• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.9-20
• /
• 2018

Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have not been treated importantly in financial industry. In addition, this study presented that ISMS can be an effective management system applicable for financial service industry.

• Journal of Digital Convergence
• /
• v.19 no.8
• /
• pp.89-100
• /
• 2021

The National Cyber Capability Assessment(NCCA) could be used as meaningful information for improving national cyber security policy because it provides information on the elements necessary for strengthening national cyber capabilities and the level of each country. However, there were few studies on improving cyber capabilities using the NCCA result in Korea. Therefore, we analyzed the result of National Cyber Power Index(NCPI) conducted by Belfer Center of Harvard Univ. by applying modified-IPA method to derive cybersecurity policy agendas for Korea. As a result, the need to set agendas on surveillance and offensive cyber capability and improve the effectiveness of policy implementation for intelligence and defense was drawn. Moreover, we suggested need for in-depth study of each policy agenda deduced from preceding research data as a future tasks. And it is expected to increase practical use of NCCA for domestic policy analysis by developing and using our own NCCA model which considered analysis framework proposed in this study.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.437-445
• /
• 2018

Devices have a lot of small breakdowns rather than big breakdowns. But it often wastes time and increases cost of maintenance, such as calling a service technician for small breakdowns. So, if we use remote control and monitoring service using Internet of Things, we can minimize the time period and cost for the maintenance. However, security is important because remote control and monitoring services contain personal information which when leaked, may be dangerous. There are many types of Internet based monitoring devices that are in use, but it is difficult to expect a high level of security because there are many cases in which the performance is minimal. Therefore, in this paper, we classify remote control and monitoring services based on Internet of Things type and derive encryption requirement for four types. We also compared and analyzed the lightweight cryptographic algorithms that can be expected to use high performance even on the Internet of Things. And it is derived that LED is used as a equipment management type, DESLX as a environment management type, CLEFIA as a healthcare management type and LEA as a security management type are the optimal lightweight cryptographic algorithms for each type.

• Journal of Software Assessment and Valuation
• /
• v.15 no.2
• /
• pp.111-119
• /
• 2019

The existing smart grid device authentication system is concentrated on DCU, meter reading FEP and MDMS, and the authentication system for smart meters is not established. Although some cryptographic chips have been developed at present, it is difficult to complete the PKI authentication scheme because it is at the low level of simple encryption. Unlike existing power grids, smart grids are based on open two-way communication, increasing the risk of accidents as information security vulnerabilities increase. However, PKI is difficult to apply to smart meters, and there is a possibility of accidents such as system shutdown by sending manipulated packets and sending false information to the operating system. Issuing an existing PKI certificate to smart meters with high hardware constraints makes authentication and certificate renewal difficult, so an ultra-lightweight password authentication protocol that can operate even on the poor performance of smart meters (such as non-IP networks, processors, memory, and storage space) was designed and implemented. As a result of the experiment, lightweight cryptographic authentication protocol was able to be executed quickly in the Cortex-M3 environment, and it is expected that it will help to prepare a more secure authentication system in the smart grid industry.

• Journal of Convergence for Information Technology
• /
• v.11 no.12
• /
• pp.1-13
• /
• 2021

This study tried to suggest ways to improve the indicator system to strengthen the personal information protection. For this purpose, the components of indicator system are derived through domestic and foreign literature, and it was selected as main the diagnostic indicators through FGI/Delphi analysis for personal information protection experts and a survey for personal information protection officers of public institutions. As like this, this study was intended to derive an inspection standard that can be reflected as a separate index system for personal information protection, by classifying the specific IT technologies of the 4th industrial revolution, such as big data, cloud, Internet of Things, and artificial intelligence. As a result, from the planning and design stage of specific technologies, the check items for applying the PbD principle, pseudonymous information processing and de-identification measures were selected as 2 common indicators. And the checklists were consisted 2 items related Big data, 5 items related Cloud service, 5 items related IoT, and 4 items related AI. Accordingly, this study expects to be an institutional device to respond to new technological changes for the continuous development of the personal information management level diagnosis system in the future.

• Journal of Korea Game Society
• /
• v.10 no.2
• /
• pp.113-121
• /
• 2010

This study proposes an educational game system that fit for portable internet environment as a solution to disadvantages of conventional education systems such as lack of understanding learners' learning level and one-way learning. The study analyses conventional e-Learning contents and platforms and proposes a new system adequate for high contents reusability and user-demand service. The learning contents that mainly consist of animations and games can be adjusted to learners' level, and therefore, learners can study according to various scenarios, not constrained in a fixed pattern. Our system is expected to bring much more fun to learners and the education can be conducted more effectively. To show the effectiveness of our system, an example of english pronunciation game was illustrated. As a result, the week points of the conventional e-Learning was overcame and new features of the interactivity was adopted to build a more effective educational game system.

• Journal of KIISE
• /
• v.44 no.1
• /
• pp.21-26
• /
• 2017

In recent years, new technologies such as Internet of Things, Cloud Computing and Big Data are being widely used. And the type and amount of data is dramatically increasing. This makes security an important issue. In terms of leakage of sensitive personal information. In order to protect confidential information, a method called anonymization is used to remove personal identification elements or to substitute the data to some symbols before distributing and sharing the data. However, the existing method performs anonymization by generalizing the level of quasi-identifier hierarchical. It requires a higher level of generalization in case where k-anonymity is not satisfied since records in data table are either added or removed. Loss of information is inevitable from the process, which is one of the factors hindering the utility of data. In this paper, we propose a novel anonymization technique using decision tree based machine learning to improve the utility of data by minimizing the loss of information.

• Journal of Digital Contents Society
• /
• v.19 no.8
• /
• pp.1515-1525
• /
• 2018

Security threats in the 4th Industrial Revolution have expanded to the issue of safety, but the environment for information security of domestic companies is still at a low level. This study aims to propose policy implications by empirically analyzing factors affecting investment intention. We investigated the state of information security and protection behavior and expanded UTAUT to investigate correlations. The results showed that information assets affect facilitating conditions, and perceived and new concerns have impacts on social influence. Social influence affect experience and habits, but the impact on security investment intentions was rejected. Facilitation conditions, previous experiences and habits have great influences on investment intention, new service security investment intention. The influence of perceived and new concern are low or rejected. There are moderating effects between types of business, size, security organization, experience of infringement, security personnel ratio, and personal information collection. This study will help to establish policies for enhancing the level of information security.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.769-772
• /
• 2012

Personal Information Article2 defines personal authentication information, secret information, bio information for personal information and it is stipulated under article29 that the one who have duties must take adequate technological, administrative, physical measures to prevent from illegal reading and sneaking. Also it is stipulated under information communication network law28(1), enforcement regulation9, Korea Communications Commitee notice. To satisfy this, the one who have to take security actions of personal information are required to take technological measures and establish positive measures to continuously manage it.The insurance of technological security is possible by encryption of personal information, secure management and operation of encryption key,taking personal information security level of providin access control of personal information reading and audit.In this paper, we will analyze various technologies of personal information encryption which are essencial component in technological security measuresof personal information. This paper will help choose which technological measures you should take in personal information security.

• Korean Journal of Construction Engineering and Management
• /
• v.2 no.3 s.7
• /
• pp.83-91
• /
• 2001

Generally the level of accumulating scheduling knowledge-base in Korean construction companies is in the scheduling knowledge-base infrastructure construction phase and Even in top 10 construction companies, the level is in early scheduling knowledge activity phase. The principle causes of this situation are unawareness of importance to scheduling knowledge and absence of procedure related to scheduling knowledge-base. This research analyzes the problems to accumulate scheduling knowledge-base in Korean construction companies and proposes a procedure model to accumulate scheduling knowledge-base property, which adds items of scheduling knowledge-base infrastructure and scheduling knowledge activity to the existing scheduling procedures of Korean construction companies. Using procedure model for accumulating scheduling knowledge-base, Korean construction companies can develop a new scheduling procedure and accumulate scheduling knowledge accordingly. If scheduling knowledge were accumulated property according to the procedure, a framework for knowledge management system could be provided.