• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.11
• /
• pp.2341-2346
• /
• 2012

Voice phishing against the old or weak persons have used the methods which are social engineering in the object and financial structure and function. Until recently Voice phishing from Chaina caused economic devastation and the economic loss by phishing grows with the South Koreans in the whole. Korean government and public organizations involved have been strengthening protection system and a financial security devices. But it is not easy to verify how much effects of security measures are. In this paper I will study the economic loss caused by voice phishing and potential economic effects of security measures and security device reinforcements of the Republic of Korea. Direct costs are reported about 100 million dollars and potential economic effects of voice phinshing secure measures may be around 320 million dollars.

• Journal of Platform Technology
• /
• v.9 no.2
• /
• pp.26-37
• /
• 2021

E-mail is one of the important tools for communicating with people in everyday life. With COVID-19 (Coronavirus) increasing non-face-to-face activity, security incidents through e-mail such as spam, phishing, and ransomware are increasing. E-mail security incidents are increasing as social engineering attack using human psychology rather than arising from technological weaknesses that e-mails have. Security incidents using human psychology can be prevented and defended by improving security awareness. This study empirically studies the analysis of changes in response to malicious e-mail due to improved security awareness through malicious e-mail simulations on executives and employees of domestic and foreign company. In this study, the factors of security training, top-down security management, and security issue sharing are found to be effective in safely responding to malicious e-mail. This study presents a new study by conducting empirical analysis of theoretical research on security awareness in relation to malicious e-mail responses, and results obtained from simulations in a practical setting may help security work.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.61-69
• /
• 2022

When a large-scale cyber attack or terrorism occurs and the country suffers enormous damage or poses a fatal threat to security, social interest in nurturing cybersecurity workforce increases. In addition, the government often suggests policies and guideline to train cybersecurity workforce. However, the system that can systematically manage trained cyber workforce after they are employed in related organizations or companies is still weak. Software workforce has a standardized qualification level model, so appropriate jobs are set and managed for each level. Cyber workforce also need a specialized qualification level model that takes into account their career, academic background, and education&training performance. By assigning a qualification level, the duties that can be performed for each level should be set, and the position and duty of the department should also be assigned in consideration of the level. Therefore, in this paper, we propose a qualification level model for cyber security workforce.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.285-296
• /
• 2016

Recently, as the widespread use of Facebook through a smartphone or tablet PC, it has increased the threat that contains the malicious code to post a social attacks and comments that use personal information that has been published of Facebook. To solve these problems, Facebook is, by providing a security function, but would like to address these threats, in setting the security function, the security function of the user's convenience is not considered a properly there is a problem that is not in use. Thus, in this paper, on the basis of the information obtained via the cogTool, on Facebook security features, the user experience by presenting a method that can be quantitatively measured by this, the user convenience It classifies about Facebook security features to decrease.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.2
• /
• pp.95-102
• /
• 2010

This paper proposes a SPIT(Spam over IP Telephony) prevention framework which is using expanded white-list in real-time VoIP environment. The existing schemes are vulnerable to attack from spammers since they can continue to transfer SPIT upon changing their ID. And existing frameworks have experienced the time delay and overload as session initiates due to real-time operation. To solve these problems, the proposed scheme expands the scope of white lists by forming social networks using the white list, but it is to decide quickly whether pass a caller ID without searching the entire database. The proposed framework takes the three-stage architecture and the fast scoring system. The proposed framework minimize user's inconvenience and time delay for initiation of session, therefore, it is proper for real-time VoIP environment.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.21-28
• /
• 2020

In recent years, hacking and malware techniques have evolved and become sophisticated and complex, and numerous cyber-attacks are constantly occurring in various fields. Among them, the most widely used route for compromise incidents such as information leakage and system destruction was found to be E-Mails. In particular, it is still difficult to detect and identify E-Mail APT attacks that employ zero-day vulnerabilities and social engineering hacking techniques by detecting signatures and conducting dynamic analysis only. Thus, there has been an increased demand for indicators of compromise (IOC) to identify the causes of malicious activities and quickly respond to similar compromise incidents by sharing the information. In this study, we propose a method of extracting various forensic artifacts required for detecting and investigating Hacking E-Mails, which account for large portion of damages in security incidents. To achieve this, we employed a digital forensic indicator method that was previously utilized to collect information of client-side incidents.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.39-46
• /
• 2019

Recently, information security accidents are becoming more advanced as social engineering attacks using new types of malicious codes such as phishing. Organizations have made various efforts to prevent information security incidents, but tend to rely on technical solutions. Nevertheless, not all security incidents can be prevented completely. In order to overcome the limitations of the information security approach that depends on these technologies, many researchers are increasingly interested in People-Centric Security. On the other hand, some researchers have applied behavioral economics to the information security field to understand human behavior and identify the consequences of the behavior. This study is a trend analysis study to grasp the recent research trend applying the concept and idea of behavioral economics to information security. We analyzed the research trends, research themes, research methodology, etc. As a result, the most part of previous research is focused on 'operational security' topics, and in the future, it is required to expand research themes and combine behavioral economics with security behavioral issues to identify frameworks and influencing factors.

• Journal of Digital Convergence
• /
• v.17 no.5
• /
• pp.89-97
• /
• 2019

The purpose of this study was to understand educational changes and effects of cognitive behavioral art therapy using the smart device. The participant of the study was a 4th grade of male elementary school student who had aggressiveness and impulsiveness with emotional instability. The study was conducted one to two times a week for six months with a total of 30 educational sessions. Among 80 minutes per session, 60 minutes of art therapy and 20 minutes of cognitive behavioral therapy were applied, and during the sessions, cognitive action art therapy (drawing and shaping activities), cognitive restructuring, behavioral modification, systemic dullness, social skills training, empathy and landscaping training were applied. For the numeral assessment, Traffic Anxiety Inventory for Children (TAIC), Beck Anxiety Inventory (BAI) and emotional instability measures were used. Research showed that cognitive behavioral art therapy using smart devices had the effect of positive emotional change in children with emotional anxiety, and based on this, future development directions including systematic instructional design, scientific analysis and feedback technologies were discussed.

• Informatization Policy
• /
• v.23 no.4
• /
• pp.76-94
• /
• 2016

Recently in Korea, the importance of information security awareness has been receiving a growing attention. Attacks such as social engineering and ransomware are hard to be prevented because it cannot be solved by information security technology. Also, the profitability of information security industry has been decreasing for years. Therefore, many companies try to find a new growth-engine and an entry to the foreign market. The main purpose of this paper is to draw out some information security issues and to analyze them. Finally, this study identifies issues and suggests how to improve the situation in Korea. For this, topic modeling analysis has been used to find information security issues of each country. Moreover, the score of sentiment analysis has been used to compare them. The study is exploring and explaining what critical issues are and how to improve the situation based on the identified issues of the Korean information security industry. Also, this study is also demonstrating how text mining can be applied to the context of information security awareness. From a pragmatic perspective, the study has the implications for information security enterprises. This study is expected to provide a new and realistic method for analyzing domestic and foreign issues using the analysis of real data of the Twitter API.

• Korean Security Journal
• /
• no.41
• /
• pp.37-66
• /
• 2014

In recent years, with the development of computers and electronics, electronics and communication technology in a growing and each part is dependent on the cross-referencing makes all electronic equipment is obsolete due to direct or indirect damage EMP. Korea and the impending standoff North Korea has a considerable level of technologies related to the EMP, EMP weapons you already have or in a few years, the development of EMP weapons will complete. North Korea launched a long-range missile and conducted a nuclear test on several occasions immediately after, when I saw the high-altitude nuclear blackmail has been strengthening the outright offensive nuclear EMP attacks at any time and practical significance for the EMP will need offensive skills would improve. At this point you can predict the damage situation of Korea's security reality that satisfy the need, more than anything else to build a protective system of the EMP. The scale of the damage that unforeseen but significant military damage and socio-economic damage and fatalities when I looked into the situation which started out as a satellite communications systems and equipment to attack military and security systems and transportation, finance, national emergency system, such as the damage elsewhere. In General, there is no direct casualties reported, but EMP medical devices that rely on lethal damage to people who can show up. In addition, the State power system failure due to a power supply interruption would not have thought the damage would bring State highly dependent on domestic power generation of nuclear plants is a serious nuclear power plant accident in the event of a blackout phenomenon can lead to the plant's internal problems should see a forecast. First of all, a special expert Committee of the EMP, the demand for protective facilities and equipment and conduct an investigation, he takes fits into your budget is under strict criteria by configuring the contractors should be sifting through. He then created the Agency for verification of performance EMP protection after you have verified the performance of maintenance, maintenance, safety and security management, design and construction company organized and systematic process Guard facilities or secret communications equipment and perfect for the EMP, such as protective equipment maneuver system should take.