• Nuclear Engineering and Technology
• /
• v.46 no.1
• /
• pp.47-54
• /
• 2014

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.133-140
• /
• 2006

For the verification of the security level against a IT product development environment, we should analyze the vulnerability and the various threatening factors which exists in the IT product development environment. Also we need the evaluation criteria and tools for the evaluation and improvement of the level of information security. For that, we need evaluation indices and the standard it will be able to improve the evaluation methodology in the actual IT product development environment which will reach it will be able to apply must be researched. In this study, our aims are the development of verification tools for the security level of IT product development environment.

• Journal of Internet Computing and Services
• /
• v.17 no.5
• /
• pp.25-32
• /
• 2016

There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.107-114
• /
• 2007

We need development methodology of security architecture which offered various levels of security management in case of the organization required more than two security certifications. In this study, therefore, development methodology of Multi-level Security Architecture(MLSA) proposed. Specifically, we should consider factors of commonness and difference between information security management level evaluation of multiple security architecture. This kinds of endeavor can suggest the direction of the improvement of the evaluating security management and the dynamic plan for the security architecture, and it will make the continuous and systematic security management.

• Korean Security Journal
• /
• no.60
• /
• pp.137-153
• /
• 2019

The private security industry in Korea has developed considerably with the development of economic growth and IT technology. The purpose of this study is to explore the development method of the freelance system for private security work based on the problems of the freelance system that CEO of the security company in the private security work field recognize. To accomplish the purpose of this study, we interviewed 3 professors and 6 CEO of the security company to analyze the data. They suggested the development of the freelance system of private security work as follows. First, the systematic management of freelance security guards is needed. Secondly, the training for the manager of the freelance security guards should be done. Third, a minimum wage compliance check is required. Fourth, the contents of freelance system should be added to the reality in accordance with the security law. Fifth, the social security system of freelance security guards should be improved. Sixth, the establishment of a freelance security guard cooperative is necessary.

• Journal of Information Processing Systems
• /
• v.5 no.4
• /
• pp.197-206
• /
• 2009

We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.213-219
• /
• 2022

The main purpose of the study is to determine the main aspects of the introduction of modern management technologies into the security system in the context of socio-economic development and digitalization of the economy. Socio-economic development and a high level of security include growth in income, labor productivity, production volumes, increased competitiveness, changes in the institutional environment, consciousness, activity, social security, the quality of the education system, healthcare, etc. Despite the root cause of economic development, it is not an end in itself, but a tool for ensuring social development. Gaining access for citizens to education, health care, observance of the principles of equality and justice, ensuring protection are directly dependent on the level of economic well-being, the level of economic potential of the country or regions. The research methodology involved the use of both theoretical and practical methods. As a result of the study, the key elements of the introduction of modern management technologies into the security system in the context of socio-economic development and digitalization of the economy were identified.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.35-42
• /
• 2021

In the article, the authors investigate the economic security system in the conditions of the powers transformation. It is substantiated that economic security acts as a certain system that includes components and at the same time acts as a subsystem of the highest order. It is determined that the economic security system of regions acting as a system has its subsystems, which include: production, financial, environmental, innovation, investment and social subsystems. The parameters of the economic security system include relative economic independence, economic stability and self-development of economic systems, and it is proved that an important feature of economic security in addition to its systemic nature is multi-vector. It is substantiated that the monitoring of ensuring the economic security system of the development of economic systems of different levels in the conditions of the powers transformation should contain the analysis of social, economic and ecological development of regions; spheres of possible dangers of the development of regional economic systems; the nature of the threats; the degree of the possibility of threats; time perspective of economic development threats; possible consequences of losses for economic entities; the impact of threats to the object of the economic entities' activity; possible asymmetry of economic development of regional economic entities. Possible threats as a consequence of the powers transformation have been identified. A PEST analysis of the impact of factors of different nature on economic security and the development of regional economic systems in the powers transformation is carried out. A recurrent ratio is proposed for the economic security system in the conditions of the powers transformation.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.16-22
• /
• 2020

In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.5 no.1
• /
• pp.65-84
• /
• 1995

The information security is needed to guarantee the safety and the confidence to users in open system. This paper analyzes transport layer security protocol and security association protocol, which are standards proposed by ISO/IEC, to provide a security service in the transport layer and particulars, not in the standard, are defined for development. And this paper suggests a development model and develps security system based upon the suggested model. The ONP of USL is used as the development environment.