• 정보보호학회논문지
• /
• 제31권5호
• /
• pp.1083-1095
• /
• 2021

최근 사용자의 인터넷 의존성 증가와 각종 IT 디바이스의 보급과 확산에 따라, 과거에 비하여 개인 생활 전반에 정보보호가 미치는 영향력이 확대되었다. 이와 더불어 보안을 위협하는 침해 요인들이 지속적으로 복잡, 다양해지고 가짜뉴스 확산, 온라인 신분 도용, 사이버 불링 등을 비롯한 개인의 안전한 온라인 환경을 위협하는 요소들이 사회적으로 증가함에 따라, 정보보호 전문 인력 양성의 필요성이 증가하고 있다. 나아가 기업의 정보보호 업무 종사자 이외에 사회의 모든 구성원이 정보보안의 위협에서 자유로울 수 없게 됨에 따라, 개인의 정보보호에 대한 인식 제고와 자발적인 정보보호 행동을 유도하기 위한 다양한 정보보호 교육 과정의 마련이 필요하다. 따라서, 본 연구에서는 현재 이루어지고 있는 국내·외 정보보호 교육 과정의 현황과 특징에 대하여 분석한다. 이를 통하여 정보보호 교육 필요성과 교육 체계 수립의 전략을 모색하여 본 연구에서는 국내 환경에 적용 가능한 정보보호 교육 표준 프레임워크를 제시하고자 한다. 이는 개인의 정보보호 인식과 지식 수준을 제고하여 국내 정보보호 전문 인력 양성과 더불어 개인과 조직, 사회 전반의 정보보안 수준을 향상시켜 국가 경쟁력 향상에 기여할 것으로 판단된다.

• 한국콘텐츠학회논문지
• /
• 제14권1호
• /
• pp.386-399
• /
• 2014

교육 분야에서의 정보시스템 활용도가 높아짐에 따라 교육기관 및 관련기관에서의 개인정보유출 등의 보안사고가 빈번하게 발생하고 있지만, 교육기관의 정보보호 업무자의 현황을 파악하고 이를 체계적으로 관리할 수 있는 교육훈련은 미흡한 실정이다. 본 논문에서는 정보보호 교육의 필요성이 대두되고 있는 국내 교육관련기관 종사자의 기관유형, 근무지역, 담당직무별로 요구되는 정보보호 분야 지식 및 기술에 차이가 있는지를 정보보호 업무자 대상의 설문결과에 대한 다차원척도법(MDS) 분석을 통해 검증하고, 이를 토대로 교육관련기관의 정보보호 교육 프레임워크를 설계하여 제시하였다.

• 정보보호학회논문지
• /
• 제19권3호
• /
• pp.143-152
• /
• 2009

정보보호 전문인력을 정의하고 양성하기 위해서는 무엇보다도 정보보호업무 전반을 체계화하여 표준화한 '직무체계'를 개발하고, 직무체계에 기반하여 인력을 어떻게 교육할 것인가를 정하는 교육과정 및 직무분석이 필요하다. 정보보호 분야의 직무를 정의하고 표준화함으로써 인력의 직무능력을 표준화하고 직무수행을 위해 필요한 지식 및 기술에 대한 정의가 가능해짐으로써 보다 실무 지향적인 전문인력의 양성이 가능할 것으로 기대된다. 직무체계(Skills Framework)란 산업현장의 직무에 근거하여 직무분류 및 직무수준을 설정하고 직무수준별 수행기준을 제시하는 것으로써, 현장 수요에 기초한 교육훈련과정의 개발, 자격 및 인력수급 체계 등을 위한 인프라 정비의 핵심 요소이다. 따라서, 본 논문에서는 정보보호산업의 발전을 이끌어갈 실수요에 기반한 체계적인 '정보보호 전문인력'의 중급을 위해서는 무엇보다도 표준화된 직무체계의 개발이 시급하다고 인식하고, 정보보호 분야의 직무체계를 개발하여 제시하고자 한다.

• 한국컴퓨터정보학회논문지
• /
• 제23권11호
• /
• pp.75-84
• /
• 2018

Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

• 한국정보시스템학회지:정보시스템연구
• /
• 제28권4호
• /
• pp.105-129
• /
• 2019

Purpose Issues related to information security have been a crucial topic of interest to researchers and practitioners in the IT/IS field. This study develops a research model based on a Structure-Conduct-Outcome (SCO) framework for the social exchange relationship between employees and organizations regarding information security. Design/methodology/approach In applying an SCO framework to information security, structure and conduct are activities imposed on employees within an organizational context; outcomes are activities that protect information security from an employee. Data were collected from 438 employees working in manufacturing and service firms currently implementing an information security policy in South Korea. Structural equation modeling (SEM) with AMOS 22.0 is used to test the validation of the measurement model and the proposed casual relationships in the research model. Findings The results demonstrate support for the relationships between predicting variables in organization structure (security policy and physical security system) and the outcome variables in organization conduct (top management support, security education program, and security visibility). Results confirm that the three variables in organization conduct had a positive effect on individual outcome (security knowledge and compliance intention).

• 전기학회논문지
• /
• 제66권12호
• /
• pp.1879-1888
• /
• 2017

The Internet of Things (IoT) environment has been gradually approaching reality, and although it provides great convenience, security threats are increasing accordingly. For the IoT environment to settle safely, careful consideration of information security is necessary. Although many security measures in the design and development stages of IoT products have been studied thus far, apart from them, the establishment of systems and countermeasures for post management after the launch of IoT products is also very important. In the present paper, a technical and policy post-security management framework is proposed to provide secure IoT environments. The proposed framework defines the concrete response procedures of individual entities such as users, manufacturers, and competent authorities in the case of the occurrence of security flaws after launching IoT products, and performs appropriate measures such as software updates and recalls based on an assessment of the risk of security flaws.

• 컴퓨터교육학회논문지
• /
• 제17권6호
• /
• pp.71-80
• /
• 2014

최근 사이버테러 및 개인정보유출 등의 정보보안관련 이슈가 대두됨에 따라 정보보호 인력 양성을 위해 많은 정보보호관련 학과가 신설되고 있다. 하지만 컴퓨터공학 등의 기존 IT 학과와의 차별성이 부족하고 실제 현장에서 원하는 인재를 양성하지 못하고 있는 실정이다. 이러한 문제를 개선하기 위해 정보보호 직무체계와 각 직무에 필요한 역량 및 기술들을 제시한 기존의 연구를 조사했다. 그리고 미국의 NICE에서 제시된 역량을 중심으로 국내 대학 정보보호관련 학과의 교육과정을 분석했다. 그 결과 정보보호 제품을 개발하는 분야를 위주로 교육과정이 편성되어 있는 것을 확인했고 교육과정이 정보보호 직무체계별 역량을 중심으로 개선할 필요가 있었다. 이 결과를 통해 이후 정보보호 학과의 교육과정 개선을 위한 기초 연구로 활용되고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제22권7호
• /
• pp.268-282
• /
• 2022

One of the most important technologies today is augmented reality technology, it allows users to experience the real world using virtual objects that are combined with the real world. This technology is interesting and has become applied in many sectors such as the shopping and medicine, also it has been included in the sector of education. In the field of education, AR technology has become widely used due to its effectiveness. It has many benefits, such as arousing students' interest in learning imaginative concepts that are difficult to understand. On the other hand, studies have proven that collaborative between students increases learning opportunities by exchanging information, and this is known as Collaborative Learning. The use of multimodal creates a distinctive and interesting experience, especially for students, as it increases the interaction of users with the technologies. The research aims at developing collaborative framework for developing achievement of 6th graders through designing a framework that integrated a collaborative framework with a multimodal input "hand-gesture and touch", considering the development of an effective, fun and easy to use framework with a multimodal interaction in AR technology that was applied to reformulate the genetics and traits lesson from the science textbook for the 6th grade, the first semester, the second lesson, in an interactive manner by creating a video based on the science teachers' consultations and a puzzle game in which the game images were inserted. As well, the framework adopted the cooperative between students to solve the questions. The finding showed a significant difference between post-test and pre-test of the experimental group on the mean scores of the science course at the level of remembering, understanding, and applying. Which indicates the success of the framework, in addition to the fact that 43 students preferred to use the framework over traditional education.

• International Journal of Computer Science & Network Security
• /
• 제21권6호
• /
• pp.151-155
• /
• 2021

The article is based on a model, in the context of which there are two fundamental building blocks of basic library skills and skills in the use of information technology. The former are formed within the framework of educational programs for users of academic libraries, the latter are formed within the framework of initiatives such as the European Computer Driving License. Between the basic and the highest levels of the concept of "information literacy" there are seven heading skills and attributes, the repeated practice of which leads from the position of a competent user to an expert level of reflection and critical awareness of information as an intellectual resource. Freshmen will likely be at the beginning of the arrow, probably practicing only the first four skills, while graduate students and young scientists will be closer to the end and will use seven skills.

• International Journal of Computer Science & Network Security
• /
• 제21권2호
• /
• pp.21-39
• /
• 2021

The acceptance of smartphone applications in the learning field is one of the most significant challenges for higher education institutions in Saudi Arabia. These institutions serve large and varied sectors of society and have a tremendous impact on the knowledge gained by student segments at various ages. M-learning is of great importance because it provides access to learning through a wide range of mobile networks and allows students to learn at any time and in any place. There is a lack of quality requirements for M-learning applications in Saudi societies partly because of mandates for high levels of privacy and gender segregation in education (Garg, 2013; Sarrab et al., 2014). According to the Saudi Arabian education ministry policy, gender segregation in education reflects the country's religious and traditional values (Ministry of Education, 2013, No. 155). The opportunity of many applications would help the Saudi target audience more easily accept M-learning applications and expand their knowledge while maintaining government policy related to religious values and gender segregation in the educational environment. In addition, students can share information through the online framework without breaking religious restrictions. This study uses a quantitative perspective to focus on defining the technical aspects and learning requirements for distributing knowledge among students within the digital environment. Additionally, the framework of the unified theory of acceptance and use of technology (UTAUT) is used to modify new constructs, called application quality requirements, that consist of quality requirements for systems, information, and interfaces.