• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.237-246
• /
• 2016

Recently various types of cyber attacks have occurred. The strategic goals & tactical means of these have evolved. Especially KHNP cyber attack was the type of hacktivism combined hack and psychological warfare. The cyber attackers have forecd the nation to participate in the cyber warfare and the government to make strategic decisions to the releases of confidential information and the threats of stopping KHNP. In this paper, we would like to study the effective strategic decision-making model utilizing the game theory and including an attack intelligence on open policy Decision framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1607-1620
• /
• 2015

The server privilege account must be operated through law and regulation. However, due to regulation non-compliance and inadequate operation on financial company server privilege, an incident that every server data being deleted by hacker occur which is later being named as 'NH Bank Cyber Attack'. In this paper, the current operation status on financial company privilege accounts is being analysed to elicit problems and improvement. From the analysis, important evaluation factors will be also selected and applied generating the decision making model for financial company server privilege account operation. The evaluation factor deducted from privilege account status analysis will be used to present and verify the decision making model and formula through AHP(Analytic Hierarchy process).

• Journal of KIISE:Information Networking
• /
• v.30 no.6
• /
• pp.776-786
• /
• 2003

Security Evaluation System is a system that evaluates the security of the entire enterprise network domain which consists of various components and that supports a security manager or a Security Management System in making decisions about security management of the enterprise network based on the evaluation. It helps the security manager or the security management system to make a decision about how to change the configuration of the network to prevent the attack due to the security vulnerabilities of the network. Security Evaluation System checks the “current status” of the network, predicts the possible intrusion and supports decision-making about security management to prevent the intrusion in advance. In this paper we analyze the requirements of the Security Evaluation System that automates the security evaluation of the enterprise network which consists of various components and that supports decision-making about security management to prevent the intrusion, and we propose a design for it which satisfies the requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1595-1606
• /
• 2015

Risk analysis is utilized in devising measures to manage information security risk to an acceptable level. In this risk management decision-making, the visualization of risk is important. However, the pre-existing risk visualization method is limited in visualizing risk factors three-dimensionally. In this paper, we propose an improved risk visualization method which can facilitate the identification of risk from the perspective of confidentiality, integrity, and availability respectively or synthetically. The proposed method is applied to an enterprise's risk analysis in order to verify how effective it is. We argue that through the proposed method risk levels can be expressed three-dimensionally, which can be used effectively for information security decision-making process for internal controls.

• Convergence Security Journal
• /
• v.9 no.1
• /
• pp.39-44
• /
• 2009

To get legitimacy of a security investment, the analysis of ROI about the security investment is required. In this paper, we suggest a practical quantitative model with considering factors that do decision-making of optimized security investment difficult. This model makes use of the value of a residual risk to decide the best information security solution and considers a corelation of response techniques of the information security solution against each threat to do exact decision-making.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2004.10a
• /
• pp.147-157
• /
• 2004

Enterprises and governments currently utilize COTS based information systems which are a kind of component based systems. Especially, COTS are widely utilized as information security systems and information systems including information security functions. This paper suggests an appropriate adaptation level of security functional components and a cost effective priority among them. To make a cost effective decision on adapting security functional components, this paper develops a hierarchical model of information security technologies and analyzes findings through multiple decision-making criteria.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.307-315
• /
• 2022

The review of known decision-making support systems and technologies regarding the possibility of donation and transplantation showed that currently there are no systems and technologies of decision-making support regarding the possibility of donation and transplantation considering civil law. The paper models the decision-making support process regarding the possibility of donation and transplantation, which is a theoretical basis for the development of rules, methods and technology of decision-making support regarding the possibility of donation and transplantation considering civil law. The paper also developed the technology of decision-making support regarding the possibility of donation and transplantation considering civil law as a component of the Unified State Information System for Organ and Tissue Transplantation, which automatically and free of charge determines the possibility/impossibility of donation and transplantation. In the case of the possibility of donation, the admissible type of donation is also determined - over-life or after-life donation - and data about potential donor is entered in the relevant Donor Register. In the case of the possibility of transplantation, if the recipient needs a transplant of one of the paired organs or a part of the organ/tissue, then data about potential recipient are entered in the Transplantation List from both over-life and after-life donor, otherwise, if the recipient needs a transplant of a non-paired organ or both paired organs, then data about potential recipient are entered only in the Transplantation List from after-life donor.

• Korean Security Journal
• /
• no.43
• /
• pp.121-145
• /
• 2015

This study aims to define structural relations of security science majors' career satisfaction, career identity and career decision-making self efficacy. In addition, as confirming immediate effects, indirect effects as well as total effects, the study offers basic materials for reasonable career exploration and career program development. In order to achieve the research goals above, the study conducted a survey targeting a total of 239 college students specializing in security science and carried out a structural equation model analysis. Findings of the research are summarized as follows. First of all, major satisfaction turned out to have significant influences on career decision, career certainty and career interest. Second of all, the study found out that both relationship satisfaction and general satisfaction are significantly connected with career decision and career certainty. Third of all, social awareness appeared to have a significant influence on career interest. Fourth of all, the study learned that in terms of career decision and career certainty, they are all significantly related to problem solving, information collection and plan development. As for career interest, the study noticed how significantly if affects both problem solving and information collection. Fifth of all, major satisfaction was observed to have mediating effects on problem solving and information collection through career decision. Sixth of all, via career certainty, major satisfaction has mediating effects on problem solving as well as information collection. Seventh of all, when it comes to relationship satisfaction, it has mediating effects on problem solving, information collection and plan development through career interest. Eighth of all, career decision helps general satisfaction have mediating effects on problem solving and information collection. Focusing on the research results above, the study discussed implications in relation to security science including advices for any follow-up researches.

• Journal of Digital Convergence
• /
• v.19 no.9
• /
• pp.75-81
• /
• 2021

The purpose of this research is to derive and evaluate priorities for critical factors that must be determined before an enterprise adopts a cloud computing service. AHP analysis techniques were used to reflect decisions made by experts as research methods. AHP is a decision-making technique that expresses complex decision-making problems hierarchically and derives the best alternatives through pairwise comparison between the items of the hierarchy. Compared to the existing statistical decision making techniques, the decision making process is systematic and simple, making it easy to understand. In addition, the procedure is also reasonable by providing an indicator to determine the consistency of the decision maker in the analysis process. The analysis results of this research showed that security was the first priority, reliability was the second priority, and economic efficiency was the third priority. Among the factors in the first-priority security items, the access control rights and the safety factors of external threats are the most important factors. Research results can be used as a guideline in future practice, and it is necessary to evaluate, compare and analyze the satisfaction of companies that have adopted cloud computing services in the future.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.3
• /
• pp.579-588
• /
• 2009

Enterprises and governments currently utilize COTS (Commercial off-the-Shelf) based information systems which are a kind of component based systems. Especially, COTS are widely utilized as components of information security systems and information systems. This paper suggests an appropriate adaptation level and a cost effective priority to replace security functional components in security environment. To make a cost effective decision on adapting security functional components, this paper develops a hierarchical model of information security technologies and analyzes findings through multiple decision-making criteria.