• Title/Summary/Keyword: Cyber Security Workforce

Search Result 16, Processing Time 0.029 seconds

An Qualification Level Model for Efficient Management of Cyber Security Workforce (사이버보안 인력의 효율적 관리를 위한 자격등급 모델 설계)

  • Jung-Ho Eom;Hong-Jun Kim;Youn-Sung Choi
    • Convergence Security Journal
    • /
    • v.22 no.1
    • /
    • pp.61-69
    • /
    • 2022
  • When a large-scale cyber attack or terrorism occurs and the country suffers enormous damage or poses a fatal threat to security, social interest in nurturing cybersecurity workforce increases. In addition, the government often suggests policies and guideline to train cybersecurity workforce. However, the system that can systematically manage trained cyber workforce after they are employed in related organizations or companies is still weak. Software workforce has a standardized qualification level model, so appropriate jobs are set and managed for each level. Cyber workforce also need a specialized qualification level model that takes into account their career, academic background, and education&training performance. By assigning a qualification level, the duties that can be performed for each level should be set, and the position and duty of the department should also be assigned in consideration of the level. Therefore, in this paper, we propose a qualification level model for cyber security workforce.

A Study on Selecting and Operating Educational Department in Cyber Security Major by Analyzing Workforce Framework (직무별 특성을 고려한 대학 정보보호 학과의 교육분야 선정 및 운영에 관한 연구)

  • Lim, Won Gyu;Shin, Hyuk;Ahn, Seong Jin
    • Convergence Security Journal
    • /
    • v.15 no.4
    • /
    • pp.99-105
    • /
    • 2015
  • Because intelligent and organized cyber attack, It is difficult to respond to cyber threats with only a small number of information security experts. Accordingly, information security department compared to 2013 it increased by 17%. But there was a problem that cannot train appropriate students for companies. This research examined the Workforce Framework and Knowledge Units for improving this situation. Based on this, educational department in cyber security major was selected to be learning at the university. And it proposed a plan for a managing course to operate. And the result will be utilized as fundamental research of human resources medium- and long-term demand and supply planning in cyber security department.

Development of a Cybersecurity Workforce Management System (사이버 보안 분야 전문가 프로파일 관리 시스템 연구)

  • Ahn, Jun-young;Lee, Seung-hun;Park, Hee-min;Kim, Hyun-chul
    • Journal of the Semiconductor & Display Technology
    • /
    • v.20 no.3
    • /
    • pp.65-70
    • /
    • 2021
  • According to the trend of increasingly sophisticated cyber threats, the need for technology research that can be applied to cyber security personnel management and training systems is constantly being raised not only overseas but also in Korea. Previously, the US and UK have already recognized the need and have been steadily conducting related research from the past. In the United States, by encouraging applications based on related research (NICE Cybersecurity Workforce Framework) and disclosing successful use cases to the outside, it is laying the groundwork for profiling cyber security experts. However in Korea, research on cyber security expert training and profiling is insufficient compared to other countries. Therefore, in this study, in order to create a system suitable for the domestic situation, research and analysis of cases in the United States and the United Kingdom were conducted over the past few years, and based on this, a prototype was produced for the study of profiling technology for domestic cyber security experts.

Enhancing Education Curriculum of Cyber Security Based on NICE (NICE 기반 사이버보안 교육커리큘럼 개선 연구)

  • Park, Wonhyung;Ahn, Seongjin
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.6 no.7
    • /
    • pp.321-328
    • /
    • 2017
  • As the cyber threats become more sophisticated and intelligent, the cases of cyber-infringement accidents are rapidly increasing. As a result, awareness of the importance of cyber security professionals has led to many cyber security-related educational programs. These programs provided with education curriculum aimed because cyber security workforce and job-based cyber security education research are not properly done. In this study, we developed a new cyber security education curriculum that defines and reflects cyber security personnel and knowledge system. In this study is not composed solely of the education contents related to the defenses emphasized in the existing education curriculum, but developed education curriculum to train a professional and balanced cyber security manpower by adding education contents in the attack field.

A Study on Retraining for Career Development of Information Security Workforce (정보보호 업무인력의 경력개발을 위한 재교육 방향)

  • Jun, Hyo-Jung;Kim, Tae-Sung
    • Journal of Information Technology Applications and Management
    • /
    • v.25 no.4
    • /
    • pp.67-77
    • /
    • 2018
  • With the types and targets of cyber attacks expanding and with personal information leaks increasing, the quantitative demand for information security specialists has increased. The base for training the workforce has expanded accordingly, but joblessness and job-seeking still coexist. To resolve the gap between labor demand and supply, education and training systems that can supply demand quickly are needed. It takes a considerable amount of time for information security education and new manpower supply through universities and graduate schools to be reflected in the market. However, if information security retraining is carried out in terms of career development of information security and related workforce, the problem of lack of experts could be solved in a relatively short period. This paper investigates and analyzes the information security work of the information security workforce, the degree of skill level, the need for retraining, and the workplace migration experience; it also discusses the direction of career development retraining.

A Study on the Laws and Regulations in Korea through the Analysis of Cybersecurity Workforce Developing Laws and Regulations in U.S. (미국 사이버보안 인력 양성 법·규정 분석을 통한 국내 법·규정 개선 방안 연구)

  • Hong, Soonjwa;Kim, Joonsoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.123-139
    • /
    • 2020
  • In 1987, Computer Security Act was enacted, requiring computer security awareness and practical training for federal workforce. This is the beginning of US development of federal cybersecurity workforce. It has been strengthening the development of federal cybersecurity workforce policy by establishing OPM regulations and OMB circulation in cases where it is difficult to define by law. Through GISRA 2000 and FISMA 2002, which has been improved, it played a central role for development of federal cybersecurity workforce for more than 10 years. Since then, FISMA 2014 has been enacted as a necessity for supplementing technology and policy. In 2014, the importance of cyber security personnel in US federal agencies has been increased even more, by enacting a single law on cybersecurity workforce twice. We will review the current state of Korea's development of cybersecurity workforce by reviewing and analyzing the development and federal cybersecurity workforce in the United States.

Improvement of Shift Work System due to Reduction of Working Hours for Efficient Security Monitoring & Control (근무시간 단축에 따른 효율적인 보안관제를 위한 근무체계 개선방안)

  • Park, Wonhyung;Lee, YoungShin;Kim, Kuinam J.
    • Convergence Security Journal
    • /
    • v.19 no.4
    • /
    • pp.143-150
    • /
    • 2019
  • Recently, As ICT technology develops, cyber attacks are becoming more intelligent and advanced. In order to cope with such cyber attacks, the security control system must be maintained 24 hours a day, 365 days a year. Security personnel should be able to respond in real time to cyber attacks through shift work for 24 hours, but the workforce law was revised in 2018 to affect manpower and security control work systems. Therefore, in this paper, we propose an effective security control work system by reducing 52 working hours per week.

Comparison of Security Education Program of Woman Information Security Majors of Seoul Region (서울지역 여성 정보보호전공의 보안교육 프로그램 비교)

  • Hong, Jin-Keun
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.10
    • /
    • pp.107-113
    • /
    • 2020
  • With the development of IT technology, along with the expansion of women's participation in society, the education training of information security women's workforce is becoming a very important issue. Therefore, it is important to analyze the relevant curriculum to identify the direction of fostering women's information security workforce. Therefore, in this paper, the education and training programs of the department for training women's information security workforce based in Seoul area of the Korean metropolitan area were analyzed. The main research objective of this paper is to review whether the education and training system, which consists of the department of women's information security human resources development, is in line with the direction of NIST's human resources development. The research focus was on what the women's information security department organizes courses with each security major and what task training is interested in. In addition, in this paper, we were confirmed that the curriculum of the relevant major is based on the NIST Human Resources Development Framework, and that the majors of the relevant universities have an education and training system that conforms to the relevant task. In conclusion, the related majors are judged to be focused on the development of certification evaluation personnel of convergence industry security or information security development personnel, and general cyber security personnel.

Prioritization Analysis for Cyber Security Enhancement at Busan Port Container Terminal (부산항 컨테이너 터미널 사이버 보안 강화를 위한 우선순위 분석)

  • Ha, Do-Yeon;Kim, Chi-Yeol;Kim, Yul-Seong
    • Journal of Korea Port Economic Association
    • /
    • v.40 no.1
    • /
    • pp.1-14
    • /
    • 2024
  • The port industry has been actively adopting Fourth Industrial Revolution technologies, leading to transformations in port infrastructure, such as automated and smart ports. While these changes have improved port efficiency, they have also increased the potential for Cyber Security incidents, including data leaks and disruptions in terminal operations due to ransomware attacks. Recognizing the need to prioritize Cyber Security measures, a study was conducted, focusing on Busan Port's rapidly automating container terminal in South Korea. The results of the Eisenhower Matrix analysis identified legal and regulatory factors as a top priority in the first quadrant, with educational systems, workforce development, network infrastructure, and policy support in the third quadrant. Subsequently, a Borich Needs Analysis revealed that the highest priority was given to legal improvements in security management systems, while the development of Cyber Security professionals ranked lowest. This study provides foundational research for enhancing Cyber Security in domestic container terminals and offers valuable insights into their future direction.

Security Threats to Enterprise Generative AI Systems and Countermeasures (기업 내 생성형 AI 시스템의 보안 위협과 대응 방안)

  • Jong-woan Choi
    • Convergence Security Journal
    • /
    • v.24 no.2
    • /
    • pp.9-17
    • /
    • 2024
  • This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.