• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.161-170
• /
• 2008

Despite the recent growth in size and frequency of damages caused by illegal information breaches, current business counter-measures and precautionary systems are greatly limited. Some major companies have developed Information Security Management Systems (ISMS) to safeguard their vital information; however, such measures are largely based on the ISO27001 and lacks in many aspects to grasp the holistic corporate security level and reinforce precautionary measures. The information protection level evaluation model introduced in this paper is a pragmatic evaluative tool that can be utilized to devise effective corporate information security precautionary measures and countermeasures, based on the BSC (Balanced ScoreCard) method for an actual and realistic corporate information security level evaluation possible.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1079-1090
• /
• 2012

As the number of information asset and their vulnerabilities are increasing, it becomes more difficult for network security administrators to assess security vulnerability of their system and network. There are several researches for vulnerability analysis based on quantitative approach. However, most of them are based on experts' subjective evaluation or they require a lot of manual input for deriving quantitative assessment results. In this paper, we propose HRMS(Hacking and Response Measurement System) for enumerating attack path using automated vulnerability measurement automatically. HRMS can estimate exploitability of systems or applications based on their known vulnerability assessment metric, and enumerate attack path even though system, network and application's information are not fully given for vulnerability assessment. With this proposed method, system administrators can do proactive security vulnerability assessment.

• Journal of the Korean Institute of Landscape Architecture
• /
• v.48 no.4
• /
• pp.29-40
• /
• 2020

This study quantitatively and qualitatively analyzes the physical environment for health promotion in urban parks by indicators that were selected in consideration of overseas cases and previous studies. To evenly distribute the areas to be evaluated by region, Seodaemun Independence Park, Hongneung Park, Gocheok Park, Sillim Park, Cheongdam Park, Gaepo Park, and Sungin Park were selected among the old neighborhood parks already established in Seoul. The evaluation indicators consist of quantitative indicators (12 factors classified into the three categories of the surrounding environment, the park characteristics, and the park facilities) and qualitative indicators (14 factors classified according to the five categories of accessibility, safety, convenience, activities, and amenities). These indicators were selected after conducting advisory meetings with experts in the field. The physical environment perception factors were evaluated by experts and investigators by field inspections and were rated on a three-point scale (high, medium, low). According to the results of the analysis, first, not only were exercise facilities and trails, but also various factors which support health activities, such as rest areas, leisure spots, and cultural facilities, as well as accessibility, cleanliness, and drinking water facilities are important indicators for health promotion. Second, even if the requirements are met for quantitative factors, several inconveniences hinder the actual implementation or use in the qualitative evaluation. Thus, both quantitative and qualitative evaluations must be simultaneously performed for the proper judging of the physical environment of a park. Third, upon conducting a qualitative evaluation of the physical environmental factors, score differences depended on the evaluated categories in each park. These differences show that indirect indicators, such as accessibility, safety, and facility convenience are insufficiently equipped compared to direct indicators, such as activity, which includes exercise facilities and fitness centers for health promotion. As the utilization rate of parks is increasing due to COVID-19, more efforts should be made to improve park services in the post-corona era. To promote such services, it is necessary to regularly evaluate parks based on both quantitative and qualitative indicators and to contemplate services not only through direct factors but also indirect factors and security measures.

• Journal of Digital Convergence
• /
• v.19 no.9
• /
• pp.75-81
• /
• 2021

The purpose of this research is to derive and evaluate priorities for critical factors that must be determined before an enterprise adopts a cloud computing service. AHP analysis techniques were used to reflect decisions made by experts as research methods. AHP is a decision-making technique that expresses complex decision-making problems hierarchically and derives the best alternatives through pairwise comparison between the items of the hierarchy. Compared to the existing statistical decision making techniques, the decision making process is systematic and simple, making it easy to understand. In addition, the procedure is also reasonable by providing an indicator to determine the consistency of the decision maker in the analysis process. The analysis results of this research showed that security was the first priority, reliability was the second priority, and economic efficiency was the third priority. Among the factors in the first-priority security items, the access control rights and the safety factors of external threats are the most important factors. Research results can be used as a guideline in future practice, and it is necessary to evaluate, compare and analyze the satisfaction of companies that have adopted cloud computing services in the future.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.3-15
• /
• 2016

Business data means data of all the documents and electronically generated on / off-line form, storage, use, and transfer the company work process. Business, organization, sales, marketing, means any data related to shipping. Many companies are investing in privacy. But not so for business data. In most companies, secret, confidential rating already exists, the basis is insufficient to establish that decisions can be analyzed in detail to reflect the actual business data in use. In this paper we want to present the criteria that can offer ways to design your business data decision matrix to establish the qualitative and quantitative criteria (evaluation indicators) that can be classified business data and protected by each class.

• Journal of the Korea Institute of Building Construction
• /
• v.19 no.4
• /
• pp.331-339
• /
• 2019

Recently, expansion of urban and social infrastructures is planned to go through the transfer of military facilities or crossing the infrastructures via underground tunnels. However, when crossing facilities such as ammunition and explosive storages, a high level of safety assessment is required to prevent an accidental explosion of ground ammunition. In this study, a case study was conducted to evaluate the effect of blasting for the construction of tunnel on the ground ammunition facilities. The design section of Sinansan train operated by the Korea Railroad Authority with agreement of the Ministry of National Defense was selected. For the purpose of this study, the vibration velocity due to explosion was predicted by using GTS-NX, a numerical analysis program. Through literature review, it was confirmed that the vibration velocity of 0.2cm/sec can be a safety evaluation standard. These safety evaluation indicators and procedures used in this study can be utilized as an index of safety evaluation in the planning of social infrastructures that cross the ammunition facilities in the future.

• Journal of Korean Society of Disaster and Security
• /
• v.14 no.4
• /
• pp.69-80
• /
• 2021

This study tried to suggest improvement measures by discovering problems or matters requiring improvement among the annual regional safety evaluation systems. Briefly introducing the structure and contents of the study, which is the introduction, describes the regional safety evaluation method newly applied by the Ministry of Public Administration and Security in 2020. Utilization plans were also introduced according to the local safety level that was finally evaluated by the local government. In this paper, various views of previous researchers related to regional safety are summarized and described. In addition, problems were drawn in the composition of the index of local safety, the method of calculating the index, and the application of the current index. Next, the problems of specific regional safety evaluation indicators were analyzed and solutions were presented. First, "Number of semi-basement households" is replaced with "Number of households receiving basic livelihood" of 「Social Vulnerability Index」 in the field of disaster risk factors is replaced with "the number of households receiving basic livelihood". In addition, the "Vinyl House Area" is evaluated by replacing "the number of households living in a Vinyl House, the number of container households, and the number of households in Jjok-bang villages" with data. Second, in the management and evaluation of habitual drought disaster areas, local governments with a water supply rate of 95% or higher in Counties, Cities, and Districts are treated as "missing". This is because drought disasters rarely occur in the metropolitan area and local governments that have undergone urbanization. Third, the activities of safety sheriffs, safety monitor volunteers, and disaster safety silver monitoring groups along with the local autonomous prevention foundation are added to the evaluation of the evaluation index of 「Regional Autonomous Prevention Foundation Activation」 in the field of response to disaster prevention measures. However, since the name of the local autonomous disaster prevention organization may be different for each local government, if it is an autonomous disaster prevention organization organized and active for disaster prevention, it would be appropriate to evaluate the results by summing up all of its activities. Fourth, among the Scorecard evaluation items, which is a safe city evaluation tool used by the United Nations Office for Disaster Risk Reduction(UNDRR), the item "preservation of natural buffers to strengthen the protection functions provided by natural ecosystems" is borrowed, which is closely related to natural disasters. The Scorecard evaluation is an assessment index that focuses on improving the disaster resilience of local governments while carrying out the campaign "Creating cities resilient to climate crises and disasters" emphasized by UNDRR. Finally, the names of "regional safety level" and "local safety index" are similar, so the term of local safety level is changed to "natural disaster safety level" or "natural calamity safety level". This is because only the general public can distinguish the local safety level from the local safety index.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.12
• /
• pp.1872-1879
• /
• 2022

Recently, with the development of artificial intelligence technology, research to use artificial intelligence to detect hacking attacks is being actively conducted. However, the fact that security data is a representative imbalanced data is recognized as a major obstacle in composing the learning data, which is the key to the development of artificial intelligence models. Therefore, in this paper, we propose a W-VAE oversampling technique that applies VAE, a deep learning generation model, to data extraction for oversampling, and sets the number of oversampling for each class through weight calculation using K-NN for sampling. In this paper, a total of five oversampling techniques such as ROS, SMOTE, and ADASYN were applied through NSL-KDD, an open network security dataset. The oversampling method proposed in this paper proved to be the most effective sampling method compared to the existing oversampling method through the F1-Score evaluation index.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.103-110
• /
• 2018

Modern society is increasingly demanding in many areas of big data processing technology to collect, aggregate, and analyze large amounts of data over the Internet and SNS. A typical application is to evaluate the reputation of a company or college. To measure and quantify a reputation, fair and precise data and efficient data processing are very important. For this purpose, a quantitative quotient was obtained using public data, a qualitative quotient was obtained through sentiment analysis using news articles, and a complex college reputation quotient was calculated. In this paper, a complex college reputation quotient was calculated based on the quantitative index, reflecting the sentimental reputation, and based on the proposed mixed university system. In this paper, the Complex College Reputation System(CCRS) was proposed, which produced the Complex College Reputation Quotient with an objective quantitative quotient and qualitative quotient reflecting the sentimental reputation to measure the college reputation.

• Journal of Information Technology Services
• /
• v.7 no.3
• /
• pp.175-198
• /
• 2008

The wide spread of the Internet has become a momentum to promote informatization, and thus individuals, organizations, and government bodies are competitively participating in this kind of new wave. Informatization enables us not only to circulate and utilize information without any limitation but also to maximize users' benefits and convenience. On the other hand, it brings about negative effects-security incidents such as cyber terror, Internet fraud and technology leakage, etc. Evaluation on security level should precede over all the others in order to minimize damage by security incidents since it diagnoses current status on security as it is and can be used as a guideline for appropriate security management. In this study, evaluation domains, items and indicators of information security to evaluate information security are theoretically developed on the basis of critically reviewing the major existing research. And then the coincidence level(content validity, ease and reliability of evaluation) of each evaluation indicators are empirically analyzed through performing the field study of 83 information security experts.