• Journal of information and communication convergence engineering
• /
• v.18 no.1
• /
• pp.39-48
• /
• 2020

Information-security management systems (ISMSs) are becoming very important, even for micro, small, and medium enterprises (MSMEs). However, implementing an ISMS is not an easy task. Many obstacles must be overcome, e.g., complexity, document tracking, competency management, and even changing cultures. The objective of our study is to provide ISMS application tools, based on ISO 27001:2013 ISM frameworks. The application was developed on the Odoo Open Enterprise Resource Planning platform. To validate its feasibility for future improvement, the application was implemented by an MSME company. For this implementation, information-security-related users gave their feedback through a questionnaire. The distributed feedback questionnaire consists of nine assessment parameters, covering topics from the application's technical aspects to users' experiences. Based on the questionnaire feedback, all users of the application were satisfied with its performance.

• Korean Security Journal
• /
• no.9
• /
• pp.201-235
• /
• 2005

This study is designed to contribute for development of Private Security Business by fact-finding in instruction and training of private security guard serviced in this realm and domestic and foreign guard service and modeling effective and rational instruction and training program based on drawn problem. For this study, basically I collected and analyzed documents, theses, and papers of the inside and outside of the country. For practical use of data, I used materials of private security related institutes and police agency. And for private security educating training programs of the inside and outside of the country, I collected materials on internet, and with the help of police agency and interpol. For korean private security company's educating training programs, I made a study with the interview of private security company's businessmen. This study's conclusion is as follows. In a domestic private security enterprise, when set theory instruction minimize instruction and training program and must set up instruction and training program as practical affairs center enemy instruction, and theory instruction must be composed for instruction me that it is connected to practical affairs instruction too. The instruction course of private security guard instruction and training program composed with a security outline, a security plan, an information-gathering, civilian expenses, a security way, terror and terrorism, a related law, security trial, electronic security, a security analysis technique, company introduction, instruction and training program about a professional tube with theory instruction. Practical affairs instruction composed with the selection and a preventive security, close contact attendance security, vehicle security, security driving the security martial arts and self-protection liquor, first aid, security equipment, a gun and shooting, a security protocol, customer satisfaction, facilities security and expenses, a fire fighting instruction, teamwork training, explosive and a dangerous substance, physical strength, a documentation practical affairs, service, instruction and training program about foreigh language instruction.

• Journal of Digital Convergence
• /
• v.10 no.1
• /
• pp.105-111
• /
• 2012

This study is to propose national information security policies based on the policy framework, which has four components: government, industry/company, individual, and environments. According to the framework, the four policy agenda are derived: national information security governance scheme, information security industry competitiveness and corporate security level enhancement, eco-system for security professionals, and finally related laws & regulations modification and security culture movement. Specific issues and policies in each agenda are proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.183-194
• /
• 2010

A company's private network protected by a firewall and NAT(Network Address Translation) is not accessible directly through an external internet. However, as Reverse Connection technology used by NetCat extends to the technologies such as SSH Tunnel or HTTP Tunnel, now anyone can easily access a private network of corporation protected by a firewall and NAT. Furthermore, while these kinds of technologies are commercially stretching out to various services such as a remote control and HTTP Tunnel, security managers in a company or general users are confused under the circumstances of inner or outer regulation which is not allowed to access to an internal system with a remote control. What is more serious is to make a covert channel invading a company's private network through a malicious code and all that technologies. By the way, what matters is that a given security system such as a firewall cannot shield from these perceived dangers. So, we analyze the indirect access of technological methods and the status quo about a company's internal network and find a solution to get rid of the related dangers.

• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.49-68
• /
• 2022

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.889-903
• /
• 2018

Cloud computing has been activated globally due to the demands of the 4th industrial revolution and the efficient use of IT resources, and domestic usage is also increasing due to legislation and related laws. However, domestic financial companies are subject to various regulations due to the importance of their information and the ripple effects of accidents such as outflows. Only non-critical information processing systems that handle non-critical information are allowed to use cloud computing. Financial companies are required to set specific criteria and judgment to distinguish them. In this paper, we propose a method to enable the financial company cloud computing to be more active by specifying the ambiguous non - essential information processing system designation standard and making it easier to designate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.369-375
• /
• 2016

Most companies are willing to spend money on security systems such as DRM, Mail filtering, DLP, USB blocking, etc., for data leakage prevention. However, in many cases, it is difficult that legal team take action for data case because usually the company recognized that after the employee had left. Therefore perceiving one's resignation before the action and building up adequate response process are very important. Throughout analyzing DRM log which records every single file's changes related with user's behavior, the company can predict one's resignation and prevent data leakage before those happen. This study suggests how to prevent for the damage from leaked confidential information throughout building the DRM monitoring process which can predict employee's resignation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.1
• /
• pp.45-55
• /
• 2018

Recently, because the arrival of the fourth industrial revolution era, many information and telecommunication services have grown rapidly in the mobile business market. So, companies are based Mobile Apps on user customized services and expanding their services. From the standpoint of the business, to generate revenue, the company needs to maintain the existing current computer environment and develop Mobile Apps to offer convenience in various areas such as finance, admiration, e-commerce and sales support. However, as the number of users increase due to expansion of various Mobile services, security threats that are related to Mobile Apps are increasing and its damage is also increasing. Due to the rapid technological transformation of Mobile devices using the Internet, the level of security threats to Smartphones are rising and getting more advance, so this thesis is structured as follows. In Chapter 2, it will look at the overall trends of Mobile Apps as related research. In Chapter 3, it will discuss various security concerns that related to the latest Mobile Apps and learn about the threatening factors. In Chapter 4, it will compare and analyze the threatening factors. Then it will find and suggest the possible plan. In Chapter 5, it will end with conclusion. Finally, to protect mobile devices from security threats, the environment of operating system which manages the resources and data of Apps needs to be protected. Also, it is important that users to have awareness and check activation FinTech technology security in the process of simple payment with fingerprint or IC card.

• Journal of Information Technology Services
• /
• v.19 no.4
• /
• pp.13-30
• /
• 2020

Not only does it cause damage to individuals and businesses due to the occurrence of large-scale personal information leakage accidents, but it also causes many problems socially. Companies are embodying efforts to deal with the threat of personal information leakage. However, it is difficult to obtain detailed information related to personal information leakage accidents, so there are limitations to research activities related to leakage accidents. This study collects information on personal information leakage incidents reported through the media for 15 years from 2005 to 2019, and analyzes how the personal information leakage incidents occurring to companies are related to the characteristics of the company. Through the research results, it is possible to grasp the general characteristics of personal information leakage accidents, and it may be helpful in decision making for prevention and response to personal information leakage accidents.

• Journal of Digital Convergence
• /
• v.18 no.7
• /
• pp.123-133
• /
• 2020

The aim of this study is to scrutinize acceptance intentions of Korean users and influences of information security related factors on mobile payment services based on biometric authentication methods, like finger print authentication or face recognition authentication, by focusing on ApplePay. Unlike previous studies on user acceptance of mobile payment which lack considerations on information security related factors, this study employs the UTAUT with detailed information security factors to create a research model and PLS(Partial Least Squares) method to analyze the model. Based on the analysis, gaining trust on service through company's efforts on information protection, personal characteristics and trust on applied security technologies are important factors to Korean users along with social awareness and service infrastructures. The result of this study would be helpful to companies or organizations, which provide biometric-based mobile payment services, to understand needs of Korean consumers. Based on this study, further analysis is expected to find impacts of user experiences on same company's or competitors' products to acceptance intentions.