• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1083-1095
• /
• 2021

With the recent increase in users' dependence on the Internet and the spread of various IT devices, the influence of information security on the users' has expanded compared to the past. Therefore, it is expected to have an increased influence on information security in personal life. In addition, as the intrusion factors that threaten security continue to become more advanced and diversified (eg., fake news, cyberbullying, identity theft), the need for nurturing information security experts is increasing. Furthermore, not only corporate information security workers, but also all individuals, cannot be free from the threat of information security. Therefore, it is necessary to prepare various information security education to improve information security awareness and induce proactive information security behaviors. In this study, characteristics of domestic and foreign information security education courses are analyzed and provide a standardized framework for information security education applicable to the domestic environment.

• The Journal of the Korea Contents Association
• /
• v.14 no.1
• /
• pp.386-399
• /
• 2014

Following the heightened facilitation of information system in the education field, educational institutions encounter frequent information security infringement accidents. However there is insufficient education for persons in charge of information security duties in educational institutions. This study aims to analyze differences of knowledge and skills required for information security professionals in educational institutions by institution type, service area and duty. Based on the results of multidimensional scaling on survey data, this study presents the information security education framework for educational institutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.143-152
• /
• 2009

Successful industries that have maintained their competitiveness are characterized by well-established skills framework system. Skills framework establishes the agreed-upon, industry-identified knowledge, skills and abilities required to succeed in the workplace. Skills framework forms a solid foundation for the development of outcomes-based instruction and assessment, thus it benefits industry, students, educators and government. Each group has a major stake in the education of our students and in the efficient development of a productive workforce. Particularly in fast-changing fields like information security, relevant data that accurately reflect current and future knowledge and skills enable timely direction of resources, development and revision of industry-relevant curriculum, and efficient development of career information and job profiles. Skills framework occupies an indispensable position in any dialog concerning education or training in technical fields. In this study, we develop the skills framework for information security professionals.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.11
• /
• pp.75-84
• /
• 2018

Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.105-129
• /
• 2019

Purpose Issues related to information security have been a crucial topic of interest to researchers and practitioners in the IT/IS field. This study develops a research model based on a Structure-Conduct-Outcome (SCO) framework for the social exchange relationship between employees and organizations regarding information security. Design/methodology/approach In applying an SCO framework to information security, structure and conduct are activities imposed on employees within an organizational context; outcomes are activities that protect information security from an employee. Data were collected from 438 employees working in manufacturing and service firms currently implementing an information security policy in South Korea. Structural equation modeling (SEM) with AMOS 22.0 is used to test the validation of the measurement model and the proposed casual relationships in the research model. Findings The results demonstrate support for the relationships between predicting variables in organization structure (security policy and physical security system) and the outcome variables in organization conduct (top management support, security education program, and security visibility). Results confirm that the three variables in organization conduct had a positive effect on individual outcome (security knowledge and compliance intention).

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1879-1888
• /
• 2017

The Internet of Things (IoT) environment has been gradually approaching reality, and although it provides great convenience, security threats are increasing accordingly. For the IoT environment to settle safely, careful consideration of information security is necessary. Although many security measures in the design and development stages of IoT products have been studied thus far, apart from them, the establishment of systems and countermeasures for post management after the launch of IoT products is also very important. In the present paper, a technical and policy post-security management framework is proposed to provide secure IoT environments. The proposed framework defines the concrete response procedures of individual entities such as users, manufacturers, and competent authorities in the case of the occurrence of security flaws after launching IoT products, and performs appropriate measures such as software updates and recalls based on an assessment of the risk of security flaws.

• The Journal of Korean Association of Computer Education
• /
• v.17 no.6
• /
• pp.71-80
• /
• 2014

Accidents for information disclosure occurred in a steady increase, so many information security department has been established recently. But there was a lack of differentiation between department of IT department and they cannot train appropriate students for companies. This research examined the Workforce framework and competencies, the related research for improving information security curriculum. And then this research analyzed status and characteristics of the curriculum to the information security department, based on the Workforce framework and competencies presented by NICE. The result of the research confirmed that the current curriculum mainly consists of courses dealing with development of products that secure information, so the curriculum is needed to improve by focusing on workforce framework competencies. The result will be utilized as fundamental research for improving the curriculum of information security major in the future.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.268-282
• /
• 2022

One of the most important technologies today is augmented reality technology, it allows users to experience the real world using virtual objects that are combined with the real world. This technology is interesting and has become applied in many sectors such as the shopping and medicine, also it has been included in the sector of education. In the field of education, AR technology has become widely used due to its effectiveness. It has many benefits, such as arousing students' interest in learning imaginative concepts that are difficult to understand. On the other hand, studies have proven that collaborative between students increases learning opportunities by exchanging information, and this is known as Collaborative Learning. The use of multimodal creates a distinctive and interesting experience, especially for students, as it increases the interaction of users with the technologies. The research aims at developing collaborative framework for developing achievement of 6th graders through designing a framework that integrated a collaborative framework with a multimodal input "hand-gesture and touch", considering the development of an effective, fun and easy to use framework with a multimodal interaction in AR technology that was applied to reformulate the genetics and traits lesson from the science textbook for the 6th grade, the first semester, the second lesson, in an interactive manner by creating a video based on the science teachers' consultations and a puzzle game in which the game images were inserted. As well, the framework adopted the cooperative between students to solve the questions. The finding showed a significant difference between post-test and pre-test of the experimental group on the mean scores of the science course at the level of remembering, understanding, and applying. Which indicates the success of the framework, in addition to the fact that 43 students preferred to use the framework over traditional education.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.151-155
• /
• 2021

The article is based on a model, in the context of which there are two fundamental building blocks of basic library skills and skills in the use of information technology. The former are formed within the framework of educational programs for users of academic libraries, the latter are formed within the framework of initiatives such as the European Computer Driving License. Between the basic and the highest levels of the concept of "information literacy" there are seven heading skills and attributes, the repeated practice of which leads from the position of a competent user to an expert level of reflection and critical awareness of information as an intellectual resource. Freshmen will likely be at the beginning of the arrow, probably practicing only the first four skills, while graduate students and young scientists will be closer to the end and will use seven skills.

• International Journal of Computer Science & Network Security
• /
• v.21 no.2
• /
• pp.21-39
• /
• 2021

The acceptance of smartphone applications in the learning field is one of the most significant challenges for higher education institutions in Saudi Arabia. These institutions serve large and varied sectors of society and have a tremendous impact on the knowledge gained by student segments at various ages. M-learning is of great importance because it provides access to learning through a wide range of mobile networks and allows students to learn at any time and in any place. There is a lack of quality requirements for M-learning applications in Saudi societies partly because of mandates for high levels of privacy and gender segregation in education (Garg, 2013; Sarrab et al., 2014). According to the Saudi Arabian education ministry policy, gender segregation in education reflects the country's religious and traditional values (Ministry of Education, 2013, No. 155). The opportunity of many applications would help the Saudi target audience more easily accept M-learning applications and expand their knowledge while maintaining government policy related to religious values and gender segregation in the educational environment. In addition, students can share information through the online framework without breaking religious restrictions. This study uses a quantitative perspective to focus on defining the technical aspects and learning requirements for distributing knowledge among students within the digital environment. Additionally, the framework of the unified theory of acceptance and use of technology (UTAUT) is used to modify new constructs, called application quality requirements, that consist of quality requirements for systems, information, and interfaces.