• Information Systems Review
• /
• v.14 no.3
• /
• pp.131-141
• /
• 2012

Depending on the sophistication of IT, it is increasing more and more information leaks and breaches. Accordingly the majority of companies have expand investment protection for the information. However, companies still have been exposed the vulnerability of information leakage. Especially, small IT service businesses than large corporations relatively have some limitations in the points of resources and manpower business activities. For studies on information security for small IT service companies so far, however, there have been insufficient studies considering small business scales and business characteristics of IT services. In this study, we made to design an information security management model for establishing security measures of small IT service companies which are classified SI/SM, DB, IR and IP industry that depending on how the value creation of the business. In detail, we performed an empirical analysis for small IT service business to consider business characteristics and we proposed security implementation strategies based on the analysis results.

• The Journal of Society for e-Business Studies
• /
• v.12 no.3
• /
• pp.33-47
• /
• 2007

The requirements have been changed during development progresses, since it is impossible to define all of software requirements. These requirements change leads to mistakes because the developers cannot completely understand the software's structure and behavior, or they cannot discover all parts affected by a change. Requirement changes have to be managed and assessed to ensure that they are feasible, make economic sense and contribute to the business needs of the customer organization. We propose a feature-oriented requirements change management method to manage requirements change with value analysis and feature-oriented traceability links including intermediate catalysis using features. Our approach offers two contributions to the study of requirements change: (1) We define requirements change tree to make user requirements change request generalize by feature level. (2) We provide overall process such as change request normalization, change impact analysis, solution dealing with change request, change request implementation, change request evaluation. In addition, we especially present the results of a case study which is carried out in asset management portal system in details.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39A no.11
• /
• pp.660-674
• /
• 2014

RFID system has been used in a variety of services. So, a lot of attacks like a free ride on the service, leakage of property or personal information are known. Therefore, the solutions that address these attacks have been proposed. Among the attacks, mafia fraud, a kind of relay attack, can not be addressed by common authentication protocol. So, Hancke and Kuhn used distance bounding protocol for RFID authentication. After that, Munilla and Peinado modified HK protocol by adding void challenge. So the mafia fraud success probability of adversary is lower than probability of HK protocol. Ahn et al. proposed a protocol that reduces number of a hash computation and traffic than MP protocol. Here, we show that MP protocol can not defend the terrorist fraud and is vulnerable to noise. And we show that also AYBN protocol is vulnerable to mafia fraud and key leakage. Moreover, we propose a new protocol and our experimental results show that our protocol is secure to terrorist and mafia fraud.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.5-16
• /
• 2019

Modern state-of-the-art military aviation assets are operated with independent embedded real-time operating systems(RTOS). These embedded systems are made with a high level of information assurance. However, once the systems are introduced and installed on individual platforms for sustaining operational employment, the systems are not actively managed and as a result the platforms become exposed to serious threats. In this paper, we analyzed vulnerability factors in the processing of mission planning data and maintenance-related data for fighter aircraft. We defined the method and form of cyber attacks that modulate air data using these vulnerabilities. We then proposed a detection module for integrity detection. The designed module can preemptively respond to potential cyber threats targeting high - value aviation assets by checking and preemptively responding to malware infection during flight data processing of fighter aircraft.

• Journal of Korea Technology Innovation Society
• /
• v.21 no.3
• /
• pp.1050-1076
• /
• 2018

In this study, we focus on identifying the determinants of improving technology collaboration performance between buyer and supplier and the impact of the determinants on new product development performance. We adopted trust, control and information sharing as the determinants of technology collaboration and the frequency of new product introduction and ratio of new product on revenue as dependent variables. We conducted hierarchical regression and mediation analysis using the data collected from 600 Korean manufacturing firms by Korean Productivity Association and Ministry of Trade and Industry in 2012. The empirical findings indicate that trust, control and information sharing are positively associated with technology collaboration performance and the degree of technology collaboration is also positively associated with both new product development performance. In addition, new product development performance is not only affected by technology collaboration but also mediated by trust. This result implies that developing social capital, trust with partner play a important role in leading to better performance by open innovation.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.18 no.2
• /
• pp.144-155
• /
• 2019

One of the issues of the automotive industry today is autonomous driving vehicles. In order to achieve level 3 or higher as defined by SAE International, harmonization of autonomous driving technology and connected technology is essential. Current vehicles have new features such as autonomous driving, which not only increases the number of electrical components, but also the amount and complexity of software. As a result, the attack surface, which is the access point of attack, is widening, and software security vulnerabilities are also increasing. However, the reality is that the essential security requirements for vehicles are not defined. In this paper, based on real attacks and vulnerability cases and trends, we identify the assets in the in-vehicle network and derive the threats. We also defined the security requirements and derived essential security requirements that should be applied at least to the safety of the vehicle occupant through risk analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.637-659
• /
• 2021

Since the creation of the first Bitcoin blockchain in 2009, the number of cryptocurrency users has steadily increased. However, the number of hacking attacks targeting assets stored in these users' cryptocurrency wallets is also increasing. Therefore, we evaluate the security of the wallets currently on the market to ensure that they are safe. We first conduct threat modeling to identify threats to cryptocurrency wallets and identify the security requirements. Second, based on the derived security requirements, we utilize attack trees and Bayesian network analysis to quantitatively measure the risks inherent in each wallet and compare them. According to the results, the average total risk in software wallets is 1.22 times greater than that in hardware wallets. In the comparison of different hardware wallets, we found that the total risk inherent to the Trezor One wallet, which has a general-purpose MCU, is 1.11 times greater than that of the Ledger Nano S wallet, which has a secure element. However, use of a secure element in a cryptocurrency wallet has been shown to be less effective at reducing risks.

• KIPS Transactions on Computer and Communication Systems
• /
• v.10 no.5
• /
• pp.145-154
• /
• 2021

Recently, the introduction of Cloud Managing Security Services System to respond to security threats in cloud computing environments is increasing. Accordingly, it is necessary to analyze the security requirements for the Cloud Managing Security Services System. However, the existing research has a problem that does not reflect the virtual environment of the cloud and the data flow of the Cloud Managing Security Services System in the process of deriving the requirements. To solve this problem, it is necessary to identify the information assets of the Cloud Managing Security Services System in the process of threat modeling analysis, visualize and display detailed components of the cloud virtual environment, and analyze the security threat by reflecting the data flow. Therefore, this paper intends to derive the security requirements of the Cloud Managing Security Services System through threat modeling analysis that is an improved existing research.

• Tunnel and Underground Space
• /
• v.32 no.4
• /
• pp.254-271
• /
• 2022

The performance of truck haulage operations in an underground mine was evaluated using the time usage model and key performance indicators (KPIs) proposed by Global Mining Guidelines Group (GMG). An underground mine that mainly produces iron and titanium iron was selected as a study area, and truck haulage data were collected using Bluetooth beacons and tablet PCs. The collected data were analyzed to identify unit operations, activities, events, and required time of truck haulage operations, and time categories were classified based on the time usage model. The performance of the haulage operations was evaluated using nine indicators in terms of availability, utilization, and effectiveness. As a result, in terms of availability, uptime was 33.9%, physical availability was 95.7%, and mechanical availability was 94.9%. In the case of utilization, use of availability was 83.1%, asset utilization was 28.1%, and operating and effective utilization were 79.6% and 77.7%, respectively. Also, in terms of efficiency, operating efficiency was high at 97.6%, and production effectiveness was found to be 49%.

• Journal of Internet Computing and Services
• /
• v.23 no.6
• /
• pp.15-26
• /
• 2022

Various subjects are carrying out cyberattacks using a variety of tactics and techniques. Additionally, cyberattacks for political and economic purposes are also being carried out by groups which is sponsored by its nation. To deal with cyberattacks, researchers used to classify the malware family and the subjects of the attack based on malware signature. Unfortunately, attackers can easily masquerade as other group. Also, as the attack varies with subject, techniques, and purpose, it is more effective for defenders to identify the attacker's purpose and goal to respond appropriately. The essential goal of cyberattacks is to threaten the information security of the target assets. Information security is achieved by preserving the confidentiality, integrity, and availability of the assets. In this paper, we relabel the attacker's goal based on MITRE ATT&CK® in the point of CIA triad as well as classifying cyber security reports to verify the labeling method. Experimental results show that the model classified the proposed CIA label with at most 80% probability.