• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.237-246
• /
• 2016

Recently various types of cyber attacks have occurred. The strategic goals & tactical means of these have evolved. Especially KHNP cyber attack was the type of hacktivism combined hack and psychological warfare. The cyber attackers have forecd the nation to participate in the cyber warfare and the government to make strategic decisions to the releases of confidential information and the threats of stopping KHNP. In this paper, we would like to study the effective strategic decision-making model utilizing the game theory and including an attack intelligence on open policy Decision framework.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.10
• /
• pp.3333-3354
• /
• 2022

The 5G Core Network (5GC) is an essential part of the mobile communication network, but its security protection strategy based on the boundary construction is difficult to ensure the security inside the network. For example, the Network Function (NF) mutual authentication mechanism that relies on the transport layer security mechanism and OAuth2.0's Client Credentials cannot identify the hijacked NF. To address this problem, this paper proposes a trust model for 5GC based on NF interaction behavior to identify malicious NFs and improve the inherent security of 5GC. First, based on the interaction behavior and context awareness of NF, the trust between NFs is quantified through the frequency ratio of interaction behavior and the success rate of interaction behavior. Second, introduce trust transmit to make NF comprehensively refer to the trust evaluation results of other NFs. Last, classify the possible malicious behavior of NF and define the corresponding punishment mechanism. The experimental results show that the trust value of NFs converges to stable values, and the proposed trust model can effectively evaluate the trustworthiness of NFs and quickly and accurately identify different types of malicious NFs.

• International Commerce and Information Review
• /
• v.7 no.3
• /
• pp.135-156
• /
• 2005

The rapidly developed environment by ubiquitous computing make the paradigm from e-trade to u-trade. The purpose of the study is to find out issue and the strategic suggestions that could link together between the e-trade and ubiquitous computing in side of information security. The study include the contents as follows; firstly, the technical explanations under the ubiquitous computing, secondly, e-trade's risks in security technology and lastly, issue and strategic suggestions how link them together in integrated view.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.39 no.4
• /
• pp.97-105
• /
• 2016

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.477-482
• /
• 2021

The existing approaches to ensuring the banking security of the state do not take into account the peculiarities of the banking system in the rapid development of the information economy (increasing uncertainty, imbalance and nonlinearity of processes in the banking system under the influence of innovation, institutions, information asymmetry, etc.). A methodological approach to determining the synergetic effect in the implementation of the regulatory influence of the state on the development of innovation processes related to informatization in the banking system, based on the use of differential equations and modelling the sensitivity of innovation processes related to informatization in the banking system, to the regulatory influence of the state to prevent the deployment of risks and threats to economic security of the state in this area has been suggested in the present article.

• Journal of Convergence for Information Technology
• /
• v.10 no.11
• /
• pp.332-339
• /
• 2020

This study aims to analyze problems and deduce improvement plans for information security support policies for SMEs in Korea. To this end, an effective support policy necessary for reinforcing cyber safety nets to enhance the level of information security of domestic SMEs based on the analysis results by analyzing the status and problems of the previous research review and analysis, the current status of information security of SMEs and the information security support policies of major SMEs at home and abroad. I would like to suggest improvement measures. Reinforcement of awareness, legal basis, voluntary capacity building, joint response system, professional manpower and budget support, cyber security construction, untact era support, and regional strategic industry security internalization were suggested. This can be used as the government's information security support policy to raise the level of information security of SMEs in preparation for the post Covid19.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.967-973
• /
• 2020

As the implementation of export controls is spreading, the importance of classifying strategic items is increasing, but Korean export companies that are new to export controls are not able to understand the concept of strategic items, and it is difficult to classifying strategic items due to various criteria for controlling strategic items. In this paper, we propose a method that can easily approach the process of classification by lowering the barrier to entry for users who are new to export controls or users who are using classification of strategic items. If the user can confirm the decision result by providing a manual or a catalog for the procedure of classifying strategic items, it will be more convenient and easy to approach the method and procedure for classfying strategic items. In order to achieve the purpose of this study, it utilizes deep learning, which are being studied in image recognition and classification, and OCR(optical character reader) technology. And through the research and development of the support tool, we provide information that is helpful for the classification of strategic items to our companies.

• Journal of Distribution Science
• /
• v.21 no.12
• /
• pp.59-69
• /
• 2023

Purpose: Consumers can experience better service for distribution of products with payment technology such as QRIS (Quick Response Code Indonesian Standard) compared to conventional purchase methods. This research aims to determine the experience of QRIS service users in Indonesia. Perceived Usefulness, Ease of Use, and Perceived Security were independent factors. Behavioral Intention to Use is the dependent variable. Furthermore, Word of Mouth Attitude is an intervening variable. Research Design, Data, and Methodology: Involving active QRIS users in a survey-based quantitative study in Indonesia. A survey sample of 400 people was taken from data records of 30.87 million QRIS users in Indonesia. Data were analyzed using SEM-PLS. Results: Show that Perceived Usefulness and Perceived Ease of Use significantly impact Attitudes Word of Mouth, and Behavioral Intention to Use. This research also found that Behavioral Intention to Use does not significantly impact Perceived Security. Conclusion: QRIS, as a revolutionary innovation, offers faster payments than previous methods, with a payment time of no more than one minute. QRIS is seen as valuable, simple, and safe, disseminating information to the public and continuing to use QRIS. The implications of this research are very significant in accelerating the flow of distribution of goods and services and facilitating transactions.

• Korean Security Journal
• /
• no.51
• /
• pp.173-195
• /
• 2017

Recently, in South Korea, security management has been strengthened, but there have been an increasing number of cases where the main infrastructure of the country is hacked in the cyber space. South Korea is equipped with sophisticated information and communication technologies, such as Internet, but is threatened by cyber terrorism of North Korea and terrorist organizations. Nevertheless, there is a limit to how to develop a policy and strategic plan for the country, which is related to domestic terrorism and lacks legal and regulatory facilities, and therefore, in this study, proposed suggestions for building adaptive and efficient policy formulation. Based on the theoretical analysis framework of the Strategic Plan for achieving the objectives of the research, we compared the UK 's security strategy with the national security policy of the domestic government. As a result, several problems were derived: First, the domestic security strategy did not take into account the external environment. Secondly, lack of coordination with domestic cyber security goals setting and strategy is causing ambiguity and confusion. Third, the detailed plan of implementation of national security in each province is designed to ensure that there is a possibility that a mixed side effect between ministries and agencies will arise. Fourth, it was found that there was a limit to prepare the evaluation standards for the evaluation and return of domestic security policies in the country. Therefore, in order to establish a policy for the response of domestic cyber terrorism, we set up a vision from long-term perspectives and concrete targets based on the strategic approach of the security policy, It is necessary to present an assignment and formulate an efficient execution plan. It is necessary to maintain and improve the domestic safeguards in order to be able to complement the problems through evaluation and feedback.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.15-24
• /
• 2007

As the importance of information security increases, organizations are employing various security countermeasures into their information systems. However, they are not being adapted based on a strategic framework. Therefore this paper researches on the concept of the strategy in organizational information security. This paper studies literatures to find out how information security strategies have been discussed and what types of them have been proposed until now. This paper contributes to the formation of concept of strategy and classification of them by focusing on strategies themselves in organizational information security.