• Title/Summary/Keyword: security policy

Search Result 2,422, Processing Time 0.024 seconds

The Proposal of Security Management Architecture using Programmable Networks Technology

  • Kim, Myung-Eun;Seo, Dong-Il;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2004.08a
    • /
    • pp.926-931
    • /
    • 2004
  • In this paper, we proposed security management architecture that combines programmable network technology and policy based network management technology to manage efficiently heterogeneous security systems. By using proposed security management architecture, a security administrator can manage heterogeneous security systems using security policy, which is automatically translated into a programmable security policy and executed on programmable middleware of security system. In addition, programmable middleware that has the features of programmable network can reduce excessive management traffic. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time between the proposed architecture and PBNM architecture.

  • PDF

A Study on the Information Security Measures Influencing Information Security Policy Compliance Intentions of IT Personnel of Banks (은행 IT 인력의 정보보호 정책 준수에 영향을 미치는 정보보호 대책에 관한 연구)

  • Shim, Joonbo;Hwang, K.T.
    • Journal of Information Technology Applications and Management
    • /
    • v.22 no.2
    • /
    • pp.171-199
    • /
    • 2015
  • This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

Priority of the Government Policy to support Industrial Security - Focus on a companies' demand and efficiency of policy - (산업보안 지원 정책 결정의 우선 순위 - 기업 수요와 효율성을 중심으로 -)

  • Kim, Chang-Ho;Yu, Jai-Hwan
    • Korean Security Journal
    • /
    • no.42
    • /
    • pp.155-178
    • /
    • 2015
  • This study surveyed the subject of companies' industrial security on priorities of the government policy for the confidentiality of corporate and the necessity of expanding the government support for the industrial security. In determining the priority, we should consider all opinions of companies, individuals, societies, and governments that associated with the confidentiality. Especially in industrial security, companies are the most significant beneficiaries and consumers of security policy and it would be the basis for supporting on policy-making. As a result, we analyzed the 50 valid questionnaires collected from security personnel of Korean corporations and 'Enhance support for education and promotion of human resource (On/Off-Line)', 'Establish Security management and Security measures', and 'Enhance Security professionals status via qualifications/certifications' are shown as 1st, 2nd, 3rd priority of government policy to protect Corporate confidential information including its customer information. All respondents of the study says that the Government support for Industrial Security should be enlarged.

  • PDF

The Transmission Performance Analysis and Security Policy in Tactical Communication Environment (전술통신 환경에서 전송 성능 분석 및 보안 정책)

  • Hong, Jinkeun
    • Journal of Digital Convergence
    • /
    • v.11 no.12
    • /
    • pp.303-309
    • /
    • 2013
  • This paper analyzed about operation environment and policy for US military tactical communication, and security policy and transmission performance of tactical link. It is presented operation communication message and framework, which is supported semi automated force, SINCGARS specification of link layer in operation environment, and analyzed COMSEC policy and application layer security in tactical security policy. Also it analyzed in respect to transmission performance and crypto synchronization detection. Security policy of tactical link and COMSEC is analyzed in respect of crypto device such as AFKDMS, AKMS, RBECS, KIV-7/HSB.

Security Policy Negotiation Model Design Using Mobile Agent System (이동 에이전트 시스템을 이용한 보안정책 협상모델 설계)

  • Park, Jin-Ho;Chung, Jin-Wook
    • Convergence Security Journal
    • /
    • v.4 no.3
    • /
    • pp.37-46
    • /
    • 2004
  • This paper presents the design of a certain highly efficient security policy negotiation of SPS(Security Policy System) using mobile agent system. The conventional IP security systems have some problems. A drawback to these systems is that the required policy between each security area is different. Another problem is not possible to guarantee whether a packet is transmitted through the same path by both directions and is protected by the same policy due to the topology of the network. Unlike conventional systems, the model developed herein can be resolved by using a mobile agent technology. If each domain needs a negotiation of security policy, a mobile agent manages the result of the negotiation in the form of a passport and guarantees the authentication and reliability each other by using the passport.

  • PDF

An Empirical Study on Factors Affecting the Maturity of Information Security Policy (정보보호정책의 성숙도에 영향을 미치는 요인에 관한 연구)

  • Choi, Myeong-Gil;Hwang, Won-Joo;Kim, Myoung-Soo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.3
    • /
    • pp.131-142
    • /
    • 2008
  • Enterprises accomplish their missions through obtaining and managing information. The unintended disclose of enterprises' sensitive information causes serious damage to enterprises, resulting in disruptive management. For effective security of enterprises, information security management systems and information security policy owing clear goals should be firmly established. This study analyzes factors influencing maturity of information security policy and gives important hints to execute information security policy.

Development of Measures of Information Security Policy Effectiveness To Maximize the Convergence Security (융합보안 강화를 위한 정보보안 정책 효과성 측정도구 개발)

  • Yim, Myung-Seong
    • Journal of the Korea Convergence Society
    • /
    • v.5 no.4
    • /
    • pp.27-32
    • /
    • 2014
  • The information security policy is one of the most important tools for organization to manage the implementation and ensure the organizational security. However, we do not have metrics for measuring its effectiveness. The ultimate purpose of this study is to develop the measures of information security policy effectiveness. To do this, this study review data quality and information quality literatures and investigate appropriate subfactors for information security policy. Rooted in these concepts, we suggest accuracy, completeness, interpretability, and relevance from content aspect and understandability, concise representation, and amount from form aspect as factors for information security policy effectiveness.

A Path Way to Increase the Intention to Comply with Information Security Policy of Employees (조직 구성원들의 정보보안 정책 준수행위 의도에 관한 연구)

  • Yim, Myung-Seong
    • Journal of Digital Convergence
    • /
    • v.10 no.10
    • /
    • pp.119-128
    • /
    • 2012
  • This study is to identify the factors that influence an intention to information security policy compliance of employees. To do this, this study is based on three theoretical backgrounds because of the lack of holistic perspective. Research results show that detection certainty and individual attachment have a positive effect on information security policy compliance intention. Detection certainty is influenced by security awareness education and training. Finally, response cost has a negative effect on information security policy compliance intention.

A Study on the Influence of Organizational Information Security Goal Setting and Justice on Security Policy Compliance Intention (조직의 정보보안 목표 설정과 공정성이 보안정책 준수의도에 미치는 영향)

  • Hwang, In-Ho;Kim, Seung-Wook
    • Journal of Digital Convergence
    • /
    • v.16 no.2
    • /
    • pp.117-126
    • /
    • 2018
  • The threat to information security is growing globally. To this, organizations are increasing the weight of adapting and operating the more specialized information security policy and system. Information security requires participation from the employees who execute the security system and policy, and to increase the level of organization's internal security, requires organization's systematic support to improve employees' information security compliance intention. This research finds the mechanism for improving employee's information security compliance intention by applying justice theory and goal setting theory in information security. We use structural equation modeling to verify the research hypothesis, and conducted a survey on the employees of organization with information security policy. In other words, this research performs verification of the research model based hypothesis which claims that security policy goal setting has positive influence on employee's level of security related justice recognition, and claims that justice has positive influence on compliance intention. The object of study is the employees of the organization that adapts information security policy, and 383 valid samples were collected via survey. Structural equation modeling was performed to verify the research hypothesis. The result shows that security policy goal factor (goal difficulty, goal specificity) improves employee's security related justice recognition, and that security related justice (distribution, process, and information justice) has positive influence on compliance intention. The result suggests the strategic approach directions for improving employees' compliance intention on organization's security policy.

A Security Policy Statements Generation Method for Development of Protection Profile (PP 개발을 위한 보안정책 문장 생성방법)

  • 고정호;이강수
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.4
    • /
    • pp.13-28
    • /
    • 2003
  • The Protection Profile(PP) is a common security function and detailed statement of assurance requirements in a specific class of Information Technology security products such as firewall and smart card. The parts of TOE security environment in the PP have to be described about assumption, treat and security policy through analyzing purpose of TOE. In this paper, we present a new security policy derivation among TOE security environment parts in the PP. Our survey guides the organizational security policy statements in CC scheme through collected and analyzed hundred of real policy statements from certified and published real PPs and CC Toolbox/PKB that is included security policy statements for DoD. From the result of the survey, we present a new generic organizational policy statements list and propose a organizational security policy derivation method by using the list.