• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.401-404
• /
• 2019

최근 국가기반시설 산업제어시스템은 시나리오를 기반으로 시뮬레이션 훈련을 진행한다. 그러나 국내 ICS 보안 기술은 외부 경계 보호에 중점을 둔 시나리오가 대다수였기 때문에 내부에서 발생할 수 있는 시나리오 가이드라인이 상대적으로 부족하고 이를 평가하는 기준 또한 제대로 정의되어 있지 않다. 내부 공격이 증가함에 따라 국내에서도 사회공학적 기법에 초점을 둔 시뮬레이션 훈련을 진행할 필요가 있다. 이에 본 논문은 NEI 08-09 의 운영·관리항목 중 가장 빈번하게 발생하는 위협을 바탕으로 한 시나리오 및 구성요소를 개발하고, 이를 평가할 수 있는 명확한 기준을 제시하여 효과적인 비상대응 훈련을 수행할 수 있도록 한다.

• Journal of Information Technology Services
• /
• v.21 no.1
• /
• pp.81-102
• /
• 2022

Although more than 99% of all Korean companies are small and medium-sized enterprises (SMEs), which accounts for a large part of the national economy, they are having difficulties in securing information protection capabilities due to problems such as budget and manpower. On the other hand, as 97% of cyber incidents are concentrated in SMEs, it is urgent to strengthen the information protection management and response capabilities of SMEs. Although the government is promoting company-wide information security consulting for SMEs, the need for supplementing it's procedures and consulting items is being raised. Based on the results of information security consulting supported by the government in 2020, this study attempted to derive improvement plans by interviewing SME workers, information security consultants, and system operators. Through the research results, it is expected to create a basis for SMEs to autonomously check the information security management system and contribute to the reference of related policies.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.11a
• /
• pp.613-616
• /
• 2020

본 연구는 소상공인에게 쉽고 간단한 사용자 인터페이스를 통한 효과적인 창고 운용 최적화 솔루션을 제시하며, 장기적으로 소상공인의 종합적인 온라인 판로 개척 체계 확립을 목표로 한다. 세부적으로 최신 물류 트렌드인 RFID 기술을 접목한 Smart 입출고 Machine 의 개발과 Machine Learning 기술을 이용한 창고 보안 Smart 개폐 장치, 안정적인 제품/주문 Data 관리를 위한 클라우드 서버(AWS) 서비스를 제공함과 더불어 Data 분석을 통한 트렌드 분석으로 소상공인이 온라인 생태계에 수익을 높이며 안정적으로 정착할 수 있는 방안을 제시한다.

• Korea Trade Review
• /
• v.48 no.3
• /
• pp.243-262
• /
• 2023

This study provides a systematic review of smart trade contracts, examining the research trends and theoretical background of utilizing smart contracts and blockchain technology for the digitalization and automation of trade contracts. Smart trade contracts are a concept that applies the automated contract system based on blockchain to trade-related transactions. The study analyzes the technical and legal challenges and proposes solutions. The technical aspect covers the development of smart contract platforms, scalability and performance improvements of blockchain networks, and security and privacy concerns. The legal aspect addresses the legal enforceability of smart contracts, automatic execution of contract conditions, and the responsibilities and obligations of contract parties. Smart trade contracts have been found to have applications in various industries such as international trade, supply chain management, finance, insurance, and energy, contributing to the ease of trade finance, efficiency of supply chains, and business model innovation. However, challenges remain in terms of legal regulations, interaction with existing legal frameworks, and technological aspects. Further research is needed, including empirical studies, business model innovation, resolution of legal issues, security and privacy considerations, standardization and collaboration, and user experience studies to address these challenges and explore additional aspects of smart trade contracts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.591-603
• /
• 2018

Windows Event Log is a format that records system log in Windows operating system and methodically manages information about system operation. An event can be caused by system itself or by user's specific actions, and some event logs can be used for corporate security audits, malware detection and so on. In this paper, we choose actions related to corporate security audit and malware detection (External storage connection, Application install, Shared folder usage, Printer usage, Remote connection/disconnection, File/Registry manipulation, Process creation, DNS query, Windows service, PC startup/shutdown, Log on/off, Power saving mode, Network connection/disconnection, Event log deletion and System time change), which can be detected through event log analysis and classify event IDs that occur in each situation. Also, the existing event log tools only include functions related to the EVTX file parse and it is difficult to track user's behavior when used in a forensic investigation. So we implemented new analysis tool in this study which parses EVTX files and user behaviors.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.8
• /
• pp.197-210
• /
• 2016

Lately smartphone uasage is increasing and many Internet of Things (IoT) devices support wireless communications. Accordingly, small base stations which called femtocells are supplied to prevent saturation of existing base stations. However, unlike the original purpose of the femtocell with the advanced hacking technologies, Vulnerability such as gaining the administrator authority was discovered and this can cause serious problems such as the leakage of personal information of femtocell user. Therefore, identify security threats that may occur in the femtocell and it is necessary to ways for systematic vulnerability analysis. In this paper, We analyzed the security threats that can be generated in the femtocell and constructed a checklist for vulnerability analysis using the Threat Modeling method. Then, using the constructed checklist provides a scheme that can improve the safety of the femto cell through the actual analysis and taken the results of the femtocell vulnerabilities analysis.

• Spatial Information Research
• /
• v.19 no.6
• /
• pp.29-41
• /
• 2011

Recently, the importance of systematic Land-monitoring has been emphasized. The existing Law does not include any definitions or regulations of monitoring. Although there exist laws regarding examining and measuring the current status of region, utilization, distribution, share, security and management of the data need to be improved. In order to upgrade the Land-monitoring system, several tasks such as terms, building cycle, forms, scope, management team should be well-defined. In this study, problems of the Land-monitoring is investigated by understanding the legislation in the land planning system and its operating system. The setting of the land-monitoring concept in Framework Act on the National Land and revision of specific laws in this field were introduced. Finally, new Land-monitoring legislation covering the improvement of the data-acquisition and co-utilization were suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.107-115
• /
• 2012

The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

• Convergence Security Journal
• /
• v.11 no.2
• /
• pp.65-77
• /
• 2011

In Western Europo and the US, there has been a general trend over 30 years of reducing the amount of force by the police, through a paradigm shift from 'Escalated Force Model' towards 'Negotiated Management Model'. In tune with this trend, for example, the Swedish Police have implemented the uniformed 'Dialogue Police' system, in order to establish communication contact with demonstrators, before, during, and after their events, The Negotiated Management Model involves a greater respect for the rights of protesters, a more tolerant approach to community, and improved intelligence, communication, and flexibility, in order to facilitate lawful protests and to reduce the possibility of an escalation of major public disorder. The Korean National Police (KNP) appears to be operated within this negotiated management framework, since in preparation for the G20 Seoul Summit, they have also emphasized good communication between the police and protest groups, by newly creating the concept of 'Protest Policing Through Facilitation of Lawful Protests'. In this context, this study first attempts to analyze not only the negotiated management model, but also the Swedish dialogue police. Secondly, the study conducts a comparative study between the KNP's Protest Policing Through Facilitation of Lawful Protest and the Swedish dialogue police system, particularly, in conjunction with the negotiated management. Although Korean and western police have different system and history, protest policing model is now approaching with each other through a link between conflict resolution techniques, such as dialogue, negotiation, mediation and facilitation. Finally, the study is to prove if the KNP's protest policing model corresponds with the negotiated management model, and further to suggest new 'Facilitation of Conflict Resolution Model' as a desirable future of the KNP's protest policing.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.7
• /
• pp.57-64
• /
• 2022

In this paper, the definition and overview of digital health care that has emerged recently, core technology, and We would like to propose a plan to establish a next-generation information protection system that can protect digital healthcare devices and data from cyber attacks. Various vulnerabilities exist for digital healthcare devices and data, and cyber attacks are possible for those vulnerabilities. Through an attack on digital health care devices and information and communication networks, it can directly adversely affect human life and health, Since digital healthcare data contains sensitive and personal information, it is essential to safely protect it from cyber attacks. In the case of this proposal, for continuous safe management of data and cyber attacks on equipment and communication networks for digital health devices, It is expected to be able to respond more effectively and continuously through the establishment of the next-generation information protection system.