• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.229-239
• /
• 2014

Smartwork technology, using teleworking, smartwork centers and mobile terminal, provides a flexible work environments without constraints of time and space. Smartwork system to increase the work efficiency has the information protection threats according to their convenience. Thus, in order to build smartwork, it is proper to provide information protection audit to help ensure the information protection. In this paper, we have proposed an infortaion protection audit model at the practical and technical level for building a smartwork environment. We were classified as a terminal, network and server area for information protection, and derived a professional information protection check items. Further, by establishing a smartwork information protection audit time to map ISMS control items, we have proposed an audit model so that it is possible to improve the security and efficiency. It also verified whether the proposed model is suitable or not by doing a survey if deduced audit domain and check items correspond with the purpose of the smartwork information protection audit to auditors and IT specialists. As the result, this study was 97% satisfaction out of 13 check items.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.634-644
• /
• 2009

A diversity of wireless networks, with rapidly evolving wireless technology, are currently in service. Due to their innate physical layer vulnerability, wireless networks require enhanced security components. WLAN, WiBro, and UMTS have defined proper security components that meet standard security requirements. Extensive research has been conducted to enhance the security of individual wireless platforms, and we now have meaningful results at hand. However, with the advent of ubiquitous service, new horizontal platform service models with vertical crosslayer security are expected to be proposed. Research on synchronized security service and interoperability in a heterogeneous environment must be conducted. In heterogeneous environments, to design the balanced security components, quantitative evaluation model of security policy in wireless networks is required. To design appropriate evaluation method of security policies in heterogeneous wireless networks, we formalize the security properties in wireless networks. As the benefit of security protocols is indicated by the quality of protection (QoP), we improve the QoP model and evaluate hybrid security policy in heterogeneous wireless networks by applying to the QoP model. Deriving relative indicators from the positive impact of security points, and using these indicators to quantify a total reward function, this paper will help to assure the appropriate benchmark for combined security components in wireless networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.883-899
• /
• 2012

This study will propose the policy priorities of cyber information security by AHP(Analytic Hierarchy Process) survey. The policy categories for AHP survey consist in the foundation of information security and activity of information security(1st hierarchy). In the second hierarchy, the foundation of information security was classified into laws-system, human resources, h/w-s/w technology and sociocultural awareness. And the activity of information security was divided into infrastructure protection, privacy protection, related industry promotion, and national security. Information policy alternatives were composed of 16 categories in the third hierarchy. According to the AHP result, in the perspective of policy importance, the modification of related laws was the first agenda in the policy priority, better treatment of professionals was the second, and the re-establishment of policy system was the third. In the perspective of policy urgency, the re-establishment of policy system was the first item, the modification of related laws was the second, and better treatment of professionals is the third.

• Informatization Policy
• /
• v.21 no.3
• /
• pp.56-84
• /
• 2014

ICT development has led the government to provide more personalized services which means that the government has to collect more private information to satisfy the information demand from citizen. It is a dilemma because the more tailored information services may arise conflict against the right of private information protection which is one of the side effect by ICT. In this study, we analyzed the case of NEIS which still represents the issue of privacy conflict among each stakeholder's perspectives. To analyze the case, we used the frame analysis which is used as a tool for analyzing the case of public conflict. Through the analyses and discussions, we found the policy implication for the future ICT policies which can mediate the conflict between a data opening and the protection of privacy. Finally, we suggest a new governance approach for the better ICT policy contrary to top-down approach.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4163-4183
• /
• 2021

As measures for protecting users and ensuring security of electronic financial transactions, such as online banking, financial institutions in South Korea have implemented network segregation policies. However, a revision of such domain-centered standardized network segregation policies has been increasingly requested because of: 1) increased demand for remote work due to changes resulting from COVID-19 pandemic; and 2) the difficulty of applying new technologies of fintech companies based on information and communications technologies (ICTs) such as cloud services. Therefore, in this study, problems of the remote work environment arising from the network segregation policy currently applied to the financial sector in South Korea and those from the application of new ICTs such as fintech technology have been investigated. In addition, internal network protection policies of foreign financial sectors, such as those of the United States, United Kingdom, European Union, and Russia, and internal network protection policies of non-financial sectors, such as control systems, have been analyzed. As measures for the effective improvement of the current network segregation policy, we propose a policy change from domain-based to data-centric network segregation. Furthermore, to resolve threats of hacking at remote work, recently emerging as a global problem due to COVID-19 pandemic, a standard model for remote work system development applicable to financial companies and a reinforced terminal security model are presented, and an alternative control method applicable when network segregation is not applied is proposed.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.13 no.3
• /
• pp.110-116
• /
• 2005

TSA needs to be more transparent with the new passenger screening system and its functioning to build the citizen trust. The system is needed to be not only effective but supported by Congress and the general public. Until this occurs, skepticism will underlie any discussion about its effectiveness in balancing the protection from terrorism with respect to individual liberties. CAPPS II can be a viable system if it is developed appropriately. The objectives of the study are to introduce the security program in the U.S. aviation security policy and to discuss privacy problems when it applies. Korea also needs to study a harmonious plan with the basis of global approach mind in the case of considering the transferring of passenger information from other states for the purpose of security.

• Information Systems Review
• /
• v.22 no.2
• /
• pp.101-120
• /
• 2020

This study investigates the effects of privacy psychological characteristics of B2C logistics services users on their willingness to comply with their logistics companies' information protection policy. Using cognitive valence theory as a theoretical framework, this study proposes a research model to examine the relationships between users' logistics security knowledge, privacy trust, privacy risk, privacy concern, and their willingness of information protection policy compliance. To test the proposed model, we conducted a survey from actual users of logistics services and collected valid 151 samples. We analyzed the data using a structural equation modeling software. The empirical results show that logistics security knowledge positively affects privacy trust; privacy concern positively influences privacy risk; privacy trust, privacy risk, and privacy concern positively influence behavioral willingness of compliance. However, logistics security knowledge does not affect behavioral willingness of compliance. The results of the study provide several contributions to the literature of B2C logistics services domain and managerial implications to logistics services companies.

• Ocean and Polar Research
• /
• v.27 no.2
• /
• pp.171-179
• /
• 2005

Korea has many underwater cultural heritages within the east, west and south seas surrounding the Peninsula that indicate historically important sealanes for trade and transportation. As these underwater cultural heritages are the objects of despoilment because of their relatively easy access through modern technology, their often high historical and priceless value demands strong protection similar to or better than the land cultural properties. Currently, Korea does not have any concrete laws or regulations for the protection of underwater cultural heritages. Thus, these heritages iu, somewhat temporary and inappropriately subjected to laws and regulations relating to provisions of individual Laws concerning protection of cultural properties act, and statute of excavation of material fir buried national property, lost articles act etc.. Internationally, the UNESCO Convention on the Protection of the Underwater Cultural Heritage was adopted but not yet entered into force. Therefore, the protection of underwater cultural heritage has become an urgent matter. In this regard, this article's main purpose is to provide recommendations for improving direction of legal regime and policy for protecting our underwater cultural heritages. These legal regimes need provisions for definition of the underwater cultural heritage, scope of application, ownerships, jurisdictions and protection measures. And suggestions are provided in regard to policies for the protection of underwater cultural heritages that may improve organization and cooperation among concerned ministries and agencies, compensation system, restrictions for excavation of underwater relics, efficiency of survey of underwater surface and information system.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.7 no.1
• /
• pp.219-227
• /
• 2017

Current military command information system uses electronic equipment a lot on which semiconductor chip is attached. It seems its' importance will increase more with latest information communication technology developing. Electronic equipment which uses electricity contains regular tolerance to high output electric signal. And EMC specification is the standardized of this electronic equipment's tolerance. On the other hand, the Institute of Atomic Energy Research has ever declared that high output electromagnetic pulse(EMP) will be broken out within the radius of 170Km when 10kt nuclear explosion occurs at an altitude of 40Km above Seoul. Then, the region suffer from the damage of most electronic equipments. Therefore, the norm to protect the influences in that case is defined by EMP protection specification. Most common electronic equipments meet the EMC norm, but there is no way to check whether they meet the EMP norm or not. That is because it is difficult to check whether they meet EMP protection norm and is on the matter of cost. Except inevitable cases, there is no review of checking whether they meet the norm or not. Considering the above, in this research, we speculate about the measures to improve military EMP protection ability by analyzing the EMC-EMP correlation and checking the EMP protection ability of general electronic equipment through the analysis.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.5
• /
• pp.2394-2406
• /
• 2016

ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). In our scheme, data receiver can decrypt the ciphertext if the attributes he owns match with the self-centric policy which is set by the data owner. Besides, a unique identifier is embedded into each user's private key. If a malicious user exposes his private key for illegal data sharing, his identity can be exactly pinpointed by system manager. The key-insulation mechanism guarantees forward and backward security when key exposure happens as well as provides efficient key updating for users in the cloud system. The higher efficiency with proved security make our KI-CPABE-KEA more appropriate for secure data sharing in cloud computing.