Go to the main menu
Skip to content
Go to bottom
REFERENCE LINKING PLATFORM OF KOREA S&T JOURNALS
> Journal Vol & Issue
Journal of the Korea Institute of Information Security and Cryptology
Journal Basic Information
Journal DOI :
Korea Institutes of Information Security and Cryptology
Editor in Chief :
Volume & Issues
Volume 24, Issue 6 - Dec 2014
Volume 24, Issue 5 - Oct 2014
Volume 24, Issue 4 - Aug 2014
Volume 24, Issue 3 - Jun 2014
Volume 24, Issue 2 - Apr 2014
Volume 24, Issue 1 - Feb 2014
Selecting the target year
Security Analysis and Enhancement on Smart card-based Remote User Authentication Scheme Using Hash Function
Kim, Youngil ; Won, Dongho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1027~1036
DOI : 10.13089/JKIISC.2014.24.6.1027
In 2012, Sonwanshi et al. suggested an efficient smar card based remote user authentication scheme using hash function. In this paper, we point out that their scheme is vulnerable to offline password guessing attack, sever impersonation attack, insider attack, and replay attack and it has weakness for session key vulnerability and privacy problem. Furthermore, we propose an improved scheme which resolves security flaws and show that the scheme is more secure and efficient than others.
A Verifiable Secret Sharing Scheme with no Secure Channels
Kim, Ho-Hee ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1037~1044
DOI : 10.13089/JKIISC.2014.24.6.1037
A (t,n) threshold secret sharing scheme is the scheme which allows a trusted party to distribute the shares among n participants in such a way that any t of them can recover the original secret, but any group knowing only t-1 or fewer shares can not. Recently, Eslami et al. and Tadayon et al. proposed threshold multi-secret sharing schemes, respectively. They proposed that their schemes don`t require secure channels. But, without secure channels in their schemes, everyone can get the shares and find the secrets. The proposed scheme does not use secure channels and only t participants can solve the equations of the system from the delivered share shadows and find the secrets.
A Side Channel Attack with Vibration Signal on Card Terminal
Jang, Soohee ; Ha, Youngmok ; Yoon, Jiwon ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1045~1053
DOI : 10.13089/JKIISC.2014.24.6.1045
In this paper, we assume that the information leakage through side-channel signal may occur from the card payment terminal and newly introduce a real application attack model. The attack model is a side channel attack based on vibration signals, which are detected by a small sensor attached on card terminal by attacker. This study is similar to some other studies regarding side channel attack. However, this paper is different in that it is based on the non-language model. Because the financial transaction information such as a card number, password, mobile phone number and etc cannot have a constant pattern. In addition, there was no study about card terminal. Therefore, this new study is meaningful. We collected vibration signals on card terminal with a small wireless sensor and analyzed signal data with statistical signal processing techniques using spectrum of frequency domain and principal component analysis and pattern recognition algorithms. Finally, we evaluated the performances by using real data from the sensor.
The Enhanced Power Analysis Using Linear Discriminant Analysis
Kang, Ji-Su ; Kim, HeeSeok ; Hong, Seokhie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1055~1063
DOI : 10.13089/JKIISC.2014.24.6.1055
Recently, various methods have been proposed for improving the performance of the side channel analysis using the power consumption. Of those method, waveform compression method applies to reduce the noise component in pre-processing step. In this paper, we propose the new LDA(Linear Discriminant Analysis)-based signal compression method finding unique feature vector. Through experimentations, we are comparing the proposed method with the PCA(Principal Component Analysis)-based method which has known for the best performance among existing signal compression methods.
Accelerated VPN Encryption using AES-NI
Jeong, Jin-Pyo ; Hwang, Jun-Ho ; Han, Keun-Hee ; Kim, Seok-Woo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1065~1078
DOI : 10.13089/JKIISC.2014.24.6.1065
Considering the safety of the data and performance, it can be said that the performance of the AES algorithm in a symmetric key-based encryption is the best in the IPSec-based VPN. When using the AES algorithm in IPSec-based VPN even with the expensive hardware encryption card such as OCTEON Card series of Cavium Networks, the Performance of VPN works less than half of the firewall using the same hardware. In 2008, Intel announced a set of 7 AES-NI instructions in order to improve the performance of the AES algorithm on the Intel CPU. In this paper, we verify how much the performance IPSec-based VPN can be improved when using seven sets of AES-NI instruction of the Intel CPU.
Privacy-Preserving Kth Element Score over Vertically Partitioned Data on Multi-Party
Hong, Jun Hee ; Jung, Jay Yeol ; Jeong, Ik Rae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1079~1090
DOI : 10.13089/JKIISC.2014.24.6.1079
Data mining is a technique to get the useful information that can be utilized for marketing and pattern analysis by processing the data that we have. However, when we use this technique, data provider`s personal data can be leaked by accident. To protect these data from leakage, there were several techniques have been studied to preserve privacy. Vertically partitioned data is a state called that the data is separately provided to various number of user. On these vertically partitioned data, there was some methods developed to distinguishing kth element and (k+1) th element by using score. However, in previous method, we can only use on two-party case, so in this paper, we propose the extended technique by using paillier cryptosystem which can use on multi-party case.
Side-Channel Analysis Based on Input Collisions in Modular Multiplications and its Countermeasure
Choi, Yongje ; Choi, Dooho ; Ha, Jaecheol ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1091~1102
DOI : 10.13089/JKIISC.2014.24.6.1091
The power analysis attack is a cryptanalytic technique to retrieve an user`s secret key using the side-channel power leakage occurred during the execution of cryptographic algorithm embedded on a physical device. Especially, many power analysis attacks have targeted on an exponentiation algorithm which is composed of hundreds of squarings and multiplications and adopted in public key cryptosystem such as RSA. Recently, a new correlation power attack, which is tried when two modular multiplications have a same input, is proposed in order to recover secret key. In this paper, after reviewing the principle of side-channel attack based on input collisions in modular multiplications, we analyze the vulnerability of some exponentiation algorithms having regularity property. Furthermore, we present an improved exponentiation countermeasure to resist against the input collision-based CPA(Correlation Power Analysis) attack and existing side channel attacks and compare its security with other countermeasures.
Chosen Plaintext Collision Attack Using the Blacklist
Kim, Eun-Hee ; Kim, Tae-Won ; Hong, Seok-Hie ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1103~1116
DOI : 10.13089/JKIISC.2014.24.6.1103
Collision attacks using side channel analysis confirm same intermediate value and restore sensitive data of algorithm using this point. In CHES 2011 Clavier and other authors implemented the improved attack using Blacklist so they carried out the attack successfully using less plaintext than before. However they did not refer the details of Blacklist method and just performed algorithms with the number of used plaintext. Therefore in this paper, we propose the specific method to carry out efficient collision attack. At first we define basic concepts, terms, and notations. And using these, we propose various methods. Also we describe facts that greatly influence on attack performance in priority, and then we try to improve the performance of this attack by analyzing the algorithm and structuring more efficient one.
Differential Fault Analysis of the Block Cipher LEA
Park, Myungseo ; Kim, Jongsung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1117~1127
DOI : 10.13089/JKIISC.2014.24.6.1117
Differential Fault Analysis(DFA) is widely known for one of the most powerful method for analyzing block cipher. it is applicable to block cipher such as DES, AES, ARIA, SEED, and lightweight block cipher such as PRESENT, HIGHT. In this paper, we introduce a differential fault analysis on the lightweight block cipher LEA for the first time. we use 300 chosen fault injection ciphertexts to recover 128-bit master key. As a result of our attack, we found a full master key within an average of 40 minutes on a standard PC environment.
CAPTCHA Analysis using Convolution Filtering
Kim, Keun-Young ; Shin, Dong-Oh ; Lee, Kyung-Hee ; Nyang, Dae-Hun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1129~1138
DOI : 10.13089/JKIISC.2014.24.6.1129
CAPTCHA is a technique which distinguishes human and machine using what human can judge easily but machine can`t. Though Text-based-CAPTCHA has been widely used and can be implemented easily, it is less security than other CAPTCHAs such as image-based, or audio-based CAPTCHAs. To enhance the security of text-based CAPTCHA, many techniques have been developed. One of them is making CAPTCHA recognized hard using complex background or noise. In this paper, we introduce how to apply convolution filtering effectively to attack CAPTCHA and actually analyze Naver`s CAPTCHA which has been used for joining a cafe with this method.
The Long Distance Face Recognition using Multiple Distance Face Images Acquired from a Zoom Camera
Moon, Hae-Min ; Pan, Sung Bum ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1139~1145
DOI : 10.13089/JKIISC.2014.24.6.1139
User recognition technology, which identifies or verifies a certain individual is absolutely essential under robotic environments for intelligent services. The conventional face recognition algorithm using single distance face image as training images has a problem that face recognition rate decreases as distance increases. The face recognition algorithm using face images by actual distance as training images shows good performance but this has a problem that it requires user cooperation. This paper proposes the LDA-based long distance face recognition method which uses multiple distance face images from a zoom camera for training face images. The proposed face recognition technique generated better performance by average 7.8% than the technique using the existing single distance face image as training. Compared with the technique that used face images by distance as training, the performance fell average 8.0%. However, the proposed method has a strength that it spends less time and requires less cooperation to users when taking face images.
Identity-Exchange based Privacy Preserving Mechanism in Vehicular Networks
Hussain, Rasheed ; Oh, Heekuck ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1147~1157
DOI : 10.13089/JKIISC.2014.24.6.1147
Intelligent transportation system (ITS) is realized through a highly ephemeral network, i.e. vehicular ad hoc network (VANET) which is on its way towards the deployment stage, thanks to the advancements in the automobile and communication technologies. However, it has not been successful, at least to date, to install the technology in the mass of vehicles due to security and privacy challenges. Besides, the users of such technology do not want to put their privacy at stake as a result of communication with peer vehicles or with the infrastructure. Therefore serious privacy measures should be taken before bringing this technology to the roads. To date, privacy issues in ephemeral networks in general and in VANET in particular, have been dealt with through various approaches. So far, multiple pseudonymous approach is the most prominent approach. However, recently it has been found out that even multiple pseudonyms cannot protect the privacy of the user and profilation is still possible even if different pseudonym is used with every message. Therefore, another privacy-aware mechanism is essential in vehicular networks. In this paper, we propose a novel identity exchange mechanism to preserve conditional privacy of the users in VANET. Users exchange their pseudonyms with neighbors and then use neighbors` pseudonyms in their own messages. To this end, our proposed scheme conditionally preserves the privacy where the senders of the message can be revoked by the authorities in case of any dispute.
Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes
Kim, Sung-Hwan ; Park, Min-Su ; Kim, Seung-Joo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1159~1174
DOI : 10.13089/JKIISC.2014.24.6.1159
As the use of smartphones and tablet PCs has exploded in recent years, there are many occasions where such devices are used for treating sensitive data such as financial transactions. Naturally, many types of attacks have evolved that target these devices. An attacker can capture a password by direct observation without using any skills in cracking. This is referred to as shoulder surfing and is one of the most effective methods. There has been only a crude definition of shoulder surfing. For example, the Common Evaluation Methodology(CEM) attack potential of Common Criteria (CC), an international standard, does not quantitatively express the strength of an authentication method against shoulder surfing. In this paper, we introduce a shoulder surfing risk calculation method supplements CC. Risk is calculated first by checking vulnerability conditions one by one and the method of the CC attack potential is applied for quantitative expression. We present a case study for security-enhanced QWERTY keyboard and numeric keypad input methods, and the commercially used mobile banking applications are analyzed for shoulder surfing risks.
Study on Security Vulnerabilities of Implicit Intents in Android
Jo, Min Jae ; Shin, Ji Sun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1175~1184
DOI : 10.13089/JKIISC.2014.24.6.1175
Android provides a message-passing mechanism called intent. While it helps easy developments of communications between intra and inter applications, it can be vulnerable to attacks. In particular, implicit intent, differing from explicit intent specifying a receiving component, does not specify a component that receives a message and insecure ways of using implicit intents may allow malicious applications to intercept or forge intents. In this paper, we focus on security vulnerabilities of implicit intent and review researched attacks and solutions. For the case of implicit intent using `developer-created action`, specific attacks and solutions have been published. However, for the case of implicit intent using `Android standard action`, no specific attack has been found and less studied. In this paper, we present a new attack on implicit intent using Android standard action and propose solutions to protect smart phones from this attack.
A Study on Collection and Analysis Method of Malicious URLs Based on Darknet Traffic for Advanced Security Monitoring and Response
Kim, Kyu-Il ; Choi, Sang-So ; Park, Hark-Soo ; Ko, Sang-Jun ; Song, Jung-Suk ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1185~1195
DOI : 10.13089/JKIISC.2014.24.6.1185
Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.
Design and implementation of the honeycomb structure visualization system for the effective security situational awareness of large-scale networks
Park, Jae-Beom ; Kim, Huy-Kang ; Kim, Eun-Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1197~1213
DOI : 10.13089/JKIISC.2014.24.6.1197
Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels` `Network Security Situational Awareness(NSSA)` is effectively determining the security situation of overall computer network on the basis of the relation between the security events that occur in the several views. The process of situational awareness is divided into three stages of the `identification,` `understanding` and `prediction`. And `identification` and `understanding` are prerequisites for `predicting` and the following appropriate responses. But `identification` and `understanding` in the vast amount of information became more difficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the `identification` and `understanding` stages. And we identified the empirical effects of this system on the basis of the `VAST Challenge 2012` data.
DDoS Attack Application Detection Method with Android Logging System
Choi, Seul-Ki ; Hong, Min ; Kwak, Jin ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1215~1224
DOI : 10.13089/JKIISC.2014.24.6.1215
Various research was done to protect user`s private data from malicious application which expose user`s private data and abuse exposed data. However, a new type of malicious application were appeared. And these malicious applications use a smart phone as a new tools to perform secondary attack. Therefore, in this paper, we propose a method to detect the DDoS attack application installed inside the mobile device using the Android logging system.
A Study on Security Container to Prevent Data Leaks
Lee, Jong-Shik ; Lee, Kyeong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1225~1241
DOI : 10.13089/JKIISC.2014.24.6.1225
Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.
A Study on Improving the Electronic Financial Fraud Prevention Service: Focusing on an Analysis of Electronic Financial Fraud Cases in 2013
Jeong, Dae Yong ; Lee, Kyung-Bok ; Park, Tae Hyoung ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1243~1261
DOI : 10.13089/JKIISC.2014.24.6.1243
With the methods of electronic financial frauds becoming advanced, economic losses have greatly increased. The Electronic Financial Fraud Prevention Service(hereafter EFFPS) has taken effect to prevent electronic financial frauds, but economic losses still occurring. This paper aimed to suggest a direction for improvement of the EFFPS, through the analysis of electronic financial fraud cases. As a result of analysis on the fraud cases before and after implementation of the EFFPS, `Fraud using Smartphone App` and `Fraud using Calls and SMS` were increased after implementation of the EFFPS, and also the damage cost of `Fraud using Smartphone App` had increased. Also we revealed some limitations of the EFFPS. For complementing this limitations, authors considered direction for improvement of the EFFPS focus on application of current services/systems related prevention of electronic financial fraud and considered the ways that are make connection with several measurements related prevention currently being discussed and implemented in perspective of defense in depth.
Cyber Defense Analysis and Improvement of Military ecosystem with Information Security Industry
Baek, Jaejong ; Moon, Byoung-Moo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1263~1269
DOI : 10.13089/JKIISC.2014.24.6.1263
Since the cyber defense has been dependent on commercial products and protection systems, in aspect of the recent trends, our cyber defence ecosystem can be more vulnerable. In case of general defense weapon companies, they have to be observed by the government such as certain proprietary technologies and products for the protection from the enemy. On the contrary, most cyber weapon companies have not been managed like that. For this reason, cyber attack can reach to the inside of our military through the security hole of commercial products. In this paper, we enhanced a military cyber protection ecosystems out of enemy attacks and analyze the hypothetical scenarios to evaluate and verify the vulnerability, and finally more securable ecosystem of military protection system is presented politically and technically.
Studies on the effect of information security investment executive
Jeong, Seong-Hoon ; Yoon, Joon-Sub ; Lim, Jong-In ; Lee, Kyung-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1271~1284
DOI : 10.13089/JKIISC.2014.24.6.1271
This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a administrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.
A Study on Management of the Secret Data in Defense Information System (Focusing on Defense Ammunition Information System)
Yeo, Seong-Cheol ; Moon, Jong-Sub ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1285~1292
DOI : 10.13089/JKIISC.2014.24.6.1285
Ministry of National Defense made has set a standard regulations and detail to classify the revision of the military security and the plan to adjust or use those secrets. Moreover, the confidential management system with online secret process is operated by it. However, the study for management plan of stored secret data in these systems should be urgently required because the current regulation of military headquarter is different from present military situation so that it is not applicable up to now. This paper is focused on the Defense Ammunition Information Systems to find the proper way to deal with the secret data of the Defense Information Systems. The purpose is to describe the management plan for the secret data consistent with the current situation of the Military by study for the secret classification and case study. Therefore limitations are considered and solutions are finally suggested in this paper.
A Study on Data Security Control Model of the Test System in Financial Institutions
Choi, Yeong-Jin ; Kim, Jeong-Hwan ; Lee, Kyeong-Ho ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1293~1308
DOI : 10.13089/JKIISC.2014.24.6.1293
The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.
A Study on Selection Factors of Consulting Company for the Certification of Information Security Management System
Park, Kyeong-Tae ; Kim, Sehun ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1309~1318
DOI : 10.13089/JKIISC.2014.24.6.1309
In the past few years, data leakage of information assets has become a prominent social issue. According to the National Industrial Security Center in South Korea, 71 percent who suffer from technology leakage are small and medium sized enterprises. Hence, establishment and operation of ISMS (Information Security Management System) for small and medium sized enterprises become an important issue. Since it is not easy to obtain ISMS certification for a small or medium sized enterprise by itself, consultation with an expert firm in information security is necessary before the security implementation. However, how to select a proper security consulting company for a small or medium sized firm has not been studied yet. In this study, we analyze empirically the selection factors of ISMS certification consulting company for a small or medium sized firm through exploratory factor analysis (EFA). Our study identified the following four important factors in selecting a security consulting company: expertise of the staffs and human resource management proficiency, market leading capability, competence to make progress during the consultation, and the performance and the size of the physical assets and human resources.
Study on Security Grade Classification of Financial Company Documents
Kang, Bu Il ; Kim, Seung Joo ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1319~1328
DOI : 10.13089/JKIISC.2014.24.6.1319
While the recent advance in network system has made it easier to collect and process personal information, the loss of customers, financial companies and even nations is getting bigger due to the leakage of personal information. Therefore, it is required to take a measure to prevent additional damage from the illegal use of leakaged personal information. Currently, financial companies use access control in accordance with job title or position on general documents as well as important documents including personal information. Therefore, even if a documents is confidential, it is possible for a person of the same job title or position to access the document properly. This paper propose setting up security grade of documents to improve current access control system. It will help preventing the leakage of personal information.
A Study on the Methodology in Classifying the Importance of Information System
Choi, Myeonggil ; Cho, Kang-Rae ;
Journal of the Korea Institute of Information Security and Cryptology, volume 24, issue 6, 2014, Pages 1329~1335
DOI : 10.13089/JKIISC.2014.24.6.1329
The importance of information security is increasing in the public and private organizations. The interruption of the information system might cause massive disorder. To protect information systems effectively, information systems would be categorized and managed in terms of degree of importance. In this study, we suggest a new evaluation method that categorizes information systems based on the three nature of security, confidentiality, integrity and availability. For validation of the method, we use a case study in a public sector. Through the validation of method, the availability of applying the method for categorization information systems to other domains could be suggested.