• Korean Security Journal
• /
• no.15
• /
• pp.173-198
• /
• 2008

As we took a look at above, this researcher suggest following device to extend Korea's private security industry's area. First, it is necessary to extend private investigation law's area grafting private security together. Second, it is necessary it is necessary to think of private security's role related key figure law, corresponding terror law, Presidential Security Service Guard law. Third, as a draft of a proposed law related prevention flowing out of industry techniques among industry security related law, passed, it is necessary private security's diversity, subdivision, composition through an enterprise security, and private security industry area's grafting together. Fourth, a research about private security company's investment and professional area's bringing up as well as business's extension device should be groped for the security consulting though total system management service. Fifth, there are no big difference education course and purpose, duty about a security police man law and security law's unification, so it is necessary to drive forward actively unification through government organization's cooperation. Sixth, a paradigm shift should be occured about private security service among policeman, citizen, and private security guards. Seventh, it is considered the role of security association is important. Lastly about a matter communication between the National Police Agency, and Security Association, not only look at from an authority's angle, collecting information, corresponding ability but now it is considered to grope each other cooperation device together among organizations not only the National Police Agency but also, National Organization, National Intelligence Service, the prosecution, Presidential Security Service Guard, Army etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1011-1020
• /
• 2021

Throughout the years, cybersecurity incidents related to the shipbuilding and maritime industries are occurring more frequently as the IT industry develops. Accordingly, expertise in the information protection industry is necessary, and effective education contents on information protection are needed for this purpose. Recently, there have been more and more cases of increasing user experience by applying Metaverse technology to the educational field. Therefore, this study analyzes the existing information protection education and training and the information protection education contents in the maritime industries and proposes four directions for content development (i.e., online education and seminars, cybersecurity threat learning of virtual ships, accident reproduction, and maritime cybersecurity exhibition operation).

• Knowledge Management Research
• /
• v.22 no.1
• /
• pp.309-330
• /
• 2021

The information security disclosure system (ISDS) has been implemented since 2016 to ensure the protection of stakeholders and the right to know, and to promote voluntary investment in information protection by companies. Regarding the information security disclosure system, there have been studies that urge the implementation of the system, but studies that analyze the contents disclosed after the implementation of the system or suggest improvement directions are few. In this study, the contents of the information security disclosure system that had been announced on the information security industry promotion portal until 2019 were analyzed, the current status was summarized, and the direction of system improvement was suggested. In some cases, companies that disclosed information through the disclosure system increased the number of personnel in charge and obtained certifications related to information security, but did not find any effect on the increase/decrease in investment. The current disclosure system has not been activated because it has difficulty in giving individual companies incentives to disclose. Thus, this study suggests the inclusion of ISDS to information security management system (ISMS), which is currently mandatory for certain companies. In the current disclosure system, it is difficult for the company's stakeholders or customers to check the contents of the disclosure. As a way to do this, a method of including in the contents of the personal information processing policy or the notification of the use of personal information was suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.211-224
• /
• 2015

Financial companies have invested a lot in their disaster recovery system and exercised training more than once a year to comply related laws and regulations. But massive PCs(Personal Computers) became disrupted simultaneously and it took a lot of time to recover massive PCs concurrently when March 20 cyber attack occurred. So, it was impossible to meet the tartgeted business continuity level. It was because the importance of PC recovery was neglected compared to other disaster recovery areas. This study suggests the measure to recover massive branch terminal PCs of financial companies simultaneously in cost-effective way utilizing the existing technology and tests recovery time. It means that in the event of disaster financial companies could recover branch terminal PCs in 3 hours which is recommended recovery time by regulatory body. Other financial companies operating similar type and volume of branches would refer to the recovery structure and method proposed by this study.

• Management & Information Systems Review
• /
• v.34 no.2
• /
• pp.131-149
• /
• 2015

Recently many organizations have engaged in widespread restructuring as well as more flexible usage of labor in an attempt to cut costs and to increase profit. As a result of lays offs resulting from frequent restructuring, many people no longer consider their jobs as permanent positions. many employees have an increased feeling of job insecurity. There structuring and following downsizing have created an uncertain environment within creased fear offer ther job losses. therefore the study of job insecurity is significant. especially To understand the relationship between job security and union-relation behaviors on the industrial relations. The purpose of this study suggested the strategies to company and union. The purpose of this study is to examine how the union-relation behaviors are influenced by the job security. This study built a exploratory model that there is causal relationship of job security to union commitment, dual commitment, and labor related behaviors. For the verification of this study model, the regression analysis was applied to the surveys of 236 members of union that are located in Busan, Gyeongnam, Ulsan, and Pohang. The result of this research shows that the job insecurity is strongly related to the union commitment and union related behaviors. According to the research, the effect that the job security affects union commitment and union related behaviors are positive. With the research outputs, we have discussed about the academic and pragmatic viewpoint. We proposed comprehensive model to verify how the job insecurity affects the union-related behaviors, and objectively analyzed the model. The research result was opposite to what the existing theories have said that high job insecurity derives high union-related behaviors. This result is meaningful because it is concerned with the social issues-present situation of Korean company, low-employment, unstable employment and so on. Moreover, this research may contribute to expand the aspect of academic research on job insecurity as there are few research conducted in korea. This research also suggests the realistic alternative of union-related behaviors because it is proved that job security can contribute to innovation activities. Also, this research implies that the matter of job insecurity is the basic need of organizational individual and presents that job security is not a notion but the alternative by using of the positional stability and situational control power. The limitation of this research is that it is only utilized the cross-sectional study. To remedy the cross-sectional study, vertical, and serial method of research is needed. And there is no enough sample to secure more comprehensive data as the targets of the research is limited to Busan and Gyeongnam regions. Finally, the measurement tool for job security is needed to be suitably modified to by the South Korea's economic, linguistic, and cultural situation.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.199-204
• /
• 2004

Operating systems and application programs have security vulnerabilities derived from the software development process. Recently, incident cases related with the abuses of these vulnerabilities are increasing and the damages caused by them are becoming very important security issues all over the nations. Patch management is one of the most important processes to fix vulnerabilities of softwares and to ensure a security of systems. Since an institute or a company has distributed hierarchical and heterogeneous systems, it is not easy to update patches promptly. In this paper, we propose patch management framework to safely distribute and install the patches on Windows, Linux, and Solaris client systems. Besides, we censidered extensibility and hierarchical structure for our patch management framework to support large scaled network environment.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.

• Management Science and Financial Engineering
• /
• v.17 no.1
• /
• pp.45-63
• /
• 2011

The aim of this paper is to consider the process of supplying trained workers with knowledge and skills for upcoming business opportunities and the process of training apprentices to be prepared to meet future demands in an IT service firm. As the demand for new workers fluctuates, a firm should employ a buffer workforce such as apprentices or interns. However, as a result of rapid business development, the capacity of the buffer may be exceeded, thus requiring the company to recruit skilled workers from outside the firm. Therefore, it is important for a firm to map out a strategy for manpower planning so as to fulfill the demands of new business and minimize the operation costs related to training apprentices and recruiting experienced workers. First, this paper analyzes the supply and demand of workers for the IT service in a knowledge-intensive field. It then presents optimal human resource planning strategies via the familiar method of stochastic process. Also, we illustrate that our model is applied to the human resource planning of an information security service firm in South Korea.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.1
• /
• pp.107-114
• /
• 2011

Today the company adopts to use information management method at the network base such as internet, intranet and so on for the speed of business. Therefore the security of information asset protection and continuity of business within company in relation to this is directly connected to the credibility of the company. This paper secures continuity to the certified users using queuing model for the business interruption issue caused by DDoS attack which is faced seriously today. To do this I have reflected overloaded traffic improvement process to the queuing model through the analysis of related traffic information and packet when there occurs DDoS attack with worm/virus. And through experiment I compared and analyzed traffic loading improvement for general network equipment.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.21-38
• /
• 2017

It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.