• Title/Summary/Keyword: Cyber Security Policy

Search Result 167, Processing Time 0.02 seconds

A Study on the Influence of Victimization Experience and Awareness on Cyber Security Behavior - Focusing on Dual Process Theory (침해 경험 및 정보보호 인식이 정보보호 행동에 미치는 영향에 대한 연구 : 이중 프로세스 이론을 중심으로)

  • Kim, Chang-Il;Heo, Deok-Won;Lee, Hye-Min;Sung, Wook-Joon
    • Informatization Policy
    • /
    • v.26 no.2
    • /
    • pp.62-80
    • /
    • 2019
  • The purpose of this study is to investigate the direct effect of victimization experience on cyber security behavior and the indirect effect of information protection awareness through the Dual Process Theory. Baron & Kenny regression analysis was conducted and the results are as follows - first, victimization experience has a positive effect on cyber security behavior; second, the relationship between victimization experience and cyber security behavior is mediated by cyber security awareness; and third, the direct effect of victimization experience on cyber security behavior and the indirect mediating effect of cyber security awareness are both positive (+). The direct effect of victimization experience on cyber security behavior is analyzed to be relatively large compared to the indirect effect that cyber security awareness has on cyber security behavior. Based on these results, It is suggested that periodic cyber security education and campaign policies are needed to enhance cyber security behavior.

Research on National Cybersecurity Policy Preparing for the Reunification of North Korea and South Korea (남북통일을 대비한 국가사이버안보 정책 연구)

  • Ham, Seung-hyeon;Park, Dae-woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.10a
    • /
    • pp.358-361
    • /
    • 2016
  • The North and South Korea for the peaceful reunification of the Republic of Korea, to lead the transformation and reform, and to complement the policy making and negotiations, there is a need for cyber security policy to practice. This paper explores the definition and overseas cyber terrorism and cyber warfare correspondence, correspondence between the versions of the technology between versions. Analysis of cyber security activities in the North and South confrontation, and research the cyber security policy against the unification. In this study, we compared the unification to build and operate a secure cyberspace from cyber threats and cyber security policy suggestions for ways of rational and legal.

  • PDF

The Model to Implement the Cyber Security Policy and Strategy for Azerbaijan Information System (아제르바이잔 정보시스템에 대한 사이버보안 정책과 전략의 실행모델 구축)

  • Aliyeva, Leyla Mehdi;Hwang, Gee-Hyun
    • Journal of Digital Convergence
    • /
    • v.17 no.5
    • /
    • pp.23-31
    • /
    • 2019
  • This study aims to build an AHP model that evaluates the priority of cyber security policies for the Azerbaijan information system. For this, 4 factors were constructed from components of ITU National Interest Model, whereas 5 alternatives were based on the best practices of the eight developed countries leading the cyber security field. Using the questionnaire, 24 security experts evaluated the strategic priority of such factors or alternatives. The analysis results using the AHP software showed that homeland defense and economic well-being were the dominant aspects of cyber security policy, whereas capacity building and infrastructure were the main concern of cyber security elements for Azerbaijan. This study presents the strategic priority of cyber security policies that can be adopted by Azerbaijan government. This study can contribute to developing the national cyber security guide of Azerbaijan.

A strategic Approach for Establishing Korea's Cyber Terrorism Policy : Focusing on the UK's cyber terrorism policy (국내 사이버테러 정책수립을 위한 전략적 접근방안 : 영국의 사이버테러 정책을 중심으로)

  • Kim, Byung-Hwa
    • Korean Security Journal
    • /
    • no.51
    • /
    • pp.173-195
    • /
    • 2017
  • Recently, in South Korea, security management has been strengthened, but there have been an increasing number of cases where the main infrastructure of the country is hacked in the cyber space. South Korea is equipped with sophisticated information and communication technologies, such as Internet, but is threatened by cyber terrorism of North Korea and terrorist organizations. Nevertheless, there is a limit to how to develop a policy and strategic plan for the country, which is related to domestic terrorism and lacks legal and regulatory facilities, and therefore, in this study, proposed suggestions for building adaptive and efficient policy formulation. Based on the theoretical analysis framework of the Strategic Plan for achieving the objectives of the research, we compared the UK 's security strategy with the national security policy of the domestic government. As a result, several problems were derived: First, the domestic security strategy did not take into account the external environment. Secondly, lack of coordination with domestic cyber security goals setting and strategy is causing ambiguity and confusion. Third, the detailed plan of implementation of national security in each province is designed to ensure that there is a possibility that a mixed side effect between ministries and agencies will arise. Fourth, it was found that there was a limit to prepare the evaluation standards for the evaluation and return of domestic security policies in the country. Therefore, in order to establish a policy for the response of domestic cyber terrorism, we set up a vision from long-term perspectives and concrete targets based on the strategic approach of the security policy, It is necessary to present an assignment and formulate an efficient execution plan. It is necessary to maintain and improve the domestic safeguards in order to be able to complement the problems through evaluation and feedback.

  • PDF

Research on Security Detection Policy Model in the SIEM for Ship (선박용 Security Information Event Management (SIEM) 개발을 위한 보안 정책 모델에 관한 연구)

  • Gumjun Son;Jongwoo Ahn;Changsik Lee;Namseon Kang;Sungrok Kim
    • Journal of the Society of Naval Architects of Korea
    • /
    • v.61 no.4
    • /
    • pp.278-288
    • /
    • 2024
  • According to International Association of Classification Societies (IACS) Unified Requirement (UR) E26, ships contracted for construction after July 1, 2024 should be designed, constructed, commissioned and operated taking into account of cyber security. In particular, ship network monitoring tools should be installed in accordance with requirement 4.3.1 in IACS UR E26. In this paper, we propose a Security Information and Event Management (SIEM) security policy model for ships as an effective threat detection method by analyzing the cyber security regulations and ship network status in the maritime domain. For this purpose, we derived the items managed in the SIEM from the maritime cyber security regulations such as those of International Maritime Organization (IMO) and IACS, and defined 14 detection policies considering the status of the ship network. We also presents the detection policy for non-expert crews to understand it, and occurrence conditions depending on the ship's network environment to minimize indiscriminate alarms. We expect that the results of this study will help improve the efficiency of ship SIEM to be installed in the future.

Analysis of US policy for Homeland Security (국토안보를 위한 미국의 대응 정책 분석 : 국토안보법을 중심으로)

  • 김현수;박상서
    • Convergence Security Journal
    • /
    • v.3 no.1
    • /
    • pp.39-50
    • /
    • 2003
  • Since the September 11, 2001, the United States has shift their national security policy for homeland from preventing or/and reducing foreign threats to ensuring domestic security. We learned from recent incident, 1.25 Internet Disaster, that it is urgent to establish cyber security policy for our nation. In this paper; therefore, I analyze the US homeland security policy, the Homeland Security Act of 2002 establishment, and cyber security-related part in this act.

  • PDF

Cyber threats: taxonomy, impact, policies, and way forward

  • Malik, Annas W.;Abid, Adnan;Farooq, Shoaib;Abid, Irfan;Nawaz, Naeem A.;Ishaq, Kashif
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.7
    • /
    • pp.2425-2458
    • /
    • 2022
  • The continuous evolution and proliferation of computer technology and our increasing dependence on computer technology have created a new class of threats: "cyber threats." These threats can be defined as activities that can undermine a society's ability to maintain internal or external order while using information technology. Cyber threats can be mainly divided into two categories, namely cyber-terrorism and cyber-warfare. A variety of malware programs are often used as a primary weapon in these cyber threats. A significant amount of research work has been published covering different aspects of cyber threats, their countermeasures, and the policy-making for cyber laws. This article aims to review the research conducted in various important aspects of cyber threats and provides synthesized information regarding the fundamentals of cyber threats; discusses the countermeasures for such threats; provides relevant details of high-profile cyber-attacks; discusses the developments in global policy-making for cyber laws, and lastly presents promising future directions in this area.

A study on national cybersecurity policy agenda in Korea using national cyber capability assessment model (국가 사이버 역량평가 모델을 활용한 국내 사이버안보 정책 의제 도출 연구)

  • Song, Minkyoung;Bae, Sunha;Kim, So-Jeong
    • Journal of Digital Convergence
    • /
    • v.19 no.8
    • /
    • pp.89-100
    • /
    • 2021
  • The National Cyber Capability Assessment(NCCA) could be used as meaningful information for improving national cyber security policy because it provides information on the elements necessary for strengthening national cyber capabilities and the level of each country. However, there were few studies on improving cyber capabilities using the NCCA result in Korea. Therefore, we analyzed the result of National Cyber Power Index(NCPI) conducted by Belfer Center of Harvard Univ. by applying modified-IPA method to derive cybersecurity policy agendas for Korea. As a result, the need to set agendas on surveillance and offensive cyber capability and improve the effectiveness of policy implementation for intelligence and defense was drawn. Moreover, we suggested need for in-depth study of each policy agenda deduced from preceding research data as a future tasks. And it is expected to increase practical use of NCCA for domestic policy analysis by developing and using our own NCCA model which considered analysis framework proposed in this study.

A Study on the Necessity of Cybersecurity Legislation and Policies in Response to the Use of EFB by Flight Crew (운항승무원 전자비행정보장치(EFB) 사용에 따른 사이버보안 법률 및 정책 필요성 연구)

  • Minho Kang;Sanghoon Jeon;Howon Hwang
    • Journal of the Korean Society for Aviation and Aeronautics
    • /
    • v.31 no.4
    • /
    • pp.72-81
    • /
    • 2023
  • The use of EFB (Electronic Flight Bag) has expanded, providing convenience to flight crews by minimizing paper usage within aircraft and offering the latest information, operability, and convenience related to aircraft operations. EFBs provide flight-sensitive information such as aircraft performance calculations, airport diagrams, routes, and approach procedures. For these information, EFBs connect to the cyber environment through Wi-Fi or self-contained data communication, allowing access to cloud-based systems for information updates, with administrators uploading the latest information for retrieval. However, in contrast to the evolving aviation technology, there is currently no legislation or security policy in place to maintain the security of EFBs, leaving them exposed to potential cyber threats. Therefore, improvements such as revising relevant laws to address potential cyber threats targeting EFBs and establishing and implementing EFB management systems are necessary. This paper aims to present the necessity for amending laws related to EFB security in response to cyber threats and suggests methods for enhancement.

A Study on the Design and Implementation of Algorithm for Next Generation Cyber Certificate Security (차세대 사이버 인증 보안을 위한 알고리즘의 설계 및 구현에 관한 연구)

  • Lee, Chang-Jo;Kim, Sang-Bok
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.69-78
    • /
    • 2006
  • ID security policy is generally formulated from the input of many members of an organization, including security officials, line managers, and ID resource specialists. However, policy is ultimately approved and issued by the organization's senior management. In environments where employees feel inundated with policies, directives, guidelines and procedures, an ID security policy should be introduced in a manner that ensures that management's unqualified support is clear. This paper will discuss Next Generation Cyber Certificate security policy in terms of the different types program-level and issue-specific, components, and Design and Implementation of Security Algorithm Simulation based on 4GL, PowerBuilder7.0.

  • PDF