A Coherent Model in Upholding General Deterrence Theory and Impact to Information Security Management

Myeonggil Choi,Edwin R. Ramos,Mansig Kim,Jinsoo Kim,Jaehoon Whang,Kijoo Kim 한국데이타베이스학회 2009 Journal of information technology applications & m Vol.16 No.3

Developing a Framework for the Implementation of Evidence Collection System: Focusing on the Evaluation of Information Security Management in South Korea

Myeonggil Choi,Sungmin Kang,Eunju Park 한국데이타베이스학회 2019 Journal of information technology applications & m Vol.26 No.5

Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 "Technical Guide to Information Security Testing and Assessment" of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the ‘6. Information System Security’ of ‘information security management actual condition evaluation index’. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

Developing a Framework for the Implementation of Evidence Collection System: Focusing on the Evaluation of Information Security Management in South Korea

Choi, Myeonggil,Kang, Sungmin,Park, Eunju Korea Data Strategy Society 2019 Journal of information technology applications & m Vol.26 No.5

Recently, as evaluation of information security (IS) management become more diverse and complicated, the contents and procedure of the evidence to prepare for actual assessment are rapidly increasing. As a result, the actual assessment is a burden for both evaluation agencies and institutions receiving assessments. However, most of them reflect the evaluation system used by foreign government agencies, standard organizations, and commercial companies. It is necessary to consider the evaluation system suitable for the domestic environment instead of reflecting the overseas evaluation system as it is. The purpose of this study is as follows. First, we will present the problems of the existing information security assessment system and the improvement direction of the information security assessment system through analysis of existing information security assessment system. Second, it analyzes the technical guidance for information security testing and assessment and the evaluation of information security management in the Special Publication 800-115 'Technical Guide to Information Security Testing and Assessment' of the National Institute of Standards and Technology (NIST). Third, we will build a framework to implement the evidence collection system and present a system implementation method for the '6. Information System Security' of 'information security management actual condition evaluation index'. The implications of the framework development through this study are as follows. It can be expected that the security status of the enterprises will be improved by constructing the evidence collection system that can collect the collected evidence from the existing situation assessment. In addition, it is possible to systematically assess the actual status of information security through the establishment of the evidence collection system and to improve the efficiency of the evaluation. Therefore, the management system for evaluating the actual situation can reduce the work burden and improve the efficiency of evaluation.

A Continuous Evaluation Processes for Information Security Management

Myeonggil Choi 한국정보기술응용학회 2016 Journal of information technology applications & m Vol.23 No.3

Growing information threats have threatened organization to lose information security controls in these days. Many organizations have accepted the various information security management systems does mention necessity of a continuous evaluation process for the executions of information security management in a theoretical aspect. This study suggests a continuous evaluation process for information security management reflecting the real execution of managers and employees in organizations.

The Security Establishment for Cloud Computing through CASE Study

Myeonggil Choi 한국정보기술응용학회 2020 Journal of information technology applications & m Vol.27 No.6

Cloud computing is rapidly increasing for achieving comfortable computing. Cloud computing has essentially security vulnerability of software and hardware. For achieving secure cloud computing, the vulnerabilities of cloud computing could be analyzed in a various and systematic approach from perspective of the service designer, service operator, the designer of cloud security and certifiers of cloud systems. The paper investigates the vulnerabilities and security controls from the perspective of administration, and systems. For achieving the secure operation of cloud computing, this paper analyzes technological security vulnerability, operational weakness and the security issues in an enterprise. Based on analysis, the paper suggests secure establishments for cloud computing.

A Continuous Evaluation Processes for Information Security Management

Choi, Myeonggil Korea Data Strategy Society 2016 Journal of information technology applications & m Vol.23 No.3

Growing information threats have threatened organization to lose information security controls in these days. Many organizations have accepted the various information security management systems does mention necessity of a continuous evaluation process for the executions of information security management in a theoretical aspect. This study suggests a continuous evaluation process for information security management reflecting the real execution of managers and employees in organizations.

정보보호정책의 성숙도에 영향을 미치는 요인에 관한 연구

최명길(Myeonggil Choi),황원주(Won-Joo Hwang),김명수(Myoung-Soo Kim) 한국정보보호학회 2008 정보보호학회논문지 Vol.18 No.3

조직은 정보의 획득과 관리를 통하여 조직의 전략을 관철한다. 특히 기술과 같은 기업의 사활을 결정짓는 중요한 정보의 유출은 조직의 생존에도 영향을 미친다. 따라서 조직의 효과적인 정보보호관리를 위해서 정보보호관리체계 및 정보보호정책의 수립이 필요하다. 본 연구는 조직의 정보보호에 근간이 되는 정보보호정책의 성숙도에 영향을 미치는 요인을 문헌 연구를 통해서 분석하고, 정보보호정책의 성숙도에 영향을 미치는 요인을 검증한다. 본 연구는 정보보호정책의 수립과 정보보호수준 제고를 위한 연구의 이론적 토대를 제공한다. 본 연구의 결과는 국가 및 민간기관이 효과적으로 정보보호 정책의 수립을 위한 방향성을 제시하고 있다. Enterprises accomplish their missions through obtaining and managing information. The unintended disclose of enterprises’ sensitive information causes serious damage to enterprises, resulting in disruptive management. For effective security of enterprises, information security management systems and information security policy owing clear goals should be firmly established. This study analyzes factors influencing maturity of information security policy. and gives important hints to execute information security policy

SW-IaaS 클라우드 서비스 보안 프레임워크에 관한 연구

최명길(Myeonggil Choi),박춘식(Choonsik Park),정재훈(Jaehun Jeong) 한국정보보호학회 2016 정보보호학회논문지 Vol.26 No.2

최근 발생한 클라우드 컴퓨팅 관련 보안사고는 한 기업의 보안사고 범위를 넘어 클라우드 컴퓨팅 환경을 사용하는 전체 고객에게 보안사고 범위가 확대되고 있다. 이를 위해 클라우드 데이터센터의 전반적인 통합 보안을 위한 관제기술이 요구된다. 본 연구는 기존 관제기술을 이해하고 클라우드 데이터센터 관제를 위하여 추가 및 통합되는 보안요소를 연구하고자 한다. IaaS 클라우드 환경의 이해를 돕고자 CloudStack으로 IaaS 클라우드 환경을 구축하였다. CloudStack의 구조와 NIST에서 제시한 IaaS 클라우드 모델을 접목하여 본 연구에서 제안한 SW-IaaS 클라우드 구조를 제시하였다. SW-IaaS 클라우드의 구성 요소인 Cloud Manager, Cluster Manager, Computer Manager의 각 계층에서 고려해야할 보안 프레임워크를 도출하고자 한다. Cloud computing-related security incidents have occurred recently are beyond the scope of a enterprise’s security incident is expanded to the entire range of customers who use the cloud computing environment. The control technology for the overall integrated security of the cloud data center is required for this purpose. This study research integrated and additional security elements for the cloud data center control to understand the existing control technology. It is a better understanding of the IaaS cloud environment to build the IaaS cloud environment by CloudStack. SW-IaaS cloud structure by combining CloudStack and IaaS cloud model presented by NIST is proposed in this study. This paper derive a security framework to consider in each layer of The SW-IaaS cloud components, which are composed of the Cloud Manager, Cluster Manager, and Computer Manager.

청년층의 창업교육이 창업의지에 미치는 영향에 대한 연구

최명길(Myeonggil Choi),박은주(Eunju Park) 한국관광레저학회 2012 관광레저연구 Vol.24 No.5

공공기관의 경영평가시스템과 BSC의 통합이 경영성과에 미치는 영향에 관한 연구

최명길(Myeonggil Choi),이동민(Dong-min Lee) 한국산업정보학회 2011 한국산업정보학회논문지 Vol.16 No.4

공공기관은 지속적으로 심화되는 경쟁 환경 속에서 계속기업으로 존속 · 발전하기 위하여 경영전략을 달성할 수 있는 혁신적 관리기법들을 도입함으로써 대외적인 경쟁력을 향상시킨다. 효과적인 경쟁력 향상을 위해서 공공기관은 경영성과에 대한 정확한 측정 및 보상을 위한 성과평가시스템을 구축하고 있다. 본 연구는 BSC 및 성과평가지표와 경영성과의 관계를 규명하기 위하여 BSC가 성과평가지표와 기업성과에 미치는 영향을 연구한다. 본 연구는 BSC의 활용정도에 따라 성과평가유형에 미치는 영향, 성과평가유형과 경영성과간의 영향, BSC활용정도에 따른 경영성과에 미치는 영향 등을 분석한다. This studies shows that Balanced Score-Card(BSC) affects corporate performance and performance measurement systems affect corporate performance, depending on whether they are customer-oriented or finance-oriented. The results of the study are as followings; First, utilization of BSC are significant relationships with performance assessment system. Second, performance assessment system are significant relationships with corporate performance. Third, utilization of Balanced Score-Card(BSC) affects corporate performance.