• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.10
• /
• pp.1392-1397
• /
• 2018

Nuclear power plants(NPPs) are protected as core facilities managed by major countries. Applying general IT technology to facilities of NPPs, the proportion of utilizing the digitized resources for the rest of the assets except for the existing installed analog type operating resources is increasing. Using the network to control the IT assets of NPPs can provide significant benefits, but the potential vulnerability of existing IT resources can lead to significant cyber security breaches that threaten the entire NPPs. In this paper, we analyze the nuclear cyber security vulnerability regulatory requirements, characteristics of existing vulnerability scanners and their requirements and investigate commercial and free vulnerability scanners. Based on the proposed application method, we can improve the efficiency of checking the network security vulnerability of NPPs when applying vulnerability scanner to NPPs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.229-244
• /
• 2024

Recently, supply chain attacks against nuclear facilities such as "Evil PLC" are increasing due to the application of digital technology in nuclear power plants such as the APR1400 reactor. Nuclear supply chain security requires a asset management system that can systematically manage a large number of providers due to the nature of the industry. However, due to the nature of the control system, there is a problem of inconsistent management of attribute information due to the long lifecycle of software assets. In addition, due to the availability of the operational technology, the introduction of automated configuration management is insufficient, and limitations such as input errors exist. This study proposes a systematic asset management system using SBOM(Software Bill Of Materials) and an improvement for input errors using natural language processing techniques.

• The Journal of the Convergence on Culture Technology
• /
• v.5 no.3
• /
• pp.55-60
• /
• 2019

It is true that Blockchain has been known as a core technology for cryptocurrency like bitcoin (BTC). It is caused by its rapid value rises. Now, one BTC is trading around 10,000 US dollars while it bought just less than one dollar at its first trading in May, 2010. Blockchain makes on-line transactions possible by the safe cryptocurrency swiftly based on P2P network and distributed public ledger while its on-line traffic is rapidly increasing. However, this technology has bigger potential in the fourth industrial revolution era and its application areas will be varied. The evolving intelligent information society needs to make new added value through utilizing, sharing and processing of useful digital information. Obstacles such as hacking and fraud often exist when transactions of digital properties, right transfers, etc. are done through digital network specialized with anonymity. It is expected that blockchain will be a definite solution in this regard. This paper addresses useful development directions and countermeasures for blokchain in the digital economy by analysis of its current status and issues.

• Journal of Digital Convergence
• /
• v.17 no.1
• /
• pp.141-148
• /
• 2019

The advancement of digital technology accelerates intelligence, convergence, and demands better change beyond traditional methods in all aspects of business models and technologies, infrastructure, processes, and platforms. Risk management is becoming more important because of various security risks, depending on the changing business environment and aligned to business goals is emerging from the existing information asset based risk management. For business aligned risk management, it is essential to understand the risk appetite for achieving business goals, which provides a basis for decision-making in subsequent risk management processes. In this paper, we propose a framework for analyzing the risk management framework, pre - existing risk analysis, and protection motivation theory that influences decisions on security risk management. To examine the practical feasibility of the developed risk appetite framework, we reviewed the applicability and significance of the proposed risk appetite framework through an advisory committee composed of security risk management specialists.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.35-45
• /
• 2020

Cyber attacks on the aviation weapon system, a state-of-the-art asset, have become a reality and are approaching as a constant threat. However, due to the characteristics of embedded software of the current aviation weapon system, it is managed and operated without connection to the network in peacetime, so the response management to cyber attacks is relatively weak. Therefore, when a cyber attack becomes a reality, it is urgent to prepare and evaluate measures for the adverse effects that such attack will have on the execution of the Air Tasking Order(ATO). In this paper, we propose a framework for operational impact assessment in order to avoid confusion in ATO execution and systematic response to cyber attacks on aviation weapons systems. The proposed framework is designed to minimize the negative impact on operations against cyber attacks that may occur under no warning by analyzing the impact on air operations for each aviation weapon system and standardizing countermeasures for this. In addition, it supports the operational commander to make a quick decision to command for the execution of the operation even in a situation where a cyber attack occurs.

• Journal of Information Technology Services
• /
• v.23 no.1
• /
• pp.1-10
• /
• 2024

The IT environment is changing due to the acceleration of digital transformation in enterprises and organizations. This expansion of the digital space makes centralized cybersecurity controls more difficult. For this reason, cyberattacks are increasing in frequency and severity and are becoming more sophisticated, such as ransomware and digital supply chain attacks. Even in large organizations with numerous security personnel and systems, security incidents continue to occur due to unmanaged and unknown threats and vulnerabilities to IT assets. It's time to move beyond the current focus on detecting and responding to security threats to managing the full range of cyber risks. This requires the implementation of asset Inventory for comprehensive management by collecting and integrating all IT assets of the enterprise and organization in a wide range. IT Asset Management(ITAM) systems exist to identify and manage various assets from a financial and administrative perspective. However, the asset information managed in this way is not complete, and there are problems with duplication of data. Also, it is insufficient to update of data-set, including Network Infrastructure, Active Directory, Virtualization Management, and Cloud Platforms. In this study, we, the researcher group propose a new framework for automated 'Comprehensive IT Asset Management(CITAM)' required for security operations by designing a process to automatically collect asset data-set. Such as the Hostname, IP, MAC address, Serial, OS, installed software information, last seen time, those are already distributed and stored in operating IT security systems. CITAM framwork could classify them into unique device units through analysis processes in term of aggregation, normalization, deduplication, validation, and integration.

• The Journal of the Convergence on Culture Technology
• /
• v.10 no.4
• /
• pp.675-680
• /
• 2024

This study aims to examine the trends in Metaverse technology following the Post-COVID era and analyze the use cases in the jewelry industry. With the endemic, the business environment for companies has shifted from online to offline, leading to a reduced public interest in the Metaverse. However, examining the global jewelry brand trends in metaverse technology reveals advancements in AR/VR technologies that enhance realism and evolve the metaverse into a space without the uncanny gap between virtual and reality. The Metaverse exhibits three main characteristics in the Post-COVID era. First, there is a transformation in the business domain, starting with digital twins. Second, it is integrating with various information and communication technologies. Third, setting a direction for Metaverse operation as an omni-channel is being emphasized. Utilizing assets learned during the COVID-19 period and continuing to learn about digital and online technologies is essential for securing market competitiveness. This paper discusses how to enhance the competitiveness of jewelry industry entities based on the trends of Metaverse technology in the Post-COVID era.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.1-10
• /
• 2014

Recently, the value and the status of the digital archives that are built individually in the crossroads of oblivion and memory are due to big data has attracted attention globally is confusing. Video data that contains the cultural memory of the digital archive, such as culture, art, life, society, and social conditions of the time, it is a cultural heritage of national common expressed. Also, it remains a trace of history from the various media just like magazines, books, painting, photography, and film. Digital archive system is one of the best research results of media convergence and it has also a good opportunity to take full advantage of the new opportunities and cultural assets. The collection of infinite information of big data in perspective transient that exist at the same time compatibility of big data, it is trying to dismantle the cultural memory of us. It was asserted that must meet the criteria which can correspond to via the new digital era, will be applied to preserve the traditional media. The current image archive is necessary to accommodate proper two different directions.

• Journal of Conservation Science
• /
• v.37 no.2
• /
• pp.167-178
• /
• 2021

For the preservation and efficient content sharing of 5 volumes (2,866 pages) of Yu Kil-Chun's book published in 1971, which provides an important collection of data for the study of modern Korean history during the late 19th century (enlightenment period of Joseon dynasty). The books were purchased and its preservation status investigated and documented electronically by scanning for permanent preservation of content and to determine the condition of preservation at the time of documentation. The degree of deterioration and damage, such as discoloration, hardening, breakage, and damage in these 50 years old modern printed books was quantified through image analysis and made attempts to visualize the damaged areas. It was observed that the degree of deterioration and damage depended on the material and the surface condition of the paper used, the degree of exposure to light, and the storage environment. The comparison of the preservation status at the time of the photographing (or scanning) and judgment as to whether or not the image under investigation was artificially modified was accomplished by comparing the electronically documented images of Seoyugyeonmun (西遊見聞) in Volume 1 of Yu Kil-Chun's works with images provided on other websites. Practical problems encountered while considering the effective preservation of electronically documented data and publicly sharing it, in the course of this study, with other academic researchers around the world were also summarized.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.29-40
• /
• 2013

This study analyzed that adjustment roles of the organization and Information System strategy suitability factors between influence and introduction outcome factors in the IT outsourcing in government offices. Influence factors of IT outsourcing are organization factor(information system maturity, CEO's support), trade factor(asset speciality, uncertainty, using degree of information system), risk factor(risk of security, risk of increase in cost, risk of losing autonomy). And outcome factors are set as economic effect and technology effect. We analyzed that organization and IS strategy suitability factors as moderator variables. Results are the followings. It was analyzed that organization and IS strategy suitability factors are in charge of adjusting role among information system maturity which is lower variable of organization factor, CEO's support, uncertainty of trade factor's lower variable, risk of security which is risk factor's lower variable, risk of increase in cost, loss of autonomy. Therefore, in order for organization to increase the outcome of information technology, organization strategy and IS strategy should be promoted in combined manner. However, it was analyzed that strategy suitability could not take the adjusting role between asset specialty and introduction outcome.