• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.4
• /
• pp.71-84
• /
• 2019

Various researchers conducted the research on two-factor authentication suitable for wireless sensor networks (WSNs) after Das first proposed two-factor authentication combining the smart card and password. After then, To improve the security of user authentication, elliptic curve cryptography(ECC)-based authentication protocols have been proposed. Jiang et al. proposed a privacy-aware two-factor authentication protocol based on ECC for WSM for resolving various problems of ECC-based authentication protocols. However, Jiang et al.'s protocol has the vulnerabilities on a lack of mutual authentication, a risk of SID modification and a lack of sensor anonymity, and user's ID exposed on sensor node Therefore, this paper proposed security enhanced privacy-aware two-factor authentication protocol for wireless sensor networks to solve the problem of Jiang et al.'s protocol, and security analysis was conducted for the proposed protocol.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.17 no.4
• /
• pp.77-83
• /
• 2021

As Open Source Software(OSS) recently invigorates, many companies actively use the OSSes in their business software. With such OSS invigoration, our web application is developed in order to provide the safety in using the OSSes, and update the information on the new vulnerabilities and the patches at all times by crawling the web pages of the relevant OSS home pages and the managing organizations of the vulnerabilities. By providing the updated information, our application helps the OSS users and developers to be aware of such security issues, and gives them to work in the safer environment from security risks. In addition, our application can be used as a security platform to greatly contribute to preventing potential security incidents not only for companies but also for individual developers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.155-165
• /
• 2018

As medical healthcare industry is growing up rapidly these days, providing various new healthcare service is considered carefully. Health information is considered to be more important than financial information; therefore, protecting health information becomes a very significant task. Ransomware is now targeting industry groups that have high information value. Especially, ransomware has grown in various ways since entering maturity in 2017. Healthcare industry is highly vulnerable to ransomeware since most healthcare organizations are configured in closed network with lack of malware protection. Only meeting the security criteria is not the solution. In the case of a successful attack, restoration process must be prepared to minimize damages as soon as possible. Ransomware is growing rapidly and becoming more complex that protection must be improved much faster. Based on ISO 27799 and 27002 standard, we extract and present security measures against advanced ransomware to maintain and manage healthcare system more effectively.

• Korean Security Journal
• /
• no.9
• /
• pp.133-153
• /
• 2005

The suggestions that follow are about the effectual operating device for private security service. First, in legal and institutional policy, new establishment by law for private security and more support from government is asked. Moreover, the restructuring or M&A between petty companies and the pricing for security service should be performed. Second, in the structural aspect of private security industry, the professional education center for private security guards should be established and the terms of payment and welfare should be improved to the level above standard. In addition, it should be achieved to change the public to have a new and correct understanding of private security and develop the specialized parts suited to the characteristic and ability of each companies. Third, the construction of operating system for private security service should be achieved; recruit system for competent security guards, marketing strategy and enforcement system, widely known confidence to client, normal training system for security guards and post management system for client. This is also to be suited to the characteristic of each companies.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.25-32
• /
• 2020

In the midst of the rising need for Industrial Security experts, the development of National Competency Standards(NCS) with regards to industrial security is a very important and urgent task. The NCS standardizes university-level academic curriculum and qualification systems and connects them with the industry's needs. This study has extracted, classified and analyzed security-related jobs and tasks requiring security expertise that is required within NCS. Through this study, many tasks have been confirmed to require security competencies that are different from those in IT-security, physical security that already exist as a NCS tasks. It is expected that the industry's needs of industrial security expertise will be reflected in future NCS development, which will be used as basic data for systematizing industrial security jobs and competency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.143-152
• /
• 2009

Successful industries that have maintained their competitiveness are characterized by well-established skills framework system. Skills framework establishes the agreed-upon, industry-identified knowledge, skills and abilities required to succeed in the workplace. Skills framework forms a solid foundation for the development of outcomes-based instruction and assessment, thus it benefits industry, students, educators and government. Each group has a major stake in the education of our students and in the efficient development of a productive workforce. Particularly in fast-changing fields like information security, relevant data that accurately reflect current and future knowledge and skills enable timely direction of resources, development and revision of industry-relevant curriculum, and efficient development of career information and job profiles. Skills framework occupies an indispensable position in any dialog concerning education or training in technical fields. In this study, we develop the skills framework for information security professionals.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.43-51
• /
• 2016

In the 1980s, private security was established in the framework of institutional framework with the Security Industry Act which was enacted in 1976. The agents who brought in the development of the private sector in 1980 enjoyed a boom in the global economy, affected by its high-flying dollar value, low international interest rate, low oil prices, and the blooming economy. In addition, the semiconductor, computers and communications equipment that was promoted in accordance with the e-Literacy plan were raised. Following the economic development of various events such as Seoul International Trade Fair, "86 Asian Games," and "88 Seoul Olympic Games," private security expenses were enhanced by increasing awareness of civilian expenses. Also, in the 1980s, Korean investment in foreign companies, including Japan's Secom, or Korean technology, brought many changes to the private security. Meanwhile, the cost of security, which has been centered around human expenses, has brought about the era of mechanized spending, or machine security expenses. The purpose of this study is to systematically analyze the social environment surrounding the private security in the 1980s and systematically analyze the important factors that contribute to private security.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.38 no.4
• /
• pp.193-201
• /
• 2015

Corporation's valuable intelligent asset is being threatened from the skills of threatening subject that has been evolved along with the growth of the information system and the amount of the information asset. Domestically, attempts of various private information attacks, important information extortion, and information damage have been detected, and some of them have abused the vulnerability of security of information system, and have become a severe social problem that generates security incident. When accessing to the security, most of companies used to establish a strategy with a consistent manner and a solution plan. However, this is not a proper way. The order of priorities vary depending on the types of business. Also, the scale of damage varies significantly depending on the types of security incidents. And method of reaction and critical control point vary depending on the types of business and security incidents. In this study, I will define the security incidents by their types and preponderantly examine how one should react to those security incidents. In this study, analyzed many types of security accidents that can occur within a corporation and an organization considering various factors. Through this analysis, thought about factors that has to be considered by corporations and organizations when they intend to access to the information security. This study focuses on the response methodology based on the analysis of the case analysis of the leakage of industrial secret and private secret other than the conceptual response methodology that examines the way to prevent the leakage of the industry security systems and the industry information activities. And based on these factors, want to be of help for corporations to apply a reasonable approach when they establish a strategy to information security.

• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.113-124
• /
• 2019

Today many companies are offering IoT-enabled products and place emphasis on security from the planning stage to protect their products and user information from external threats. The present security levels, however, remain low because the time and resources invested in developing security requirements for each device are far from enough to meet the needs of a wide range of IoT products. Nevertheless, vulnerabilities of IoT devices have been reported continuously, which calls for more detailed security requirements for home IoT devices. In this context, this research identified threats of home IoT systems by using Microsoft Threat Modeling Tool. It then suggested measures to enhance the security of home IoT devices by developing security assessment items through comparative analysis of the identified threats, domestic and global vulnerability assessment standards and related research. It also verified the effectiveness of the developed security requirements by testing them against the existing ones, and the results revealed the security requirements developed in this research proved to be more effective in identifying vulnerabilities.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.1
• /
• pp.51-61
• /
• 2011

A smartphone is a mobile phone that offers more advanced computing ability and connectivity than a contemporary basic feature phone. Unlike feature phone, a smartphone allows the user to install and run more advanced applications based on a specific platform. Smartphones run complete operating system software providing a platform for application developers. A smartphone will become the default computing method for many point activities in the not-too-distant future, such as e-mail, online shopping, gaming, and even video entertainment. For smartphone that contains sensitive information and access the Internet, security is a major issue. In the 1980s, security issues were hardly noticed; however, security is a major issue for users today, which includes smart phones. Because security is much more difficult to address once deployment and implementation are underway, it should be considered from the beginning. Recently our government recognized the importance of smartphone security and published several safety tips for using the smartphone. However, theses tips are user-oriented measures. Maintaining the security of a smartphone involves the active participation of the user. Although it is a important users understand and take full advantage of the facilities afforded by smarphone, it is more important developers distribute the secure smartphone application through the market. In this paper we describe some scenarios in which user is invaded his/her privacy by smartphone stolen, lost, misplaced or infected with virus. Then we suggest the security considerations for securing smartphone applications in respect with developers. We also suggest the methods applying domestic encryption algorithms such as SEED, HIGHT and ARIA in developing secure applications. This suggested security considerations may be used by developers as well as users (especially organizations) interested in enhancing security to related security incidents for current and future use of smartphones.