• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.637-644
• /
• 2012

In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.5
• /
• pp.538-547
• /
• 2016

With respect to the factors affecting information security awareness and behavior, the study of the relevance of the concept of optimistic bias is actively used in psychology. In other words, this study examines whether the optimistic bias of individuals affects information security in the field. In this sense, this study attempted to demonstrate the relevance of optimistic bias in information security behavior and awareness. A questionnaire survey was conducted targeting 111 people engaged in domestic private enterprises. The survey results showed that this personalized optimistic bias exists because of empirical factors related to personal security. Optimistic bias affects the security awareness information. The greater the optimistic bias, the lower the awareness and recognition of information security. In other words, optimistic bias affects information security awareness. Reducing the effects of optimistic bias is expected to reduce information security incidents, such as information leakages. However, the variety of information related ethical activities of a company did not have any effect on the information security awareness. Most previous studies have only examined the effect optimistic bias in the field of health. Therefore, this study fills an important gap in research in IT.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.153-160
• /
• 2007

Recently, the demand against the system risk analysis and security management from the enterprises or the agencies which operate a information system is increasing even from domestic. The international against the standardization trend of information protection management system it investigates from the dissertation which it sees. It analyzed and against information property information protection management system integrated it will be able to manage a danger modeling it did it proposed. Having analyzed as well as compared the matureness of security-measurement models in regard to the global standard of proposal system, the administrative presentation for various IT technology resources. which have been managed singly so far, is now well applied under the united control of the company itself, and enabled the automated management of authentication support and renewal for ISO 27001, ISO 9000, ISO 14000, resulting in much advanced operation for both material and human resources.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.9-17
• /
• 2014

With the rapid development of the Internet and information technology, a company that deals with personal information does not have proper action to protect personal privacy and not take measures for the safe handling and management of personal information. It generates the case to abuse of personal information occurring frequently. In order to focus the effort to reduce damage and protect the privacy of personal information entity and enhance privacy laws based on the connection method and the processing of personal information, Korea encourages a company to follow regulation by providing certain criteria. However, in the case of items of measures standard of safety of personal information such as priority applicable criteria in accordance with the importance of itemized characteristics and the company of each individual information processing is not taken into account, and there are some difficulties to execute. Therefore, we derive criteria by law and reviewing existing literature related, the details of the measures standard of safety of personal information in this study and generate a hierarchical structure by using the KJ method for layering and quantification of the evaluation in integration of the reference item similar and the grouping. Accordingly, the weights calculated experts subject using the AHP method hierarchical structures generated in this manner, it is an object of the proposed priority for privacy and efficient more rational enterprise.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.343-361
• /
• 2015

The financial industry in South Korea has witnessed a paradigm shift from selling traditional loan/deposit products to diversified consumption channels and financial products. Consequently, personification of financial services has accelerated and the value of finance-related personal information has risen rapidly. As seen in the 2014 card company information leakage incident, most of major finance-related information leakage incidents are caused by personnel with authorized access to certain data. Therefore, it is strongly required to confirm whether there are problems in the existing access control policy for personnel who can access a great deal of data, and to complement access control policy by considering risk factors of information security. In this paper, based on information of IT personnel with access to sensitive finance-related data such as job, position, sensitivity of accessible data and on a survey result, we will analyze influence factors for personnel risk measurement and apply data access control policy reflecting the analysis result to an actual case so as to introduce measures to minimize IT personnel risk in financial companies.

• Journal of Korea Port Economic Association
• /
• v.28 no.1
• /
• pp.1-23
• /
• 2012

Advances in information technology has brought many benefits to businesses, but at the same time, businesses are facing serious problems caused by its use such as information leakage. In order to cope with problems, companies have established information security policies, demanding workers of a company to be compliant with the policies. This study proposes a research model that includes information security awareness, information security attitude, self-efficacy, standard belief and social influences as factors that affect the compliance of information security policy among the workers of shipping and port organization. The results of this study showed that there was a positive relationship not only between the information security awareness and the information security attitude, but also between the information security attitude and the information security policy among the workers of shipping and port organization. It was also found that there was a positive relationship between the self-efficacy and the compliance of information security policy, and between the social influence and the compliance of information security policy. However, there was no meaningful relationship between the standard belief and the compliance of information security policy. This study examined to what extent the workers of shipping and port organization that have a high possibility of the information leakage were compliant with the information security policy. The findings will contribute to organizations of shipping and port who attempt to establish strategies related to information security.

• The KIPS Transactions:PartC
• /
• v.17C no.3
• /
• pp.223-232
• /
• 2010

Due to the advance of Internet, offline services are expanded into online services and a financial transaction company provides online services using internet baning systems. However, security problems of the internet banking systems are caused by a lack of security for developing the internet banking systems. Although the financial transaction company has applied existing internal and external standards, ISO 20022, ISO/IEC 27001, ISO/IEC 9789, ISO/IEC 9796, Common Criteria, etc., there are still vulnerabilities. Because the standards lack in a consideration of security requirements of the internet banking system. This paper is intended to explain existing standards and discusses a reason that the standards have not full assurance of security when the internet baning system is applied by single standard. Moreover we make an analysis of a security functions for the internet baning systems and then selects the security requirements. In this paper, we suggest a new protection profile of the internet baning systems using Common Criteria V.3.1 from the analysis mentioned above.

• Journal of the Society of Disaster Information
• /
• v.3 no.2
• /
• pp.55-78
• /
• 2007

Currently, the departments related to security and secretary service exist in 18 universities and 30 colleges in Korea in order to raise professional security and secretary personnel. Among the 18 four-year colleges in Korea, only two of them have the ethics course include in their curriculum. Also, among the 31 two-year colleges, only three of them have the ethics course included in their curriculum. Besides, as some private security and guardian companies were recently utilized in illegal actions of the rich and ruling class, contradicting their original purpose of existence, many people point out their downfall as a ?forced private army.? As a professional job, if security secretaries take advantage of the knowledge and top-secret technologies and use them for non-ethical purposes, the effect of the damage is far more serious than other fields of jobs. Therefore, taking this event as a turning point, the contract contents and the task area between the client and the security and secretary company must become more transparent in order to prevent illegal actions, and also for the people working in the security and secretary service area, it is necessary to establish a firm ethical consciousness in order to behave appropriately in their working environment. Therefore, this study examines the proper direction of work ethics of the people working in the security and secretary service according to the professionalization of their field, and also aims to propose an appropriate work ethic system such that they will not become an unfortunate victim of various scandals anymore. To do so, the concept of work ethics in professional jobs was examined; and after the code of ethics that reflect the ethical value system of each professional job was reviewed, the study suggested a specific solution for establishing the codes of ethics for security and secretary service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.817-838
• /
• 2014

Test environment on the company that handles a large amount of data such as telecommunications companies and financial institutions, may not always be the same as the production environment, which is caused by conversion of important columns about information and limitation of storage capacity due to the construction cost. Therefore, SQL performance degradation that occurs when the test and production environments are not the same, which is an important cause of connecting to the unexpected failures of online transactions, and it generates financial loss of business, customer complaints, a decrease in reliability. In studies related SQL performance, it has so far been conducted mainly studies of tuning associated with DBMS Optimizer, and it has not been addressed issues of this sector. Therefore, in this paper, I verify the validity about presentation of the advanced SQL Performance-based IT application change management process, in order to prevent failures of the online transactions associated with poor performance of SQL generated by differences in test and production environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.847-857
• /
• 2019

Recently, various cyber threats such as Ransomware and APT attack are increasing by e-mail. The characteristic of such an attack is that it is important to take administrative measures by improving personal perception of security because it bypasses technological measures such as past pattern-based detection The purpose of this study is to investigate the human factors of employees who are vulnerable to spam mail attacks through field experiments and to establish future improvement plans. As a result of sending 7times spam mails to employees of a company and analyzing training report, It was confirmed that factors such as the number of training and the recipient 's gender, age, and workplace were related to the reading rate. Based on the results of this analysis, we suggest ways to improve the training and to improve the ability of each organization to carry out effective simulation training and improve the ability to respond to spam mail by awareness improvement.