• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.119-124
• /
• 2021

Today, both sides of modern culture are decisively invaded by digitalization. Authentication is considered to be one of the main components in keeping this process secure. Cyber criminals are working hard in penetrating through the existing network channels to encounter malicious attacks. When it comes to enterprises, the company's information is a major asset. Question here arises is how to protect the vital information. This takes into account various aspects of a society often termed as hyper connected society including online communication, purchases, regulation of access rights and many more. In this research paper, we will discuss about the concepts of MFA and KBA, i.e., Multi-Factor Authentication and Knowledge Based Authentication. The purpose of MFA and KBA its utilization for human.to.everything..interactions, offering easy to be used and secured validation mechanism while having access to the service. In the research, we will also explore the existing yet evolving factor providers (sensors) used for authenticating a user. This is an important tool to protect data from malicious insiders and outsiders. Access Management main goal is to provide authorized users the right to use a service also preventing access to illegal users. Multiple techniques can be implemented to ensure access management. In this paper, we will discuss various techniques to ensure access management suitable for enterprises, primarily focusing/restricting our discussion to multifactor authentication. We will also highlight the role of knowledge-based authentication in multi factor authentication and how it can make enterprises data more secure from Cyber Attack. Lastly, we will also discuss about the future of MFA and KBA.

• The Journal of Information Systems
• /
• v.30 no.1
• /
• pp.123-149
• /
• 2021

Purpose The purpose of this study is to define the anti-ESG activities of companies recognized by media by reflecting ESG recently attracted attention. This study extracts keywords for ESG controversies through association rule mining. Design/methodology/approach A research framework is designed to extract keywords for ESG controversies as follows: 1) From DeepSearch DB, we collect 23,837 articles on anti-ESG activities exposed to 130 media from 2013 to 2018 of 294 listed companies with ESG ratings 2) We set keywords related to environment, social, and governance, and delete or merge them with other keywords based on the support, confidence, and lift derived from association rule mining. 3) We illustrate the importance of keywords and the relevance between keywords through density, degree centrality, and closeness centrality on network analysis. Findings We identify a total of 26 keywords for ESG controversies. 'Gapjil' records the highest frequency, followed by 'corruption', 'bribery', and 'collusion'. Out of the 26 keywords, 16 are related to governance, 8 to social, and 2 to environment. The keywords ranked high are mostly related to the responsibility of shareholders within corporate governance. ESG controversies associated with social issues are often related to unfair trade. As a result of confidence analysis, the keywords related to social and governance are clustered and the probability of mutual occurrence between keywords is high within each group. In particular, in the case of "owner's arrest", it is caused by "bribery" and "misappropriation" with an 80% confidence level. The result of network analysis shows that 'corruption' is located in the center, which is the most likely to occur alone, and is highly related to 'breach of duty', 'embezzlement', and 'bribery'.

• Journal of Convergence for Information Technology
• /
• v.11 no.12
• /
• pp.115-126
• /
• 2021

This study develops a simulation model that performs flood analysis considering both urban and river flood. For the analysis of river flood, this study considers river overflow by levee breach, and reflects the concept of the dual drainage systems for the analysis of urban flood. In relation to the surface flood analysis, FEM technique is applied to the flood diffusion analysis in order to conduct the flow analysis of urban and river flood simultaneously. For the verification of the model, it is first applied to the conceptual model, and then applied to the actual watershed. It is expected that this study will be able to reduce flood damage and to prepare effective countermeasures to reduce flood damage.

• Korea Trade Review
• /
• v.44 no.2
• /
• pp.83-94
• /
• 2019

Article 17 of the Marine Insurance Act (MIA) states that "A contract of marine insurance is a contract based upon the utmost good faith, and if the utmost good faith be not observed by either party, the contract may be avoided by the other party." In the Carter v. Boehm case, Lord Mansfield was the first to provide a comprehensive description of the duty of utmost good faith, which is analyzed here. This judgement not only laid the foundation for the Modern English Insurance Act, but it also influenced the draft of the English Insurance Act of 2015, which aimed at correcting distortions that occurred during the application of statue law and common law thereafter. The duty of utmost good faith, applied between Lord Mansfield's insured and insurer presents the context of information asymmetry of the insured and insurer entering contracts. In the absence of information asymmetry, in contrast to the effects of being in both sides of the duty of utmost good faith, alleviating the duty of disclosure of the insured, and it is also clear that the warning of the severity of the retrospective avoidance of the breach of duty of disclosure and the need for its limited application have already been pointed out. Furthermore, considering the principle of retrospective avoidance, the duty of utmost good faith should be understood as a concept limited to the duty of disclosure before a contract is concluded

• Korea Trade Review
• /
• v.44 no.1
• /
• pp.177-191
• /
• 2019

Global trade protectionism has increased further and U.S. priorities and protectionism have strengthened since Trump took office in 2017. Trump administration is actively implementing tariff measures based on U.S. domestic trade laws rather than the WTO rules and regulations. In particular, the American government has recently been imposing high tariffs due to national security and imposing economic sanctions on other countries' imports. According to the U.S. Trade Expansion Act Section 232, the American government imposed additional tariffs on steel and aluminum imports to WTO member countries such as China, India, and EU etc. on march 15, 2018. Thus, this study aims to investigate whether the U.S. Trade Expansion Act Section 232 is consistent with GATT/WTO rules by comparing the legal basis of US / China / WTO regulations related to Section 232 of the U.S. Trade Expansion Act, and gives some suggestions for responding to the Section 232 measure. As the Section 232 measure exceeded the scope of GATT's Security Exceptions regulation and is very likely to be understood as a safeguard measure. If so, the American government is deemed to be in breach of WTO's regulations, such as the most-favored-nation treatment obligations and the duty reduction obligations. In addition, American government is deemed to be failed to meet the conditions of initiation of safeguard measure and violated the procedural requirements such as notification and consultation. In order to respond to these U.S. protection trade measures, all affected countries should actively use the WTO multilateral system to prevent unfair measures. Also, it is necessary to revise the standard jurisdiction of the dispute settlement body and to explore the balance of the WTO Exception clause so that it can be applied strictly. Finally, it would be necessary for Chinese exporters to take a counter-strategy under such trade pressure.

• Journal of Legislation Research
• /
• no.44
• /
• pp.801-828
• /
• 2013

This essay provides a legislative perspective on conflict-of-laws issues in the area of antitrust law. A consistent focus on the affected market question of applicable law is possible and yields content and acceptable results. The law applicable to damages claims should follow the law applicable to the antitrust relation itself. It is problematic, however, where more than one market is affected. In my view, the European perspective provides one general lesson for us. We are not yet prepared to accept american-style of class action in the field of antitrust law, at least until the european have made their legislative decision. Nevertheless we should make our antitrust system more effective, so that it would have strong deterrence to anti-competitive conducts. In this paper I present a proposal for adoption of a international conflict of law instrument, possibly a regulation, on damages actions for breach of art. 32 Korean Anti-trust Law.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1145-1157
• /
• 2012

Google Android employs a security model based on application permissions to control accesses to system resources and components of other applications from a potentially malicious program. But, this model has security vulnerabilities due to lack of user comprehension and excessive permission requests by 3rd party applications. Broadcast intent message is widely used as a primary means of communication among internal application components. However, this mechanism has also potential security problems because it has no security policy related with it. In this paper, we first present security breach scenarios caused by inappropriate use of application permissions and broadcast intent messages. We then analyze and compare usage patterns of application permissions and broadcast intent message for popular applications on Android market and malwares, respectively. The analysis results show that there exists a characteristic set for application permissions and broadcast intent receiver that are requested by typical malwares. Based on the results, we propose a scheme to detect applications that are suspected as malicious and notify the result to users at installation time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.109-116
• /
• 2010

We consider an information system where its throughput deteriorates due to security threats and evaluate information security investment portfolios. We assume that organizations adopt information security countermeasures (or portfolios consisted of countermeasures) to lessen the damage resulted from the productivity (or throughput) deterioration. A probability model is used to derive the system throughput and the average number of repairs according to the occurrence rate of security threats. Considering the revenue from throughput, the repair cost, and the investment for the security system, the net present value for each portfolio is derived. Organizations can compare information security investment portfolios and select the optimal portfolio.

• Journal of Platform Technology
• /
• v.9 no.4
• /
• pp.32-41
• /
• 2021

The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

• Journal of Internet of Things and Convergence
• /
• v.8 no.5
• /
• pp.1-9
• /
• 2022

As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.