• International Journal of Contents
• /
• v.7 no.3
• /
• pp.71-81
• /
• 2011

This paper is mainly associated with setting out an agenda for the transformation of security by creating a new framework for a security system, which can maximise its effectiveness. Noticeably, this research shows empirically that crimes are getting a major cost to organisations, which if reduced by security and investigations could reap substantial rewards to the finances of an organisation. However, the problem is that the delivery of security is frequently delegated to personnel (e.g. security guards) with limited training, inadequate education, and no real commitment to professionalism - 'sub-prime' security, finally causing security failures. Therefore, if security can be enhanced to reduce the crime cost, this will produce financial benefits to business, and consequently could produce a competitive advantage. For this, the paper basically draws upon Luke's theoretical framework for deconstructing 'power' into three dimensions. Using this three-dimensional approach, the paper further sets out a model of how security can be enhanced, utilising a new Security Risk Management (SRM) model, and how can this SRM model create competitive advantage in business. Finally, this paper ends with the six strategies needed to enhance the quality of security: refiguring as SRM, Professional Staff, Accurate Measurement, Prevention, Cultural Change, and Metrics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.1
• /
• pp.23-37
• /
• 1998

This paper considers the design and management of security MIB for EDI system. EDI system has to establish various securety wervices and mechanisms to protect against security threats. Hence, the EDIsystem requires appropriate security management to monitor and control the security obhects for its security services and mechanisms. In this paper, I identify security objects for management of secueity services defined in the EDIsystem, and propose the design of a security MIB and describe the use of SNMPnetwork management protocol in its management.

• The Journal of Information Systems
• /
• v.11 no.1
• /
• pp.175-198
• /
• 2002

This paper is to develop a security module for electronic approval systems. Electronic documents are created, transmitted and saved in the company's intranet computer network. Transmitting electronic documents, however, brings us a security problem. Communications among various computer systems are exposed to many security threats. Those threats are eavesdropping, repudiation, replay back etc. The main purpose of this paper is to develop a module which provides the security of electronic documents while they are passed from one place to another This paper applies Multi-Level security to the electronic approval system that guarantees security of electronic documents from many threats. Multi-Level security controls the access to the documents by granting security level to subject users and object electronic documents. To prevent possible replay back attacks, this paper also uses one time password to the system. The security module is composed of client program and server one. The module was developed using Microsoft Visual Basic 6.0 and Microsoft SQL Server 7.0. The code uses Richard Bondi's WCCO(Wiley CryptoAPI COM Objects) library functions which enables Visual Basic to access Microsoft CryptoAPI.

• Journal of Information Technology Applications and Management
• /
• v.27 no.6
• /
• pp.89-99
• /
• 2020

Cloud computing is rapidly increasing for achieving comfortable computing. Cloud computing has essentially security vulnerability of software and hardware. For achieving secure cloud computing, the vulnerabilities of cloud computing could be analyzed in a various and systematic approach from perspective of the service designer, service operator, the designer of cloud security and certifiers of cloud systems. The paper investigates the vulnerabilities and security controls from the perspective of administration, and systems. For achieving the secure operation of cloud computing, this paper analyzes technological security vulnerability, operational weakness and the security issues in an enterprise. Based on analysis, the paper suggests secure establishments for cloud computing.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.8B
• /
• pp.525-534
• /
• 2005

This paper proposes the architecture and the methods of security network management for auto-configuration of security systems by extending the existing policy-based network management architecture. The architecture and the methods proposed in this paper enable a security management sewer to automatically decide the best-suited security policy to apply to a security system and the most effective and efficient security system to perform security policy rule, based on the role and capability information of security systems and the role and time information of security policy. For integrated control of network system and security system, this paper also proposes SNMP protocol based security network topology map generator. To show the excellence of the proposed architecture and methods, we simulate and evaluate the automatic response against attacks.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.1
• /
• pp.36-43
• /
• 2013

This paper provides an overview of the security in the System Architecture Evolution (SAE) / Long-Term Evolution (LTE) system. Security is an integral part of SAE/LTE with improvements over the Third Generation (3G) system. This paper reviews the SAE/LTE system architecture, and discusses the security requirements, algorithms, Authentication and Key Agreement (AKA), Security Mode Command (SMC), key hierarchy and security for mobility.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.15-24
• /
• 2007

As the importance of information security increases, organizations are employing various security countermeasures into their information systems. However, they are not being adapted based on a strategic framework. Therefore this paper researches on the concept of the strategy in organizational information security. This paper studies literatures to find out how information security strategies have been discussed and what types of them have been proposed until now. This paper contributes to the formation of concept of strategy and classification of them by focusing on strategies themselves in organizational information security.

• Journal of Information Technology Applications and Management
• /
• v.16 no.2
• /
• pp.23-43
• /
• 2009

For reliability and confidentiality of information security systems, the security engineering methodologies are accepted in many organizations. To improve the effectiveness of security engineering, this paper suggests a security methodology ISEM, which considers both product assurance and production processes, takes advantages in terms of quality and cost. To verify the effectiveness of ISEM, this paper introduces the concepts of quality loss, and compares the development costs and quality losses between ISEM and CC through the development of VPN system.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1602-1605
• /
• 2005

An audit tracer is one of the last ways to defend an attack for network equipments. Firewall and IDS which block off an attack in advance are active way and audit tracing is passive way which analogizes a type and a situation of an attack from log after an attack. This paper explains importance of audit trace function in network equipment for security and defines events which we must leave by security audit log. We design and implement security audit system for secure router. This paper explains the reason why we separate general audit log and security audit log.

• Strategy21
• /
• s.45
• /
• pp.148-187
• /
• 2019

This paper is to analyse the necessity and development direction of the ROK's maritime security strategy white paper. To this end the paper is composed of 5 chapters titled introduction; the necessity of the ROK's maritime security strategy white paper; the ROK's actual situation in relation to maritime security strategy and cases of major advanced oceanic countries; the vision, goals, strategic tasks, and implementation system of the ROK's 'national maritime security strategy'; and conclusion. The achievement of the national marine strategic vision, such as the 'Ocean G5,' is of course possible when Korea can maintain and strengthen the maritime safety and maritime security of the people. The Sewol Ferry incident reminds us that we need a 'national maritime security strategy white paper' like the advanced marine countries. In order for the national maritime security strategy to be carried our efficiently, as in advanced oceanic countries, mere should be a dedicated department with sufficient authority and status to mobilize the cooperation of related organizations including naval-coastal cooperation. It would be good to set up a tentatively named Maritime Security Council, an organization of minister-level officials involved under the National Security Council, and an executive body composed of working-level officials from related ministries. In order to successfully carry out the national maritime security strategy for the maritime safety and maritime security of the people like the United States and the United Kingdom, we need to further strengthen our domestic cooperation and cooperation system, international cooperation, and maritime security. We have to promote the establishment and promotion of maritime security strategies by the Navy; strengthening the operational link between the Navy and the Coast Guard; strengthening the maritime surveillance capability at the national level, and promoting sharing with the private sector, etc.