• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.59-68
• /
• 2016

Recently, many domestic and foreign industries is increasing gradually in the importance of security such as the emergence of a Convergence Information Technology(internet of things, cloud computing service, big data etc). Among these techniques, the industrial security market is expected to grow gradually and the evolution of security technologies, as well as vulnerabilities are also expected to increase. Therefore, an increase in physical vulnerability factors it is no exaggeration to standards that are determining the security of industrial security. In this paper will be analyzed to the physical security technology and case study, physical vulnerability factor. Thereby this is expected to be utilized as a basis for the countermeasure of physical corresponding infringement and attack in a future.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.11
• /
• pp.75-84
• /
• 2018

Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.5
• /
• pp.159-166
• /
• 2010

From public insecurity, access of wealth, alteration of population structure, and changes of security recognition, physical security has been continuously developed and changed. In these days, typical systems for physical security are unmanned security system using telephone network and security equipment, image recognition system using DVR and camera, and access control system by finger print recognition and RFID cards. However, physical security system is broadening its domain towards ICT based convergence with networked camera, biometrics, individual authentication, and LBS services. This paper proposes main technical trends and various security convergences for future physical security services by classifying the security categories into 3 parts; Individual security for personal protection, IT Convergence for large buildings, and Homeland Security for omni-directional security.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.265-273
• /
• 1997

Intranet is an enterprise network using Internet protocols as communication standard and HTML as content standard. The Internet is like a house built on information water. It has a lot of strong points as a future enterprise network. However, companies wish to have confidence in its functional and economic effectiveness and security before adopting it. The security issue especially is a problem to solve inevitably. Enterprises will hold back to adopt Intranet unless there are enough security counter plans and countermeasures against vulnerabilities of Intranet(it is the wise decision !). Nevertheless the researches related to Intranet has been concentrated on techniques for building it. In this paper, we focus the security aspect of Intranet. Intranet security must be considered on the whole from structure design to users' services. We propose a security-based Intranet structure and security management system.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.355-362
• /
• 2021

Through the Korean version of the New Deal 2.0, manufacturing-oriented SMEs are facing a new environmental change called smart factory construction. In addition, SMEs are facing new security threats along with a contactless environment due to COVID-19. However, it is practically impossible to apply the previously researched and developed security management system to protect the core technology of manufacturing-oriented SMEs due to the lack of economic capacity of SMEs. Therefore, through research on security management systems suitable for SMEs, it is necessary to strengthen their business competitiveness and ensure sustainability through proactive responses to security threats faced by SMEs. The security management system presented in this study is a security management system to prevent technology leakage applicable to SMEs by deriving and reflecting the minimum security requirements in consideration of technology protection point of view, smart factory, and remote access in a non-contact environment. It is also designed in a modular form. The proposed security management system is standardized and can be selectively used by SMEs.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.109-116
• /
• 2009

In the paper, we designed an automatic security diagnostic evaluation System(SeDES) based on a security diagnostic evaluation model(SeDEM) for an organization's security assurance. The SeDEM evaluates a security level of an organization quantitatively by a security evaluation formula which is composed of security variables and security index as applying the statistical CAEL model for evaluate risk level of banks. The SeDES has a good expandability as changing security variables according to an organization scale, characteristics and so on. And it also has a excellent usage because it inputs only numeric data got from statistical technique to security index. We can understand more a security level correctly than the existent risk assessment system because it is possible to assess quantitatively with an security grade as well as score. analysis.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.133-140
• /
• 2006

For the verification of the security level against a IT product development environment, we should analyze the vulnerability and the various threatening factors which exists in the IT product development environment. Also we need the evaluation criteria and tools for the evaluation and improvement of the level of information security. For that, we need evaluation indices and the standard it will be able to improve the evaluation methodology in the actual IT product development environment which will reach it will be able to apply must be researched. In this study, our aims are the development of verification tools for the security level of IT product development environment.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.167-174
• /
• 2015

Information security organization has normally been organized under the IT department. However, as the importance of information security has gradually increased, the way of information security organized for enterprise security management has become a noteworthy issue. The need for separation of Information security organization from IT department is growing, such as restriction on the concurrent positions in CIO and CISO. Nowadays there are many studies about Information security organization while relatively there has been minimal research regarding a departmentalization. For these reasons this study proposes a Information Security Departmentalization Model which is based on business risk and reliance on the IT for effectively organizing Information security organization, using Contingency theory. In addition, this study classified the position of Information security organization into Planning & Coordination, Internal Control, Management and IT and analyze the strengths and weaknesses of each case.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.107-115
• /
• 2006

It discovered a design error from the module to search required installing security patch of Windows Update and Automatic Updates that Microsoft supports it to install security patch easily and quickly. It explains and tests security patch-disguise attack by this error. Security patch-disguise attack is to maintains a vulnerability and to be not searched the security patch simultaneously. Also it composes an attack scenario. Is like that, it proposes the method which solves an design error of the module to search required installing security patch.

• International Journal of Internet, Broadcasting and Communication
• /
• v.9 no.4
• /
• pp.14-18
• /
• 2017

In this paper, an contemplate the direction for Usable Security in IT security and User Experience. To evaluate how the user interface is convenient to use, we examine the components such as the property, learnable property, memory simplicity, faults and satisfaction level. By considering for the security, we should bring positive effects on the user experience. By emphasizing usability and security at the same time, we should increase the satisfaction level of the user experience and then produce the valuable experience through participation, use and observation. The positive user experience is the important task for the software engineering, business administration and others., and this will result satisfaction of the users, brand trust, and success in the market. On the other hand, for the negative user experience, the users cannot achieve their desired goal and therefore, are unsatisfied due to emotional, rational and economic inconvenience. Due to this, we should try to maintain a certain level of usability and security of the system in IT security and User Experience.