• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.158-161
• /
• 2023

스마트팩토리는 기존 제조산업과 ICT(Information & Communication Technology)가 융합된 지능형 공장이다. 이는 직접적인 제조공정 과정이 수행되는 OT(Operational Technology) 영역(0~3계층)과 전사업무 관리를 수행하는 IT(Information Technology) 영역(4~5계층)으로 구분되며, 각 영역과 계층이 연결되어 제조·물류·유통 과정의 자동화 및 지능화를 제공한다. 그러나 각 영역과 계층이 연결됨에 따라 보안위협 벡터가 증가하고 있으며, 다영역·다계층 환경인 스마트팩토리에 적합한 대응체계 연구를 위해 영역별 보안위협 관련 데이터를 통합하여 처리 및 관리하는 아키텍처 연구가 필요한 실정이다. 이에 따라 본 논문에서는 스마트팩토리 환경 내 IT 및 OT 영역 장치를 식별하고 보안위협 관련 데이터 통합 처리 및 관리를 위한 아키텍처를 제안한다.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.93-104
• /
• 2021

Today, due to the development of the 4th industrial revolution such as artificial intelligence, the security threat of the military organization is increasing. A study that can contribute to complying with military security is needed by studying the effects of influence factors occurring in this changing or newly emerging security environment on information security stress and security compliance behavior intention. In previous studies, task overload, task complexity, task uncertainty, and task conflict were extracted among environmental influencing factors that cause security stress. We empirically analyzed how these influencing factors affect security stress and whether they play a mediating role in security stress. As a result of the analysis, it was analyzed that the security stress was affected in the order of task overload, task conflict, and task uncertainty. Information security stress did not significantly affect security compliance behavior intention, but it was found to mediate the effect of task overload on security compliance behavior intention. This causes information security stress due to heavy security work in the military organization, which ultimately leads to lower security compliance behavior. Therefore, the security policy to manage this situation should be promoted first.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.8 no.2
• /
• pp.107-117
• /
• 2013

The main objective of this study lies at examining economic features of IT security investment and comparing alternative mechanisms to achieve optimal provision of IT security resources within a firm. There exists a paucity of economic analysis that provide useful guidelines for making critical decisions regarding the optimal level of provision of IT security and how to share the costs among different users within a firm. As a preliminary study, this study first argues that IT security resources share some unique characteristics of pure public goods, namely nonrivalry of consumption and nonexcludability of benefit. IT security provision problem also suffers from information asymmetry problem with regard to the valuation of an individual user for IT security goods. Then, through an analytical framework, it is shown that the efficient provision condition at the overall firm level is not necessarily satisfied by individual utility maximizing behavior. That is, an individual provision results in a suboptimal solution, especially an underprovision of the IT security good. This problem is mainly due to the nonexcludability property of pure public goods, and is also known as a free-riding problem. The fundamental problem of collective decision-making is to design mechanisms that both induce the revelation of the true information and choose an 'optimal' level of the IT security good within this framework of information asymmetry. This study examines and compares three alternative demand-revealing mechanisms within the IT security resource provision context, namely the Clarke-Groves mechanism, the expected utility maximizing mechanism and the Groves-Ledyard mechanism. The main features of each mechanism are discussed along with its strengths, weaknesses, and different applicability in practice. Finally, the limitations of the study and future research are discussed.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.55-62
• /
• 2009

Industrial Security is a management activity protecting industrial asset of enterprise by application of security elements(physical, IP, conversion security tools) and can be understood as a comprehensive term including software aspect(establishment of policy and strategy, maintenance operation, post- response act, etc.) as well as the operation of hardware elements. In this paper, after recognizing the definition and relative concept of industrial security, the role and its relative laws of the industrial security organizations, the management system and the reality, I will find some problems and submit a reform measure. Furthermore I would like to propose the policy direction to enhance the national competitiveness and to become one of the advanced nations in 21st industrial security through the effective industrial security activities of our enterprises.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.7-21
• /
• 2009

Strategies have to be employed in information systems security in order to build and operate systems for information systems security in effective and structured manner. It is also essential for the entire organization to participate for successful implementation of the strategies and making them work. Current researches on information systems security strategy in organizations, however, have mainly been focused on deployment and operation of countermeasures based on strategic thinking and decision. In consequence, it is lack of research on overall frame for containing consideration factors required for moving and leading the whole enterprise for the holistic security purpose. Therefore, this paper proposes a framework for use in establishment of organization-wide information systems security strategies based on the concept of grand strategy from the traditional strategy research and on the four dimensional features of it.

• Journal of Digital Convergence
• /
• v.19 no.12
• /
• pp.125-132
• /
• 2021

This study analyzed the multi-mediating effects of information security, personal information infringement, personal experience, and information security intention in the relationship between personal information protection and information security attitude. For this purpose, a survey was conducted on 221 students from G University. First, information security, personal information infringement, and information security awareness had a simple mediating effect. Second, information security, personal information infringement, personal experience, and information security consciousness had parallel multi- mediation effects. Third, personal information infringement and information security awareness had a simple mediating effect in the parallel multiple mediation state. Fourth, information security had a simple mediating effect, but it was found that there was no simple mediating effect in the parallel multiple mediation state. This study is meaningful in that it empirically compared the simple and multi-mediation effects.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.101-104
• /
• 2011

지능형 전력망인 Smart Grid의 등장으로 미국, 일본 등의 국가는 Smart Grid 시장을 선점하기 위해 노력하고 있다. 한국 또한 경쟁국으로서 G20 정상회의에서 Smart Grid 시범 단지를 선보이려고 준비 중에 있다. Smart Grid의 발전에 기본적인 전력기기와 IT기기의 융합 모델인 전력IT기기의 연구가 진행되고 있고, 단일 전력 기기일 때와는 달리 IT 기기의 특성에 따른 보안 문제에 노출되어 보안에 대한 연구가 필수적이다. 본 논문에서는 Smart Grid에 사용되는 전력 IT 기기에 적용 할 수 있는 보안 방법인 BlackList 설정을 연구하여 Smart Grid 시대의 발전에 기여 할 것이다.

• Journal of Digital Convergence
• /
• v.15 no.5
• /
• pp.197-205
• /
• 2017

To achieve web application security goals effectively by providing web security features such as information leakage prevention, web application firewall system must be able to achieve the goal of enhancing web site security and providing secure services. Therefore, it is necessary to study the security evaluation of web application firewall system based on related standards. In this paper, we analyze the requirements of the base technology and security quality of web application firewall, and established the security evaluation criteria based on the international standards for software product evaluation. Through this study, it can be expected that the security quality level of the web application firewall system can be confirmed and the standard for enhancing the quality improvement can be secured. As a future research project, it is necessary to continuously upgrade evaluation standards according to international standards that are continuously changing.

• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.67-75
• /
• 2022

Due to the COVID-19 pandemic, many companies have introduced remote work. However, the introduction of remote work has increased attacks on companies to access sensitive information, and many companies have begun to use cloud services to respond to security threats. This study used LDA topic modeling techniques by collecting news data with the keyword 'cloud security' to analyze changes in domestic cloud security trends before and after the COVID-19 pandemic. Before the COVID-19 pandemic, interest in domestic cloud security was low, so representation or association could not be found in the extracted topics. However, it was analyzed that the introduction of cloud is necessary for high computing performance for AI, IoT, and blockchain, which are IT technologies that are currently being studied. On the other hand, looking at topics extracted after the COVID-19 pandemic, it was confirmed that interest in the cloud increased in Korea, and accordingly, interest in cloud security improved. Therefore, security measures should be established to prepare for the ever-increasing usage of cloud services.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.672-675
• /
• 2015

다른 IT 분야에 비해 헬스케어 IT 분야는 의료정보의 중요성이 매우 높으나 현재 의료정보 보관, 데이터 전송에 대한 보안 부분이 매우 취약하며 보안관리에 대한 인력 또한 매우 부족한 상태이다. 향후 클라우드발전법으로 인한 의료영상저장전송시스템의 환경 변화로 보안에 대한 취약성은 더욱 두드러질 것이며 사고 또한 급증할 것이다. 이에 대한 보안성 향상에 대한 방안을 제시 하고자 한다.