• Journal of Korea Society of Industrial Information Systems
• /
• v.29 no.5
• /
• pp.69-94
• /
• 2024

In order to improve the security policy compliance performance of an organization, it is crucial for organizational members to have a strong intention to actively accept these policies. Accordingly, this study proposes a research model based on the Health Belief Model, a key theory in the field of health psychology, with the aim of seeking ways to enhance the acceptability of security policies among organizational members. Data were collected through surveys and analyzed using statistical methods. The results of the study revealed that the perceived security threats and the perception of support for security policy compliance at the organizational level significantly influence the acceptance of security policies through the mediating role of perceived benefits from security policy compliance. Additionally, the study demonstrated that the perceived burden of effort and work disruption associated with complying with security policies, i.e., perceived barriers, has a significant negative impact on the acceptance of security policies. This study holds academic significance as it presents a model that effectively analyzes the cognitive mechanisms influencing the acceptance of security policies by applying the Health Belief Model, originally rooted in healthcare. The analysis results and various implications discussed in this study are expected to provide useful information and insights for developing strategies to enhance the acceptance of security policies among organizational members in the future.

• Informatization Policy
• /
• v.19 no.1
• /
• pp.91-106
• /
• 2012

We should set up a policy objective to obtain consumer engagement in smart grid and analyze the key influencing factors in smart grid consumer engagement in oder to deploy smart grid successfully. It is because the successful deployment of smart grid depends on whether the end users accept the smart grid products and services. So far, There have been few studies in Korea which focus on the smart grid consumer engagement. Therefore, we carried out an literature review in terms of smart grid consumer engagement and tried to suggest related policy implications. As a result, we identified key influencing factors such as monetary benefits, environment-friendly characteristics, cyber security and understanding of smart grid. Futhermore, we suggested policy implications related to customer education, linkage between smart grid policies and other environmental ones, cyber security enhancement, etc.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.11a
• /
• pp.28-30
• /
• 2005

유비쿼터스 환경에서의 이동 단말들을 관리하기 위해서는 수많은 요구 사항들을 만족시켜야만 한다. 모든 이동 단말들과 정보를 교환할 수 있어야 하며, 기존의 이동 단말뿐 만 아니라 미래의 새로운 단말기기도 수용할 수 있도록 확장성을 제공하여야 한다. 또한 많은 종류의 이동 단말들을 제어하기 위해서 쉽게 구성된 보안 관리 체계와 정책 적용에 있어 자동성을 제공 해야 한다. 사실 이러한 요구사항을 단지 하나의 미들웨어로 만족시키기는 어렵다. 본 논문에서는 이동 단말들의 절러 미들웨어을 수용할 수 있는 유비쿼터스 환경에 적합한 이동 단말 보안 관리를 위한 미들웨어를 제안한다. 이 미들웨어는 모든 이동 단말들과의 정보 교환을 위한 서비스를 핵심으로 구성되고 각 이동 단말들의 상태와 이벤트를 관리하여 보안정책에 맞추어 리소스와 서비스를 제공한다.

• The KIPS Transactions:PartC
• /
• v.9C no.6
• /
• pp.823-830
• /
• 2002

Enterprise security management system proposed to properly manage heterogeneous security products is the security management infrastructure designed to avoid needless duplications of management tasks and inter-operate those security products effectively. In this paper, we propose the model of generalized security policies. It is designed to help security management build invulnerable security policies that can unify various existing management infrastructures of security policies. Its goal is not only to improve security strength and increase the management efficiency and convenience but also to make it possible to include different security management infrastructures while building security policies. In the generalization process of security policies. we first diagnose the security status of monitored networks by analyzing security goals, requirements, and security-related information that security agents collect. Next, we decide the security mechanisms and objects for security policies, and then evaluate the properness of them on the basis of security goals, requirements and a policy list. With the generalization process, it is possible to integrate heterogeneous security policies and guarantee the integrity of them by avoiding conflicts or duplications among security policies. And further, it provides convenience to manage many security products existing in large networks.

• Proceedings of the CALSEC Conference
• /
• 1997.11a
• /
• pp.143-160
• /
• 1997

정보화 사회에서 개인의 프라이버시와 국가 차원의 보안의 균형있는 발전은 매우 중요한 과제이며, 1997년 3월 국제 경제개발 협력기구(OECD)는 암호기능을 적용하기 위한 정책인 ‘OECD 암호정책’을 수립하였으며, 이 지침의 특기할 점은 암호화된 데이터를 국가 등의 제 3자가 강제적으로 해독하는 것을 인정하였다는 것이다. 이러한 OECD 암호정책은 공공의 안전성 확보에 필요한 조치임과 동시에 개인 프라이버시 침해의 위험을 내포한 암호정책으로 세계를 상대로한 CALS/EC 산업에 이러한 기술이 표준화되어 적용될 가능성이 높기 때문에 향후 국내의 CALS/EC 보안 서비스 제공시 중요한 지침이 될 것이다. 본 논문에서는 CALS/EC 보안 서비스를 실현하기 위하여 연구 개발해야 할 보안 기술 중 암호문의 강제 해독 기술 및 인중 기술을 포함한 보안 프레임워크를 제안한다.

• Annual Conference of KIPS
• /
• 2002.04a
• /
• pp.31-34
• /
• 2002

최근 많은 웹 기반 서비스나 애플리케이션들이 XML 형태로 지원되면서 XML 데이터의 보안에 대해서 많은 연구가 이루어지고 있다. 기존의 XML 보안은 암호, 서명, 접근제어의 형태로 이루어지고 있으며 그 중에서 접근제어는 DTD기반과 문서기반으로 분류되어 임의적 접근제어 모델을 적용한 연구가 진행되어 왔다. 그러나 DTD의 대안으로서 객체지향개념을 수용하는 XML 스키마의 사용이 증가되고 있어 이를 위한 보안요구사항과 접근제어정책이 추가로 필요하게 되었다. XML문서의 데이터보호를 위해서 기존의 DTD기반과 문서기반 접근제어정책을 수용하면서 스키마 기반의 접근제어정책을 지원하기 위해서 이 논문에서는 역할기반접근제어 모델을 적용한 XML 스키마 기반의 접근제어 모델을 제안한다.

• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.49-61
• /
• 2021

In a disaster situation such as COVID-19, our society has experienced the spread of the damage due to confirmed patients who have a negative or uncooperative attitude toward the disclosure of personal information. Accordingly, this study aims to find a policy direction that can improve the awareness of the disclosure of personal information about confirmed COVID-19 patients. This study classified the concept of acceptability into personal and social acceptability, and statistically verified their relationship with influential factors. In this study, 594 cases of data collected through an online survey were used. The analysis results show that the greater the trust in the government's personal information management capability, the lower the perception of the risks associated with the disclosure of personal information, and the lower the awareness of the risk, the higher the personal and social acceptability of the personal information disclosure of COVID-19 confirmed patients. In addition, the greater the recognition of the utility of personal information disclosure, the higher the perception of personal and social acceptability of the personal information disclosure. It is expected that the analysis results and discussions of this study will be useful information for policy development to create a more mature social atmosphere to reduce the public's reluctance to disclose information not only in COVID-19 but also in new disaster situations in the future.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.04b
• /
• pp.18-20
• /
• 2000

공간 데이터베이스를 권한이 없는 사용자의 접근, 고의적인 파괴 혹은 우발적인 사고로부터 보호하기 위하여 공간 데이터베이스에 대한 보안정책의 수용이 필요하다. 보안등급의 적용 단위는 필드, 객체, 레이어 단위의 방법이 있으며, 객체 단위의 보안등급 적용은 인접한 객체의 위상관계에 의한 정보 유출의 문제점이 있고, 레이어 단위 보안등급의 적용은 공간 객체에 대한 사용자의 접근성을 저하시키는 문제를 발생시킨다. 본 논문에서는 공간 객체에 대한 사용자의 접근성을 향상시키기 위하여 타일 단위의 접근제어 기법을 제안한다. 타일 단위 접근제어 기법은 보안등급 적용 단위를 타일(Tile)로 하며 레이어, 지도의 보안등급은 하위 수준인 타일과 레이어에 부여된 보안등급의 최하위 등급으로 각각 설정한다. 제안한 기법의 구현을 위해 타일의 구조와 스키마를 정의하고, 보안 유지를 위한 연산 제약사항을 기술한다. 연산 제약 사항은 기본적으로 BLP의 속성을 따르고, 상위 등급 객체에 대한 수정 방지와 하위 등급 객체에 대한 수정 허용을 위해서 BLP 속성을 확정한다. 제안된 기법은 레이어 단위의 접근제어 기법에서 발생하는 문제점을 해결하여 객체에 대한 사용자의 접근성을 향상시키며 인접한 객체 사이의 위상관계에 의한 정보의 유출을 방지한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.4
• /
• pp.465-471
• /
• 2011

This study was to examined the acceptance of communication for people through smart phone focused users of smart phone. The results were as follows. First, smart phone's mobility influenced positively on attitude toward the transmission of government policy. smart phone's personal appropriateness influenced positively on awareness toward the transmission of government policy and usefulness toward the transmission of government policy. And smart phone's usefulness influenced positively on usefulness toward the transmission of government policy. Second, smart phone's ease of use influenced positively on awareness toward the transmission of government policy. smart phone's security influenced negatively on awareness, usefulness, attitude toward the transmission of government policy. smart phone's connectivity influenced positively on awareness toward the transmission of government policy. Third, usefulness and attitude toward the transmission of government policy through smart phone influenced positively on acceptance intention.

• Smart Media Journal
• /
• v.12 no.9
• /
• pp.60-71
• /
• 2023

A microservice architecture that accommodates the heterogeneity of various development environments and enables flexible maintenance can secure business agility to manage services in line with rapidly changing requirements. Due to the nature of MSA, where communication between microservices within a service is frequent, the boundary security that has been used in the past is not sufficient in terms of security, and a Zerotrust system is required. In addition, as the size of microservices increases, definition of access control policies according to the API format of each service is required, and difficulties in policy management increase, such as unnecessary governance overhead in the process of redistributing services. In this paper, we propose a microservice architecture that centrally manages policies by separating access control decision and enforcement with a general-purpose policy engine called OPA (Open Policy Agent) for collective and flexible policy management in Zerotrust security-applied environments.