(A) study on risk analysis and security mechanisms for the internet security

Abstract

In recent years, a number of security problems with the Internet have become apparent. New and existing Internet users need to be aware of the high potential for security incidents from the Internet and the steps they should take to secure their sites. The importance of security to users of the Internet can no longer be seen as the secondary. This research address two questions: (1) What are the most serious threats to organizations in the Internet? and (2) What are the appropriate countermeasures against those threats? The purpose of this paper is to describe a process that can be used to improve the security of the Internet. And, this paper describes threats posed by the Internet security and presents security service and mechanisms available today to enhance the Internet security. Security requirements, security threats, security service, and security mechanisms are addressed dependently. Hence, the requirements of organizations for the Internet security can be considered. Furthermore, based on the result of this study and existing literatures, the gradual process for determining the priorities for Internet security is provided for practical applications. The exact security needs of systems will vary from organization to organization. By industrial classification, threat assessment that identify and evaluate the threats from the Internet are presented. Viewing the findings from mail survey, the results of statistical tests indicate strong support for our expectations regarding the differences between industries for both overall level of threats and level of each threats. The threats from the Internet are perceived by banking/financial firms most seriously, comparing with others. Furthermore, our expectation that there is a priority order in the threats within each organizations is partially supported. The security function, however, is not widely implemented by organizations in Korea.