• The Journal of the Korea Contents Association
• /
• v.8 no.2
• /
• pp.195-204
• /
• 2008

With the growth of airline management, as well as computer and IT security, the international trade in this modern society has been rapidly increasing, Along with the advancing, airplanes have become a universal means of communication. However, the complications associated with airplane safety have also been brought up as a result, the most concerning of which is terrorism. One of the main counterplans for preventing terrorism is Ground security activities the core of Ground security activities is absolute safety for passengers in both passenger terminal and freight terminal. Subastral security refers to physical protection, proximity control and 100% security search and freight guarding of the passengers' possessions, and the personnel's duties to perform such jobs are be! coming more crucial. On the other hand, Airport security check has bee n gradually developing since the 1960's, when hijacking began to take place. Although the airports have been providing more safe and comfortable services to their customers, terrorism is still happening today. When Ground security activities is minute, the users feel displeasure and discomfort, yet considering solely their convenience can brings problems in achieving safety. Since the 9.11 terror in 2001, the idea of improving and strengthening airport security was reinforced and a considerable amount of estate is being spent today for invention and application of new technology. Various nations, including the United States, have been improving their systems of security through public services; public police department is actively carrying out their duties in airports as well. In San Francisco International Airport, private police department is in charge of collection of data, national events, VIP protection, law enforcement, cooperation within facilities, daily-based patrol and traffic control. Under guidance and supervision of national organizations, such as TSA, general police department interprets X-Rays, operates metal detectors, checks passports or IDs and observes reactions to explosives. Under these circumstances, studies about advancement of cooperation and duties of general police department and private police department necessitated: especially about private police department and their training for searching equipments, decrease in number of turn over rate, invention of technology and prior settlement in estate for security. The privacy of the public, who make up the major population of airport passengers, must also be minimized. In the following research, the activities of police departments in San Francisco International Airport will be analyzed in order to understand recent actions of the United States on airport security.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.748-750
• /
• 2015

지식 정보화 사회의 진입으로 인해 다양한 분야에 걸쳐 핵심기술을 보유하게 됨에 따라 국가경쟁력이 강화되어지고 있다. 국가경쟁력이 강회되어짐에 따라 중요 산업정보나 핵심기술이 발생하였으며 이러한 핵심 산업정보를 지키는 것이 매우 중요해졌다. 이에 따라 정부에서 이러한 산업자산을 보호하기 위해 산업보안 관련 부서를 구성하여 다양한 산업보안활동을 수행하고 있다. 하지만 아직 산업보안의 개념 및 학문의 정체성이 확립되어지지 않아 제대로 된 산업보안 활동이 수행되어지지 않고 있다. 본 연구에서는 정부기관의 산업보안활동을 비교/분석하려고 한다. 그리고 산업보안 개념 분석을 통해 정부기관의 올바른 산업보안활동 방향성을 제언하려고 한다.

• The KIPS Transactions:PartD
• /
• v.17D no.3
• /
• pp.223-232
• /
• 2010

This study was carried out for the purpose of inquiring into the effect of composition and security activities for information security architecture on information asset protection and organizational performance in terms of general information security. This study made a survey on 300 workers in the government, public institutions and private companies, which it showed that management factors of risk identification and risk analysis, in general, have an usefulness to composition and security activities for information security architecture to prevent inside information leakage. And the understanding and training factors of IT architecture and its component were rejected, requiring the limited composition and security activities for information security architecture. In other words, from the reality, which most institutions and organizations are introducing and operating the information security architecture, and restrictively carrying out the training in this, the training for a new understanding of architecture and its component as an independent variable made so much importance, or it did not greatly contribute to the control or management activities for information security as the generalized process, but strict security activities through the generalization of risk identification and risk analysis management had a so much big effect on the significant organizational performance.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.51-59
• /
• 2016

An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.

• Journal of the Society of Disaster Information
• /
• v.11 no.4
• /
• pp.475-486
• /
• 2015

The objective of this study is to analyze control factors in protecting activities of business information that affects the effects of protecting leaks of industrial secretes during business security works in the ranks of staffs. A regression analysis was implemented by 36 items of protecting activities of information and 10 items of preventing industrial secretes for a total of 354 users and managers who use internal information systems in governments, public organizations, and civilian enterprises. In the recognition of protecting activities of business information that affects the prevention of controlling industrial secretes, clerks showed recognitions in physical control, environmental control, and human resource control, and software control and assistant chiefs showed recognitions in hardware control and environmental control. Also, ranks of department managers and higher levels represented recognitions in security control activities. It showed that clerks, assistant chiefs, and above department managers show effects of technical control factors on protecting activities of industrial secretes but section chiefs represent system control factors in preventing industrial secretes.

• 한국IT서비스학회:학술대회논문집
• /
• 2009.11a
• /
• pp.531-536
• /
• 2009

원전 디지털 계측제어계통 통신망에서는 일반 산업체의 사이버보안과는 달리 안전성과 가용성, 그리고 경성실시간 조건을 매우 중시하면서도 일반 IT 분야에서 사용하고 있는 사이버보안 기술의 대부분을 수용할 것을 요구받고 있다. 사이버보안 활동은 원전 디지털 계측제어계통 통신망에서 요구하는 통신망의 성능 조건을 저해하지 않아야만 하는데, 이러한 요구 조건들은 서로 상충되는 측면들이 있다. 원전 디지털 계측제어계통 사이버보안을 위한 보안기술들이 계측제어시스템 및 이와 관련된 통신망에 적용될수록 이들의 성능은 저하될 수밖에 없기 때문이다. 사이버보안에 대한 위협이 일반 산업계는 물론 국가 핵심 기반 시설까지 확대되고 있는 현실에서 안전성이 가장 우선시되는 원전의 핵심 제어계통인 원전 디지털 계측제어계통에 대한 사이버보안 활동은 매우 주요하다. 본 논문에서는 원전 디지털 계측제어계통 사이버보안에 활동 수행에 필요한 고려사항들에 대하여 기술한다.

• 정보보호뉴스
• /
• s.136
• /
• pp.8-9
• /
• 2009

신규 IT 서비스 이용확산에 따른 정보유출 및 사이버 공격 예방, 중소기업 보안활동 지원, 정보보호 취약계층 지원 등 2009년에도 다양한 활동을 펼치게 될 KISA와 황중연 원장의 활동은 연초에도 분주했다. 특히, 지난 1$\sim$2월 황 원장의 활동 중 정보보호 전문가가 아닌 일반인을 대상으로 한 강연과 인터뷰가 눈에 띈다. 2009년 한해에도 국내 민간기업과 일반인의 정보보호 수준제고를 위한 황중연 원장과 KISA의 활발한 활동을 기대해 본다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.109-122
• /
• 2022

The purpose of information security activities is to reduce large-scale material and human accidents that are concerned about hacking damage to important systems, such as control systems, through periodic preventive activities in addition to finding the cause and taking follow-up measures after damage caused by hacking. For this reason, although each institution is using a security work audit model in accordance with the relevant regulations, it is not easy to conduct company-wide inspection activities due to the constraints of manpower and time. Therefore, in this paper, we will analyze the major vulnerabilities of public institutions over the past 10 years and present a security audit model that can perform efficient security activities compared to the models for domestic and foreign security audits.

• Journal of Intelligence and Information Systems
• /
• v.17 no.1
• /
• pp.71-90
• /
• 2011

This study was designed to empirically analyze the effect of control activities(physical, managerial and technical securities) of information protection on organizational effectiveness and the mediating effects of information application. The result was summarized as follows. First, the effect of control activities(physical, technical and managerial securities) of information protection on organizational effectiveness showed that the physical, technical and managerial security factors have a significant positive effect on the organizational effectiveness(p < .01). Second, the effect of control activities(physical, technical and managerial securities) of information protection on information application showed that the technical and managerial security factors have a significant positive effect on the information application(p < .01). Third, the explanatory power of models, which additionally put the information protection control activities(physical, technical and managerial securities) and the interaction variables of information application to verify how the information protection control activities( physical, technical and managerial security controls) affecting the organizational effectiveness are mediated by the information application, was 50.6%~4.1% additional increase. And the interaction factor(${\beta}$ = .148, p < .01) of physical security and information application, and interaction factor(${\beta}$ = .196, p < .01) of physical security and information application among additionally-put interaction variables, were statistically significant(p < .01), indicating the information application has mediated the relationship between physical security and managerial security factors of control activities, and organizational effectiveness. As for results stated above, it was proven that physical, technical and managerial factors as internal control activities for information protection are main mechanisms affecting the organizational effectiveness very significantly by information application. In information protection control activities, the more all physical, technical and managerial security factors were efficiently well performed, the higher information application, and the more information application was efficiently controlled and mediated, which it was proven that all these three factors are variables for useful information application. It suggested that they have acted as promotion mechanisms showing a very significant result on the internal customer satisfaction of employees, the efficiency of information management and the reduction of risk in the organizational effectiveness for information protection by the mediating or difficulty of proved information application.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.53-73
• /
• 2011

Many governments have tried to develop a liability and compliance law that can improve cyber security in a sustainable way. This paper explores whether a liability and compliance law is effective in motivating firms' information security activities. In particular, I empirically investigate the impact of the 2007 Electronic Financial Transaction Act (EFTA), a liability and compliance law in Korea, on the information security activities of financial institutions and services providers. In spite of various criticisms of the effectiveness of EFTA, the empirical findings of this study clearly show that EFTA is having a positive impact on information security activities. From these findings, this article concludes that a liability and compliance law is likely to contribute to a certain degree to the achievement of sustainable development of cyber security.