원문정보
초록
영어
The recent APT attacks including cyber terror are caused by a high level of malicious codes and hacking techniques. The substantive problem is that there are frequent cases in which accounts are seized by malicious hackers and servers are attacked due to a high dependence on the ID/Password system, or account information is exposed through new malicious codes that are not detected by vaccines. This implies that essentially, advanced security management is required, from the perspective of 5A. According to the consideration and research on the big information Security accident cases that have occurred over the last 5 years, the paralysis of A-Bank networks resulted from the non-observance of account management policy, even though there was an account management process, and the user information leakage of B-Portal was caused by APT attacks using malicious codes, but it could prevent it by using the Multi-Factor certification of users to have access to DB or server using OTP, rather than ID/Password. Also, the customer information leakage of C-Capital wouldn’t occur, if it deleted the accounts of employees who resigned, in accordance with security policy, and the customer information leakage of KT agencies could be prevented in advance through a verification of users and devices of subcontractors. Lastly, the exposure of internal information of the domestic large company, S to North Korea wouldn’t be occurred, if foreign users were not allowed access to particular tasks and networks. The changes of IT environment are represented by Mobile, Cloud and BYOD, and all the devices of IT are being serviced via wired and wireless networks. In this situation, the security model needs to be changed, too into the Airport model which emphasizes prevention, and connection, security and integration of functions from the existing Castle model. The risk-based Airport model consists of 5A (Accounting, Authorization, Authentication, Auditing and Administration), and for applying this model, a preventive process of threatening factors should be designed. This study suggested an application method of the risk-based Airport model to the cyber security environment.
목차
1. Introduction
2. Case Study
2.1. Paralysis of A-Bank Network
2.2. B-Portal Identity Theft
2.3. C-Capital Leakage of Customer Information
2.4. D-Telco Leakage of Customer Information
2.5. North Korea’s Network Penetration to South Korea E-Corp
2.6. Suggestions of Security Accident
3. Security Risk-based Airport Model
3.1. Changes in Security Model Depending on Changes in IT Service
3.2. Security Risk-based Airport Model with 5A
4. Conclusions
References