• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.561-575
• /
• 2023

The information security industry has seen a wide variety of growth over the past few decades. In particular, various solutions have been proposed in terms of technology, management, and institutional aspects. Nevertheless, it should be notedthat security accidents continue to occur every year. This proves that there are limitations to various business changes in the digital era as existing security is being promoted with technology-oriented and prevention-oriented policies. Thus, people-centric security (PCS) has recently become a hot topic in order to escape the limitations of traditional securityapproaches. Through the concept of information security violations, PCS strategic principles, and expert interviews, this studyaims to present a fundamental security incident response plan by classifying human-caused vulnerabilities into 5 categories and classifying them into 21 detailed components.

• Journal of Information Processing Systems
• /
• v.14 no.2
• /
• pp.286-308
• /
• 2018

The availability of powerful and sensor-enabled mobile and Internet-connected devices have enabled the advent of the ubiquitous sensor network (USN) paradigm. USN provides various types of solutions to the general public in multiple sectors, including environmental monitoring, entertainment, transportation, security, and healthcare. Here, we explore and compare the features of wireless sensor networks and USN. Based on our extensive study, we classify the security- and privacy-related challenges of USNs. We identify and discuss solutions available to address these challenges. Finally, we briefly discuss open challenges for designing more secure and privacy-preserving approaches in next-generation USNs.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.332-335
• /
• 2017

정보기술의 발달은 조직의 업무환경에 긍정적인 영향을 주는 동시에 다양한 정보보호 위협에 따른 사고 발생 등 부정적인 영향을 미친다. 조직에서는 보안사고 예방을 위하여 다양한 노력들을 경주하고 있지만 기술적 보안 솔루션에 의존하는 경향이 있으며, 그럼에도 불구하고 보안 사고를 완벽히 예방하는 것은 불가능하다. 최근 기존의 정보보호 접근방법의 한계를 극복하기 위한 새로운 접근방법인 인간 중심 보안(People Centric Security)에 대한 관심이 증가하고 있으며, 임직원의 자발적인 정보보호 정책준수에 대한 연구의 필요성이 제기되고 있다. 본 연구는 향후 인간 관점의 정보보호 연구의 발전을 위해 기존의 수행된 연구들을 분석하여 통합된 관점에서 연구방향을 제시하는 연구동향 분석 연구로서, 해외 4개의 저널에서 수집한 134개의 논문을 대상으로 연구 추세, 연구 주제, 연구 방법론 등을 분석하였다. 본 연구의 결과는 국내의 인간 관점에서의 정보보호 관련 연구 활성화에 기여할 수 있을 것이라 판단되며, 조직에서 임직원의 정책준수에 영향을 주는 요인들을 참고하여 정보보호 정책 수립 시 활용할 수 있을 것이다.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.39-46
• /
• 2019

Recently, information security accidents are becoming more advanced as social engineering attacks using new types of malicious codes such as phishing. Organizations have made various efforts to prevent information security incidents, but tend to rely on technical solutions. Nevertheless, not all security incidents can be prevented completely. In order to overcome the limitations of the information security approach that depends on these technologies, many researchers are increasingly interested in People-Centric Security. On the other hand, some researchers have applied behavioral economics to the information security field to understand human behavior and identify the consequences of the behavior. This study is a trend analysis study to grasp the recent research trend applying the concept and idea of behavioral economics to information security. We analyzed the research trends, research themes, research methodology, etc. As a result, the most part of previous research is focused on 'operational security' topics, and in the future, it is required to expand research themes and combine behavioral economics with security behavioral issues to identify frameworks and influencing factors.

• Journal of Korea Multimedia Society
• /
• v.17 no.6
• /
• pp.697-705
• /
• 2014

For enhancing network efficiency, content-centric networking (CCN) allows network nodes to temporally cache a transmitted response message(Data) and then to directly respond to a request message (Interest) for previously cached contents. Also, CCN is designed to utilize a hierarchical content-name for transmitting Interest/Data instead of a host identity like IP address. This content-name included in Interest/Data reveals both content information itself and the structure of network domain of a content source which is needed for transmitting Interest/Data. To make matters worse, This content-name is human-readable like URL. Hence, through analyzing the content-name in Interest/Data, it is possible to analyze the creator of the requested contents. Also, hosts around the requester can analyze contents which are asked by the requester. Hence, for securely implementing CCN, it is essentially needed to make the content-name illegible. In this paper, we propose content-name encoding schemes for CCN so as to make the content-name illegible and evaluate the performance of our proposal.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.103-110
• /
• 2019

Recently security related attacks occur in very diverse ways, aiming at people who operate the system rather than the system itself by exploiting vulnerabilities of the system. However, to the our best knowledge, there has been very few works to analyze and strategically to deal with the risks of social engineering attacks targeting people. In this paper, in order to access risks of social engineering attacks we analyze those attacks in terms of attack routes, attack means, attack steps, attack tools, attack goals. Then, with the purpose of accessing the organizational risks we consider the characteristics and environments of the organizations because the impacts of attacks on the organizations obviously depend on the characteristics and environments of the organizations. In addition, we analyze general attack risk assessment methods such as CVSS, CWSS, and OWASP Risk Rating Methodolog. Finally, we propose the risk access scheme of social engineering attacks for the organizations. The proposed scheme allows each organization to take its own proper actions to address social engineering attacks according to the changes of its environments.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.47-58
• /
• 2015

Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

• International Journal of Contents
• /
• v.16 no.3
• /
• pp.1-17
• /
• 2020

Human motion recognition is essential for user-centric services such as surveillance-based security, elderly condition monitoring, exercise tracking, daily calories expend analysis, etc. It is typically based on the movement data analysis such as the acceleration and angular velocity of a target user. The existing motion recognition studies are only intended to measure the basic information (e.g., user's stride, number of steps, speed) or to recognize single motion (e.g., sitting, running, walking). Thus, a new mechanism is required to identify the transition of single motions for assessing a user's consecutive motion more accurately as well as recognizing the user's body and surrounding situations arising from the motion. Thus, in this paper, we collect the human movement data through Android smartphones in real time for five targeting single motions and propose a mechanism to recognize a consecutive motion including transitions among various motions and an occurred situation, with the state transition model to check if a vulnerable (life-threatening) condition, especially for the elderly, has occurred or not. Through implementation and experiments, we demonstrate that the proposed mechanism recognizes a consecutive motion and a user's situation accurately and quickly. As a result of the recognition experiment about mix sequence likened to daily motion, the proposed adoptive weighting method showed 4% (Holding time=15 sec), 88% (30 sec), 6.5% (60 sec) improvements compared to static method.

• Maritime Security
• /
• v.1 no.1
• /
• pp.215-240
• /
• 2020

In 2017, the U.S. DARPA coined 'mosaic warfare' as a new way of warfighting. According to the Timothy Grayson, director of DARPA's Strategic Technologies Office, mosaic warfare is a "system of system" approach to warfghting designed around compatible "tiles" of capabilities, rather than uniquely shaped "puzzle pieces" that must be fitted into a specific slot in a battle plan in order for it to work. Prior to cover mosaic warfare theory and recent development, it deals analyze its background and several premises for better understanding. The U.S. DoD officials might acknowledge the current its forces vulnerability to the China's A2/AD assets. Furthermore, the U.S. seeks to complete military superiority even in other nation's territorial domains including sea and air. Given its rapid combat restoration capability and less manpower casualty, the U.S. would be able to ready to endure war of attrition that requires massive resources. The core concept of mosaic warfare is a "decision centric warfare". To embody this idea, it create adaptability for U.S. forces and complexity or uncertainty for the enemy through the rapid composition and recomposition of a more disag g reg ated U.S. military force using human command and machine control. This allows providing more options to friendly forces and collapse adversary's OODA loop eventually. Adaptable kill web, composable force packages, A.I., and context-centric C3 architecture are crucial elements to implement and carry out mosaic warfare. Recently, CSBA showed an compelling assessment of mosaic warfare simulation. In this wargame, there was a significant differences between traditional and mosaic teams. Mosaic team was able to mount more simultaneous actions, creating additional complexity to adversaries and overwhelming their decision-making with less friendly force's human casualty. It increase the speed of the U.S. force's decision-making, enabling commanders to better employ tempo. Consequently, this article finds out and suggests implications for Korea armed forces. First of all, it needs to examine and develop 'mosaic warfare' in terms of our security circumstance. In response to future warfare, reviewing overall force structure and architecture is required which is able to compose force element regardless domain. In regards to insufficient defense resources and budget, "choice" and "concentration" are also essential. It needs to have eyes on the neighboring countries' development of future war concept carefully.

• International Journal of Computer Science & Network Security
• /
• v.22 no.11
• /
• pp.248-254
• /
• 2022

Educational innovations are first created, improved or applied educational, didactic, educative, and managerial systems and their components that significantly improve the results of educational activities. The development of pedagogical technology in the global educational space is conventionally divided into three stages. The role of innovative technologies in Higher School practice is substantiated. Factors of effectiveness of the educational process are highlighted. Technology is defined as a phenomenon and its importance is emphasized, it is indicated that it is a component of human history, a form of expression of intelligence focused on solving important problems of being, a synthesis of the mind and human abilities. The most frequently used technologies in practice are classified. Among the priority educational innovations in higher education institutions, the following are highlighted. Introduction of modular training and a rating system for knowledge control (credit-modular system) into the educational process; distance learning system; computerization of libraries using electronic catalog programs and the creation of a fund of electronic educational and methodological materials; electronic system for managing the activities of an educational institution and the educational process. In the educational process, various innovative pedagogical methods are successfully used, the basis of which is interactivity and maximum proximity to the real professional activity of the future specialist. There are simulation technologies (game and discussion forms of organization); technology "case method" (maximum proximity to reality); video training methodology (maximum proximity to reality); computer modeling; interactive technologies; technologies of collective and group training; situational modeling technologies; technologies for working out discussion issues; project technology; Information Technologies; technologies of differentiated training; text-centric training technology and others.