Abstract: As the information age matures, major social
infrastructures such as communication, finance, military and energy,
have become ever more dependent on information communication
systems. And since these infrastructures are connected to the Internet,
electronic intrusions such as hacking and viruses have become a new
security threat. Especially, disturbance or neutralization of a major
social infrastructure can result in extensive material damage and social
disorder. To address this issue, many nations around the world are
researching and developing various techniques and information
security policies as a government-wide effort to protect their
infrastructures from newly emerging threats. This paper proposes an
evaluation method for information security levels of CIIP (Critical
Information Infrastructure Protection), which can enhance the security
level of critical information infrastructure by checking the current
security status and establish security measures accordingly to protect
infrastructures effectively.
Abstract: Information and communication service providers
(ICSP) that are significant in size and provide Internet-based services
take administrative, technical, and physical protection measures via
the information security check service (ISCS). These protection
measures are the minimum action necessary to secure the stability and
continuity of the information and communication services (ICS) that
they provide. Thus, information assets are essential to providing ICS,
and deciding the relative importance of target assets for protection is a
critical procedure. The risk analysis model designed to decide the
relative importance of information assets, which is described in this
study, evaluates information assets from many angles, in order to
choose which ones should be given priority when it comes to
protection. Many-sided risk analysis (MSRS) grades the importance of
information assets, based on evaluation of major security check items,
evaluation of the dependency on the information and communication
facility (ICF) and influence on potential incidents, and evaluation of
major items according to their service classification, in order to
identify the ISCS target. MSRS could be an efficient risk analysis
model to help ICSPs to identify their core information assets and take
information protection measures first, so that stability of the ICS can
be ensured.
Abstract: The rapid advance of communication technology is
evolving the network environment into the broadband convergence
network. Likewise, the IT services operated in the individual network
are also being quickly converged in the broadband convergence
network environment. VoIP and IPTV are two examples of such new
services. Efforts are being made to develop the video phone service,
which is an advanced form of the voice-oriented VoIP service.
However, the new IT services will be subject to stability and reliability
vulnerabilities if the relevant security issues are not answered during
the convergence of the existing IT services currently being operated in
individual networks within the wider broadband network
environment. To resolve such problems, this paper attempts to analyze
the possible threats and identify the necessary security measures
before the deployment of the new IT services. Furthermore, it
measures the quality of the encryption algorithm application example
to describe the appropriate algorithm in order to present security
technology that will have no negative impact on the quality of the
video phone service.
Abstract: As the disfunctions of the information society and
social development progress, intrusion problems such as malicious
replies, spam mail, private information leakage, phishing, and
pharming, and side effects such as the spread of unwholesome
information and privacy invasion are becoming serious social
problems. Illegal access to information is also becoming a problem as
the exchange and sharing of information increases on the basis of the
extension of the communication network. On the other hand, as the
communication network has been constructed as an international,
global system, the legal response against invasion and cyber-attack
from abroad is facing its limit. In addition, in an environment where
the important infrastructures are managed and controlled on the basis
of the information communication network, such problems pose a
threat to national security. Countermeasures to such threats are
developed and implemented on a yearly basis to protect the major
infrastructures of information communication. As a part of such
measures, we have developed a methodology for assessing the
information protection level which can be used to establish the
quantitative object setting method required for the improvement of the
information protection level.