• Journal of Digital Convergence
• /
• v.15 no.5
• /
• pp.197-205
• /
• 2017

To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.

• Journal of Digital Convergence
• /
• v.15 no.6
• /
• pp.219-227
• /
• 2017

Network access control should be able to effectively block security threats to the IT infrastructure, such as unauthorized access of unauthorized users and terminals, and illegal access of employees to internal servers. From this perspective, it is necessary to build metrics based on relevant standards to ensure that security is being met. Therefore, it is necessary to organize the method for security evaluation of NAC according to the related standards. Therefore, this study builds a model that combines the security evaluation part of ISO / IEC 15408 (CC: Common Criteria) and ISO 25000 series to develop security metric of network access control system. For this purpose, we analyzed the quality requirements of the network access control system and developed the convergence evaluation metric for security of the two international standards. It can be applied to standardization of evaluation method for network access control system in the future by constructing evaluation model of security quality level of network access control system.

• Journal of information and communication convergence engineering
• /
• v.8 no.5
• /
• pp.544-548
• /
• 2010

The Enterprise Security Management system is a centralized control system based on predefined security policies by organizations. In Korea, there is a Common Criteria security certification according to the strict standards for various features. As the needs of information security product are increasing, the ESM system should be evaluated with quality characteristics. In this paper, we propose evaluation items for functionality and performance of Enterprise Security Management system, and the best practices for evaluation.

• Journal of Korean Society for Quality Management
• /
• v.51 no.3
• /
• pp.435-444
• /
• 2023

Purpose: To attain advanced performance certification, safety aspects along with functionality and performance are essential. Hence, this study suggests radiation leakage assessment methods for aviation security equipment during its performance certification. Methods: Detection technology guided the choice of radiation leakage assessment targets. We then detailed measurement and evaluation methods based on equipment type and operation mode. Equipment was categorized as container or box types for establishing measurement procedures. Results: We've developed specific radiation leakage assessment procedures for different types of aviation security equipment, crucial for ensuring airport safety. Using these procedures allows efficient evaluation of compliance with radiation leakage standards. Conclusion: The suggested radiation leakage assessment method aims to enhance aviation security and reliability. Future research will focus on identifying risks in novel aviation security equipment detection technologies and establishing safety standards.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.165-174
• /
• 2021

This study aimed to ascertain whether electronic courses at the deanship of electronic learning and distance education at Umm Al-Qura University meet the quality standards developed by the Quality Matters (QM) organization. This endeavor adopted a mixed method of an explanatory sequential research design for an in-depth understanding of the topic under scrutiny. The sample of the study consisted of ten courses designed at the deanship and reviewed using an evaluation form. The results showed that the courses in focus did not meet the criteria of QM. Based on this finding, a semi-structured interview was designed to collect relevant data from the syllabus designers at the deanship. The interviews yielded information on the difficulties the course designers faced when designing QM-criteria-based courses. The results obtained from the interviews showed that the designers experienced administrative, technical, and faculty-member-related challenges that, when producing online courses, intercepted their way to achieving the QM standards. The study closed with some recommendations, the most important of which is a call for re-developing online courses in alignment with the well-recognized QM standards.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.101-110
• /
• 2002

The purpose of this research is to establish Korean standards of best practice and common criteria for testing and evaluating the performance of biometric recognition systems. First of all, research activities in leading countries such as USA, Great Britain and Germany have been studied and analyzed. Then, the standards of best practice and common criteria are proposed in the aspects of sensors, algorithms, and application systems. The results of this work will be utilized fur test and evaluation of commercial biometric products by KISA and provided to private industries for their own evaluation of products.

• Journal of Digital Convergence
• /
• v.15 no.12
• /
• pp.303-311
• /
• 2017

As new information technology emerges, companies are introducing an Enterprise Security Management system to cope with new security threats, reducing redundant investments and waste of resources and counteracting security threats. Therefore, it is necessary to construct a security evaluation metric based on related standards to demonstrate that the Enterprise Security Management(ESM) System meets security. Therefore, in order to construct a metric for evaluating the security of the ESM, this study analyzed the security quality related requirements of the ESM and constructed a metric for measuring the degree of satisfaction. This metric provides synergies through the unification of security assessments that comply with ISO/IEC 15408 and ISO/IEC 25000 standards. It is expected that the evaluation model of the security quality level of ESM will be established and the evaluation method of ESM will be standardized in the future.

• KIEAE Journal
• /
• v.15 no.4
• /
• pp.21-28
• /
• 2015

Purpose: Although security lights are used to secure pedestrian visibility and safety at nighttime, they can generate light trespass in the neighboring residential space. To prevent this, standards for acceptance limits on vertical illuminance and light pollution by the windows of residential buildings are presented. Method: This study thus representatively selected three types of lamps and, through an evaluation and analysis of the physical and subjective discomfort glare per lamp, proposed a discomfort glare index for each lamp. The evaluation and analysis according to the lamps were conducted through experiments. The variables were the security lights' lamps (NH 100W, MH 70W, LED 50W), installation angles ($0^{\circ}$, $20^{\circ}$), and installation distances (3m, 5m, 7m, 9m). Result: According to the results of the discomfort glare evaluation depending on the angles and distances of the security lights, the following minimum standards are proposed: for NH 100W, a discomfort glare index of 30 and an installation distance of 4m; for MH 70W, a discomfort glare index of 32 and an installation distance of 4m; and, for LED 50W, a discomfort glare index of 31 and an installation distance of 6m, respectively. In addition, this paper recommends the use of MH 70W, when the road width is 4m-6m, and LED 50W, when the road width is over 6m, respectively.

• Journal of the Korea Society for Simulation
• /
• v.21 no.3
• /
• pp.17-24
• /
• 2012

This paper suggests Effectiveness Evaluation Methods of DDoS attacks countermeasures model by simulation. According to the security objectives that are suggested by NIST(National Institute of Standards and Technology), It represents a hierarchical Effectiveness Evaluation Model. we calculated the weights of factors that security objectives, security controls, performance indicator through AHP(Analytic Hierarchy Process) analysis. Subsequently, we implemented Arena Simulation Model for the calculation of function points at the performance indicator. The detection and protection algorithm involve methods of critical-level setting, signature and anomaly(statistic) based detection techniques for Network Layer 4, 7 attacks. Proposed Effectiveness Evaluation Model can be diversely used to evaluate effectiveness of countermeasures and techniques for new security threats each organization.

• Journal of Information Technology Applications and Management
• /
• v.26 no.5
• /
• pp.13-25
• /
• 2019

Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.