• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.99-106
• /
• 2013

There has been a lot of growth more than 10% in the information security industry. In accordance with the industrial growth, it increased needs for the information security manpower development as a national problem. But there is an imbalance between demand and supply of the information security manpower in terms of the quantity and quality. It is mainly caused by the curriculum of the information security is made considering for suppliers not for demanders. As a resolution to solve this problem, we suggest the curriculum of information security for vocational education and training. As the information security area is wide in view of required knowledge and technology, we design the curriculum by selecting major occupation type from the information security manpower distribution and products and then by investigating the job description using NCS(National Competency Standard). And we compared the curriculum to that of two or three year diploma courses in Korea.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.131-140
• /
• 1997

인터넷 등의 전산망을 통한 정보관련 서비스는 여러 가지 보안 취약점에 노출되어 해커들의 주요 공격 대상이 되고, 특히 WWW 관련 서비스는 불특정 다수를 대상으로 하기 때문에 접근 통제방식으로 어려움이 많고, 최근 많이 사용되는 방화벽이나 기타 보안도구를 이용하여 보안 수준을 높일 수가 없다. 그래서 본 논문에서는 해커들이 공격 가능한 취약점들을 분석하여 해커들의 공격을 사전 방지하고, 올바른 해킹방지 대책를 수립할 수 있는 전산망 취약점 원격 진단시스템 모델을 제시하고, 이에 대한 설계 및 구현내용을 설명한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6B
• /
• pp.233-248
• /
• 2008

Advances in electronics and wireless communication technologies have enabled the development of large-scale wireless sensor networks (WSNs). There are numerous applications for wireless sensor networks, and security is vital for many of them. However, WSNs suffer from many constraints, including low computation capability, small memory, limited energy resources, susceptibility to physical capture, and the lack of infrastructure, all of which impose unique security challenges and make innovative approaches desirable. In this paper, we present a survey on security issues in wireless sensor networks. We address several network models for security protocols in WSNs, and explore the state of the art in research on the key distribution and management schemes, typical attacks and corresponding countermeasures, entity and message authentication protocols, security data aggregation, and privacy. In addition, we discuss some directions of future work.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.303-309
• /
• 2022

Software Defined Networking (SDN) is a novel approach that have accelerated the development of numerous technologies such as policy-based access control, network virtualization, and others. It allows to boost network architectural flexibility and expedite the return on investment. However, this increases the system's complexity, necessitating the expenditure of dollars to assure the system's security. Network Function Virtualization (NFV) opens up new possibilities for network engineers, but it also raises security concerns. A number of Internet service providers and network equipment manufacturers are grappling with the difficulty of developing and characterizing NFVs and related technologies. Through Moodle's efforts to maintain security, this paper presents a detailed review of security-related challenges in software-defined networks and network virtualization services.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.19-24
• /
• 2022

The main purpose of the study is to analyze the current state of the organization's information security system in the context of COVID-19 on the basis of public-private partnership. The development of public-private interaction in information security is one of the priorities of the state policy of many estates. Among the priorities of public-private partnership in cybersecurity and information security, there is an expansion of interaction between government agencies and private scientific institutions, public associations and volunteer organizations, including in training, as well as increasing the digital literacy of citizens and the security culture in cyberspace. As a result of the study, the foundations of the organization's information security system in the context of COVID 19 were formed on the basis of public-private partnership.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.1001-1011
• /
• 2014

Smart Grid Devices could have security vulnerabilities that have legacy communication networks because of the fact that Smart Grid employs bi-directional communications and adopted a variety of communication interface. Consequently, it is required to build concrete response processes and to minimize the damage of the cyber attacks including security evaluation and certification methods. DCU is designed to collect meter data from numerous smart meter and send to utility's server so DCU installed between smart meter and utility's server. For this reason, If DCU compromised by attacker then attacker could use DCU to launching point for and attack on other devices. However, DCU's security evaluation and certification techniques do not suffice to be deployed in smart grid infrastructure. This work development DCU protection profile based on CC, it is expected that provide some assistance to DCU manufacturer for development of DCU security target and to DCU operator for help safety management of DCU.

• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.1-13
• /
• 2022

With the development of network technologies, the security to protect organizational resources from internal and external intrusions and threats becomes more important. Therefore in recent years, the anomaly detection algorithm that detects and prevents security threats with respect to various security log events has been actively studied. Security anomaly detection algorithms that have been developed based on rule-based or statistical learning in the past are gradually evolving into modeling based on machine learning and deep learning. In this study, we propose a deep-autoencoder model that transforms LSTM-autoencoder as an optimal algorithm to detect insider threats in advance using various machine learning analysis methodologies. This study has academic significance in that it improved the possibility of adaptive security through the development of an anomaly detection algorithm based on unsupervised learning, and reduced the false positive rate compared to the existing algorithm through supervised true positive labeling.

• Korean Security Journal
• /
• no.15
• /
• pp.243-264
• /
• 2008

Recently the private security industry is showing rapid growth compared with the different types of industry. However, it is not prepared the device for the system to verify the professional qualification of the security guards. To protect individual life and property, body and security guards have to be qualified professionally. For it the role of professional qualification systems is emphasized. The problem of the certification of the qualification about the security guard to play the role to protect a body / life of the individual and property are the part to need necessarily as the quality problem of the individual and the trust of the people. The settlement of the qualification system which is such system can induce the development of the security industry with social trust. The certified security certification is needed and how to control the security quality to get better service to the clients. The professional qualification system to be carrying out with America and Japan is fixed through the cooperation of the business world and steady research for the qualification system plan, these are giving the trial of the qualification system of a security of Korea full of the suggestion. This study will do this to the basis which a necessity about the qualification system of the security man emphasis and considerate professional qualification system concerning the private security development plan around the Bodyguard Qualifying Examination which are carried out at twice by the Korea Security Association and the Korean Institute of Security. In summary to meet the social demand professional qualification for the security guards will be drawn from the analyses of civil security qualification systems.

• Journal of Information Technology Applications and Management
• /
• v.18 no.2
• /
• pp.91-108
• /
• 2011

Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.945-950
• /
• 2017

Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.