• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.241-256
• /
• 2015

In order to ensure that all firms are cyber-secure, many governments have started to enforce the implementation of various security measures on firms. Prior to the implementation, however, it is vague whether government enforced security measures will be effective for mitigating cyber-security risks. By applying a method for estimating the effectiveness of a mandatory seatbelt law in reducing fatalities from motor vehicle accidents, this study develops an ex ante evaluation method that can approximate the effectiveness of a government enforced security measure in reducing country-wide or industry-wide cyber-security risks. Using data obtained from the Korean Internet and Security Agency, this study then explores how to employ the developed method to assess the effectiveness of a specific security measure in mitigating cyber-security risks, if enforced by the government, and compares the effectiveness of various security measures. The comparison shows that compulsory security training has the highest effectiveness.

• Journal of Platform Technology
• /
• v.9 no.2
• /
• pp.26-37
• /
• 2021

E-mail is one of the important tools for communicating with people in everyday life. With COVID-19 (Coronavirus) increasing non-face-to-face activity, security incidents through e-mail such as spam, phishing, and ransomware are increasing. E-mail security incidents are increasing as social engineering attack using human psychology rather than arising from technological weaknesses that e-mails have. Security incidents using human psychology can be prevented and defended by improving security awareness. This study empirically studies the analysis of changes in response to malicious e-mail due to improved security awareness through malicious e-mail simulations on executives and employees of domestic and foreign company. In this study, the factors of security training, top-down security management, and security issue sharing are found to be effective in safely responding to malicious e-mail. This study presents a new study by conducting empirical analysis of theoretical research on security awareness in relation to malicious e-mail responses, and results obtained from simulations in a practical setting may help security work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1179-1189
• /
• 2019

Cyber security evaluation is a series of processes that estimate the level of risk of assets and systems through asset analysis, threat analysis and vulnerability analysis and apply appropriate security measures. In order to prepare for increasing cyber attacks, systematic cyber security evaluation is required. Various indicators for measuring cyber security level such as CWSS and CVSS have been developed, but the quantitative method to apply appropriate security measures according to the risk priority through the standardized security evaluation result is insufficient. It is needed that an Scoring system taking into consideration the characteristics of the target assets, the applied environment, and the impact on the assets. In this paper, we propose a quantitative risk assessment model based on the analysis of existing cyber security scoring system and a method for quantification of assessment factors to apply to the established model. The level of qualitative attribute elements required for cyber security evaluation is expressed as a value through security requirement weight by AHP, threat influence, and vulnerability element applying probability. It is expected that the standardized cyber security evaluation system will be established by supplementing the limitations of the quantitative method of applying the statistical data through the proposed method.

• JOURNAL OF ELECTRICAL WORLD
• /
• no.2 s.62
• /
• pp.20-21
• /
• 1982

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.277-280
• /
• 2015

Smishing, Phishing personal privacy caused by Incident accidents such as Phishing information security has become a hot topic. Such incidents have privacy in personal information management occurs due to a lack of user awareness. This paper is based on the existing structure of the XML Tag question bank used a different Key-Value Structure-based JSON. JSON is an advantage that does not depend on the language in the text-based interchange format. The proposed system is divided into information security sector High, Middle and Low grade. and Provides service to the user through the free space and the smart device and the PC to the constraints of time. The use of open source Apache Load Balancing technology for reliable service. It also handles the user's web page without any training sessions Require server verification result of the training(training server). The result is sent to the training server using jQuery Ajax. and The resulting data are stored in the database based on the user ID. Also to be used as a training statistical indicators. In this paper, we design a level training system to enhance the user's information security awareness.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.137-146
• /
• 2019

This study seeks into an education goal and an achievement level based on investigating relationships between NCS communication abilities and communication educations for petty officer major students. Also, the study looks deep into approriate Integrated document training materials. A goal of the petty officer's communication education, which is supposed to achieve more than the average standard is improving abilities to understand documents and create documents related to the real petty officer's life. The goal of this communication study is designed with considering the petty officers' ability factors and the detailed weekly achievement goals based on characteristics of petty officers. the proper way to reach the goal of the Integrated document training materials is constructed as three step process; Presenting subject - group activity - handing in final activity report. Also, the education is designed to write evaluation forms continuously for students to keep eyes on their achievement levels. As the importance of NCS is emphasized these days, the Integrated document training materials present the ways how this education is needed to go on, and this shows ways to improve students' document writing abilities. For the last, the study mentions a proposal for further tasks on this field.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.12
• /
• pp.215-225
• /
• 2011

This paper suggests several methods of improving information securities of universities through the investigations of the current status of information securities in universities, which is becoming a hot topic in knowledge and information societies. In this paper, universities were randomly selected according to their size, and surveyed through email questionnaire to the persons in charge of security in each university, and 27 universities and 18 colleges were replied. From the survey results we confirmed that the pre-prevention is the most important thing in securing information assets, also in universities, and, in this paper, systematic support must be strengthened to establish a comprehensive security management policy and guidelines for the universities, and the importance of information assets and the necessity of security needs to be shared with the members in the universities. Moreover there must be full administrative and financial support, including recruitment and training of information security professionals and the establishing a separate security division.

• Journal of Digital Convergence
• /
• v.14 no.4
• /
• pp.209-220
• /
• 2016

Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees' information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model's factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual's information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members' expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members' information security behavior, and will be able to provide measures to establish organization's information security policy and increase members' compliance behavior.

• Korean Security Journal
• /
• no.55
• /
• pp.57-73
• /
• 2018

The domestic casino industry is attempting to change from the existing single form to the advanced-type of complex casino resort. In addition, the importance of the security management system, which prevents and responds to accidents caused by negative influences of gambling, is emphasized at the casino enterprise level. Therefore, this study aimed to find measures to revitalize the security management system for domestic casinos only for foreigners through an analysis of relevant literature and case studies. As a result of the analysis, it was found that in order to effectively cope with changes in the casino industry, three areas were needed to be revamped: (1) a lack of protocols which intend to protect casino security personnel, (2) an inefficient operational system due to the dualized casino security management system, and (3) a lack of systematic educational system for casino security personnel. This study therefore proposed three measures: (1) a review of revisions of related laws to protect casino security personnel, (2) enhancement of professionalism of casino security personnel and (3) establishment of a single operating system of the casino security management operating system.

• Convergence Security Journal
• /
• v.12 no.2
• /
• pp.87-98
• /
• 2012

The department has established a variety of studies and training courses and has tried to nurture talented people for security companies. However, the research is marginal, and each university department of security guard education, curriculum falling due after graduating students. Moreover, even if students are occupied an employment exceptional adaptability has occurred. Therefore, each university of private security department will need to collaborate with competitive private security company for reinforce and employment rate in center of experienced field. Then, the security's society will be placed in professional occupation, elevate the phase and will decrease the turnover rate. Qualification system of private security have been indicated in distrust, moreover the system have to be adjusted because not enough effort, control system, cooperation system with training center, one-sided emphasis and private inquiry by adding in private security law.