Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.6.1261

A study for Cybersecurity Risk Management by Blockade and Defense Level Analysis  

Han, Choong-Hee (Korea Power Exchange)
Han, ChangHee (Korea Military Academy)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.6, 2021 , pp. 1261-1266 More about this Journal
Abstract
Existing information security risk assessment methods focus on evaluating the vulnerability of information assets. However, when the form of information assets changes and new types of information assets emerge, there is a limitation in that the evaluation standards for them are also added or deleted. Existing methods have insufficient research on the path through which cyber threats are introduced. In particular, there is very little research on blocking the inflow path for web-based information systems with public IPs. Therefore, this paper introduces the main research contents of the BDLA (Blockade and Defense Level Analysis)-based information security risk assessment model. In addition, by applying the BDLA-based information security risk assessment model, the information security risk level was studied by measuring the blockade level and security equipment level of 17 public institutions.
Keywords
BDLA; ESC Model; foreign IP band blocking;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Dong-Joo Kang, Huy-kang Kim, 'Quantitative Methodology to Assess Cyber Security Risks of SCADA system in Electric Power Industry" Journal of The Korea Institute of Information Security and Cryptology , vol.23, no.3, pp. 445-457, 2013.   DOI
2 Nian Liu, Jianhua Zhang, and Wenxia Liu, "Security Assessment for Communication Networks of Power Control Systems Using Attack Graph and MCDM," IEEE Transactions on Power Delivery, Vol.25 , no.3, pp. 1492-1500, Jun. 2010.   DOI
3 Pravin Chopade and Dr. Marwan Bikdash, "Modeling for Survivability of Smart Power Grid when subject to severe emergencies and vulnerability," Proceedings of IEEE Southeastcon, Mar. 2012.
4 Jin Wei, Deepa Kundur, Takis Zourntos, "On the Use of Cyber-Physical Hierarchy for Smart Grid Security and Efficient Control," 25th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE), May. 2012.
5 Irving Lachow, FranklinD.Krame "Cyberpower and National Security", Potomac Books Inc, April. 2009.
6 Han Choong-Hee, 'A study for Information Security Risk Assessment Methodology Improvement by blockade and security system level assessment' Korea Information Assurance Society, vol.20, no.4, pp. 187- 196, Oct, 2020.
7 B. E. Strom et al, "MITRE ATT&CKTM: Design and Philosophy," MITRE White paper, Jul. 2018.
8 Dong Hyun Kim, "A Study on the ISMS-P Accreditation Effect Using the Seven Threats of Security - Focused on Enterprise Size and Career", The Journal of Korean Institute of Information Technology - vol.18, no.4, pp.109-119, Apr. 2020.   DOI
9 Enter Greg Reith, "Prioritizing Cyber Threats With Real-Time Threat Intelligence," RFSID, 2018.
10 Deepa Kundar, Xianyong Feng, Shan Liu, Takis Zourntos, Karen L., Burtler-Purry, "Towards a Framework for Cyber Attack Impact Analysis of the Electric Smart Grid," First IEEE International Conference on Smart Grid Communications, Oct. 2010.
11 Lee Hyunjin, "A study for configuration about cyber attack scenario using MITRE ATT&CKTM", Annual Conference of IEIE 2020, Vol 42, pp. 1103-1104, Korea, Jun. 2019.
12 Han Choong-Hee, "Semi-quantitative cybersecurity risk assessment by blockade and defense level analysis", Process Safety and Environmental Protection, Elsevier, vol.155, pp.306-316, Nov. 2021.   DOI
13 Jaehyun Choi, "Security Vulnerability Management Measures for Major Information and Communication Infrastructure using VMS", Journal of The Institute of Electronics and Information Engineers vol.57, no.6, pp.37-43, June 2020   DOI
14 Matias Negrete-Pincetic, Felipe Yoshida, George Gross, "Towards Quantifying the Impacts of Cyber Attacks in the Competitive Electricity Market Environment," IEEE Bucharest PowerTech, Oct. 2009,