• Korean Security Journal
• /
• no.29
• /
• pp.163-191
• /
• 2011

Recently, the problems in school violence did not stop on the crime between the members at the school and which developed into the invasion crime of the school caused by outsiders. The school is no more the safety zone from the crime. Particularly, in the case of the elementary school, because there are nearly no people who oppose to the outside attacker and can control this, it is the place where it is vulnerable to the invasion crime. The Metropolis of Seoul implements the School Sheriff system within the jurisdiction bureau, in the public elementary school. However, actually the School Sheriff business is being managed, never applying a rule in the Security Industry Law with the main content, that is the Security Industry Law application is excluded. Because the jurisdiction on the contract of Seoul City and operating company are run, the various issues is caused. First, since it is not being considered as a security business, the commercial liability insurance for security company has no chance to applicate when the operation company and the School Sheriff have related damage generation. So the security for the indemnification of loss of the victim is weak. Second, The task of the School Sheriff is ruled just by in the individual contracts. But it is insufficient with this thing. The related duties are required some supplement like a general rule application including the obligation of the guard in the security industry law. Third, the education of the School Sheriff needs to connect with the educational programme in the security industry law. The related professional education specially needed for the prevention of school violence ought to be reserved compensation. Forth, the citizens still demand the strengthening of police patrol for the surroundings of a school in spite of the result of Seoul City's public survey. Therefore, the active relation of cooperation with the police needs to be supported legally and institutionally with the Security Industry Law application. Fifthly, the success of the School Sheriff business can be more guaranteed with the supervision of the legal and institutional device like a the Security Industry Law application or police and all sorts of administrative execution's and etc.

• Korean System Dynamics Review
• /
• v.4 no.2
• /
• pp.5-44
• /
• 2003

The focus of this paper is comparing relative effects of government policies for upbringing information security industry from the dynamic point of view. For the purpose of simplicity, these policies are classified into three groups, and then the relative effectiveness of these policy groups is examined using System Dynamics. The three policy groups are composed of technology development policies (TDP), human resource development policies (HDP), and direct supporting policies for overseas expansion (DSP). From the result of the analysis, DSP appears to be the most effective and HDP is the second-best group. By the way, for successful carrying into effect of DSP, marketing manpower should be strengthen. However, current HDP has been focusing on the bringing up technical experts. Therefore, overseas marketing manpower should be reared as well as technicians. Also, the existing infrastructure for overseas expansion for other industries should be shared for DSP of information security industry, because this is essential for success of DSP in terms of timing and costing. Finally, in spite of its low effect, TDP should be maintained continuously. The importance of information security technology is increasing and some countries have already considered these technologies as a core of future national defense. Therefore, we should acquire the competitiveness for a few technologies through continuous development of selected technologies at least.

• Korean Security Journal
• /
• no.47
• /
• pp.139-165
• /
• 2016

In Mongolia, the regulation related to the private security industry, the Law on Contracted Private Security Services, was legislated relatively recently. The Law on Contracted Private Security Services was enacted into law in Mongolia 16 years ago, in 2000. This regulation has undergone two amendments since its inception. However, new revisions still need to be made to ensure that this regulation is in line with internationally accepted standards and practices. This paper compares the existing private security regulations of South Korea and Mongolia. The purpose of this comparative study was to identify the weaknesses of and problems in the Mongolian regulation and propose amendments to the Mongolian regulation. The comparative study of the two countries' regulations showed and underscored an imperative need to make further amendments to the Law on Contracted Private Security Services. Specifically, the weaknesses of and problems in the Mongolian regulation at issue include the following: the level of accuracy in defining certain legal terms and providing the proper names for various regulations; stipulations which set forth the procedure for registering a private security company; provisions regarding operating a private security company; the details of eligibility and accountability requirements concerning chief executives and security service officers; and the scope of work provisions. This study proposes constructive amendments to strengthen the Law on Contracted Private Security Services.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.33-54
• /
• 2016

In the modern society based on information and communication, which is exposed to the risks of a lot of information security breaches, corporate information assets may be an economical scale in a country. Most of damages derived from corporate technological information leak often occur in small and medium corporations. Although many information security managers in corporations have focused on certification systems such as information security management system, small and medium corporations are poorly aware of the information security, and their environments surrounding it should be also improved. In addition, it is difficult to expect spontaneous participations in it, since the sustainable information security management systems are often not forced to be certified. Thus, the purpose of this study is to examine plans to improve small and medium corporations' technological protections by using some component of the information security management system. On the basis of this examination, it also attempts to discuss some methods for effective and efficient information security in the small and medium corporations' technological protections.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.1
• /
• pp.69-78
• /
• 2015

Internet of Things(IoT) is electronic devices and household appliances use wireless sensor network in environment of high speed wireless network and LTE mobile service. The combination of the development of Internet and wireless network led to development of new forms of service such as electronic devices and household appliances can connect to the Internet through various sensors and online servers such as a Home Network. Even though Internet of Things is useful, there are problems in Internet of Things. In environment of Internet of Things, information leakage could happens by illegal eavesdropping and spoofing. Also illegal devices of wireless communication interference can cause interfere in Internet of things service, physical damage and denial of service by modulation of data and sensor. In this thesis, it will analyze security threats and security vulnerability in environment of mobile services and smart household appliances, then it will suggest plan. To solve security issues, it is important that IT and RFID sensor related companies realize importance of security environment rather than focus on making profit. It is important to develop the standardized security model that applies to the Internet of Things by security-related packages, standard certification system and strong encrypted authentication.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.59-69
• /
• 2016

We proposed a specialized model of performance measurement to measure the training performance of the trainees in cyber practical training. Cyber security professionals are cultivating their expertise, skills, and competencies through cyber practical training in specialized education and training institutions. The our proposed process of trainee evaluation is consisted of an evaluation component discovery, evaluation item selection, evaluation index catalog, ratings and criteria decision, and calculation formula. The trainee evaluation is consisted of a formative evaluation during the training and an overall evaluation after finished training. Formative evaluation includes progress evaluation and participation evaluation, and overall evaluation includes practice evaluation and learning evaluation. The evaluation is weighted according to the importance of evaluation type. Because it is evaluated actual skills and abilities, competencies are assigned a high weight, while knowledge and attitudes are assigned a low weight. If cyber security trainees are evaluated by the proposed evaluation model, cyber security professionals can be cultivated by each skill and knowledge level and can be deployed by importance of security task.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.2
• /
• pp.47-54
• /
• 2015

The popularity and adoption of smart-phones has greatly stimulated the spread of mobile malware, especially on the popular platforms such as Android. The fluidity of application markets complicate smart-phone security. There is a pressing need to develop effective solutions. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smart-phone application. Now, the analytical methods used mainly are the reverse engineering-based analysis and the sandbox-based analysis. Such methods are can be analyzed in detail. but, they take a lot of time and have a one-time payout. In this study, we develop a system to monitor that mobile application permissions at application update. We had to overcome a one-time analysis. This study is a service-based malware analysis, It will be based will be based on the mobile security study.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.103-111
• /
• 2017

Recently, new variants of Ransomware are becoming a new security issue. Ransomware continues to evolve to avoid network of security solutions and extort users' information to demand Bitcoin using social engineering technique. Ransomware is damaging to users not only in Korea but also in all around the world. In this thesis, it will present research solution to prevent and cope from damage by new variants Ransomware, by studying on the types and damage cases of Ransomware that cause social problems. Ransomware which introduced in this paper, is the most issued malicious code in 2016, so it will evolve to a new and more powerful Ransomware which security officers cannot predict to gain profit. In this thesis, it proposes 4 methods to prevent the damage from the new variants of Ransomware to minimize the damage and infection from Ransomware. Most importantly, if user infected from Ransomware, it is very hard to recover. Thus, it is important that users understand the basic security rules and effort to prevent them from infection.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.67-78
• /
• 2020

Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.89-97
• /
• 2014

Recently, spread of Smartphones caused activation of mobile services, because of that Big Data such as clouding service able to proceed with large amount of data which are hard to collect, save, search and analyze. Many companies collected variety of private and personal information without users' agreement for their business strategy and marketing. This situation raised social issues. As companies use Big Data, numbers of damage cases are growing. In this Thesis, when Big Data process, methods of analyze and research of data are very important. This thesis will suggest that choices of security levels and algorithms are important for security of private informations. To use Big Data, it has to encrypt the personal data to emphasize the importance of security level and selection of algorithm. Thesis will also suggest that research of utilization of Big Data and protection of private informations and making guidelines for users are require for security of private information and activation of Big Data industries.