• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.87-96
• /
• 2011

The importance of the security management system for the aviation infrastructure cannot be overemphasized. What is especially important on the security management system for it is the assessment that is detaild and systematic. This article presents a framework based on a Hanulcha-type security management system model for a Information security of the Aviation infrastructure. This system checks, estimates and analyzes the goal of security with effect, especially in case of the security-accident on the aviation infrastructure because this system model gives the integrated security assessment method.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.151-175
• /
• 2015

Although three types of the information security measures (technical, physical and managerial ones) are all together critical to maintaining information security in the organizations and should be implemented at the same time, this study aims at providing theoretical basis of establishing and implementing effective managerial security measures. The rationale behind this research objective is that it is very important to effectively perform the managerial security measures to achieve the target performance level of the technical and the physical security measures because main agents of practicing the information security measures in the organizations are staff members even though the technical and the physical ones are well constructed and implemented. In particular, this study intends to develop and propose the theoretical model applicable to providing the way of improving organizational members' intention to use information security technologies since the very intention to use them is essential to effectively establishing and promoting managerial security measures. In order to achieve the objective of this study, the factors critical to influencing upon the intention to use information security technologies are derived through systematically reviewing related theories and previous studies, and then the research model and hypotheses are proposed by logically reasoning the casual relationship among the these factors. Also, the empirical analyses are performed by conducting the survey of the organization members of domestic large companies and analyzing the structural equation model by PLS (Partial Least Squares) method. The significant results of this study can contribute to expanding the research area of managerial information security and can be applied to suggesting the practical guidelines for effectively establishing and implementing the managerial security measures in various organizations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1585-1594
• /
• 2018

In recent years The importance of information security management for securing information collection and analysis, production and distribution is increasing. Companies are assured of confidence in information security through authentication of information Security Management System. However, level assessment and use of domains that make up the management system is limited. On the other hand, the security maturity model is able to diagnose the level of information protection of the enterprise step by step. It is also possible to judge the area to be improved urgently. It is a tool to support goal setting according to the characteristics and level of company. In this paper, C2M2, which is an example of security maturity model, is compared and analyzed with Korea Information Security Management System certification. Benchmark the model to check the level of information security management and derive the priority among the items that constitute the detailed area of information security measures of ISMS certification. It also look at ways to check the level of information security management step by step.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.151-156
• /
• 2011

Google Android, which is one of the popular smart phone platforms, employs a security model based on application permissions. This model intends to reduce security threats by protecting inappropriate accesses to system resources from applications, but this model has a few problems. First, permission requested by an application cannot be granted selectively. Second, once the permission has been granted it is maintained until the application is uninstalled. Third, applications may acquire powerful permissions through user ID sharing without any notice to users. In order to overcome these limitations, we designed and implemented a flexible application permission management scheme. The goal of our scheme is to enhance security and user convenience while keeping compatibility to original platform. We also verified the operation of our scheme with real applications on Android emulator.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.3
• /
• pp.65-72
• /
• 2020

With the development of information technology and the growth of the scale of system and network, cyber threats and crimes continue to increase. To cope with these threats, cybersecurity training based on actual attacks and defenses is required. However, cybersecurity training requires expert analysis and attack performance, which is inefficient in terms of cost and time. In this paper, we propose a cyber attack simulator that automatically executes attack techniques. This simulator generates attack scenarios by combining attack techniques modeled to be implemented and executes the attack by sequentially executing the derived scenarios. In order to verify the effectiveness of the proposed attack simulator, we experimented by setting an example attack goal and scenarios in a real environment. The attack simulator successfully performed five attack techniques to gain administrator privileges.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.749-751
• /
• 2022

본 논문은 코로나19로 인해 가정에서 생활하는 시간이 길어진 현재 스마트 IoT시스템을 기반으로 각종 환경에 따라 자동으로 창문을 여닫는 "지능제어기를 활용한 스마트 창문"(이하 "윈도우 플러스")을 제안한다. 본 논문이 제안하는 주요한 특징은 다음과 같다. 첫째, 여러 가지 센서와 모터, 라즈베리파이를 이용하여 센서 입력 값에 따라 창문 개폐를 결정한다. 둘째, 안드로이드 어플리케이션과 윈도우 플러스-휴대폰 간 블루투스 통신을 이용하여 창문에 입력되는 대기 환경 수치를 실시간으로 표시한다. 셋째, 실내모드와 실외모드를 구분지어 설정할 수 있으며, 이는 사용자로 하여금 실내 대기 상태를 최적으로 만들 수 있도록 한다. 넷째, 창문의 개폐 여부를 telegram을 통해 사용자가 알 수 있도록 하며, 실내 환경의 보안성을 제공하고. 채팅을 통해 원격제어를 한다. 제안하는 시스템은 기존 수동방식의 창문으로부터 사용자의 편의성을 증가시키고, 자동 환기를 통해 코로나19의 전파를 방지하는데 도움을 줄 수 있는 "윈도우 플러스"의 개발을 목표로 한다.

• The Journal of Society for e-Business Studies
• /
• v.16 no.2
• /
• pp.159-169
• /
• 2011

In order for agencies and companies at the IT service industry to check as well as to upgrade the current status of their information security programs, this paper suggests the assessment method for information security levels. The study developed 12 assessment fields and 54 assessment items derived from domestic and foreign cases including SP800-26, SP800-53, ISMS, and ISO27001. It categorized 54 assessment items into 5 levels for determining information security levels. Also, the study presents 7 strategies for performing their efficient evaluations. The proposed method and process in this paper can be useful guidelines for improving the national information security level.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.1
• /
• pp.79-86
• /
• 2015

Cognitive radio networks (CRNs) offer the promise of intelligent radios that can learn from and adapt to their environment. CRN permits unlicensed users to utilize the idle spectrum as long as it does not introduce interference to the primary users due to the Federal Communications Commission's recent regulatory policies. Thereby, the security aspects in CRNs should be different with the other networks. The purpose of this paper is to devise a new delegation-based authentication protocol (NDAP) by extracting out the security aspects for unlicensed user authentication over CRNs from Tsai et al's delegation-based authentication protocol (TDAP). First of all, we will provide security analyses on the TDAP and set design goal for unlicensed user authentication. Then, we will propose a NDAP as a remedy mechanism for the TDAP and a new protocol for CRNs. The NDAP could be used as a security building block for the CRNs and various convergence applications.

• Proceedings of the Korea Technology Innovation Society Conference
• /
• 2017.05a
• /
• pp.489-497
• /
• 2017

사물 인터넷, 클라우드 컴퓨팅, 인공지능, 빅데이터 등 첨단 정보통신기술을 활용하여 모든 사물들의 지능화와 초연결을 지향하는 것을 나타내는 4차 산업혁명에 대한 관심은 나날이 증가하고 있다. 4차 산업혁명과 관련된 다양한 분야의 기술들 중에서 인공지능을 활용한 자율주행자동차 기술과 관련하여 논의를 진행하고자 한다. 여러 국가에서는 자율주행자동차 시장선점을 위해 관련 기술의 발달에 몰두하고 있다. 그러나 자율주행자동차의 상용화를 위해서는 기술의 발달뿐만 아니라 관련 법제도의 정비가 더욱 필수적인 요소라고 본다. 자율주행자동차가 안전성을 보장할 수 있도록 시험운행에 대한 규제를 완화시켜야 할 것이며, 향후 상용화가 될 경우 야기될 수 있는 민사적 손해배상문제와 형사책임의 문제, 과실책임의 문제, 사이버 보안문제 등을 대비할 수 있는 법제도 마련을 촉구하고자 한다. 타국가와의 자율주행자동차 법제도 비교분석을 통해 우리나라의 도로교통법과 기존 법 제정상태를 고려하여 법안 마련에 방향성을 설정하는 데에 목표를 두고 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.95-102
• /
• 2008

The next generation network preparation of stock computer network designated to facilities and goal facilities-based national main information communication certainly necessary for 'national competitiveness enhancement and national economic strength elevations'. This paper studies current government policy and network, security and securities computer network, and substitute for securities computer network-based the existing SONET/SDH, and next generation securities computer network designs so as to provide ALL-IP service-based MPLS for international GMG service. Set up stability, standardization, security, a basis of and compare is current next generation securities computer network by each bases in case of designs. Analyze an expected effect to have been improved at next generation stock computer network characteristics and merits and substitution width and QoS, communication instrument liquor, an information protection system etc. too. Result of research of this paper will contribute to national competitiveness enhancement and a national economic strength elevation to accomplish u-Korea.