• Information Systems Review
• /
• v.15 no.2
• /
• pp.1-19
• /
• 2013

Smart working sparked by iPhone3 opens a revolution in smart ways of working at any time, regardless of location and environment. Also, It provide real-time information processing and analysis, rapid decision-making and the productivity of businesses, including through the timely response and the opportunity to increase the efficiency. As a result, every company are developing mobile information systems. But company data is accessed from the outside, it has problems to solve like security, hacking and information leakage. Also, Mobile devices such as smart phones belonging to the privately-owned asset can't be always controlled to archive company security policy. In the meantime, public smart phones owned by company was always applied security policy. But it can't not apply to privately-owned smart phones. Thus, this paper is focused to archive company security policy, but also enable the individual's free to use of smart phones when we use mobile information systems. So, when we use smart phone as individual purpose, the normal operation of all smart phone functions. But, when we use smart phone as company purpose like mobile information systems, the smart phone functions are blocked like screen capture, Wi-Fi, camera to protect company data. In this study, we suggest the design and implementation of real time control and management of mobile device using MDM(Mobile Device Management) solution. As a result, we can archive company security policy and individual using of smart phone and it is the optimal solution in the BYOD(Bring Your Own Device) era.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Korean Security Journal
• /
• no.22
• /
• pp.197-230
• /
• 2010

This study examined the institutional improvement directions of industrial security programs, particularly focusing upon policies and practices in the U.S., to enhance the effectiveness of industrial security programs in Korea. This study also aimed to investigate the significance of institutional and/or policy implementations in preventing economic espionage attempt. Data leakage and/or loss of trade secrets in corporations has been a scary proposition and a serious headache to both the CEOs and the CSOs(Chief Security Officers). Security professionals or practitioners have always had to deal with data leakage issues that arise from e-mail, instant messaging(IM), and other Internet communication channels. In addition, with the proliferation of wireless and mobile technology, it's now much easier than ever for loss by data breaches to occur, whether accidentally or maliciously or even by an economic espionage attempt. The researcher in this study used both a case study and a comparative research to analyze the different strategies and approaches between the U.S. and Korea in regard of implementing policies to mitigate damages by economic espionage attempts and prevent them from occurring. The researcher first examined the current policies and practices in the U.S. in terms of federal government's and agencies' approach and strategies on industrial security programs and their partnerships with private-commercial-sectors. The purpose of this paper is to explain and suggest selected findings, and a discussion of actions to be taken on implementing a proactive and tactical approach to enhance the effectiveness of industrial security programs to fight against information loss or data leaks. This study used case reviews, literatures, newspapers, articles, and Internet resources relating to the subject of this study for triangulation of data. The findings during this research are as follows. This research suggests that both the private and the governmental sector should closely cooperate in the filed of industrial security to strengthen its traditional prevention strategies and reduce opportunities of economic espionage as well. This study finally recognizes both the very importance of institutional development led by the Government in preventing economic espionage attempts and its effectiveness when properly united with effective industrial security programs.

• The Korean Journal of Air & Space Law and Policy
• /
• v.33 no.1
• /
• pp.227-260
• /
• 2018

Recently, as the use of drones increases, the risk of drone accidents and third-party property damage is also increasing. In Korea, due to the recent increase in drone use, accidents have been frequently reported in the media. The number of reports from citizens, and military and police calls regarding illegal or inappropriate drone use has also been increasing. Drone operators may be responsible for paying damages to third parties due to drone accidents, and are liable for paying settlements due to illegal video recording. Therefore, it is necessary to study the idea of providing drone insurance, which can mitigate the liability and risk caused by drone accidents. In the US, comprehensive housing insurance covers damages caused by recreational drones around the property. In the UK, when a drone accident occurs, the drone owner or operator bears strict liability. Also, in the UK, drone insurance joining obligation depends on the weight of the drones and their intended use. In Germany, in the event of personal or material damage, drone owner bears strict liability as long as their drone is registered as an aircraft. Germany also requires by law that all drone owners carry liability insurance. In Korea, insurance is required only for "ultra-light aircraft use businesses, airplane rental companies and leisure sports businesses," where the aircraft is "paid for according to the demand of others." Therefore, it can be difficult to file claims for third party damages caused by unmanned aerial vehicles in personal use. Foreign insurance companies are selling drone insurance that covers a variety of damages that can occur during drone accidents. Some insurance companies in Korea also have developed and sell drone insurance. However, the premiums are very high. In addition, drone insurance that addresses specific problems related to drone accidents is also lacking. In order for drone insurance to be viable, it is first necessary to reduce the insurance premiums or rates. In order to trim the excess cost of drone insurance premiums, drone flight data should be accessible to the insurance company, possibly provided by the drone pilot project. Finally, in order to facilitate claims by third parties, it is necessary to study how to establish specific policy language that addresses drone weight, location, and flight frequency.

• Journal of Legislation Research
• /
• no.53
• /
• pp.593-631
• /
• 2017

Like the technological competition of each country around commercialization of Autonomous Vehicles(the rest is 'AV'), legalizations are also in a competition. However, in the midst of this competition, the Ethik-Kommission Automatisiertes und vernetztes Fahren of Germany has recently introduced 20 guidelines. This guideline is expected to serve as a milestone for future AV legislations. In this paper, I have formulated a new legislative proposal that will incorporate the main content presented by the Ethik-Kommission. The structure is largely divided into general rules of purpose and definition, chapter on types of AV and safety standards, registration and inspection, maintenance, licenses for AV, driver's obligations, insurance and accident responsibilities, roads and facilities, traffic system, and chapter on penalties. The commercialization of AV in Korea seems to be in a distant future, and it is possible to pretend that it is not necessary to prepare legal systems. But considering our reality, leading legislation may be necessary. In this paper, I have prepared individual legislative proposals based on the essential matters based on the criminal responsibility in case of AV car accidents. To assure the safety of AV, AV and mode of operation were defined for more clear interpretation and application of law, and basic safety standards for AV were presented. In addition, the obligation of insurance and the liability for damages were defined, and the possibility of immunity from the criminal responsibility was examined. Furthermore, I have examined the penalties for penalties such as hacking in order to secure the effectiveness of the Act. Based on these discussions, I have attempted the 'Autonomous Vehicles Act', which aims to provide a basis for new discussions to be held on the basis of various academic fields related to the operation of AV and related industries in the future. Although there may be a sense of unurgency in time, the automobile industry needs time to prepare for the regulation of the AV ahead of time. And a process of public debate is also needed for the ecosystem of healthy AV industry.