• Journal of the Society of Disaster Information
• /
• v.17 no.2
• /
• pp.375-390
• /
• 2021

Purpose: Most of cybersecurity breaches occur in SMEs. As the existing cybersecurity framework and certification system are mainly focused on financial and large companies, it is difficult for SMEs to utilize it due to lack of cybersecurity budget and manpower. So it is necessary to come up with measures to allow SMEs to voluntarily manage cyber risks. Method: After reviewing Cybersecurity market, cybersecurity items of financial institutions, cybersecurity framework comparison and cybersecurity incidents reported in the media, the criticality of cybersecurity items was analyzed through AHP analysis. And cybersecurity items of non-life insurers were also investigated and made a comparison between them. Result: Cyber risk management methods for SMEs were proposed for 20 major causes of cyber accidents. Conclusion: We hope that the cybersecurity risk assessment measures of SMEs in Korea will help them assess their risks when they sign up for cyber insurance, and that cyber risk assessment also needs to be linked to ERM standardization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.813-826
• /
• 2023

Organization members often use the Internet for non-work purposes during work hours, which is called cyberloafing. Certain types of cyberloafing (e.g., webhard, adult, and gambling sites access) can be a major cause of malware infection, which can ultimately generate significant damages to organizations. It therefore is important to examine the relationship between cyberloafing and cybersecurity risks of organizations. We analyzed log data from an internet filtering system of a financial institute and found that the more employees access to blacklist sites, the higher the possibility of malicious code infection. In other words, cyberloafing increases cybersecurity risks of organizations. We suggest that organizations need to monitor and control their members' internet use in an appropriate way.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.71-81
• /
• 2021

This paper examines the ongoing research on ways to improve cybersecurity during the entire life cycle of weapons systems applied in advanced countries such as the United States, analyzes restrictions on obtaining domestic weapons systems, and presents effective security evaluation measures. By consistently performing mission-based risk assessment in the cybersecurity test and evaluation plan suitable for domestic circumstances at all stages of acquisition, important information is provided to major decision-making organizations in a timely manner to support decision-making, and to respond to identified vulnerabilities in cybersecurity. It is proposed to set the rules of engagement so that the protection measures can be verified, and a simulated invasion is proposed. In addition, the proposed cybersecurity test and evaluation system was compared with the domestic weapon system test and evaluation. Through this, the mission-based risk assessment element was grafted into the cybersecurity test and evaluation system research conducted so far to identify risks in a timely manner between acquisition projects, thereby supplementing the capability to support major decision-making.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.390-399
• /
• 2022

Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.131-146
• /
• 2022

The Internet is becoming a basic need for many individuals globally in this digital age. The youths became more active online than before, with the majority relying on different platforms to communicate and interact with peers. Saudi Arabia is one of the nations where internet usage is high, with an increasing number of active internet users. The youth in Saudi Arabia are engaged in various online platforms. However, they lack adequate knowledge about cybersecurity and the dangers of internet usage, which exposes them to the risk of falling victims to cybercriminals. The most common dangers of internet usage include viruses, malware, phishing, and hacking, compromising users' sensitive information. Increased awareness of these potential threats helps protect Internet users and secure their data. The understanding of the dangers of Internet usage among youths varies across countries. In this regard, our study explores the risks of internet usage among youth in Saudi Arabia compared to the United States, South Africa, and New Zealand.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.204-214
• /
• 2022

Speedy development has been witnessed in communication technologies and the adoption of the Internet across the world. Information dissemination is the primary goal of these technologies. One of the rapidly developing nations in the Middle East is Saudi Arabia, where the use of communication technologies, including mobile and Internet, has drastically risen in recent times. These advancements are relatively new to the region when contrasted to developed nations. Thus, offenses arising from the adoption of these technologies may be new to Saudi Arabians. This study examines cyber security awareness among Saudi Arabian citizens in distinct settings. A comparison is made between the cybersecurity policy guidelines adopted in Saudi Arabia and three other nations. This review will explore distinct essential elements and approaches to mitigating cybercrimes in the United States, Singapore, and India. Following an analysis of the current cybersecurity framework in Saudi Arabia, suggestions for improvement are determined from the overall findings. A key objective is enhancing the nationwide focus on efficient safety and security systems. While the participants display a clear knowledge of IT, the surveyed literature shows limited awareness of the risks related to cyber security practices and the role of government in promoting data safety across the Internet. As the findings indicate, proper frameworks regarding cyber security need to be considered to ensure that associated threats are mitigated as Saudi Arabia aspires to become an efficient smart nation.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.674-681
• /
• 2021

Cyber attacks targeting critical infrastructure are on the rise. Critical infrastructure is defined as core infrastructures within a country with a high degree of interdependence between the different structures; therefore, it is difficult to sufficiently protect it using outdated cybersecurity techniques. In particular, the distinction between the physical and logical risks of critical infrastructure is becoming ambiguous; therefore, risk management from a comprehensive perspective must be implemented. Accordingly, as a means of further actively protecting critical infrastructure, major countries have begun to apply their security and cybersecurity systems by design, as a more expanded concept is now being considered. This proactive security approach (CSbD, Cybersecurity by Design) includes not only securing the stability of software (SW) safety design and management, but also physical politics and device (HW) safety, precautionary and blocking measures, and overall resilience. It involves a comprehensive security system. Therefore, this study compares and analyzes security by design measures towards critical infrastructure that are leading the way in the US, Europe, and Singapore. It reflects the results of an analysis of optimal cybersecurity solutions for critical infrastructure. I would like to present a plan for applying by Design.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.447-463
• /
• 2022

Artificial Intelligence (AI) technology is a major technology that develops smart ships into autonomous ships in the marine industry. Autonomous ships recognize a situation with the information collected without human judgment which allow them to operate on their own. Existing ship systems, like control systems on land, are not designed for security against cyberattacks. As a result, there are infringements on numerous data collected inside and outside the ship and potential cyber threats to AI technology to be applied to the ship. For the safety of autonomous ships, it is necessary to focus not only on the cybersecurity of the ship system, but also on the cybersecurity of AI technology. In this paper, we analyzed potential cyber threats that could arise in AI technologies to be applied to existing ship systems and autonomous ships, and derived categories that require security risks and the security of autonomous ships. Based on the derived results, it presents future directions for cybersecurity research on autonomous ships and contributes to improving cybersecurity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.527-536
• /
• 2024

In the digital age, the growth of AI and digital technologies brings opportunities and cybersecurity risks. At the forefront of this change are teenagers, referred to as 'digital natives'. However, they may have difficulty using technology safely without proper information security knowledge. This paper highlights the need for information security education for teenagers in South Korea by referring to cases in the UK, Australia, and the US. These countries are already providing education that prepares young people for cyber threats and future societal needs. Reflecting this trend, South Korea should also establish comprehensive information security education for teenagers to equip them for the digital age.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.43-60
• /
• 2018

Recently, with the arrival of the 4th industrial revolution, the security risks are converging and complexly changing, and the demand of cybersecurity experts is increasing. Therefore, in this paper, it is the largest of the domestic educational institutions, it has the largest number of emissions talent, and selects the representative major field of humanities and society. Then, after analyzing the common curriculum in each major field, compare it with the training course of cybersecurity experts derived through existing previous research. Through analysis results, we try to design a retraining course for cybersecurity professional human resources. Utilizing the results of this research, it is expected that it will be used as the basic material necessary for the subjects of the re-curriculum education. It is also expected to contribute to resolving the supply-demand gap of cybersecurity professionals.