• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.4
• /
• pp.145-156
• /
• 2022

To strengthen the security of autonomous vehicles, this study derived checklists through the analysis of the status of autonomous vehicle security. The analyzed statuses include autonomous vehicle characteristics, security threats, and domestic and foreign security standards. The derived checklists are then applied to the AHP(Analytic Hierarchy Process) model to find their relative importance. Relative importance was ranked as one of cyber security management system establishment and implementation, encryption, risk assessment, etc. The significance of this study is to reduce cyber security incidents that cause human casualties as well improve the level of security management of autonomous vehicles in related companies by deriving the autonomous vehicle security level checklists and demonstrating the model. If the inspection is performed considering the relative importance of the checklists, the security level can be identified early.

• Review of KIISC
• /
• v.26 no.1
• /
• pp.48-53
• /
• 2016

최근 들어 보안사고의 대응 방식이 네트워크 보안이나 운영체제 보안과 같은 전통적인 방법에서 벋어나 개발생명주기보안이나 SW 공급망 보안으로 확대되고 있다. 이러한 흐름에서 주목받는 것이 BSIMM과 같은 소프트웨어 보안성숙도 모델이다. 보안성숙도 모델은 소프트웨어 시스템의 보안성 향상을 위해 관리자와 개발자가 중점을 두어야 할 부분을 스스로 평가할 수 있도록 하는 프레임워크이다. 본 고에서는 BSIMM을 통해 보안성숙도 모형이 갖는 특징을 소개하며, 이의 활용에 대해 살펴본다.

• Management & Information Systems Review
• /
• v.32 no.2
• /
• pp.213-235
• /
• 2013

This study investigates proper solution available for flexibly management pointing out reality a lack of understanding and interest for executing security management while importance of firm security management gets bigger. Accordingly, this study suggests 4 exogenous variables such as organizational commitment, experience of security risks, perceived benefits, partner interdependence as factors of having influence upon development and implementation in security management. It suggests IT volatility as moderating variable, which will intensify between development and implementation. The research model was tested by using Structural Equation Modeling, via Amos 19.0 analysis on a sample collected from 209 firms. As a result, the remaining variables except partner interdependence showed statistically positive influence. The implications of the findings suggest a new theoretical framework of the security management and offers important solutions for the practical application guidelines.

• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.81-89
• /
• 2008

This paper introduces u-learning service model based on context awareness. Also, it concentrates on agent-based WPAN technology, OSGi based middleware design, and the application mechanism such as context manager/profile manager provided by agents/server. Especially, we'll introduce the meta structure and its management algorithm, which can be updated with learning experience dynamically. So, we can provide learner with personalized profile and dynamic context for seamless learning service. The OSGi middleware is applied to our meta structure as a conceptual infrastructure.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.295-298
• /
• 2017

최근 국가연구개발사업은 개방형 연구환경으로 변화되어지고 있다. 이러한 변화는 연구개발 자원 및 시간 절감, R&D 투자효과 증대 등 긍정적인 효과를 동반하지만 연구 수행 과정, 연구성과물 유출과 같은 역기능이 발생하고 있다. 따라서 본 연구에서는 연구환경 변화에 따른 연구성과물 유출 가능성을 줄이기 위해서 자체적으로 보안관리 및 평가를 할 수 있는 연구보안 수준측정 모형을 설계하고자 한다. 이는 연구기관의 보안 수준 파악과 향상을 위해 유용하게 활용될 것으로 기대된다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.819-822
• /
• 2011

최근 스마트폰의 발전으로 인하여 기업 및 기관에 모바일 오피스의 도입이 빠르게 확산되고 있다. 모바일 오피스는 업무의 편의성을 제공하지만 반면 무선네트워크의 사용량 증가와 상대적으로 보안이 취약한 스마트폰의 이용의 증가로 인하여 정보유출의 위협이 높아지고 있다. 본 논문에서는 "스마트 모바일 오피스 환경에서의 정보보호관리체계(ISMS)를 확장한 정보보호모형"[1]에 유형별로 분류한 모바일 오피스를 분석하고 정보보호모형을 발전시켜 모바일 오피스를 도입하려는 기업 및 기관의 보안환경에 적합한 유형을 선택하는 방향을 제시하고자 한다.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.85-92
• /
• 2012

There are many software reliability models that are based on the times of occurrences of errors in the debugging of software. It is shown that it is possible to do asymptotic likelihood inference for software reliability models based on infinite failure model and non-homogeneous Poisson Processes (NHPP). For someone making a decision about when to market software, the conditional failure rate is an important variables. The finite failure model are used in a wide variety of practical situations. Their use in characterization problems, detection of outliers, linear estimation, study of system reliability, life-testing, survival analysis, data compression and many other fields can be seen from the many study. Statistical Process Control (SPC) can monitor the forecasting of software failure and there by contribute significantly to the improvement of software reliability. Control charts are widely used for software process control in the software industry. In this paper, we proposed a control mechanism based on NHPP using mean value function of log Poission, log-linear and Parto distribution.

• 한국경영정보학회:학술대회논문집
• /
• 2007.06a
• /
• pp.959-965
• /
• 2007

최근 정보시스템의 개방성과 접근성의 확대는 조직 내 외부로부터 보안위협을 증가시키고 있다. 일반적으로 정보시스템은 패스워드를 이용하여 사용자 인증과 자료의 접근을 제한하고 있으므로 패스워드의 선택은 정보보안에 있어서 매우 중요하다. 적절한 패스워드의 선택은 정보시스템의 오 남용 방지 및 불법적인 사용자의 제한 등의 보안효과를 가져올 것이다. 본 연구의 목적은 정보를 보호하기 위한 적절한 패스워드선택을 위한 사용자의 보안행위의도에 미치는 요인을 분석하는 것이다. 이를 위하여 정보시스템 사용자의 적절한 패스워드의 선택에 영향을 미치는 핵심적인 요인으로 위험분석 방법론을 토대로 한 위험을 활용한다. 또한 위험을 사용자의 보안의식과 패스워드 관리지침을 패스워드 선택의 태도에 영향을 미치는 요인으로 보고, 사용자의 적절한 패스워드의 보안행위의도를 TRA (Theory of Reasoned Action)를 기반으로 모형을 설계하였다. 본 연구를 분석한 결과 정보자산이 위험에 관련성이 없는 반면, 정보자산을 제외한 위협, 취약성, 위험, 사용자의 보안의식, 패스워드 보안상태, 보안행위의도는 요인간에 유의한 영향을 미치는 것으로 분석되었다.

• Journal of Navigation and Port Research
• /
• v.40 no.4
• /
• pp.213-222
• /
• 2016

Recently, as cases of organizations' information disclosure occur continuously, it is urgent to manage security of information and establish measures to enhance security of information by an organization itself. Especially, members of an organization should be prepared with measures for information security, and an organization should do its efforts to raise its members' awareness toward information security. I set a research model to verify what effects an organization's fulfillment of regulations to secure information brings to performance of information security and selected members from maritime and port organizations and financial and insurance institutes as sample. Results of the analysis to identify factors affecting information security performance among members of maritime and port organizations are as follows. Firstly, I found that the factors affecting information security awareness are information security attitude and information security standards. Secondly, the factor giving influence on information security policy of an organization was found to be information security standards. In contrast, information security punishments and information security training were verified not to give influence on compliance of information security policy. Thirdly, information security awareness was identified to give significant influence on compliance of information security policy, information security competence and information security behavior. Fourthly, compliance of information security policy was verified to be those factors that give influence on information security competence and information security behavior. Lastly, information security competence and information security behavior were found to be such factors that give influence on information security performance.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.111-120
• /
• 2019

As cyber-attacks become more intelligent and sophisticated, the importance of Security Operations Center(SOC) has increased and the number of SOC has been increasing. In order to cope with cyber threats, institutions and organizations use a variety of cyber security standards to create business procedures. However, SOC often need to be improved in accordance with the SOC environment because they collaborate with managed security service specialists rather than their own personnel. The NIST cyber security framework, information security management system, and managed security service companies were compared and analyzed. As a result, it was found that the NIST CSF is a framework that is easy to apply to managed security service, The content was judged to be insufficient. Therefore, in this study, NIST CSF was used as a reference model to derive the management items required for SOC environment, and the necessity, importance and ease of each item were confirmed through an Delphi technique and an improved cyber security framework was proposed.