• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.39-45
• /
• 2015

Industrial secrets that companies own recently protected by various act related industrial security such as Trade Secret Act, Act on Prevention of Divulgence and Protection of Industrial Technology, etc. However, despite such protection infringement and leakage accidents of industrial secrets is increasing every year. According to a survey conducted by KAITS(Korean Association for Industrial Technology Security) annual average of estimated damage by industrial secrets leakage is estimated to be "50 trillion won." This is equivalent to the amount of annual revenue of small businesses more than 4,700 units. Following this, industrial secrets leakage causes serious damages to competitiveness of nation and companies and economic. However investment and effort to the industrial secrets leakage crime is lack of level compared to the scale of damage. Actually, most companies except some major companies are lack of response action about industrial secrets leakage because of shortage of separate organization, workforce, budget for industrial secrets leakage security. This paper aims to understand the overall flow of the industrial secrets leakage crime through various taxonomy such as cause of occurrence and leakage pathway and grasp the condition of damage from industrial secrets leakage through analyzation of internal and external industrial secrets leakage crime. This is expected to be the basis for related research.

• Journal of Multimedia Information System
• /
• v.2 no.3
• /
• pp.281-286
• /
• 2015

This article considers Honeywell solutions in the branch of integration of subsystems of industrial safety and security for industrial enterprises with the creation of a unified Human-machine interface for centralized management and control of safety at the plant.

• Journal of Korean Institute of Industrial Engineers
• /
• v.28 no.1
• /
• pp.44-56
• /
• 2002

For the risk analysis and risk assessment techniques to be effectively applied to the field of information technology (IT) security, it is necessary that the required activities and specific techniques to be applied and their order of applications are to be determined through a proper risk management model. If the adopted risk management model does not match with the characteristics of host organization, an inefficient management of security would be resulted. In this paper, a risk management model which can be well adapted to Korean domestic IT environments is proposed for an efficient security management of IT. The structure and flow of the existing IT-related risk management models are compared and analysed, and their common and/or strong characteristics are extracted and incorporated in the proposed model in the light of typical threat types observed in Korean IT environments.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2016.01a
• /
• pp.311-314
• /
• 2016

지난 5년간 대표적인 산업제어시스템(Industrial Control System)인 국내 원자력 발전소에 대한 해킹 시도는 총 1,843회로 사이버공격에 대한 위험은 날로 높아지고 있다. 이러한 공격은 사이버전, 테러, 사이버범죄자들에 의해 실행되고 있다. 이러한 위험을 통제하기 위해서는 산업제어시스템이 일반적인 IT시스템과 다른 운영체제, 네트워크 등 시스템 환경을 고려하여야 한다. 본 논문에서는 기존의 IT보안 대책과 산업제어시스템 보안 대책을 비교 분석하고, 국내외에서 발생하고 있는 산업제어시스템에 대한 공격 사례를 비교 분석하여 산업제어시스템 인프라에서 고려하고 통제해야 할 정보보호 요소들을 제언한다.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.1-6
• /
• 2009

Current paradigm of industrial security is changing into the effective operation and management from simple establishment of security equipments. If the physical security system(entry control system, video security system, etc.) and the IT integrated security control system are conversed, it makes us possible to prevent, disrupt and track afterwards the insider's information leakage through the risk and security management of enterprise. That is, Without the additional expansion of the existing physical security and IT security manpower, the establishment of systematic conversion security management process in a short time is possible and can be expected the effective operation of professional organization system at all times. Now it is needed to build up integrated security management system as an individual technique including the security event collection and integrated management, the post connected tracking management in the case of security accident, the pattern definition and real time observation of information leakage and security violation, the rapid judgement and response/measure to the attempt of information leakage and security violation, the establishment of security policy by stages and systematically and conversion security.

• Korean Security Journal
• /
• no.51
• /
• pp.11-35
• /
• 2017

The third industrial revolution, characterized by factory automation and informatization, are moving toward the fourth industrial revolution which is the era of superintelligence and supernetworking through rapid technology innovation. The most important resources in the fourth industrial revolution are information or data since the most of industrial and economic activities will be affected by information in the fourth industrial revolution. Therefore we can expect that more information will be utilized, shared and transfered through the networks or systems in real time than before so the significance of information management and security will also increase. As the importance of information resource management and security which is the core of the fourth industrial revolution increases, the threats on information security are also growing so security incidents such as data breeches and accidents take place more often. Various and thorough solutions are highly needed to protect information resources from security risks because information accidents or breaches seriously damage brand image and cause huge financial damage to organization. The purpose of this study is to research general trends on data breaches and accident that can be serious threat of information security. Also, we will provide resonable solutions to protect data from nine attack patterns or other risk factors after figuring out each characteristic of nin attack patterns in data breaches and accidents.

• Journal of the Korea Safety Management & Science
• /
• v.17 no.3
• /
• pp.205-213
• /
• 2015

This study aims to verify the structural correlation empirically between information security performance and information management performance. To verify the correlation, three factors such as managerial controlled activity, technical controlled activity, and physical controlled activity are divided for the information security activities variable. the security performance are divided into accident prevention and accident response variables. As a result, security organization activity is a unique factor being positively significant to information security and management performance. And three activities such as human security, security training, development security do not affect at all on both information security and management performance.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.5
• /
• pp.1146-1151
• /
• 2007

In this paper, it is investigated to the security services and vulnerability tools of IEEE802.11 wireless LAN, and it is considered the employment state of wireless LAN AP (access point) and analyzed the state of security vulnerability. In according to this study, among wireless LAN APs, which are operated in each company or each factory, in center around industrial of Cheonan city, 50% of AP, which is used, is not operated on WEP, and therefore, it is stated the weakness of security so far. From the result of this study, in case of mid and small company, it can be distinguished the necessity of the security training for the informaton system manager.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.13-20
• /
• 2011

Nowadays, digital-images are widely used at Web, industrial and medical applications. There have been many studies on online and Web copyright. But there are a few studies on industrial digital-image. In this paper, we propose the image encryption scheme for digital image in the industrial film. We implement and verify the proposed digital image encryption scheme for prevention of industrial secrets and intellectual property right outflow.