• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.561-575
• /
• 2023

The information security industry has seen a wide variety of growth over the past few decades. In particular, various solutions have been proposed in terms of technology, management, and institutional aspects. Nevertheless, it should be notedthat security accidents continue to occur every year. This proves that there are limitations to various business changes in the digital era as existing security is being promoted with technology-oriented and prevention-oriented policies. Thus, people-centric security (PCS) has recently become a hot topic in order to escape the limitations of traditional securityapproaches. Through the concept of information security violations, PCS strategic principles, and expert interviews, this studyaims to present a fundamental security incident response plan by classifying human-caused vulnerabilities into 5 categories and classifying them into 21 detailed components.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.33-51
• /
• 2011

This research derived the influencing factors for employees' compliance with the information security policy in organizations on the basis of Neutralization Theory, Theory of Planned Behavior and Protection Motivation Theory. To empirically analyze the research model and the hypotheses, data were collected by conducting web survey, 194 of 207 questionnaires were available. The test of causal model was conducted by PLS. Reliability, validity and model fit were found to be statistically significant. the results of hypotheses tests showed that seven ones of eight hypotheses could be accepted. The theoretical implications of this study are as follows : 1) this study is expected to play a role of baseline for future research about employee compliance with the information security policy, 2) this study attempted interdisciplinary approach through combining psychology and information system security research, and 3) it suggested concrete operational definitions of influencing factors for information security policy compliance through comprehensive theoretical review. Also, this study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for implement of information system security policies in organizations. Second, it is proved that the need for conducting education and training program suppressing employees. neutralization psychology to violate information security policy should be emphasized in the organizations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.13-29
• /
• 2005

An important characteristic of role-based access control model(RBAC) is that by itself it is policy neutral. This means RBAC articulates security policy without embodying particular security policy. Because of this reason, there are several researches to configure RBAC to enforce traditional mandatory access control(MAC) policy and discretionary access control(DAC) policy. Specifically, to simulate MAC using RBAC several researches configure a few RBAC components(user, role, role-hierarchy, user-role assignment and session) for keeping no-read-up rule and no-write-down rule ensuring one-direction information flow from low security level to high security level. We show these researches does not ensure confidentiality. In addition, we show the fact that these researches overlook violation of integrity due to some constraints of keeping confidentiality. In this paper we propose a RBAC model satisfying both confidentiality and integrity. We reexamine a few RBAC components and constructs additional constraints.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.17-23
• /
• 2018

The rapid development of mobile technology has increased the use of mobile devices, and the possibility of security incidents is also increasing. The leakage of information through photos is the most representative. Previous methods for preventing this are disadvantageous in that they can not take pictures for other purposes. In this paper, we design and implement a system to prevent information leakage through photos using object recognition and beacon. The system inspects pictures through object recognition based on deep learning and verifies whether security policies are violated. In addition, the location of the mobile device is identified through the beacon and the appropriate rules are applied. Web applications for administrator allow you to set rules for taking photos by location. As soon as a user takes a photo, they apply appropriate rules to the location to automatically detect photos that do not conform to security policies.

• The Journal of Korean Association of Computer Education
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2010

NAC(Network Access Control) has been developed as a solution for the security of end-point user, to be a target computer of worm attack which does not use security patch of OS and install Anti-Virus, which spreads the viruses in the Intra-net. Currently the NAC products in market have a sufficient technology of pre-connect, but insufficient one of post-connect which detects the threats after the connect through regular authentication. Therefore NAC users have been suffered from Zero-day attacks and malware infection. In this paper, to solve the problems in the post-connect step we generate the normal behavior profiles using the traffic information of each host, host information through agent, information of open port and network configuration modification through network scanner addition to authentication of host and inspection of policy violation used before. Based on these we propose the system to detect the hosts infected malware.

• Journal of Information Technology Applications and Management
• /
• v.22 no.4
• /
• pp.225-251
• /
• 2015

This paper analyzed factors for employees to violate information security policy in financial companies based on the theory of reasoned action (TRA), general deterrence theory (GDT), and information security awareness and moderating effects of perceived sensitivity of customer information. Using the 376 samples that were collected through both online and offline surveys, statistical tests were performed. We found that the perceived severity of sanction and information security policy support to information policy violation attitude and subjective norm but the perceived certainty of sanction and general information security awareness support to only subjective norm. Also, the moderating effects of perceived sensitivity of customer information against information policy violation attitude and subjective norm were supported. Academic implications of this study are expected to be the basis for future research on information security policy violations of financial companies; Employees' perceived sanctions and information security policy awareness have an impact on the subjective norm significantly. Practical implications are that it can provide a guide to establish information security management strategies for information security compliance; when implementing information security awareness training for employees to deter violations by emphasizing the sensitivity of customer information, a company should make their employees recognize that the customer information is very sensitive data.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.5
• /
• pp.1122-1127
• /
• 2014

WLAN is affordability, flexibility, and ease of installation, use the smart device due to the dissemination and the AP (Access Point) to the simplification of the Office building, store, at school. Wi-Fi radio waves because it uses the medium of air transport to reach areas where security threats are always exposed to illegal AP installation, policy violations AP, packet monitoring, AP illegal access, external and service access, wireless network sharing, MAC address, such as a new security threat to steal. In this paper, signature-based of wireless intrusion detection system for Snort to suggest how to develop. The public can use hacking tools and conduct a mock hacking, Snort detects an attack of hacking tools to verify from experimental verification of the suitability of the thesis throughout.