• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.155-165
• /
• 2018

As medical healthcare industry is growing up rapidly these days, providing various new healthcare service is considered carefully. Health information is considered to be more important than financial information; therefore, protecting health information becomes a very significant task. Ransomware is now targeting industry groups that have high information value. Especially, ransomware has grown in various ways since entering maturity in 2017. Healthcare industry is highly vulnerable to ransomeware since most healthcare organizations are configured in closed network with lack of malware protection. Only meeting the security criteria is not the solution. In the case of a successful attack, restoration process must be prepared to minimize damages as soon as possible. Ransomware is growing rapidly and becoming more complex that protection must be improved much faster. Based on ISO 27799 and 27002 standard, we extract and present security measures against advanced ransomware to maintain and manage healthcare system more effectively.

• Asia pacific journal of information systems
• /
• v.15 no.1
• /
• pp.45-61
• /
• 2005

This study develops the evaluation model for e-Business company using analytic hierarchy process. As the first step of this study, we derived the appraisal standards based on the previous literature and the knowledge of experts from venture capitalists, security companies, credit evaluation companies, and consulting firms. In order to validate the evaluating factors in the models, this study was supported by analysts of top ranked venture capitalists in Korea. Through their assistance, this study can determine necessary evaluating factors that refined and deepened the models. Four expert groups, such as venture capitalists, credit analysts, analysts of security company and e-Business consultants, provide their knowledge for the determination of the weights of evaluating factors in the hierarchical model through the questionnaires and interviews. The results show that the weights of the evaluating factors differed by the maturity of e-Business company.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.8
• /
• pp.570-578
• /
• 2019

In this era of big data, a variety of government organizations are trying to create new added value via Information Integration. Therefore, several projects related to government agencies' information sharing have activated system connection/integration. The risk factors of system operation, however, have increased as the volume of Information Integration System grows. The interference in information sharing is predicted to affect the operation of the agencies, and the issue will grow even worse with massive impact on civil society when the agency operation is interrupted due to system failures in terms of infrastructure, software, data quality, and security. Diverse studies related to the maintenance of Information System have been conducted, but there is currently no evaluation framework for the operational system of Information Integration between various government agencies. In this respect, this study distinguishes each of the Information System components, Data, IT, People, Process, systematizes with Plan-Do-See, and finally presents a maturity model for Information Integration. Nine derived processes were analyzed through interview and questionnaires from Information Integration System officials, further suggesting maturity stage applying CMMI. This model allows diagnosis of the maturity level of an Information Integration System, and is expected to be utilized as resource for improving organizational processes.

• The Journal of the Korea Contents Association
• /
• v.10 no.2
• /
• pp.295-305
• /
• 2010

The occupational socialization process of security and secretary service goes through four stages of preparation, adaptation, conflicts, and maturity and dynamic and incessant changes. The preparation stage includes the preparation to become a security and secretary service, the importance of what to prepare, usefulness of college education, required courses, and certificates. The adaptation stage includes the percentage of bodyguard and secretary, systematic nature of work, stagnation of the job, abilities required for a security and secretary service, elements to work on, job satisfaction, information sources, professionalism of the job, and future of the job. In the conflicts stage includes conflicts at work, difficulty of security and secretary service, problem-solving efforts, advice and consultation, satisfaction with workload, job stress, perceptions of others for security and secretary service, experience of trying to get another job, and supplements. And the maturity stage includes the changes to the roles and capabilities of a security and secretary service, autonomy of business management, degree of others' recognition of one's abilities, methods to evaluate job performance, salary, social status and pride, and efforts for self-development.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.5
• /
• pp.1909-1928
• /
• 2021

At present, the Colombian government shares information on threats or vulnerabilities in the area of cybersecurity and cyberdefense, from other government agencies or departments, on an ad-hoc basis but not in real time, with the surveillance entities of the Government of the Republic of Colombia such as the Joint Command of Cybernetic Operations (CCOCI) and the Cybernetic Emergencies Response Team of Colombia (ColCERT). This research presents the MS-CSIRT (Management System Computer Security Incident Response Teams) methodology, that is used to unify the guidelines of a CSIRT towards a joint communication command in cybersecurity for the surveillance of Information Technology (IT), Technological Operations (TO), Internet Connection Sharing (ICS) or Internet of Things (IoT) infrastructures. This methodology evaluates the level of maturity, by means of a roadmap, to establish a CSIRT as a reference framework for government entities and as a guide for the areas of information security, IT and TO to strengthen the growth of the industry 4.0. This allows the organizations to draw a line of cybersecurity policy with scope, objectives, controls, metrics, procedures and use cases for the correct coordination between ColCERT and CCOCI, as support entities in cybersecurity, and the different companies (ICS, IoT, gas and energy, mining, maritime, agro-industrial, among others) or government agencies that use this methodology.

• Journal of the Society of Disaster Information
• /
• v.7 no.4
• /
• pp.316-327
• /
• 2011

The purposes of this study are to investigate various experience factors that special guards firstly appointed calculate during the occupational socialization and suggest the preliminary data which is necessary to the establishment of educational service strategy of preliminary special guard and security guard. So, in-depth interviewing and ethnographic study were conducted for 4 special guards firstly appointed. As the result, the occupational socialization process of special guards firstly appointed are quickening period, preparatory period, adaptation period and conflict/maturity period. The first, quickening period is a decision of family background, exercise experience and university entrance. The second, preparatory period is certificates and mentor of department vision, university curriculum and occupational preparation. The third, adaptation period is occupational specialty, occupational professionalism, occupational satisfaction, motivation and company colleagues. The forth, conflict/maturity period is job stress, turnover, conflict in company, efforts for self-development and prospect of job. Therefore, this study will be able to be applied as a guide for special guard's performance improvement and provide educational preliminary data for following-up studies.

• Journal of the Korea Convergence Society
• /
• v.10 no.9
• /
• pp.47-53
• /
• 2019

This paper is analyzed of the characteristics of development operations and development security operations of the software and product, and the use analysis tools from a software code perspective. Also, it is emphasized the importance of human factors and the need to strengthen them, when considering security design rules. In this paper, we consider a secure process for managing change, focusing on fast and accurate decision-making in terms of procedural factors, when considering development security operations. In addition, the paper discussed the need for maturity model analysis in relation to the development security operating characteristics, and analyzed the meaning of the analysis elements through detailed procedures for the strength and integration elements of the dynamic and static elements accordingly. The paper also analyzed factors such as scanning activity and code analysis for threat modeling and compliance and control.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1182-1185
• /
• 2007

ITSM 시스템을 구축 시 서비스 지원(Service Support)영역과 서비스 공급(Service Delivery) 부분과 동일하게 보안관리 영역을 지원하기에 보안관리 업무의 성숙도를 효율적으로 측정하였다. 보안관리 영역의 성숙도측정은 업무담당자의 인터뷰를 거쳐 업무성숙도를 측정, 결과분석 및 To-Be모델을 계획하였다. 업무성숙도의 측정은 9개도메인과 63개의 세부항목으로 구성하였으며 각 세부항목별 가중치와 기준점수를 부여하여 각 조직구성원들 개인의 보안업무 비중도, 보안업무의 성숙도를 함께 측정하였다.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.29-40
• /
• 2013

This study analyzed that adjustment roles of the organization and Information System strategy suitability factors between influence and introduction outcome factors in the IT outsourcing in government offices. Influence factors of IT outsourcing are organization factor(information system maturity, CEO's support), trade factor(asset speciality, uncertainty, using degree of information system), risk factor(risk of security, risk of increase in cost, risk of losing autonomy). And outcome factors are set as economic effect and technology effect. We analyzed that organization and IS strategy suitability factors as moderator variables. Results are the followings. It was analyzed that organization and IS strategy suitability factors are in charge of adjusting role among information system maturity which is lower variable of organization factor, CEO's support, uncertainty of trade factor's lower variable, risk of security which is risk factor's lower variable, risk of increase in cost, loss of autonomy. Therefore, in order for organization to increase the outcome of information technology, organization strategy and IS strategy should be promoted in combined manner. However, it was analyzed that strategy suitability could not take the adjusting role between asset specialty and introduction outcome.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.255-263
• /
• 2021

Smart grid is a fully-automated, bi-directional, power transmission network based on the physical grid system, which combines sensor measurement, computer, information communication, and automatic control technology. Blockchain technology, with its security features, can be integrated with Smart Grids to provide secure and efficient power management and transmission. This paper dicusses the deployment of Blockchain technology in Smart Grid. It presents application areas and protocols in which blockchain can be applied to in securing smart grid. One application of each area is explored in detail, such as efficient peer-to-peer transaction, lower platform costs, faster processes, greater flexibility in power generation to transmission, distribution and power consumption in different energy storage systems, current barriers obstructing the implementation of blockchain applications with some level of maturity in financial services but concepts only in energy and other sectors. Wide range of energy applications suggesting a suitable blockchain architecture in smart grid operations, a sample block structure and the potential blockchain technicalities employed in it. Also, added with efficient data aggregation schemes based on the blockchain technology to overcome the challenges related to privacy and security in the smart grid. Later on, consensus algorithms and protocols are discussed. Monitoring of the usage and statistics of energy distribution systems that can also be used to remotely control energy flow to a particular area. Further, the discussion on the blockchain-based frameworks that helps in the diagnosis and maintenance of smart grid equipment. We have also discussed several commercial implementations of blockchain in the smart grid. Finally, various challenges have been discussed for integrating these technologies. Overall, it can be said at the present point in time that blockchain technology certainly shows a lot of potentials from a customer perspective too and should be further developed by market participants. The approaches seen thus far may have a disruptive effect in the future and might require additional regulatory intervention in an already tightly regulated energy market. If blockchains are to deliver benefits for consumers (whether as consumers or prosumers of energy), a strong focus on consumer issues will be needed.