• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.919-929
• /
• 2014

Recently, organizational efforts to adopt ISMS(Information Security Management System) have been increasingly mandated and demanded due to the rising threat and the heavier cost of security failure. However there is a serious gap between awareness and investment of information security in a company, hence it is very important for the company to control effectively a variety of information security threats within a tight budget. To phase the ISMS, this study suggests the priorities based on evaluating the Importance of 13 areas for the ISMS by the information security experts and then we attempt to see the difference between importance and investment through the assessment of the actual investment in each area. The research findings show that intrusion incident handling is most important and IT disaster recovery is the area that is invested the most. Then, information security areas with the considerable difference between priorities of importance and investment are cryptography control, information security policies, education and training on information security and personnel security. The study results are expected to be used in making a decision for the effective investment of information security when companies with a limited budget are considering to introduce ISMS or operating it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1185-1195
• /
• 2014

Domestic and international CERTs are carrying out security monitoring and response services based on security devices for intrusion incident prevention and damage minimization of the organizations. However, the security monitoring and response service has a fatal limitation in that it is unable to detect unknown attacks that are not matched to the predefined signatures. In recent, many approaches have adopted the darknet technique in order to overcome the limitation. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. Thus, all the incoming traffic to the darknet can be regarded as attack activities. In this paper, we present a collection and analysis method of malicious URLs based on darkent traffic for advanced security monitoring and response service. The proposed method prepared 8,192 darknet space and extracted all of URLs from the darknet traffic, and carried out in-depth analysis for the extracted URLs. The analysis results can contribute to the emergence response of large-scale cyber threats and it is able to improve the performance of the security monitoring and response if we apply the malicious URLs into the security devices, DNS sinkhole service, etc.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.6
• /
• pp.646-661
• /
• 2020

Technological innovations and fast-growing new internet businesses are changing the paradigm of traditional business management, having various impacts on society. The development of internet technology is also increasing the adverse effects on technological innovation, and in particular, cybercrime related to computers continues to increase with each technological innovation. The purpose of this study is to construct a cybercrime business model (CBM) by using the business model canvas (BMC) theory for cybercrime in order to reduce cybercrime, and this model is applied and analyzed based on types of Korean cybercrimes. For this study, a systematic literature review was conducted to determine the components of cybercrime, and 60 relevant documents were classified through a keyword-based literature search. Besides, qualitative research in the classified literature has led to the derivation of cybercrime into 18 sub-blocks and nine building blocks. This study applies BMC theory to this derivation of cybercrime and builds the CBM through proper redefinition. Lastly, the developed CBM could be applied to cybercrime in Korea to help cyber incident-response staff understand cybercrimes analytically. This study contributes to the development of a new analysis framework that can reduce cybercrime.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1351-1364
• /
• 2019

When SCADA is exposed to cyber threats and attacks, serious disasters can occur throughout society. This is because various security threats have not been considered when building SCADA. The bigger problem is that it is difficult to patch vulnerabilities quickly because of its availability. Digital forensics procedures and techniques need to be used to analyze and investigate vulnerabilities in SCADA systems in order to respond quickly against cyber threats and to prevent incidents. This paper addresses SCADA forensics taxonomy and research trends for effective digital forensics investigation on SCADA system. As a result, we have not been able to find any research that goes far beyond traditional digital forensics on procedures and methodologies. But it is meaningful to develop an approach methodology using the characteristics of the SCADA system, or an exclusive tool for SCADA. Analysis techniques mainly focused on PLC and SCADA network protocol. It is because the cyber threats and attacks targeting SCADA are mostly related to PLC or network protocol. Such research seems to continue in the future. Unfortunately, there is lack of discussion about the 'Evidence Capability' such as the preservation or integrity of the evidence extracting from SCADA system in the past researches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.883-899
• /
• 2012

This study will propose the policy priorities of cyber information security by AHP(Analytic Hierarchy Process) survey. The policy categories for AHP survey consist in the foundation of information security and activity of information security(1st hierarchy). In the second hierarchy, the foundation of information security was classified into laws-system, human resources, h/w-s/w technology and sociocultural awareness. And the activity of information security was divided into infrastructure protection, privacy protection, related industry promotion, and national security. Information policy alternatives were composed of 16 categories in the third hierarchy. According to the AHP result, in the perspective of policy importance, the modification of related laws was the first agenda in the policy priority, better treatment of professionals was the second, and the re-establishment of policy system was the third. In the perspective of policy urgency, the re-establishment of policy system was the first item, the modification of related laws was the second, and better treatment of professionals is the third.

• Journal of The Korean Association of Information Education
• /
• v.25 no.6
• /
• pp.947-960
• /
• 2021

In this study, we examine the AI ethics perception of university students to explore the direction of AI ethics education. For this, 83 students wrote their thoughts about 5 discussion topics on online bulletin board. We analyzed it using language networks, one of the text mining techniques. As a result, 62.5% of students spoke the future of the AI society positively. Second, if there is a self-driving car accident, 39.2% of students thought it is the vehicle owner's responsibility at the current level of autonomous driving. Third, invasion of privacy, abuse of technology, and unbalanced information acquisition were cited as dysfunctions of the development of AI. It was mentioned that ethical education for both AI users and developers is required as a way to minimize malfunctions, and institutional preparations should be carried out in parallel. Fourth, only 19.2% of students showed a positive opinion about a society where face recognition technology is universal. Finally, there was a common opinion that when collecting data including personal information, only the part with the consent should be used. Regarding the use of AI without moral standards, they emphasized the ethical literacy of both users and developers. This study is meaningful in that it provides information necessary to design the contents of artificial intelligence ethics education in liberal arts education.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.54 no.1
• /
• pp.46-52
• /
• 2017

Social attention to information security field is inspired, and manpower demand forecast of this area is getting high. This study surveyed information security knowledge of practitioners who work in a field of information security such as computer and network system. We analyzed a connection between survey data, information protection job system that was suggested by NICE, IT skills that NCS and KISA classified and security field classification system. Base on data that analyzed, this study suggests a curriculum that trains professional manpower who perform duties in the field of information security. Suggested curriculum can be applied to 2 year college, 3 year college and 4 year college. Suggested curriculum provides courses that students who want to work in a field of information security must learn during the college. Suggested courses are closely connected to a related field and detailed guideline is indicated to each course to educate. Suggested curriculum is required, and it combines a theoretical education that become basis and a practical education so that it is not weighted to learn theory and is not only focusing on learning simple commands. This curriculum is established to educate students countermeasures of hacking and security defend that based on scenario that connected to executive ability. This curriculum helps to achieve certificates related to a field more than paper qualification. Also, we expect this curriculum helps to train convergent information security manpower for next generation.

• Information Systems Review
• /
• v.20 no.3
• /
• pp.33-49
• /
• 2018

Since there are growing concerns regarding personal information, users have perceived the importance of it. It makes users try to manage and control personal information by their own intentions. Therefore, we assume users now have begun to perceive psychological ownership on personal information. A main objective of this study is to identitythe relationship between accountability, self-identity, self-efficacy and sense of belongingness and psychological ownership on personal information. We conduct an online-basedsurvey and establish a structural equation model for testing hypothesis. The results show that users' accountability, self-identity and sense of belongingness positively influence to psychological ownership on personal information. Additionally, users' perceived psychological ownership on personal information increase their concern for information privacy. This study suggests a new concept as 'perceived psychological ownership on personal information' to explain for intentions of their psychological possessions toward personal information. The findings of this study can provide a way for how firms have to require clients' personal information with increasing their satisfactions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.781-799
• /
• 2024

Recently, the US and EU have been institutionally introducing and promoting Coordinated Vulnerability Disclosure(CVD) to strengthen the response to security vulnerabilities in ICT products and services, based on collaboration with white-hat hackers. In response to these changes in cybersecurity, we propose a three-step approach to introduce CVD through the Information and Communications Network Act(ICNA). In the first step, to comprehend the necessity and requirements for legislating CVD, we survey the current situation in Korea and the trends of CVD in the US, EU, and OECD. In the second step, we analyze the necessity for legislating CVD and derive the requirements for its legislation. In this paper, we analyze the necessity for legislating CVD from three perspectives: the need for introducing CVD, the need for institutionalization based on law, and the suitability of the ICNA as the legislation. The derived requirements for CVD legislation include the establishment and publication of Vulnerability Disclosure Policy(VDP), legal protection for white-hat hackers, and designation and role assignments of coordinator. In the third step, we introduce approaches to apply the requirements for CVD legislation to the ICNA, which is the law governing prevention and response to cybersecurity incidents in private sector.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.1-12
• /
• 2006

Malicious codes have been widely documented and detected in information security breach occurrences of Microsoft Windows platform. Legacy information security systems are particularly vulnerable to breaches, due to Window kernel-based malicious codes, that penetrate existing protection and remain undetected. To date there has not been enough quality study into and information sharing about Windows kernel and inner code mechanisms, and this is the core reason for the success of these codes into entering systems and remaining undetected. This paper focus on classification and formalization of type target and mechanism of various Windows kernel-based attacks, and will present suggestions for effective response methodologies in the categories of, "Kernel memory protection", "Process & driver protection" and "File system & registry protection". An effective Windows kernel protection system will be presented through the collection and analysis of Windows kernel and inside mechanisms, and through suggestions for the implementation methodologies of unreleased and new Windows kernel protection skill. Results presented in this paper will explain that the suggested system be highly effective and has more accurate for intrusion detection ratios, then the current legacy security systems (i.e., virus vaccines and Windows IPS, etc) intrusion detection ratios. So, It is expected that the suggested system provides a good solution to prevent IT infrastructure from complicated and intelligent Windows kernel attacks.