• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1535-1538
• /
• 2009

1996년 7월 교육정보화촉진계획의 입안으로부터 시작한 교육정보화사업은 많은 긍정적인 성과를 거두고 있지만 전산망이 인터넷과 연결되면서 역기능도 점차 증가하고 있다. 전산망 관리자 및 보안전문가 없이 교사가 관리하는 학교 전산망의 경우 보안에 취약해 전산망의 정상적 운용 및 개인정보보호가 위협받고 있다. 본 연구에서는 학교전산망의 정보보안 취약점을 개선하기 위해 정보보호 현황 분석하여 개선방안을 모색해 보고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.743-746
• /
• 2011

최근 TV에 인터넷이 접목되면서 방송과 통신이 융합된 새로운 환경이 생성되었다. 다양한 볼거리를 제공해 주는가 하면 TV를 이용해 전자상거래까지 가능하게 되었다. 인터넷TV는 컴퓨터 사용에 미숙한 사람들도 TV를 이용하여 쉽게 사용할 수 있기 때문에 넓은 층의 사람들이 이용하고 있다. 이 중, TV를 통하여 이루어지는 전자상거래를 T-Commerce라 하는데, 유럽에서는 이미 상용화되어 있다. 본 연구에서는 전 세계적으로 주목받고 성장하고 있는 T-Commerce 서비스의 현황은 어떠한지, 또 어떠한 인증, 보안 기술을 사용하고 있는지에 대해 알아보고, 앞으로 보안이 어떠한 방향으로 나아가야 하는지에 대해 알아보았다.

• Information Systems Review
• /
• v.18 no.1
• /
• pp.1-23
• /
• 2016

This study proposes an alternative to minimize insider-caused security threats that are relatively difficult to control and cause high uncertainty in information security management. Therefore, we investigate the relationship between organizational effort and the security understanding of employees to eventually enhance security compliance intention among employees. We develop a research model and formulate hypotheses on the basis of past findings. Accomplished questionnaires are collected from 526 employees working in organizations where information security policy is being implemented. In addition, we prove the hypotheses using a structural model. After reviewing the structural model, the security knowledge of employees and information security culture are determined to positively influence the security compliance intention of employees. Moreover, top management support, security policy, security visibility, and security education programs are proven to be antecedent factors in establishing a security culture in organizations. The findings of this study could guide organizations in formulating information security strategies to enhance the security compliance intention of employees.

• Information Systems Review
• /
• v.18 no.3
• /
• pp.137-153
• /
• 2016

Organizations depend on smart working environments, such as mobile networks. This development motivates companies to focus on information security. Information leakage negatively affects companies. To address this issue, management and information security researchers focus on compliance of employees with information security policies. Countermeasures in information security are known antecedents of intention to comply information security policies. Despite the importance of this topic, research on the antecedents of information security countermeasures is scarce. The present study proposes information security intelligence as an antecedent of information security countermeasures. Information security intelligence adapted the concept of safety intelligence provided by Kirwan (2008). Information security intelligence consists of problem solving skills, social skills, and information security knowledge related to information security. Results show that problem solving skills and information security knowledge have positive effects on the awareness of employees of information security countermeasures.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.73-84
• /
• 2014

As the society turns into more of an information an technology centric society, the importance of information security is being increased these days. Recently, as the number of leaking accidents of personal information and valuable industrial technology is on the rise, every field of industry endeavors to come up with a security solution. In particular, since defense industry is a field where it establishes national defense power that is essential of national security, it requires higher standards of security solutions than any other ordinary fields of industry. According to Defense Industry Security Work Instructions, defense industry firms from security organizations and employ a security worker corresponding to the firm's scale and conditions. In an environment where essential information and technology are stored and managed in information and communication system or storing media, the duty and role of IT security workers are crucial. However, there is a shortage of systematic analysis on the work of IT security workers and development of curriculum to enhance their professionalism. Thus DACUM process, a job analysis technique, was used to identify IT Security workers' duties and responsibilities and verify the validity and credibility of the deducted results from the survey. The findings of this study will help in development of IT security duty in defense industry and can be used as baseline data for the development of curriculum and amendments of related regulations.

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.235-241
• /
• 2012

To improve educational excellence and quality, academies carry forward integrative security model related to academic affairs including personal information. This paper proposes an integrative security model for academic affairs database, which guarantees DBMS access control, confidentiality, integrity, and security inspection. This proposed model considered that most academies can't make good use of data security product and suggests a detailed measure to realize the confidentiality based on the function of DBMS.

• Review of KIISC
• /
• v.21 no.6
• /
• pp.24-41
• /
• 2011

7.7 DDoS공격과 3.4DDoS공격, NH금융전산망마비사건, 네이트 해킹 사건 등은 해킹이 개인적 문제를 지나서, 사회와 국가적인 이슈로 부상되고 있다. 중국은 대학에서 해킹 기법을 가르치고, 인민해방군에 국가일꾼이란 소명의식을 주고 있다. 북한은 지도자의 지시로 노동당과 북한군에서 사이버부대를 직접 교육 운영하고 있다. 미국은 외국으로부터 사이버 공격을 당할 경우 이를 '전쟁 행위'로 간주해 미사일 등으로 대응한다는 방침을 세웠다. 이와 같이 해킹은 국가사이버보안 정책에서 다루어져야 할 필요성이 있다. 본 연구에서는 해커의 변천, 해킹기술과 방법, 해킹 툴, 그리고 해킹 사례를 살펴본다. 또한 해킹 동향 분석에서 해킹기술 동향 분석, 해커(사람) 동향 분석, 해킹 지역(국가) 동향 분석을 통하여 해킹 인력의 조직화, 해킹 기술의 집적화, 해킹 조직의 집중화 연구를 한다. 그리고 국가사이버보안정책에서 해킹에 대한 '국자사이버보안법 시행령' 제정, 국가사이버보안 자문회의, 국가사이버보안 협력회의, 해킹 프로세스 전략, 해킹 전략 추진 방법론, 사이버협력국, 해킹 작전국, 인력 양성국, 해킹 기술국에 관한 저자의 개인 의견을 제안한다.

• The Journal of Korean Association of Computer Education
• /
• v.5 no.1
• /
• pp.27-34
• /
• 2002

Internet has being grown explosively in recent years, hence it becomes easy to search and access information. But it is happening frequently to access illegally into the systems and data, there are many damage caused by them. So, it is very important that we construct security plan for the systems and data. It is not exception on school network being diffused to all schools. But, we have weakness about security to manage server and network safely. So it is causing much anxieties. In this paper, we searched security points make sure of safety of school network, and developed security audit agent helping management of security. Through simple registration process, this agent is able to audit basic and important security problems about not only server systems but also pc systems, and notify to administrator automatically. It is expected to provide efficiency in managing school network.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.1
• /
• pp.7-18
• /
• 2013

These days, the teaching and learning system has been increasing for the rapid advancement of the information technologies. We can access education systems of good quality anytime, anywhere and we can use the individually personalized teaching and learning system depending on developing the wireless communication technology and the multimedia processing technology. The more the various systems develop, the more software security systems become important. There are a lot kind of fault analysis methods to evaluate software security systems. However, the only assessment method to evaluate software security system is not enough to analysis properly on account of the various types and characteristic of software systems by progressing information technology. Therefore, this paper proposes an integrative method of Fault Tree Analysis (FTA) and Fault Modes and Effect Analysis(FMEA) to evaluate the security of e-teaching and learning system as an illustration.

• Convergence Security Journal
• /
• v.17 no.5
• /
• pp.187-203
• /
• 2017

This study focuses on analyzing the problems of the Korean standard classification of occupations(KSCO), which is a formal and institutional implementation method that affects the occupational identity and Occupational Prestige of Private Security, and suggests ways to improve it. The following should be supplemented. (1) It is necessary to unify occupations related to private security that are classified into simple labor workers. (2) Delete the Technical Security Guards(4123) and create a Security Guard(4123) instead. (3) Facility Security Guards(41230), Convoy Security Guards, Technical Security Guards(41232), Security monitoring and control personnel(41233), and Special Security Guards(National important facility security guard)(41234) will be newly established. (4) Change the name of subclassification and subclassification in simple labor worker of Major Class 9(Code 9), and adjust Security Guards(9421) to the Surveillance Personnel(9421).