• Journal of Advanced Navigation Technology
• /
• v.14 no.2
• /
• pp.247-252
• /
• 2010

According to IT technology has evolved, a lot of information are moving through network. The correct internet users can obtain useful information. But incorrect users expose information and cause various damage for malicious purpose. To solve this problem, various information security products are being developed. For development of secure information security product, the development process should be secure. Also evaluation system is being used about product evaluation and security module for the assurance of secure product. In this paper, we proposed assurance system for secure development of information security product. Therefore this paper proposed more secure product development and assurance scheme.

• Journal of KIISE:Computing Practices and Letters
• /
• v.11 no.2
• /
• pp.192-207
• /
• 2005

As the evaluation for the information security has been an important issue, numerous security evaluation methods have been proposed. Those security evaluation methods can be categorized into three different aspects in large including product, process and control. In this paper we identify the possible problems that may occur when one-sided security evaluation is conducted that is on the aspect of product, process or control alone, present with the actual example of threat, and propose an approach to resolve each problem. Based on these approaches, we propose the security evaluation model, which incorporates these three aspects of product, process and control.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2093-2096
• /
• 2003

Trusted operating systems (OS) provide the basic security mechanisms and services that allow a computer system to protect, distinguish, and separate classified data. Trusted operating systems have been developed since the early 1980s and began to receive National Security Agency (NSA) evaluation in 1984. The researches about trusted OS are proceeding over the world, and new product type using the loadable security kernel module (LSKM) or dynamic link library (DLL) is being developed. This paper proposes a special type of product using LSKM and specific conditions for operational environment should be assumed.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.19-25
• /
• 2017

Public institutions invest about half of the information protection budget annually to introduce information security products and information protection services in order to prevent cyber terrorism and establish organizational security. However, research on whether introduced information security products has a positive influence on improving the information security level of the actual institution is in an incomplete state, and accordingly, There are problems such as the measurement of the investment effect of the information security product introduced in the organization and the difficulty in selecting the optimum information security product that the agency actually needs. In this paper, prior research will conduct research on the influence of the introduction of information security products on the improvement of information security level of organization through analysis of operational data of inadequate information security products, and based on the research results, It would be useful to use it for information security practices such as optimal product selection and internal security policy formulation through validation of the introduction of information security products of public institutions.

• Journal of Information Technology Applications and Management
• /
• v.16 no.2
• /
• pp.23-43
• /
• 2009

For reliability and confidentiality of information security systems, the security engineering methodologies are accepted in many organizations. To improve the effectiveness of security engineering, this paper suggests a security methodology ISEM, which considers both product assurance and production processes, takes advantages in terms of quality and cost. To verify the effectiveness of ISEM, this paper introduces the concepts of quality loss, and compares the development costs and quality losses between ISEM and CC through the development of VPN system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.97-105
• /
• 2011

With the advancement of network, privacy information as well as confidential information that belongs to government and company are exposed to security incident like spreading viruses or DDoS attack. To prevent these security incident and protect information that belongs to government and company, Security system has developed such as antivirus, firewall, IPS, VPN, and other network security system. Network security systems should be selected based on purpose, usage and cost. Verification for network security product's basic features performed in a variety of ways at home and abroad, but consumers who buy these network security product, just rely on the information presented at companies. Therefore, common user doing self performance evaluation for perform Verification before buying network security product but these verification depends on inaccurate data which based on some user's criteria. On this paper, we designing methodology of network security system performance evaluation focused on Korean using other cases of performance evaluation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.89-96
• /
• 2016

Before an IT product is used, there is a sequence of the process such as the components supply-demand of the product, their assembly and production, their logistics and delivery, and then finally, the product can be used by a user. During this sequence of the process, there can be many security exposures and risks. In this paper, we show, by examining security cases of various IT products, that there are many security exposures in the process of IT products from their production to their delivery to end users and in their use, and also show how critical the security exposures are. Even though there are various security theories, technologies and security controls, there is still weak link from the production of an IT product to its use, and this weak link can lead to security vulnerabilities and risks. This paper tries to call attention to the importance of the execution of the security control and the control components. We examine the practical cases to find out how the security control is paralyzed, and to show how it is compromised by asymmetric security resources. Lastly, from the cases, we examine and review the possible domestic security issues and their countermeasures.

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1220-1227
• /
• 2011

According to the development of IT technology, life itself is becoming the change to Knowledge-based systems or information-based systems. However, the development of IT technology, the cyber attack techniques are improving. And DDoS a crisis occurs frequently, such as cyber terrorism has become a major data leakage. In addition, the various paths of attack from malicious code entering information in the system to work for your company for loss and damage to information assets is increasing. In this environment, the need to preserve the organization and users of information assets to perform ongoing inspections risk management processes within the organization should be established. Processes and managerial, technical, and physical systems by establishing an information security management system should be based. Also, we should be introduced information security product for protecting internal assets from the threat of malicious code incoming to inside except system and process establishment. Therefore we proposed enterprise and government information security enhancement scheme through the introduction of information security management system and information security product in this paper.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.133-140
• /
• 2006

For the verification of the security level against a IT product development environment, we should analyze the vulnerability and the various threatening factors which exists in the IT product development environment. Also we need the evaluation criteria and tools for the evaluation and improvement of the level of information security. For that, we need evaluation indices and the standard it will be able to improve the evaluation methodology in the actual IT product development environment which will reach it will be able to apply must be researched. In this study, our aims are the development of verification tools for the security level of IT product development environment.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.7-13
• /
• 2008

In domestic and international, evaluation of product with Common Criteria(CC) for security product estimation is expanding standard of product estimation. This expansion is due to multi aspects of product versions. However, it is very difficult to approach the most suitable form of security estimation guide in the developer's perspective, because estimation basis presented to developers is indefinite. With this pending dilemma, we are presenting a composition product introduce definite security standard for information security products.