• Journal of Information Science Theory and Practice
• /
• v.4 no.3
• /
• pp.6-27
• /
• 2016

There has been a growing interest and enthusiasm for the application of virtual worlds in learning and training. This research proposes a design framework of a virtual world-based learning environment that integrates two unique features of the virtual world technology, immersion and interactivity, with an instructional strategy that promotes self-regulatory learning. We demonstrate the usefulness and assess the effectiveness of our design in the context of information security learning. In particular, the information security learning module implemented in Second Life was incorporated into an Introduction to Information Security course. Data from pre- and post- learning surveys were used to evaluate the effectiveness of the learning module. Overall, the results strongly suggest that the virtual world-based learning environment enhances information security learning, thus supporting the effectiveness of the proposed design framework. Additional results suggest that learner traits have an important influence on learning outcomes through perceived enjoyment. The study offers useful design and implementation guidelines for organizations and universities to develop a virtual world-based learning environment. It also represents an initial step towards the design and explanation theories of virtual world-based learning environments.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.1
• /
• pp.103-109
• /
• 2016

The information security industry is technology-intensive, high value-added industries. South Korea's response has excellent ICT skills and experience and skills in a variety of cyber attacks, has become a benchmark in the world. However, the small size of the domestic information security company, supporting infrastructure is lacking. Domestic information security industry is the primary condition to activate the export. For the export of high value-added enterprise information security products and services, it is necessary the establishment of the domestic IT information security infrastructure of the industrial promotion is based overseas. Come to analyze the domestic information security industry, capital of this small, market reclamation of overseas expansion, information, manpower shortage was a problem. This fact, combined losses caused by cost-free period AS. Therefore, the study on information security in the infrastructure industry overseas bases is necessary. How to select and analyze the causes of infrastructure in selected overseas offices. By utilizing the infrastructure of overseas bases, can raise the added value of the products and services of the Information Security company, we can enable the export of small and medium Information Security company from overseas offices.

• Journal of Advanced Navigation Technology
• /
• v.14 no.6
• /
• pp.935-950
• /
• 2010

The purpose of this study is to try to find out the relationship between the perception and behavior of employees and the Information Security Governance (ISG) which consists of leadership and governance, security management and organization, security policies, security program management, user security management, and technology protection and operations. Some effective suggestions from the verification of research hypotheses and the analysis of the most appropriate model were drawn out.

• Journal of Information Technology Applications and Management
• /
• v.26 no.2
• /
• pp.27-40
• /
• 2019

As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.1
• /
• pp.122-127
• /
• 2009

In this paper, it is reviewed security architecture and proposed security model about secure aeronautical system, which is considering in the cynical research topics out of aeronautical traffic system. The reviewed contents is treated about security model fur domestic aeronautical system with international security technology trends in the basis of security technology related aeronautical services. In the security framework of aeronautical communication network, it is analyzed data link security technology between air and ground communication, and security architecture in according to aeronautical system, and presented security architecture of U information HUB model. The security architecture of U-information HUB includes the internetworking scope of airline, airport network, airplane network, and related government agency, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.919-943
• /
• 2019

Distributed ledger technology, which is attracting attention as an emerging technology related to the 4th Industrial Revolution, is implemented as an open source based distributed ledger technology system and widely used for development with various applications (or services), but the security functions provided by the distributed general ledger system are very insufficient. This paper proposes security enhancements for distributed ledger technology systems based on open source. To do so, potential security threats that may occur under running an open source based distributed ledger technology systems are identified and security functional requirements against the security threats identified are provided by analyzing legislation and security certification criteria (ISMS-P). In addition, it proposes a method to implement the security functions required for an open source based distributed ledger technology systems through analysis of security functional components of Common Criteria (CC), an international standard.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.2
• /
• pp.89-102
• /
• 2023

The purpose of this study is to examine what are the important variables for information security compliance and whether the information security investment by the industry is different. To comply with the information security policies, the organization must establish measures to prevent or resolve information security incidents. This research process consists of four stages, and the analysis method was conducted with the categorical regression analysis and the correspondence analysis. The first analysis analyzed the independent variables that affect security regulations compliance. The rest of the analysis was conducted by industry in the order of security compliance regulations, manpower investment, and budget investment. As a result of the first analysis, this had positive effects on an organization and personal information protection awareness, joint operation organization of information protection, manpower and budget investment, corporate size, and industry. The correspondence analysis was conducted from the second analysis to the fourth analysis and it analyzed the differences in information security investment by industry. The second analysis showed that the construction industry, science and technology industry, and finance industry have higher compliance with security regulations than other industries. The third analysis showed that the financial industry and the science and technology industry were higher than other industries. The last analysis showed that the financial industry was higher than other industries. The theoretical contribution of this study provided the basis for updating the information security theory. The practical contribution of this study requires government support to reduce information security deviations by industry.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4531-4544
• /
• 2021

Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.3-12
• /
• 2011

According to the NIS, damages due to leaking industrial technology are reaching tens of trillion won. The type of damages are classified according to insider leaks, joint research, and hacking, illegal technology leaks and collaborated camouflaged. But 80% of them turned out to be an insider leak about connecting with physical security. The convergence of IT and non IT is accelerating, and the boundaries between all area are crumbling. Information Security Industry has grown continuously focusing Private Information Security which is gradually expanding to Knowledge Information Security Industry, but Information Security Industry hereafter is concentrated with convergence of IT Security Technology and product, convergence of IT Security and Physical Security, and IT convergence Industry Security. In this paper, for preventing company information leaks, logical security and physical security both of them are managed at the same level. In particular, using convergence of physical security systems (access control systems, video security systems, and others) and IT integrated security control system, convergence security monitoring model is proposed that is the prevention of external attacks and insider leaks, blocked and how to maximize the synergy effect of the analysis.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.910-922
• /
• 2013

In 2008, Chin et al. proposed an efficient and provable secure identity-based identification scheme in the standard model. However, we discovered a subtle flaw in the security proof which renders the proof of security useless. While no weakness has been found in the scheme itself, a scheme that is desired would be one with an accompanying proof of security. In this paper, we provide a fix to the scheme to overcome the problem without affecting the efficiency as well as a new proof of security. In particular, we show that only one extra pre-computable pairing operation should be added into the commitment phase of the identification protocol to fix the proof of security under the same hard problems.