• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.61-69
• /
• 2022

When a large-scale cyber attack or terrorism occurs and the country suffers enormous damage or poses a fatal threat to security, social interest in nurturing cybersecurity workforce increases. In addition, the government often suggests policies and guideline to train cybersecurity workforce. However, the system that can systematically manage trained cyber workforce after they are employed in related organizations or companies is still weak. Software workforce has a standardized qualification level model, so appropriate jobs are set and managed for each level. Cyber workforce also need a specialized qualification level model that takes into account their career, academic background, and education&training performance. By assigning a qualification level, the duties that can be performed for each level should be set, and the position and duty of the department should also be assigned in consideration of the level. Therefore, in this paper, we propose a qualification level model for cyber security workforce.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.99-105
• /
• 2015

Because intelligent and organized cyber attack, It is difficult to respond to cyber threats with only a small number of information security experts. Accordingly, information security department compared to 2013 it increased by 17%. But there was a problem that cannot train appropriate students for companies. This research examined the Workforce Framework and Knowledge Units for improving this situation. Based on this, educational department in cyber security major was selected to be learning at the university. And it proposed a plan for a managing course to operate. And the result will be utilized as fundamental research of human resources medium- and long-term demand and supply planning in cyber security department.

• Journal of the Semiconductor & Display Technology
• /
• v.20 no.3
• /
• pp.65-70
• /
• 2021

According to the trend of increasingly sophisticated cyber threats, the need for technology research that can be applied to cyber security personnel management and training systems is constantly being raised not only overseas but also in Korea. Previously, the US and UK have already recognized the need and have been steadily conducting related research from the past. In the United States, by encouraging applications based on related research (NICE Cybersecurity Workforce Framework) and disclosing successful use cases to the outside, it is laying the groundwork for profiling cyber security experts. However in Korea, research on cyber security expert training and profiling is insufficient compared to other countries. Therefore, in this study, in order to create a system suitable for the domestic situation, research and analysis of cases in the United States and the United Kingdom were conducted over the past few years, and based on this, a prototype was produced for the study of profiling technology for domestic cyber security experts.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.7
• /
• pp.321-328
• /
• 2017

As the cyber threats become more sophisticated and intelligent, the cases of cyber-infringement accidents are rapidly increasing. As a result, awareness of the importance of cyber security professionals has led to many cyber security-related educational programs. These programs provided with education curriculum aimed because cyber security workforce and job-based cyber security education research are not properly done. In this study, we developed a new cyber security education curriculum that defines and reflects cyber security personnel and knowledge system. In this study is not composed solely of the education contents related to the defenses emphasized in the existing education curriculum, but developed education curriculum to train a professional and balanced cyber security manpower by adding education contents in the attack field.

• Journal of Information Technology Applications and Management
• /
• v.25 no.4
• /
• pp.67-77
• /
• 2018

With the types and targets of cyber attacks expanding and with personal information leaks increasing, the quantitative demand for information security specialists has increased. The base for training the workforce has expanded accordingly, but joblessness and job-seeking still coexist. To resolve the gap between labor demand and supply, education and training systems that can supply demand quickly are needed. It takes a considerable amount of time for information security education and new manpower supply through universities and graduate schools to be reflected in the market. However, if information security retraining is carried out in terms of career development of information security and related workforce, the problem of lack of experts could be solved in a relatively short period. This paper investigates and analyzes the information security work of the information security workforce, the degree of skill level, the need for retraining, and the workplace migration experience; it also discusses the direction of career development retraining.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.123-139
• /
• 2020

In 1987, Computer Security Act was enacted, requiring computer security awareness and practical training for federal workforce. This is the beginning of US development of federal cybersecurity workforce. It has been strengthening the development of federal cybersecurity workforce policy by establishing OPM regulations and OMB circulation in cases where it is difficult to define by law. Through GISRA 2000 and FISMA 2002, which has been improved, it played a central role for development of federal cybersecurity workforce for more than 10 years. Since then, FISMA 2014 has been enacted as a necessity for supplementing technology and policy. In 2014, the importance of cyber security personnel in US federal agencies has been increased even more, by enacting a single law on cybersecurity workforce twice. We will review the current state of Korea's development of cybersecurity workforce by reviewing and analyzing the development and federal cybersecurity workforce in the United States.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.143-150
• /
• 2019

Recently, As ICT technology develops, cyber attacks are becoming more intelligent and advanced. In order to cope with such cyber attacks, the security control system must be maintained 24 hours a day, 365 days a year. Security personnel should be able to respond in real time to cyber attacks through shift work for 24 hours, but the workforce law was revised in 2018 to affect manpower and security control work systems. Therefore, in this paper, we propose an effective security control work system by reducing 52 working hours per week.

• Journal of the Korea Convergence Society
• /
• v.11 no.10
• /
• pp.107-113
• /
• 2020

With the development of IT technology, along with the expansion of women's participation in society, the education training of information security women's workforce is becoming a very important issue. Therefore, it is important to analyze the relevant curriculum to identify the direction of fostering women's information security workforce. Therefore, in this paper, the education and training programs of the department for training women's information security workforce based in Seoul area of the Korean metropolitan area were analyzed. The main research objective of this paper is to review whether the education and training system, which consists of the department of women's information security human resources development, is in line with the direction of NIST's human resources development. The research focus was on what the women's information security department organizes courses with each security major and what task training is interested in. In addition, in this paper, we were confirmed that the curriculum of the relevant major is based on the NIST Human Resources Development Framework, and that the majors of the relevant universities have an education and training system that conforms to the relevant task. In conclusion, the related majors are judged to be focused on the development of certification evaluation personnel of convergence industry security or information security development personnel, and general cyber security personnel.

• Journal of Korea Port Economic Association
• /
• v.40 no.1
• /
• pp.1-14
• /
• 2024

The port industry has been actively adopting Fourth Industrial Revolution technologies, leading to transformations in port infrastructure, such as automated and smart ports. While these changes have improved port efficiency, they have also increased the potential for Cyber Security incidents, including data leaks and disruptions in terminal operations due to ransomware attacks. Recognizing the need to prioritize Cyber Security measures, a study was conducted, focusing on Busan Port's rapidly automating container terminal in South Korea. The results of the Eisenhower Matrix analysis identified legal and regulatory factors as a top priority in the first quadrant, with educational systems, workforce development, network infrastructure, and policy support in the third quadrant. Subsequently, a Borich Needs Analysis revealed that the highest priority was given to legal improvements in security management systems, while the development of Cyber Security professionals ranked lowest. This study provides foundational research for enhancing Cyber Security in domestic container terminals and offers valuable insights into their future direction.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.