• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1309-1318
• /
• 2014

In the past few years, data leakage of information assets has become a prominent social issue. According to the National Industrial Security Center in South Korea, 71 percent who suffer from technology leakage are small and medium sized enterprises. Hence, establishment and operation of ISMS (Information Security Management System) for small and medium sized enterprises become an important issue. Since it is not easy to obtain ISMS certification for a small or medium sized enterprise by itself, consultation with an expert firm in information security is necessary before the security implementation. However, how to select a proper security consulting company for a small or medium sized firm has not been studied yet. In this study, we analyze empirically the selection factors of ISMS certification consulting company for a small or medium sized firm through exploratory factor analysis (EFA). Our study identified the following four important factors in selecting a security consulting company: expertise of the staffs and human resource management proficiency, market leading capability, competence to make progress during the consultation, and the performance and the size of the physical assets and human resources.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.47-58
• /
• 2015

Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• Korean Security Journal
• /
• no.8
• /
• pp.65-83
• /
• 2004

In modern society, the enterprises or the public organization have devised consistent means and methods with keen competition in high intelligence, high specialization and high competition for surviving in the struggle for existence. In the rapidly changing modern society like that, guard services are not free any more in the simple business. It will be survived only with consistent self-development and various abilities. Recently, it is on a trend that the enterprise including venture business requires the man of ability having many-sided thought, knowledge and capacity. That is, the era of a man with multi-function has come. The guards engaged in their present posts have to make efforts self-development consistently. And they have to work for self-development with theoretical knowledge acquirement about the expert knowledge escaping from simple function and business. The constitution including universities that train the guard should not adjust to the demand of quantitative manpower required in the enterprise organization with the training of the guard with simple functions only. It needs settlement as a curriculum with technology like ideology and knowledge breaking from short curriculum centered on function only in order to come to stay the recognition about guard services as expert services that the industrial society requires. The education centered on simple function should be replaced in the use of a high school, private academy and special guard institution. In addition, it requires a quality as the auxiliary, division, decision-making and spokesman according to the business role. Also, it requires the martial arts capacity, the communicative capacity, the sports or reports capacity, the guard driving capacity, the policy and assistant capacity and the information and analysis capacity, etc in individual. Lastly, it need each guard's change of cognition most of all. As part of the guard's adaptive plan according to the social change, it was enumerated like the mentioned above. It is important for the guard to prepare for the change of era and to build up quality and capacity before anything else.

• Proceedings of the Korea Technology Innovation Society Conference
• /
• 2015.05a
• /
• pp.545-570
• /
• 2015

Korea is among the ten countries with the largest R&D budget and the highest R&D investment-to-GDP ratio, yet the subject of security and protection of R&D results remains relatively unexplored in the country. Countries have implemented in their legal systems measures to properly protect cutting-edge industrial technologies that would adversely affect national security and economy if leaked to other countries. While Korea has a generally stable legal framework as provided in the Regulation on the National R&D Program Management (the "Regulation") and the Act on Industrial Technology Protection, many difficulties follow in practice when determining details on security management and obligations and setting standards in carrying out national R&D projects. This paper proposes to modify and improve security level classification standards in the Regulation. The Regulation provides a dual security level decision-making system for R&D projects: the security level can be determined either by researcher or by the central agency in charge of the project. Unification of such a dual system can avoid unnecessary confusions. To prevent a leakage, it is crucial that research projects be carried out in compliance with their assigned security levels and standards and results be effectively managed. The paper examines from a practitioner's perspective relevant legal provisions on leakage of confidential R&D projects, infringement, injunction, punishment, attempt and conspiracy, dual liability, duty of report to the National Intelligence Service (the "NIS") of security management process and other security issues arising from national R&D projects, and manual drafting in case of a breach. The paper recommends to train security and technological experts such as industrial security experts to properly amend laws on security level classification standards and relevant technological contents. A quarterly policy development committee must also be set up by the NIS in cooperation with relevant organizations. The committee shall provide a project management manual that provides step-by-step guidance for organizations that carry out national R&D projects as a preventive measure against possible leakage. In the short term, the NIS National Industrial Security Center's duties should be expanded to incorporate national R&D projects' security. In the long term, a security task force must be set up to protect, support and manage the projects whose responsibilities should include research, policy development, PR and training of security-related issues. Through these means, a social consensus must be reached on the need for protecting national R&D projects. The most efficient way to implement these measures is to facilitate security training programs and meetings that provide opportunities for communication among industrial security experts and researchers. Furthermore, the Regulation's security provisions must be examined and improved.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.11-17
• /
• 2018

The number of certificates in Korea is about 32,364(2018.09). There are 252 national technical qualifications, 149 national professional qualifications, 99 public private qualifications, and 31,894 private qualifications. The purpose of this study is to examine the process by which KAITS ISE is created. The course was examined and formalized for 10 years from the establishment of KAITS to the first test. As a result of the research, (1) Preparatory considerations (2) Development of qualifications framework (3) Job analysis and drafting (4) Development of problem banks (5) Design of curriculum (6) Development of verification strategy (7) Execution of verification (8) Revenue plan (9) Expansion of qualification demand (10) Opinion formation. After that, the module of the creativity is studied. It is expected that it will be used as a model for certification development in industry security consulting experts.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.279-286
• /
• 2020

On February 4, 2020, the Personal Information Protection Act ("Privacy Act") was amended to facilitate the convergence and utilization of data, a key resource of the Fourth Industrial Revolution, and to support the development of the data industry. As the scope of the law applies to telecommunications operators, financial operators, and personal information processing providers, the scope of related dispute settlement is expected to increase. Therefore, this paper first introduces the role and function of the Personal Information Dispute Committee and the institutional standards for personal information dispute mediation, and researches the roles and issues that the Personal Information Dispute Mediation Committee should play in accordance with the revision of the Data 3 Law. In this study, For efficient operation of personal information dispute mediation, expert deliberation by field, new adjustment criteria for new industrial technologies, way to secure business continuity between the Personal Information Dispute Committee and the Personal Information Committee, Secure the link between the mediation decision and courts, and Suggested the strengthening of the operational standards for collective dispute mediation.

• The Journal of Society for e-Business Studies
• /
• v.19 no.4
• /
• pp.135-150
• /
• 2014

As the collection and use of personal information increases, the accidents that abuse and leak personal information are continuously increasing. The nation has established new laws and strengthened related laws for the prevention of the mass leakage of personal information and the secondary damage due to the leaked personal information. The nation also established the guidelines that need to be implemented by the institutions handling personal information for the safety of the personal information. For the efficient implementation of guidelines under the limited time and resources, it is necessary to establish the priorities between guidelines. This paper compares the relative importance of the guidelines by AHP (Analytic Hierarchy Process) technique. We performed the analysis on two expert groups, the group of consultants working in information security consulting company and the group of information security staffs handling personal information directly in the company. We compared the differences between groups and recommended the relative importances of the guidelines.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.215-228
• /
• 2020

M&As are continuing to grow globally and are expected to increase in the future. With the fourth industrial revolution and the strengthening of neo-protection trade between countries, technology is cited as the core of national competitiveness, and the trend of M&A's increase, which is aimed at securing technology, is expected to continue. However, the risk of technology leakage, which is difficult to determine clearly illegally in the process of M&A, is still growing, and there is not enough prevention or response to this problem. the purpose of this paper was to divide the M&A process into seven stages and to ensure that important information of the enterprises during M&A between the countries and the domestic companies was not leaked unfairly, and each step analyzed the risk factors and causes of the leakage of important information in the M&A process and presented a risk-specific management plan for minimizing the leakage of important information based on the importance of the risk factors. Companies that pursue M&A in the future will reflect the M&A step-by-step risk and risk management measures derived based on case analysis and expert surveys. I hope to use risk management measures to help minimize unintentional leakage of important corporate information into the outside.

• Korean Journal of Remote Sensing
• /
• v.28 no.4
• /
• pp.467-475
• /
• 2012

Cloud computing services are known that they have many advantages from the point of view in economic saving, scalability, security, sharing and accessibility. So their applications are extending from simple office systems to the expert system for scientific computing. However, research or computing technology development in the geo-spatial fields including remote sensing applications are the beginning stage. In this work, the previously implemented smartphone app for image processing was first migrated to mobile cloud computing linked to Amazon web services. As well, parallel programming was applied for improving operation performance. Industrial needs and technology development cases in terms of mobile cloud computing services are being increased. Thus, a performance testing on a satellite image processing module was carried out as the main purpose of this study. Types of implementation or services for mobile cloud varies. As the result of this testing study in a given condition, the performance of cloud computing server was higher than that of the single server without cloud service. This work is a preliminary case study for the further linkage approach for mobile cloud and satellite image processing.