• Nuclear Engineering and Technology
• /
• v.55 no.6
• /
• pp.2034-2046
• /
• 2023

Industrial control systems in nuclear facilities are facing increasing cyber threats due to the widespread use of information and communication equipment. To implement cyber security programs effectively through the RG 5.71, it is necessary to quantitatively assess cyber risks. However, this can be challenging due to limited historical data on threats and customized Critical Digital Assets (CDAs) in nuclear facilities. Previous works have focused on identifying data flows, the assets where the data is stored and processed, which means that the methods are heavily biased towards information security concerns. Additionally, in nuclear facilities, cyber threats need to be analyzed from a safety perspective. In this study, we use the system theoretic process analysis to identify system-level threat scenarios that could violate safety constraints. Instead of quantifying the likelihood of exploiting vulnerabilities, we quantify Security Control Measures (SCMs) against the identified threat scenarios. We classify the system and CDAs into four consequence-based classes, as presented in NEI 13-10, to analyze the adversary impact on CDAs. This allows for the ranking of identified threat scenarios according to the quantified SCMs. The proposed framework enables stakeholders to more effectively and accurately rank cyber risks, as well as establish security and response strategies.

• Journal of the Korean Data and Information Science Society
• /
• v.19 no.4
• /
• pp.1047-1058
• /
• 2008

Prediction of total sales in information security industry is considered. Exponential smoothing and spline smoothing is applied to the time series of annual sales data. Due to the different survey items of every year, we recollect the original survey data by some basic criterion and predict the sales to 2014. We show the total sales in infonnation security industry are increasing gradually by year.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.310-318
• /
• 2022

Job offers have become more widespread and it has become easier and faster to apply for jobs through electronic recruitment platforms. In order to increase the protection of the data that is attached to the recruitment platforms. In this research, a proposed model was created through the use of hybrid encryption, which is used through the following algorithms: AES,Twofish,. This proposed model proved the effectiveness of using hybrid encryption in protecting personal data.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.85-97
• /
• 2022

With the development of big data technology, data is rapidly entering a hyperconnected intelligent society that accelerates innovative growth in all industries. The convergence industry, which holds and utilizes various high-quality data, is becoming a new growth engine, and big data is fused to various traditional industries. In particular, in the medical field, structured data such as electronic medical record data and unstructured medical data such as CT and MRI are used together to increase the accuracy of disease prediction and diagnosis. Currently, the importance and size of unstructured data are increasing day by day in the medical industry, but conventional data security technologies and policies are structured data-oriented, and considerations for the security and utilization of unstructured data are insufficient. In order for medical treatment using big data to be activated in the future, data diversity and security must be internalized and organically linked at the stage of data construction, distribution, and utilization. In this paper, the current status of domestic and foreign data security systems and technologies is analyzed. After that, it is proposed to add unstructured data-centered de-identification technology to the guidelines for unstructured data and technology application cases in the industry so that unstructured data can be actively used in the medical field, and to establish standards for judging personal information for unstructured data. Furthermore, an object feature-based identification ID that can be used for unstructured data without infringing on personal information is proposed.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.59-68
• /
• 2016

Recently, many domestic and foreign industries is increasing gradually in the importance of security such as the emergence of a Convergence Information Technology(internet of things, cloud computing service, big data etc). Among these techniques, the industrial security market is expected to grow gradually and the evolution of security technologies, as well as vulnerabilities are also expected to increase. Therefore, an increase in physical vulnerability factors it is no exaggeration to standards that are determining the security of industrial security. In this paper will be analyzed to the physical security technology and case study, physical vulnerability factor. Thereby this is expected to be utilized as a basis for the countermeasure of physical corresponding infringement and attack in a future.

• Journal of Internet Computing and Services
• /
• v.22 no.5
• /
• pp.17-26
• /
• 2021

This paper is about a physical layer frame security technique using OFB-style encryption/decryption with AES algorithms on Gigabit Ethernet network. We propose a data security technique at the physical layer that performs OFB-style encryption/decryption with AES algorithm with strong security strength when sending and receiving data over Gigabit Ethernet network. Generally, when operating Gigabit Ethernet network, there is no security features, but data security is required, additional devices that apply this technique can be installed to perform security functions. In the case of data transmission over Gigabit Ethernet network, the Ethernet frames conform to IEEE 802.3 specification, which includes several fields to ensure proper reception of data at the receiving node in addition to the data field. When encrypting, only the data field should be encrypted and transmitted in real time. In this paper, we show that only the data field of the IEEE802.3 frame is encrypted and transmitted on the sending node, and only the data field is decrypted to show the plain text on the receiving node, which shows that the encryption/decryption is carried out correctly. Therefore, additional installation of devices that apply this technique can increase the reliability of the system when security for data is required in Ethernet network operating without security features.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.5
• /
• pp.199-204
• /
• 2022

The purpose of this study is to broaden the understanding of the Security Services Industry Act, and also to examine the meanings of various phenomena by analyzing the media report big data rather than the researchers' perspective on the Security Services Industry Act. In the research method, this study searched for a keyword 「Security Services Industry Act」 that prescribes the security work as an important subject of crime prevention and maintenance of public order in Korea. The data was searched from 1990 to 2021 the BIG KINDS could provide. Also, for the concrete analysis during the period of data search, it was divided into settlement period(1976~2001), growth period-quantitative(2002~2012), and growth period-qualitative(2013~2021). In the results of this study, the media report perception of the Security Services Industry Act is continuously emphasizing the social roles and importance of private security according to the flow of time. The consequent marketability of private security will play great roles in the protection of people's lives and properties in the combination with various other industries in the future. However, the private security industry that provides public peace service together with the police, could be rising as an element that hinders the development of private security industry because of various social issues caused by legal regulations and illegal problems, so it would be necessary to more strengthen its responsibility and roles accordingly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.111-122
• /
• 2021

With the spread of technology in the 4th Industrial Revolution, the defense industry in South Korea is getting developed into an industrial structure in which high-tech technologies are concentrated. As the importance of defense technology has gradually increased, the government has enacted the Defense Technology Security Act and required to build a protection system for institutions that possess or manage defense technology. In order for the target institution to introduce a protection system, it is necessary to identify the defense technologies that are protected and to ensure systematic data management. In order to cope with this, we derived master data items for data management and analyzed the implementation types of defense technology master data system suitable for the defense industry environments. The derived method identified the defense technology master data, such as primary and secondary master data, and through AHP analysis, Co-existence type was suitable as the target model for the master data management system. We expect that stronger defense technology security policy will be implemented through the defense technology MDM system.