• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.53-60
• /
• 2024

Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.

• Journal of Platform Technology
• /
• v.12 no.3
• /
• pp.55-61
• /
• 2024

As the digital environment becomes more complex and cyber attacks become more sophisticated, the importance of data protection is emerging. As various security threats such as data leakage, system intrusion, and authentication bypass increase, secure key management is emerging. Key Management System (KMS) manages the entire encryption key life cycle procedure and is used in various industries. There is a need for a key management system that considers requirements suitable for the environment of various industries including public and finance. The purpose of this paper is to derive the characteristics of the key management system for each industry by comparing and analyzing key management systems used in representative industries. As for the research method, information was collected through literature and technical document analysis and case analysis, and comparative analysis was conducted by industry sector. The results of this paper will be able to provide a practical guide when introducing or developing a key management system suitable for the industrial environment. The limitations are that the analyzed industrial field was insufficient and experimental verification was insufficient. Therefore, in future studies, we intend to conduct specific performance tests through experiments, including key management systems in various fields.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.5
• /
• pp.167-180
• /
• 2021

Due to the development of IT technology and the spread of infectious diseases, online non-face-to-face services are rapidly expanding. In particular, the information delivery process is also changing from the past postal branch-based to an information delivery system using mobile devices. This change is due to the change from the information delivery using the telephone line to the information delivery system using the Internet. Mobile notification service is a service that sends electronic notices to mobile devices held by users to deliver information and is validated for delivery, which has the advantage of reducing the benefits of unnecessary mail production, exposure to personal information, and misdelivery. However, user identification information must be provided to operators that provide mobile electronic notification services. In this paper, the current state of use of the mobile electronic notice service, which has been in effect since 2019, is investigated and analyzed, and the current mobile electronic notice service is to be safely provided and to take appropriate protection measures for personal information. In providing the mobile electronic notification service to users, it is possible to identify the service standards required by the sending agency, and based on this, prepare the technical standards for the mobile electronic notification service that the sending agency must comply with in advance and use it for the mobile electronic notification service.

• Journal of Korean Society of Disaster and Security
• /
• v.12 no.2
• /
• pp.47-56
• /
• 2019

Recently, in order to overcome the difficulty of entering a fire source due to the occurrence of a large amount of smoke in the event of a fire in a parking lot, it has used that a method of discharge smoke using air supply, exhaust fans and jet fans installed for ventilation of parking lots. In this study, the variation of flow in the smoke layer was observed using CCTV under two conditions, in which only the air supply fan operates and the manned fan operates together, and the temperature around the plume was compared to Albert eq. to assess its suitability as a parking lot ventilation performance evaluation method. As a result, it was found that the smoke layer could be disturbed if the Jet Fan was operated at the same time, which could lead to the possibility of an initial evacuation disturbance. However, the additional operation of the Jet Fan has been confirmed by the observation CCTV that the emission performance is improved, which is believed to help conduct the suppression operation. The temperature around the plume was measured and compared to Alpert eq, and was analyzed to be about $2^{\circ}C$ lower at the center axis of the plume and $9.0^{\circ}C$ higher at 8 m in the direction of the discharge of smoke. The results of temperature measurements around the plume were lower than the maximum temperature expected in AS 4391 and did not exceed the expected temperature risk caused by the experiment. As with these results, the temperature risk from the progression of hot smoke tests is foreseeable, so it will be available as one of the general evaluation methods for assessing smoke control performance in a parking lot without relevant criteria.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.177-189
• /
• 2021

Defense R&D is a key process for securing weapons systems determined by mid- and long-term needs to cope with changing future battlefield environments. In particular, the test and evaluation provides information necessary to determine whether or not to switch to mass production as the last gateway to research and development of weapons systems and plays an important role in ensuring performance linked to the life cycle of weapons systems. Meanwhile, if you look at the recent changes in the operational environment of the Korean Peninsula and the defense acquisition environment, you can see three main characteristics. First of all, continuous safety accidents occurred during the operation of the weapon system, which increased social interest in the safety of combatants, and the efficient execution of the limited defense budget is required as acquisition costs increase. In addition, strategic approaches are needed to respond to future battlefield environments such as robots, autonomous weapons systems (RAS), and cyber security test and evaluation. Therefore, in this study, we would like to present strategies for improving the testing and evaluation of weapons systems by considering the characteristics of the security environment that has changed recently. To this end, the improvement strategy was derived by analyzing the complementary elements of the current weapon system operational test and evaluation system in a multi-dimensional model and prioritized through the hierarchical analysis method (AHP).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.119-130
• /
• 2009

Korea ranked 2nd in the UN Global e-Participation Index and ranked number one as the leader in e-Government for the third consecutive year. However, Korea ranked 51 in the level of information security published by WEF(World Economic Forum), relatively a low level comparing with its great number of users and excellent environments for the Internet service. A series of critical hacking accidents such as the information leak at Auction and GS Caltex emerged consecutively in 2008 year, resulting in the leak of personal & critical information. This led to a strong interest in the necessity and importance of information security and personal information so that demand for IT security is growing fast. In this paper, we survey to benchmark information security in the perspective of service level, system, investment and policy about major foreign countries. Then we research on an effective way to make the most of the benchmark result to Korea e-Government. In addition, the purpose of this paper is to improve national information security index by developing a policy for ISO 27001 ISMS, an international standard for Information Security Management System, and elevate safety and security of the e-Government serviced by central administrative organizations and local authorities.

• The Korean Journal of Franchise Management
• /
• v.2 no.1
• /
• pp.100-118
• /
• 2011

Since 1990, income has been grown rapidly in Korea. Thus, concerns of environmental pollution and health have been increased among Korea's consumers. As a result of this concern, demand for safe food and agricultural products has been growing in Korea. Recently, purchasing patterns of Korea's consumers have been changed as Korea's society has changed to an aging society, growth of unmarried person, and low birthrate. Korea's consumers prefer to buy only volume that they need. Thus, the volume of agricultural products that they purchase became small. Therefore, retailers should reflect such needs of consumers to their business. The purpose of this study is to build up new strategies in order to make a high profit through customer's satisfaction when selling agricultural products. Using literature review, this study has drawn results. The results of this study is that retailers should lay products with brand in their store and establish trust with customers in oder to make loyal customers. In addition, retailers should prepare individual package of agricultural products for sales of a small volume to keep pace with social changes.

• Information Systems Review
• /
• v.22 no.4
• /
• pp.185-203
• /
• 2020

With the advent of 4th industrial revolution, the manufacturing industry is converging with ICT and changing into the era of smart manufacturing. In the smart factory, all machines and facilities are connected based on ICT, and thus security should be further strengthened as it is exposed to complex security threats that were not previously recognized. To reduce the risk of security incidents and successfully implement smart factories, it is necessary to identify key security factors to be applied, taking into account the characteristics of the industrial environment of smart factories utilizing ICT. In this study, we propose a 'hierarchical classification model of security factors in smart factory' that includes terminal, network, platform/service categories and analyze the importance of security factors to be applied when developing smart factories. We conducted an assessment of importance of security factors to the groups of smart factories and security experts. In this study, the relative importance of security factors of smart factory was derived by using AHP technique, and the priority among the security factors is presented. Based on the results of this research, it contributes to building the smart factory more securely and establishing information security required in the era of smart manufacturing.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.21 no.6
• /
• pp.662-671
• /
• 2015

As the type of Hazardous and Noxious Substances(HNS) becomes various and the transport volume of HNS increases, HNS spill incidents occur frequently on land and the sea. In view of various damages to human lives and properties by HNS spills, it is necessary to educate and train professional personnel in preparation for and response to potential HNS spills. This study shows the current state of response systems and education courses against HNS spill incidents on land and the sea to compare those with each other between land and sea in Korea. Incident command system on land are basically similar to that at sea, but leading authority which is responsible for combating HNS spills at sea is changeable depending on the location of HNS spill, as it were, Korea Coast Guard(KCG) is responsible for urgent response to HNS spill at sea, while municipalities are responsible for the response to HNS drifted ashore. Education courses for HNS responders on land are established at National Fire Service Academy(NFSA), National Institute of Chemical Safety(NICS), etc., and are diverse. Education and training courses for HNS responder at sea are established at Korea Coast Guard Academy(KCGA) and Marine Environment Research & Training Institute(MERTI), and are comparatively simple. Education courses for dangerous cargo handlers who work in port where land is linked to the sea are established at Korea Maritime Dangerous Goods Inspection & Research Institute(KOMDI), Korea Port Training Institute(KPTI) and Korea Institute of Maritime and Fisheries Technology(KIMFT). Through the comparison of education courses for HNS responders between land and sea, some recommendations such as extension of education targets, division of an existing integrated HNS course into two courses composed of operational level and manager level with respective refresh course, on-line cyber course and joint inter-educational institute course in cooperation with other relevant institutes are proposed for the improvement in education courses of KCG and KOEM(Korea Marine Environment Management Corporation) to educate and train professionals for combating HNS spills at sea in Korea.

• Journal of the Korea institute for structural maintenance and inspection
• /
• v.23 no.3
• /
• pp.83-91
• /
• 2019

The purpose of this study is to assess a fire-damaged concrete structure using a digital camera and image processing software. To simulate it, mortar and paste samples of W/C=0.5(general strength) and 0.3(high strength) were put into an electric furnace and simulated from $100^{\circ}C$ to $1000^{\circ}C$. Here, the paste was processed into a powder to measure CIELAB chromaticity, and the samples were taken with a digital camera. The RGB chromaticity was measured by color intensity analyzer software. As a result, the residual compressive strength of W/C=0.5 and 0.3 was 87.2 % and 86.7 % at the heating temperature of $400^{\circ}C$. However there was a sudden decrease in strength at the temperature above $500^{\circ}C$, while the residual compressive strength of W/C=0.5 and 0.3 was 55.2 % and 51.9 % of residual strength. At the temperature $700^{\circ}C$ or higher, W/C=0.5 and W/C=0.3 show 26.3% and 27.8% of residual strength, so that the durability of the structure could not be secured. The results of $L^*a^*b$ color analysis show that $b^*$ increases rapidly after $700^{\circ}C$. It is analyzed that the intensity of yellow becomes strong after $700^{\circ}C$. Further, the RGB analysis found that the histogram kurtosis and frequency of Red and Green increases after $700^{\circ}C$. It is analyzed that number of Red and Green pixels are increased. Therefore, it is deemed possible to estimate the degree of damage by checking the change in yellow($b^*$ or R+G) when analyzing the chromaticity of the fire-damaged concrete structures.