• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.41-53
• /
• 2014

In order to achieve efficient and effective organizational information security objectives, for the level of information security to accurately evaluation and direction for improving that performance evaluation index and method of measurement for information security outcomes are needed. For information security activities of domestic companies to measure the performance or effectiveness, that standard method of measuring and the available evaluation Index are insufficient. company is difficult to investment for information security budget. Therefore, the purpose of this study was developing of performance evaluation index and method of measurement for information security outcomes applying BSC available in the company. The results of this study that companies can determine the level of information security itself. Analysis of the information security status and the strategy establishment of the information security investment can be applied.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.187-204
• /
• 2013

In this study, we developed a comprehensive model to measure the National Information Security Level based on PRM framework. The proposed model reflected a rapidly changing technology environments such as social network service, mobile devices, and etc. This new model consists of three layers:Infrastructure Layer, the Action Layer and the Performance Layer, and there are 16 sub-indexes under the 3 layers. To develop new model and sub-indexes for measuring the National Information Security Level, much amounts of documents related to security indexes or deliberation criteria and security guidelines from international organization were reviewed and then most probable index pool were composed. The Index pool were verified by expert group consisting of professors and specialists. Through five times of screening and having an evaluation review, 16 sub-indexes were deduced and then Delphi and AHP have been conducted to obtain validity and objectiveness of the indexes. Thus the new proposed national information security index will show more exact national information security level and we expect that the indexes give much implications for establishing information protection policy.

• Journal of Information Technology Services
• /
• v.7 no.1
• /
• pp.117-130
• /
• 2008

Multi-attribute risk assessments provide a useful framework for systematic quantitative risk assessment that the security manager can use to prioritize security requirements and threats. In the first step, the security managers identify the four significant outcome attributes(lost revenue, lost productivity, lost customer, and recovery cost). Next. the security manager estimates the frequency and severity(three points estimates for outcome attribute values) for each threat and rank the outcome attributes according to AHP(Analytic Hierarchy Process). Finally, we generate the threat index by using muiti-attribute function and make sensitivity analysis with simulation package(Crystal Ball). In this paper, we show how multi-attribute risk analysis techniques from the field of security risk management can be used by security managers to prioritize their organization's threats and their security requirements, eventually they can derive threat index. This threat index can help security managers to decide whether their security investment is consistent with the expected risks. In addition, sensitivity analysis allows the security manager to explore the estimates to understand how they affect the selection.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.83-91
• /
• 2007

Information security is a critical issue for network centric warfare(NCW). This paper provides a information security governance index for NCW, which is a result of the research through a group decision making process. The purpose of the research is to intended to help military organization's planners determine the degree to which they have implemented an information systems governance framework at the strategic and tactical level within their organization.

• The Korean Journal of Applied Statistics
• /
• v.29 no.7
• /
• pp.1173-1183
• /
• 2016

In this paper, we proposed an information security risk index to diagnose users' malware infection situations (such as computer virus and adware) by gathering data from KT network systems. To develop the information security risk index, we used the analytic hierarchy process methodology and estimated the risk weights of malware code types using the judgments of experts. The control chart could be used effectively to forecast the information security risk for the proposed information security risk index data.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.1
• /
• pp.43-51
• /
• 2019

This research proposed the necessary capability of cyber security professional personnel for cyber security education and training. Cyber security professional personnel were required specialized capability because the curriculum of cyber security education and training is structured around practice and training. Based on the knowledge, skills, and attitudes of professors, we derive candidate capabilities and index through the results of precedent research. As a result, we derived capability such the candidate capability group as teaching qualification, expert knowledge, practical ability, lecture ability, and research ability, and detailed capability index was derived accordingly. Finally, based on the questionnaire results of the professors related to the information security, it was determined that the capability required for the cyber security education and training professional personnel were expert knowledge, practical ability, and lecture ability. Among the capabilities, executive ability means that they have to fulfil abundant executive experience due to the high proportion of practical training due to the characteristics of cyber security education and training.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1055-1062
• /
• 2021

As face-to-face education becomes difficult due to the spread of COVID-19, the use of e-learning content and virtual training is increasing. In the case of information security education, practice to learn response techniques is important, so simulation hacking and vulnerability analysis activities have been supported as virtual training for a long time. In order to increase the educational effect, contents should be designed similar to real situation, and learning activities to achieve the learning goals should be designed. In addition, excellent functions and scalability of the system supporting learning activities are required. The researcher developed an LMS evaluation index that supports non-face-to-face education by considering the key elements of non-face-to-face education and training. The developed evaluation index was applied to the information security education platform to verify its practical utility.

• Asia pacific journal of information systems
• /
• v.9 no.4
• /
• pp.181-201
• /
• 1999

This study presents an information security level index and a quantification scheme. A comprehensive survey on previous researches in information security checklists has been performed. A candidate indicator list for information security level has been developed, Desirability of each indicator has been tested by 4 criteria, They are general validity, relative importance, probability of accident and impact of accident. 67 experts' opinion has been collected and analysed. The result shows that selected indicators are a very good candidate set for the determination of information security level. A factor analysis shows indicators are well structured. There exists strong correlation between validity and probability, validity and impact, and importance and probability. A quantification scheme of information security index has been developed by experts' judgement and statistical tests.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.109-116
• /
• 2009

In the paper, we designed an automatic security diagnostic evaluation System(SeDES) based on a security diagnostic evaluation model(SeDEM) for an organization's security assurance. The SeDEM evaluates a security level of an organization quantitatively by a security evaluation formula which is composed of security variables and security index as applying the statistical CAEL model for evaluate risk level of banks. The SeDES has a good expandability as changing security variables according to an organization scale, characteristics and so on. And it also has a excellent usage because it inputs only numeric data got from statistical technique to security index. We can understand more a security level correctly than the existent risk assessment system because it is possible to assess quantitatively with an security grade as well as score. analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.87-97
• /
• 2005

A secure index search protocol let us search the index of encrypted documents using the trapdoor for a keyword. It enables an untrusted server to learn nothing more than the search result about the documents without revealing the keyword. A lot of secure search protocols have been suggested but they only considered the search between a single-user and a server. In real organizations such as government offices or enterprises where exist many hierarchical departments, the search system for groups is arisen more often. In this paper, we construct secure index search protocols for hierarchical group settings without re-encryption of the old encrypted documents when group keys are re-keyed newly.