• Convergence Security Journal
• /
• v.14 no.3_2
• /
• pp.3-12
• /
• 2014

The government was fully aware of the gravity of a recent massive leak of personal information of credit card users. Meanwhile, the government just took a light disciplinary action by imposing a fine, but it showed its intention to strengthen the regulations by taking the severest disciplinary action. The tightened regulations against personal information leak will be applied to the private security industry without exception to protect individual people's property and lives if such an incident occurs in that industry that deals with a wide variety of personal information such as CCTV data or privacy information all the time. The purpose of this study was to examine the state of the protection and management of personal information for service users among private security firms in an effort to suggest some reform measures. The findings of the study were as follows: First, administrators or managers who are involved with personal information protection should make a full-fledged effort to gather information. Second, counseling or related programs should be provided for small and mid-sized security firms to guarantee thorough personal information protection. Third, Korea Security Association should improve the educational system related to personal information protection to resolve problems with this education currently provided for managers and employees of these companies.

• Journal of Information Technology Services
• /
• v.19 no.2
• /
• pp.37-47
• /
• 2020

A significant proportion of information subjects experience information security breaches, and the number of reports and counseling cases of personal information infringements is increasing. Increased awareness of the importance of information security has raised interest in the personnel in charge of such tasks. However, hiring excellent new workers and preventing turnovers in information security remain unresolved. In this paper, by modeling the job career path of information security workforce as a Markov chain, we analyze the workforce turnover process and long-term turnover trends by information security jobs, and further analyze the number and duration of turnovers required to engage in specific jobs. The results of this study are expected to be a reference to balancing the supply and demand of information security workers for the government and to ensuring efficient management of the workforce for businesses.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.860-877
• /
• 2013

Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.

• Journal of Korea Society of Industrial Information Systems
• /
• v.11 no.3
• /
• pp.34-39
• /
• 2006

This paper introduces a network security situation awareness tool using a traffic pattern map which facilitates recognizing a current network status by extracting and analyzing predetermined traffic features and displaying an abnormal or harmful traffic which deteriorates network performance. The traffic pattern-map consists of $26{\times}26$ intersections, on which the occupancy rate of the port having maximum occupancy is displayed as a bar graph. In general, in case of the Internet worm, the source address section on the traffic pattern map is activated. In case of DDoS the destination address section is activated.

• Annual Conference of KIPS
• /
• 2011.04a
• /
• pp.1582-1584
• /
• 2011

소셜 네트워크의 이용률이 증가함에 따라 프로슈머(Prosumer)로서의 사용자의 역할이 대두되고 있다. 유기적인 커뮤니케이션을 통해 실시간 정보를 공유하는 현재의 시스템에 있어서, MPEG (ISO/IECJTC1/SC29/WG11) 국제 표준 문서 분석을 통해 사용자에 관한 정의 및 네트워크 형성 관계에 대한 중요성을 인식한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.233-245
• /
• 2010

This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.1
• /
• pp.64-83
• /
• 2012

The number of smart phone users is rapidly growing due to recent increase in wireless Internet usage, development of a wide variety of applications, and activation of M2M (Machine to machine) services. Although the smart phone offers benefits of mobility and convenience, it also has serious security problems. To utilize M2M services in the smart phone, a flexible integrated authentication and access control facility is an essential requirement. To solve these problems, we propose a context-aware single sign-on and access control system that uses context-awareness, integrated authentication, access control, and an OSGi service platform in the smart phone environment. In addition, we recommend Fuzzy Logic and MAUT (Multi-Attribute Utility Theory) in handling diverse contexts properly as well as in determining the appropriate security level. We also propose a security system whose properties are flexible and convenient through a typical scenario in the smart phone environment. The proposed context-aware security system can provide a flexible, secure and seamless security service by adopting diverse contexts in the smart phone environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.591-594
• /
• 2014

Due to the spread of personal computers and the development of network, the information age has come and a variety of information has been flooded. Accordingly, individuals and companies have been a lot of attention to information security. However personal information leaks have been happening constantly in Korea. Nevertheless, awareness of security of personal information have been treated carelessly in society. In this paper, we will survey foreign awareness of personal information, specific cases for information leaks, and coping methods.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.35-41
• /
• 2016

Recently, the awareness of the domestic information security is very higher due to cyber war and hacking incidents. Yet, the information security professional is very scarce situation. In these circumstances are increasing of a opening the information security related departments of the domestic universities. And the Educational institutions are developed various curriculums. However, the domestic information security curriculum is different depending on the university or department. And there tends to be concentrated on the practical education rather than theoretical education. Therefore, in this paper will be analyzed to the Information security curriculum situation of the domestic Information Security related universities. This is expected to be utilized in a systematic curriculum development of the domestic information security education in a future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.893-906
• /
• 2023

Awareness that smartphones can be used as tools for criminal activity is prevalent in many organizations, but the functionally smartphone-like smartwatch's potential as a criminal tool is being overlooked. Considering this situation, this research verifies the possibility of information leakage through an insider's smartwatch in a situation where smartphones are controlled by security regulations and technologies, but smart watch are not. By analyzing information related application usage and Wi-Fi connection generated in the smartwatch during the verification process, forensic information and limitations are identified. Finally, this research proposes preventive methods to prepare for potential smartwatch-related crimes, and reconsiders awareness of the possibility of using smartwatches as criminal tools.