Journal of Platform Technology

ICT Platform Society (ICT플랫폼학회)
권호 표지

A Study on the Effectiveness of Secure Responses to Malicious E-mail

악성 이메일에 대한 안전한 대응의 효과성 연구

  • 이태우 (중앙대학교 융합보안학과) ;
  • 장항배 (중앙대학교 산업보안학과)
  • Received : 2021.05.25
  • Accepted : 2021.06.24
  • Published : 2021.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

E-mail is one of the important tools for communicating with people in everyday life. With COVID-19 (Coronavirus) increasing non-face-to-face activity, security incidents through e-mail such as spam, phishing, and ransomware are increasing. E-mail security incidents are increasing as social engineering attack using human psychology rather than arising from technological weaknesses that e-mails have. Security incidents using human psychology can be prevented and defended by improving security awareness. This study empirically studies the analysis of changes in response to malicious e-mail due to improved security awareness through malicious e-mail simulations on executives and employees of domestic and foreign company. In this study, the factors of security training, top-down security management, and security issue sharing are found to be effective in safely responding to malicious e-mail. This study presents a new study by conducting empirical analysis of theoretical research on security awareness in relation to malicious e-mail responses, and results obtained from simulations in a practical setting may help security work.

이메일은 일상생활에서 사람들과 커뮤니케이션하는데 중요한 도구 중 하나이다. COVID-19(코로나바이러스)로 비대면 활동이 증가하면서 스팸메일, 피싱, 랜섬웨어 등과 같은 이메일을 통한 보안사고가 증가하고 있다. 이메일 보안사고는 이메일이 가지고 있는 기술적인 취약점으로 발생하는 것보다는 사람의 심리를 이용한 사회공학적 공격으로 증가하고 있다. 사람의 심리를 이용한 보안 사고는 보안 인식 개선을 통해 예방과 방어가 가능하다. 본 연구는 국내외 기업 임직원을 대상으로 악성 이메일 모의 실험을 통해 보안 인식개선으로 악성 이메일에 대한 대응 변화 분석을 실증적 연구하였다. 본 연구에서 보안교육, 상향식 보안 관리, 보안 이슈 공유의 요인은 악성 이메일을 안전하게 대응하는데 효과가 있음을 확인하였다. 본 연구는 보안 인식에 대한 이론적 연구 내용을 악성 이메일 대응과 관련하여 실증적 분석을 실시하여 새로운 연구를 제시해 학술적 의의가 있으며, 실무 환경에서 모의 실험으로 얻어진 결과는 보안담당자에게 업무 하는데 실무적으로 도움을 줄 수 있을 것이다.

Keywords

Acknowledgement

본 논문은 제 1 저자(이태우) 석사과정 학위논문을 학회 논문지 목적에 맞게 분석정리하여 발표한 내용입니다.

References

  1. Ministry of Science and ICT, National Information Society Agency, "2020 Yearbook of Internet Usage Survey Report", 2020
  2. Jiransecurity, "Q1 Spam Mail Trend Analysis Report", 2020
  3. Jun-hee Lee, Hun-yeong Kwon, "A Study on Human Vulnerability Factors of Companies : Through Spam Mail Simulation Training Experiments", Korea Institute Of Information Security And Cryptology, Vol.29, No.4, pp.847-857, 2019
  4. Chang-Moo Lee, "A Critical Review of Industrial Security Concepts", Korean Security Journal, Vol.50, pp.285-303, 2017 https://doi.org/10.36623/kssa.2017.50.11
  5. PriceWaterhouseCoopers, "Convergence of security risks : Addressing the security dilemma in today's age of blended threats", 2010
  6. Kunwoo Kim, Jungduk Kim, "The Values and Strategies of Industrial Security in Digital Economy", Korean Journal of Industry Security, Vol.8, No.1, pp.61-74, 2018
  7. Jin A Heo, Seong Bhin Joo, Jung Min Lee, Chan Hyuk Park, "Countermeasures for Industrial Technology Protection in Social Engineering attack", The Journal of Social Science, Vol.23, No.1, pp.279-306, 2016
  8. June Sung Choi, Kwang Ho Kook, "Social Engineering Attack Trends on the Korean Defense Industry and the Countermeasures", Journal of the Korean Association of Defense Industry Studies, Vol.19, No.1, 22-37, 2012
  9. Young-Mook Kang, Sang-Jin Lee, "A Study On Malicious Mail Training Model", Journal of the Korea Institute of Information Security & Cryptology, Vol.30, No. 2, pp.197-212, 2020 https://doi.org/10.13089/JKIISC.2020.30.2.197
  10. Korea Communications Commission, Korea Internet & Security Agency, "Information and Communication Network Act Guide to Prevent Illegal Spam", 2020
  11. Korea Communications Commission, Korea Internet & Security Agency, "Spam distribution status in the second half of 2020", 2021
  12. Trendmicro, "Spear-Phishing Email: Most Favored APT Attack Bait", Trend Micro Incorporated Research Paper, 2020
  13. Eun-Hee Shin, Chang-Moo Lee, Hang-Bae Chang, "An Empirical Study on the Impact of Industrial Security Awareness and Knowledge of Corporate Employees on the Will to Comply with Security Policy", Korean Journal of Industry Security, Vol.10, No.2, 59-78, 2020 https://doi.org/10.33388/kais.2020.10.2.059
  14. Michael J. Wolf, "Measuring an information security awareness program", University of Nebraska, 2010
  15. National Intelligence Service, Ministry of Science and ICT, Ministry of the Interior and Safety, Korea Communications Commission, Financial Services Commission, Ministry of Foreign Affairs, 2020 Yearbook National Information Protection White Paper, 2020
  16. D'Arcy, J., Hovav, A., "Deterring Internal Information Systems Misuse. Communications of the ACM", Vol.50, No.10, pp.113-117, 2007 https://doi.org/10.1145/1290958.1290971
  17. In Hwan Cha, "A study on the Development of Personnel Security Management for Protection against Insider threat", The Journal of The Korea Institute of Electronic Communication Sciences, Vol.3, No.4, pp.210-220, 2008
  18. Woosung Jung, " A Design for the Personalized Difficulty Level Metric based on Learning State", Journal of the Korea Convergence Society, Vol.11, No.3, pp.67-75, 2020 https://doi.org/10.15207/JKCS.2020.11.3.067
  19. Taryn Aguas, Khalid Kark, Monique Francois, " The new CISO: Leading the strategic security organization", Deloitte, 2019, https://www2.deloitte.com/global/en/insights/deloitte-review/issue-19/ciso-next-generation-strategic-security-organization.html
  20. Duck-sang Yoon, Kyung-ho Lee, Jong-in Lim, "A Study on the Change of Capability and Behavior against Phishing Attack by Continuous Practical Simulation Training", Journal of the Korea Institute of Information Security & Cryptology, Vol.27, No.2, pp.267-279, 2017 https://doi.org/10.13089/JKIISC.2017.27.2.267
  21. Jun Heo, Seongjin Ahn, "A Study on the Influence of Biased Thinking on Compliance with Security Policy Based on the Mediation of Factors of Protection Motivation and Role of Management", The Journal of Korean Association of Computer Education, Vol.23, No.6, pp.35-49, 2020 https://doi.org/10.32431/KACE.2020.23.6.004
  22. Myungseong Yim, "A Study on the Level of Perception about Information Security Countermeasures : Differences between Managers and Non-Managers", Korean Management Consulting Review, Vol.16, No.4, pp.33-41, 2016
  23. Jong One Cheong, "The Effects of Organizational Politics and Conflicts on Job Satisfaction and Organizational Performance : Analyzing the Moderating Effects of the Top-down Way of Working", Korean Local Government Review, Vol.20, No.4, pp.47-70, 2019
  24. Sloan, H., "The Annals of Thoracic Surgery", R. Adams Cowley, MD: 1917-1991, Vol.53, No.6, 954, 1992 https://doi.org/10.1016/0003-4975(92)90365-b
  25. Verizon, "The 2013 Data Breach Investigations Report", 2013