• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1011-1020
• /
• 2021

Throughout the years, cybersecurity incidents related to the shipbuilding and maritime industries are occurring more frequently as the IT industry develops. Accordingly, expertise in the information protection industry is necessary, and effective education contents on information protection are needed for this purpose. Recently, there have been more and more cases of increasing user experience by applying Metaverse technology to the educational field. Therefore, this study analyzes the existing information protection education and training and the information protection education contents in the maritime industries and proposes four directions for content development (i.e., online education and seminars, cybersecurity threat learning of virtual ships, accident reproduction, and maritime cybersecurity exhibition operation).

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.8
• /
• pp.145-161
• /
• 2012

This study aims to explore how the degree of education related to information systems and the Internet literacy affect perceived security risk and how these three variables affect online transaction intention based on the Technology Acceptance Model (TAM). Since using smartphone to purchase necessary products is increasing, the study provided two different cases of using the existing Internet and smartphone to buy products. As a result of an empirical test, the degree of information system education, internet literacy, and perceived security risk had significant effects on online transaction intention mediating perceived usefulness and perceived ease of use. Unlike the expectation, the more people have education related to information systems, the more they have knowledge about hacking or cases of privacy infringement, leading to even more concerns about security, thereby believing the Internet transactions require much effort. The more the education about information system, the more we have concerns about security; therefore, perceived security risk have a positive(+) effect on perceived usefulness not a negative(-) effect. Lastly, while the degree of education related to information systems has relations with the recognition of the usefulness of the Internet transaction, the study showed that there are no relations of recognizing the usefulness and the ease of use of smartphone.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.11a
• /
• pp.739-742
• /
• 2011

스마트폰의 보급과 함께 등장한 스마트지갑은 스마트폰을 이용한 지불 시스템이다. 스마트지갑을 이용하여 결제를 수행하기 위해서는 결제단말과 스마트폰의 페어링 과정이 필요하다. 페어링을 통해 결제가 이루어지는 만큼 페어링 과정의 보안이 중요하다. 하지만 현재의 페어링과정에 적용되는 보안절차는 이미지 비교, 바코드, 사운드 등의 원시적인 차원의 보안절차만이 적용되어 있는 수준으로 보안강도가 낮다. 본 논문에서는 일회용 패스워드를 이용하여 기존의 페어링의 취약점을 보완하려고 한다. 일회용 패스워드를 이용하기 위해서는 사용자의 모바일ID를 검증하는 인증서버가 필요하다. 인증서버와 사용자 인증을 수행하는 단말사이의 통신은 해시 값을 이용하여 통신함으로 보안성을 높일 수 있다. 또한, 일회용 패스워드 기반의 스마트 지갑은 지불 서비스 이외에도 출입인증수단으로 이용될 수 있다.

• The Journal of Korean Association of Computer Education
• /
• v.14 no.4
• /
• pp.53-61
• /
• 2011

Recently, the importance of information security is emphasized in IT related field. The agency related to information security implements the policies to emphasize the security and protection of the privacy. However, the issue in many companies and users is that awareness of security is still poor. Therefore, in this paper, we develope the learning program for AES(advanced encryption standard) block cipher, to raise the awareness of security. Also, wish to cause interest about AES cipher because user confirms process that is encryption/decryption through program of this paper directly and prove awareness about information security.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.27-36
• /
• 2015

Current leakage of industrial technologies with revealing state secret against nation is gradually increasing and scope of the spill is diversified from technology-oriented leakage to new economic security sector like information and communication, electrical and electronic, defense industry, illegal export of strategic material, economic order disturbance by foreign country, infringement of intellectual property, etc. So the spill damage can affect not only leaked company but also national interests and entire domestic industry. According to statistics from National Industrial Security Center of National Intelligence Service, a major cause of technology leakage is not only by external things about hacking and malignant code, but internal leakage of former and current employees account for about 80%. And technology leakage due to temptation of money and personal interests followed by technology leakage of subcontractor is steadily increased. Most studies in the field of security have tended to focus on measuring security capability of company in order to prevent leakage core assets or developing measurement Indicators for management rather than security activities of the company members that is most important. Therefore, this study analyzes the effect of most underlying security education in security activities on security capabilities of enterprise. As a result, it indicates that security education have a positive(+) correlation with security capabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.769-776
• /
• 2016

Recently, cyber attacks are continuously threatening the cyberspace of the state across the border. Such cyber attacks show a surface which is intelligent and sophisticated level that can paralyze key infrastructure in the country. It can be seen well in cases, such as hacking threat of nuclear power plant, 3.20 cyber terrorism. Especially in public institutions of the country in which there is important information of the country, advanced prevention is important because the large-scale damage is expected to such cyber attacks. Technical support is also important, but by improving the cyber security awareness and security expert knowledge through the cyber security education to the country's public institutions workers is important to raise the security level. This paper suggest education courses for the rise of the best security effect through a short-term course for the country's public institutions workers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.973-985
• /
• 2021

South Korea has been guaranteed the efficiency and the convenience of administrative work based on long-term experience and well-established ICT infrastructure. Vice versa, South Korea is always exposed to various scale cyber-attacks. It is an important element of national competitiveness to secure cybersecurity resilience and response in the public sector. For this, the well-trained cybersecurity professionals' retention and support for their capacity development through retraining are critical. As the Special Act on Balanced National Development, most public agencies moved to provincial areas, but the provincial areas are not ready for this, thus the workforce can't get enough retaining courses. We study to analyze whether there is a gap in cybersecurity educational opportunities or needs in the public sector depending on regions, institution type, and personal traits. This paper aims to suggest solutions for the cybersecurity education gap in the public sector based on the empirical analysis results.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.33-40
• /
• 2018

ICT technology has been applied to various educational fields, but applying to educational test field is limited. Computer-based test (CBT) can overcome temporal and spatial constraints of conventional paper-based test, but is vulnerable to fraud by test parties. In this paper, we propose real-time monitoring and process management methods to enhance the security of CBT. In the proposed methods, the test screens of students are periodically captured and transferred to the professor screen to enable real-time monitoring, and the possible processes used for cheating can be blocked before testing. In order to monitor the screen of many students in real time, effective compression of the captured original image is important. We applied three-step compression methods: initial image compression, resolution reduction, and re-compression. Through this, the original image of about 6MB was converted into the storage image of about 3.8KB. We use the process extraction and management functions of Windows API to block the processes that may be used for cheating. The CBT system of this paper with the new security enhancement methods shows the superiority through comparison of the security related functions with the existing CBT systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.645-656
• /
• 2019

As the number of cyber threats to control systems increases, the need for control system cyber security is also increasing. Currently, various cyber security related education and control system education are being conducted. However, it does not fully reflect the characteristics of the control system and the characteristics of the participants. In this paper, we propose a training system and technique to enhance the control system cyber security capability. To this end, we analyze the limitations of existing security education. Based on the results, we develop a control system training environment model based on the IEC62443 Standard and develop an ARCH based training method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.269-281
• /
• 2018

Many organizations are threatened by numerous information security attacks which are resulting in information security incidents. To prevent information security incidents, organizations invest on various information security measures like information security products, monitoring services and security training and educations. However they do not have enough knowledge about measurable utilities of information security investments. Since there is little studies empirically examining the effect of information security investments, this research aims to find out utilities of information security investment. We especially focuse on information security service investments. This study examined the data from the survey on information security for business sector which was conducted by Korean information & security agency. We utilized negative binomial regression model, which is a suitable model for over-dispersed count data. We found out that an investment on information security education and vulnerability testing have direct impact on reducing information security incidents. This research academically contributed to shed light on the utility of information security investments on reducing information security incidents. This research practically contributed to providing information security investment guideline for organizations which want to reduce information security incidents efficiently.