• Proceedings of the Korea Technology Innovation Society Conference
• /
• 2017.05a
• /
• pp.489-497
• /
• 2017

사물 인터넷, 클라우드 컴퓨팅, 인공지능, 빅데이터 등 첨단 정보통신기술을 활용하여 모든 사물들의 지능화와 초연결을 지향하는 것을 나타내는 4차 산업혁명에 대한 관심은 나날이 증가하고 있다. 4차 산업혁명과 관련된 다양한 분야의 기술들 중에서 인공지능을 활용한 자율주행자동차 기술과 관련하여 논의를 진행하고자 한다. 여러 국가에서는 자율주행자동차 시장선점을 위해 관련 기술의 발달에 몰두하고 있다. 그러나 자율주행자동차의 상용화를 위해서는 기술의 발달뿐만 아니라 관련 법제도의 정비가 더욱 필수적인 요소라고 본다. 자율주행자동차가 안전성을 보장할 수 있도록 시험운행에 대한 규제를 완화시켜야 할 것이며, 향후 상용화가 될 경우 야기될 수 있는 민사적 손해배상문제와 형사책임의 문제, 과실책임의 문제, 사이버 보안문제 등을 대비할 수 있는 법제도 마련을 촉구하고자 한다. 타국가와의 자율주행자동차 법제도 비교분석을 통해 우리나라의 도로교통법과 기존 법 제정상태를 고려하여 법안 마련에 방향성을 설정하는 데에 목표를 두고 있다.

• Proceedings of the Korean Society of Disaster Information Conference
• /
• 2022.10a
• /
• pp.423-424
• /
• 2022

본 연구에서는 미국의 국가핵심기반보호제도의 변화에 대해 고찰하고 시사점을 도출한다. 이를 위해 9/11 테러 공격 이후 국가핵심기반보호계획(National Infrastructure Protection Plan)을 중심으로 관련 법률 및 제도와 조직변화를 추적하고 고찰하였고, 이들의 관계를 도식화하여 타임라인(timeline)분석을 실시하였다. 본 연구를 통해 국토안보대통령령-8호(HSPD-8), 대통령령-21호(PDD-21), 사이버보안과 핵심기반법(Cybersecurity & Infrastructure Act)등의 관련 법제 변화를 통해 총 3가지 버전의 NIPP이 있음을 확인할 수 있었으며, 2018년에 사이버보안과 주요인프라청(CISA)이 창설되어 국가핵심기반보호제도업무를 이곳으로 이관하여 운영되고 있음을 알 수 있었다. 또한 국가핵심기반을 보는 관점이 9/11 테러 공격 이후 주요 핵심기반 보호(Protection)에서 주요핵심기반의 복원력(Resilience)제고로 변화하고 있음을 도출하였다.

• The Journal of the Korea Contents Association
• /
• v.21 no.1
• /
• pp.531-540
• /
• 2021

As cyber attacks and crimes increase exponentially and hacking attacks become more intelligent and advanced, hacking attack methods and routes are evolving unpredictably and in real time. In order to reinforce the enemy's responsiveness, this study aims to propose a method for developing an artificial intelligence-based security control platform by building a next-generation security system using artificial intelligence to respond by self-learning, monitoring abnormal signs and blocking attacks.The artificial intelligence-based security control platform should be developed as the basis for data collection, data analysis, next-generation security system operation, and security system management. Big data base and control system, data collection step through external threat information, data analysis step of pre-processing and formalizing the collected data to perform positive/false detection and abnormal behavior analysis through deep learning-based algorithm, and analyzed data Through the operation of a security system of prevention, control, response, analysis, and organic circulation structure, the next generation security system to increase the scope and speed of handling new threats and to reinforce the identification of normal and abnormal behaviors, and management of the security threat response system, Harmful IP management, detection policy management, security business legal system management. Through this, we are trying to find a way to comprehensively analyze vast amounts of data and to respond preemptively in a short time.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.123-132
• /
• 2018

North Korea's cyber warfare capability is becoming a serious security threat to Korea because most of the operational systems of social infrastructure and advanced weapons system are all networked. Therefore, the purpose of this article is to examine what the Korean government should do to strengthen cyber security capabilities toward North Korea. For this purpose, this article analyzed North Korea's cyber attack cases against Korea by categorizing according to threat type and purpose. The research findings are as follows. It is necessary first, to have aggressive cyber protection and attack capabilities; second, to establish an integrated cyber security control tower that can be overseen by the national government; third, to need to legislate domestic cyber- related laws; fourth, to build a multilateral & regional cyber cooperation system. The implication of these findings are that it needs to be strengthened the cyber security capability from the cyber threats of North Korea by minimizing the damage during the peacetime period and for the complete warfare in case of emergency.

• Korean Security Journal
• /
• no.46
• /
• pp.63-86
• /
• 2016

The object of this study is to propose a study on the Private Investigator usage for Cyber Crime. The latest trend of cyber crime is being evolve in sophisticated and complex way over the global, like internet fraud, cyber gambling, hacking and etc. Hence national investigative authority mobilize high specialized skills and method of criminal investigation by each nation. But it is hard to respond in rapid and effective way because of propoor, distribution of group and insufficient of related legal system. Already in other countries, not considerable amount of services are given to private investigators in detection and tracking part which is inefficient by nation. So it has significantly meaningful to compensate the defect and study about private investigator usage as companion of cooperation policing for effectively respond to cyber-crime. The way to effectively deal with the cyber-crime is reevaluate meaning of partnership policing and need of private investigator usage. Also it is to analyze the main issue about introduction of a system and suggest the effective way of introduction. First, legislation of private investigator usage which is based upon partnership policing should be made up. Moreover, to establish the range of private investigator's business and enhance the reliability, it is to propose introduction of leading professional global certificate and license system with sufficient education and test. We are expecting introduction of private investigator usage can improve efficiency of investigation and promote effective countermeasures of cyber-crime.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.347-363
• /
• 2024

As the number of cyberattacks against the National Critical Information Infrastructure (NCII) is steadily increasing, many countries are strengthening the protection of National Critical Information Infrastructure (NCII) through the enactment and revision of related policies and legal systems. Therefore, this paper selects countries such as the United States, the United Kingdom, Japan, Germany, and Australia, which have established National Critical Information Infrastructure (NCII) protection systems, and compares and analyzes the promotion system of each country's National Critical Information Infrastructure (NCII) protection policy. This paper compares the National Critical Information Infrastructure (NCII) protection system of each country with the cybersecurity system and analyzes the promotion structure. Based on the policy model theory, which is a modification of Allison's theory and Nakamura & Smallwood's theory, this paper analyzes the model of each country's promotion system from the perspective of policy-making and policy-execution. The United States, Japan, Germany, and Australia's policy-promotion model is a system-strengthening model in which both policy-making and policy-execution are organized around the protection of the National Critical Information Infrastructure (NCII), while the United Kingdom and South Korea's policy-promotion model is an execution-oriented model that focuses more on policy-execution.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.141-153
• /
• 2015

In recent days, internet appears to be a daily necessity, which leads to the increase of internet fraud. This study particularly focuses upon C2C internet fraud, while other researches on internet fraud seldom touch such a topic. The aim of this study is to grasp the stark reality of the soaring C2C online fraud, to categorize the type of the frauds, to identify the root causes of the fraud, and to suggest security measures to prevent the C2C online fraud.

• Information Systems Review
• /
• v.25 no.3
• /
• pp.179-197
• /
• 2023

As a sufficient workforce supports the industry's growth, workforce training has also been carried out as part of the industry promotion policy. However, the market still has a shortage of skilled mid-level workers. The information security disclosure requires organizations to secure personnel responsible for information security work. Still, the division between information technology work and job areas is unclear, and the pay is not high for responsibility. This paper compares job keywords in advertisements for the information security workforce for 2014, 2019, and 2022. There is no difference in the keywords describing the job duties of information security personnel in the three years, such as implementation, operation, technical support, network, and security solution. To identify the actual needs of companies, we also analyzed and compared the contents of job advertisements posted on online recruitment sites with information security sector knowledge and skills defined by the National Competence Standards used for comprehensive vocational training. It was found that technical skills such as technology development, network, and operating system are preferred in the actual workplace. In contrast, managerial skills such as the legal system and certification systems are prioritized in vocational training.

• Korean Security Journal
• /
• no.49
• /
• pp.187-214
• /
• 2016

In the mordern society, the reliance on the cyber domain and the cyber connectivity has been increasingly strengthened. Due to this phenomenon, the cyberterror against critical infrastructures and state organs might lead to fatal consequences. Lately, North Korea's cyberattacks against South Korea's national organizations and financial computer networks are becoming more and more intelligent and sophisticated. The cyberattacks against such critical infrastructures have caused enormous economic loss and social disorder. This paper is designed to examine comparatively the cyberterror related laws and organizations of the advanced countries such as U.S. and U.K. and to draw implications. Although those countries are under different institutional and cultural backgrounds with varying security envrionments, they are identically pursuing measures by establishing government-wide counterterror system for coordination and cooperation. They are also commonly focusing upon creating new organizations equipped with new system and upon enhancing intelligence performance and devising punishment regulations. Korea is lack of framework laws regulating cyber security, having only scattered individual laws. Since such legal base is far from efficient counterterror activities, it is necessary that the legal and policy response of the advanced countries should be closely studied for selective introduction. That will eventually lead to legislation of cyber security law. With such legislation on hand, it is subsequently required to strengthen crisis management for prevention of cyberterror and to create joint response team, cooperating with private organizations.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.21-38
• /
• 2017

It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.