• Journal of Internet Computing and Services
• /
• v.15 no.3
• /
• pp.91-100
• /
• 2014

While IT security investment of organizations has been increased, the amount of the monetary loss of organizations caused by IT security breaches did not decrease as much as their expectation. Also, from surveys, it was discovered that the poor usage of their security budget thwarted the improvement of the organization's security level. In this paper, to resolve the poor usage of security budget of organizations, we propose a comprehensive economic model for determining the optimal amount of investment in security solutions, including the proactive security solutions(PSSs) and the reactive security solutions(RSSs). Using the proposed analytical model under different parameters of security solutions, we show the optimal condition to maximize the expected net benefits from IT security investment of organizations. Also, we verify the common belief that the optimal level of investment in security solutions is an increasing function of vulnerability. Through simulations, we find the optimal level of IT security investment, given parameters of different characteristics of security solutions.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.53-61
• /
• 2016

A number of countries have been developing and implementing national cybersecurity strategy to prevent damages caused by cyber threats and to minimize damages when they happened. However, there are a lot of differences and disparities in respective strategies with their own background and needs. A vulnerability in some places can be a global problem, so various guidelines have been developed by relevant organizations including international organizations to support the establishment of national cybersecurity strategies and improvement of them. In this paper, with analysis on the guidelines for the establishment of national cybersecurity strategies, reference model consisting of common elements of strategies was suggested. And several recommendations for the improvement measures for Korean national cybersecurity strategies were explained with a comparison of the reference model.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.107-114
• /
• 2005

This paper proposes to analyze a security level about information property systems. This method uses objective and quantitative risk level assessment. The method analyzes administrative, physical and technical aspects of information property system commonly. This method also uses administrative, physical and technical weights. Individually according to requirements security assessment purpose. And it shows risks weighting mean and importance of information property by graph. The most right and up systems in maps is prior to other systems. Also, Quantitative analysis presents more objective and efficient results for security level assessment of information system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.369-375
• /
• 2016

Most companies are willing to spend money on security systems such as DRM, Mail filtering, DLP, USB blocking, etc., for data leakage prevention. However, in many cases, it is difficult that legal team take action for data case because usually the company recognized that after the employee had left. Therefore perceiving one's resignation before the action and building up adequate response process are very important. Throughout analyzing DRM log which records every single file's changes related with user's behavior, the company can predict one's resignation and prevent data leakage before those happen. This study suggests how to prevent for the damage from leaked confidential information throughout building the DRM monitoring process which can predict employee's resignation.

• Review of KIISC
• /
• v.29 no.6
• /
• pp.81-88
• /
• 2019

IoT 기술을 이용한 다양한 제품과 서비스의 출시로 국내·외 IoT 산업의 급성장 및 초연결사회로의 진입이 가속화되고 있는 가운데, 보안에 취약한 IoT 기기를 공격 목표 및 도구로 악용하여 다양한 침해사고가 발생되고 있다. 이와 같은 상황은 IoT 기기 보급 활성화와 더불어 더욱 증가할 것으로 전망되고 있으며, 피해의 범위 및 정도에 있어서 막대한 사회적·경제적 손실을 유발하게 될 것으로 우려되고 있다. IoT 기기를 대상으로 하는 침해사고는 주로 디폴트 계정이나 추측하기 쉬운 패스워드를 사용하는 등 관리적 미흡 혹은 기기 자체의 취약점을 악용하여 발생하는 공격으로 인하여 발생되고 있다. 이에 정부 및 산업체에서는 IoT 기기의 보안 내재화, 기기 소유자의 보안인식 제고 등 IoT 기기의 보안성 강화를 위한 다양한 활동을 진행하고 있다. 하지만 IoT 기기 및 사용 환경의 특징 상 모든 IoT 기기를 안전하게 배포하여 관리하는 데에는 한계가 존재하기 때문에, 침해사고 예방 및 대응의 관점에서 공격에 노출되기 쉬운 취약한 기기를 파악하여 사전에 조치하는 노력이 필요하다. 이와 관련하여 본 논문에서는 IoT 기기 취약점을 악용하여 발생하는 공격 대응을 위해, 다양한 채널을 통해 IoT 기기 취약점 및 익스플로잇 정보를 수집하여 IoT 기기 취약점 악용 공격의 유형을 분석하고 대응의 일례를 제시함으로써 IoT 위협 탐지 및 대응 전략 수립을 위한 기초정보를 제공하고자 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.421-430
• /
• 2010

Now a days, as a communications network is being broadband, IPTV(Internet Protocol Television) service which provides various two-way TV service is increasing. But as the data which is transmitted between IPTV set-top box and smart card is almost transmitted to set-top box, the illegal user who gets legal authority by approaching to the context of contents illegally using McComac Hack Attack is not prevented perfectly. In this paper, set-top box access security model is proposed which is for the protection from McComac Hack Attack that tries to get permission for access of IPTV service illegally making data line which is connected from smart card to set-top box by using same kind of other set-top box which illegal user uses. The proposed model reports the result of test which tests the user who wants to get permission illegally by registration the information of a condition of smart card which is usable in set-top box in certification server so that it prevents illegal user. Specially, the proposed model strengthen the security about set-top box by adapting public key which is used for establishing neighbor link and inter-certification process though secret value and random number which is created by Pseudo random function.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.109-118
• /
• 2022

Countries around the world have recognized the importance of personal information protection and have discussed protecting the rights of data subjects in various forms such as laws, regulations, and guidelines. PbD (Privacy by Design) is one of the concepts that are commonly emphasized as a precautionary measure for the protection of personal information, and it is starting to attract attention as an essential element for protecting the privacy of information subjects. However, the concept of PbD to prioritize individual privacy in system development or service operation in advance is still only at the declarative level, so there is relatively little discussion on specific methods to implement it. Therefore, this study discusses which principles and rights should be prioritized to implement PbD based on the basic principles of GDPR and the rights of data subjects. This study is meaningful in that it suggests a plan for the practical implementation of PbD by presenting the privacy considerations that should be prioritized when developing systems or services in the domestic environment.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.9 no.5
• /
• pp.1242-1248
• /
• 2008

In this paper, we propose a multi-stage user authenticating system in which system at first stage, the system authenticate a user through his GPS information and IP address. At second stage, the system authenticate a user based on ID and Password as other systems does. Through the use of proposed system, aged person or children enjoy the game on a much safer environment.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.1-7
• /
• 2019

There are various cyber attacks on business PCs. In order to reduce the threat of PC security, we are preventing the vulnerability from being diagnosed beforehand. However, this guideline is difficult to cope with because the domestic vulnerability guide does not update the diagnostic items. In this paper, we examine the cyber infringement cases of PCs and the diagnostic items of foreign technical vulnerabilities in order to cope with security threats. In addition, an improved guide is provided by comparing the differences in the diagnostic items of technical vulnerability from abroad and domestic. Through 41 proposed technical vulnerability improvement items, it was found that various security threats can be coped with. Currently, it is mainly able to respond to only known vulnerabilities, but we hope that applying this guideline will reduce unknown security threats.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.53-60
• /
• 2016

Security measures for the current insurance crime has focused on the capture oriented and reactive response in the screening stage of insurance payments. However, since leaving the damages that can not be healed by post-punishment, it is necessary to take measures to prevent the insurance crimes in advance. In this paper, I would like to try to identify problems through analyzing the characteristics and cases of the insurance crimes, and to present alternatives to it. The problems with the current insurance system that causes the insurance crimes are, First, When signing the insurance contract, it is too inattentive to confirm about the credit status of the policyholder, duplicate join or not, whether voluntarily sign up etc. Second, a thorough investigation or criminal charges in case of insurance accident is not being done properly. Third, information exchange and management to malicious policyholders is not being done properly. Therefore, in order to guard people from insurance crimes, First, it should strengthen the audit of such credit conditions, accident experiences in the insurance contract at the policyholders. Second, we need to block insurance crimes in advance through the continuous upgrades of insurance fraud analysis systems and social network. Third, it is necessary to strengthen the surveillance systems for the insurance crimes by the information sharing.