impact on business. The present research verifies and analyzes an impact on difficulty in business of internal users using customer information, which is caused by security control performed by display restriction on customer information identifiers. The present research is intended to academically develop a technique for statistically analyzing an impact degree and a causal relationship between security control and an impact on business, which is a dichotomous variable, and to practically contribute to the establishment of an efficient security policy in consideration of an impact on business when an enterprise applies security control. A research target was internal business information systems of domestic securities enterprises, data was collected by questionnaire, and verification/analysis was performed by logistic regression analysis.

Security of two public key schemes with implicit certifications (함축적인 인증을 제공하는 두 가지 공개키 암호 알고리즘의 안전성)

  • Park, Je-Hong;Lee, Dong-Hoon;Park, Sang-Woo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.3-10
    • /
    • 2007
  • In this paper, we show that the status certificate-based encryption(SCBE) scheme proposed at ICISC 2004 and the certificateless signature(CLS) scheme proposed at EUC workshops 2006 are insecure. Both schemes are claimed that an adversary has no advantage if it controls only one of two participants making a cryptographic key such as a decryption key in SCBE or a signing key in CLS. But we will show that an adversary considered in the security model of each scheme can generate a valid cryptographic key by replacing the public key of a user.

A Study on Enterprise Information Security Portal Model for Enterprise Information Security Governance (기업 정보보호 거버넌스를 위한 기업 정보보호 포털 모델에 대한 연구)

  • Kim, Do Hyeong
    • Convergence Security Journal
    • /
    • v.20 no.3
    • /
    • pp.39-46
    • /
    • 2020
  • In order to protect the business information of the enterprise, the company is engaged in various information security activities, such as establishing an information security management system, establishing and operating an information security system, checking vulnerabilities and security controls. It is an enterprise information security governance that organizes various information security activities for enterprise business, and it needs to be systematized to operate them effectively. In this study, to systematize the enterprise information security governance, we would like to explore the existing Enterprise Information Portal(EIP) model and propose an Enterprise Information Security Portal(EISP) model based on it. The Enterprise Information Security Portal(EISP) model provides an integrated environment for supporting the activities of the information security departments by systemizing the enterprise information security governance, which is a variety of information security activities of the enterprises, so that the information security activities of the enterprises can participate directly from CEO to executives and employees, not just from the information security departments.