• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.141-144
• /
• 2004

The Common Criteria (CC) philosophy is to provide assurance based upon an evaluation of the IT product or system that is to be trusted. Evaluation has been the traditional means of providing assurance. It is essential that not only the customer' srequirements for software functionality should be satisfied but also the security requirements imposed on the software development should be effectively analyzed and implemented in contributing to the security objectives of customer's requirements. Unless suitable requirements are established at the start of the software development process, the resulting end product, however well engineered, may not meet the objectives of its anticipated consumers. By the security evaluation, customer can sure about the quality of the products or systems they will buy and operate. In this paper, we propose a selection guide for If products by showing relationship between security engineering and security evaluation and make help user and customer select appropriate products or system.

• International Journal of Internet, Broadcasting and Communication
• /
• v.9 no.3
• /
• pp.9-16
• /
• 2017

Recently, more users have been using IoT embedded systems. Since the wireless network function is a basic and core function in most embedded systems, new security threats and weaknesses are expected to occur. In order to resolve these threats, it is necessary to investigate the security issues in the development stages according to the Security Development Lifecycle (SDL). This study analyzes the vulnerabilities of the embedded systems equipped with the wireless network function, and derives possible security threats and how dangerous such threats are. We present security risks including bypassing the authentication stage required for accessing to the embedded system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.279-287
• /
• 2022

With the advancement of cyber threats and the development of hacking technologies, cyber security is being emphasized in various fields such as automobiles and ships. According to this trend, various industrial fields are demanding cybersecurity, and related certifications. In this paper, cybersecurity type approval is compared with the RMF stage under the premise that there are common elements with RMF in that cybersecurity elements must be reflected in the entire system development cycle. For comparison, type approval of maritime cyber security of the Korean Register of Shipping was selected. In conclusion, although type approval of maritime cyber security acquisition procedure is not divided by development stage like the RMF, there are the commonalities in the procedure to apply the cybersecurity element to the System development lifecycle like the RMF. Accordingly, the possibility of determining that the cybersecurity element was applied to the entire development cycle was confirmed.

• Journal of the Korea Convergence Society
• /
• v.11 no.10
• /
• pp.107-113
• /
• 2020

With the development of IT technology, along with the expansion of women's participation in society, the education training of information security women's workforce is becoming a very important issue. Therefore, it is important to analyze the relevant curriculum to identify the direction of fostering women's information security workforce. Therefore, in this paper, the education and training programs of the department for training women's information security workforce based in Seoul area of the Korean metropolitan area were analyzed. The main research objective of this paper is to review whether the education and training system, which consists of the department of women's information security human resources development, is in line with the direction of NIST's human resources development. The research focus was on what the women's information security department organizes courses with each security major and what task training is interested in. In addition, in this paper, we were confirmed that the curriculum of the relevant major is based on the NIST Human Resources Development Framework, and that the majors of the relevant universities have an education and training system that conforms to the relevant task. In conclusion, the related majors are judged to be focused on the development of certification evaluation personnel of convergence industry security or information security development personnel, and general cyber security personnel.

• Korean Security Journal
• /
• no.48
• /
• pp.35-56
• /
• 2016

The purpose of this study is to find the development of the special security business plan based on the problem that guards are now aware of special security service. In order to achieve the objectives of this study, we analyzed the data after expert survey and interview conducted by seven experts engaged in special security services more than 10 years. The guard who perform special security service proposed a development plan of special security services as follows. First, the current education system for new employees' training is required to improve the educational program of 60 hours in subjects related to special security duties by reorganization. Second, the special security service training for guards also appropriate to switch to 9-hour training program for three months through an educational organization controlled by country. Third, the special security guards should be proceeding the practical programs required in the field and quality education in the different section by competent and professional instructors. Fourth, the retirement age for special security guard stipulated in the Security Services Industry Act that needs to be readjusted upward by considering the social environment. Sixth, there needs to be organized the Special Security Association for development associated with the special security service and to protect the rights of special security guards.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1541-1547
• /
• 2015

In the recent IT industry, security has established itself as the factor to be considered the most in the software development. It goes without saying that security is the critical factor for the development of information security products. In the evaluation of the information security products, the security is assured by the security architecture requirement (ADV_ARC). However, the Absence of the systematic software security architecture process makes it difficult to guarantee the security quality consistently even though they are evaluated based on common criteria. In this paper, we propose a way to ensure a consistent security quality applying the software security framework in BSIMM.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.101-109
• /
• 2017

The Internet of things is a system that connects and communicates all sorts of things such as people, objects, and data. It's to create and share information by its own each other. It can be used to enhance the function of private security and has brought about innovative development of private security. The Internet of things is a system that allows devices connected to the Internet to communicate independently of people-objects, objects-objects connected to the Internet. That and can be used in many industries, especially in the private security sector, its value is high. The use of the Internet of things to private security sector can reinforce security zones with always-on surveillance systems, also be enhanced by its own preparedness and response to the situation. However, this study will discusse the application and development of private security in the Internet of things. The practical application of the virtual space is an immediate task and it is also an essential factor in securing security.

• Convergence Security Journal
• /
• v.16 no.3_2
• /
• pp.55-63
• /
• 2016

The purpose of this study is that there viewing at the future development direction and awareness of the cultural contents industry targeting college students for the activation of the domestic cultural content industry. And we want to find the need of the security industry & Concert Hall Safety. Recent worldwide it has occurred 'Soft target' terror targeting unspecified civilian in the cultural space of theater and music venues, stadiums etc. But security and safety systems against terror in Korea are very deficient situation. US security market has increased sales significantly interest in increasing against crime and terrorism prevention and depending on the price cut and technology development. It is expected to require a security industry in a variety of applications to the cultural contents industry development about Korean pop music and theatrical performances, and internet and mobile games stc.

• Convergence Security Journal
• /
• v.3 no.1
• /
• pp.51-57
• /
• 2003

By analysing the development process of Intrusion Detection System Protection Profile, we suggest the development method of Security Functional Requirements of Common Criteria- based Protection Profile and discuss how the method satisfies the requirements of If product or system Protection Profile in the development process.

• Korean Security Journal
• /
• no.8
• /
• pp.281-308
• /
• 2004

With regard to problems related to qualification of Private Security, this study is qualitatively to develop education & training program from the viewpoint of education for the purpose of checking professionalism of Security guard. Offering the solutions for improvement by analyzing problems of articles related to training for Private Security guard prescribed in existing 'Law of Guarding', I made studies of development of practical affairs-centered education & training program for Private Security guard on the basis of Private Security guard' duties. Education & training program for Private Security guard must be made up of practical affairs-centered one related to concrete duties. Also because it needs to be made on the basis of a model planned for the program with combined method, this study gave example of model and contests of education & training program based on duties of Facilities Security. Main duties of cPrivate Security guard can be divided into four duties; duties on their own posts, patrolling, control of going in and out, dealing with accidents and so on. Private Security guard are given main duties by each post, and after adjusting conditions according to personnel organization, they perform their own duties. As education & training program based on Private Security guard' duties, common education & training program for the new-appointed, practical affairs-centered education & training program, education & training program for superintendents, service education & training program and so on are provided.