• Journal of Digital Convergence
• /
• v.9 no.5
• /
• pp.113-121
• /
• 2011

As the importance of information security grows, the demand of professionals in information security field is continuing to increase. In developing as information security professionals, however, there are practical problems to be solved in advance. This study defines the body of essential knowledge(EBK) for information security professional development; on the other hand, this study suggests a education program as a multidisciplinary major based on the EBK.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.269-281
• /
• 2018

Many organizations are threatened by numerous information security attacks which are resulting in information security incidents. To prevent information security incidents, organizations invest on various information security measures like information security products, monitoring services and security training and educations. However they do not have enough knowledge about measurable utilities of information security investments. Since there is little studies empirically examining the effect of information security investments, this research aims to find out utilities of information security investment. We especially focuse on information security service investments. This study examined the data from the survey on information security for business sector which was conducted by Korean information & security agency. We utilized negative binomial regression model, which is a suitable model for over-dispersed count data. We found out that an investment on information security education and vulnerability testing have direct impact on reducing information security incidents. This research academically contributed to shed light on the utility of information security investments on reducing information security incidents. This research practically contributed to providing information security investment guideline for organizations which want to reduce information security incidents efficiently.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.11
• /
• pp.79-83
• /
• 2016

In this paper, we define four levels of analysis, design, implementation, and testing of the configuration of the development phase by S/W development life cycle. In particular, it dealt with the stage of the analysis phase to prepare an information system developed intensively. Details of the derivation of the information security requirements, it can be seen that comes from the perspective of confidentiality, integrity, availability and accountability, etc. It dealt with from the first manifestations of the projects planning to final planning to establish information security in activities of the Information Security requirements. As an example exhibited by assessing the information security analysis phase activities of S corporations, it can be seen that the improved sales rise in information security activities.

• Journal of Information Technology Applications and Management
• /
• v.22 no.2
• /
• pp.171-199
• /
• 2015

This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

• Journal of the Society of Disaster Information
• /
• v.5 no.2
• /
• pp.88-106
• /
• 2009

The potential risks of Korean public security has been increasing by economic stagnation. As a result of this, a feeling of unrest about our society causes expansion of private security industry as well as necessity of professional education. It has been 15years to produce security expert in colleges which is professional education institute, and academic efforts and contributions to society are shown remarkable results for the period. A private security industry had got public interest as a potential favorable job, because of increasing dependence of public to take care of unrest facts. Many colleges have introduced courses about public security because of facing necessity of professional education system. Then total 59 institutes including 22 universities and 37 colleges introduce courses of public security. Although name of courses are diverse depends on institution, purpose of course or members of course, the ultimate purpose of these courses is preventing public from crimes and managing public security. A fixed and out of date education system of universities in Korea can not produce talent person who people, companies and government want. The institutions have been recruiting many student so far, and it shows growth of the industry in quantity aspects. However quality aspect of the industry has been failed because it is hard to get a job for graduated students. Consequently, to improve quality of the industry people need cooperation of institution, professors and students.

• Asian Journal of Innovation and Policy
• /
• v.4 no.3
• /
• pp.307-327
• /
• 2015

This study attempts to develop a methodology that analyzes patent applications to identify future skills, in particular in the sector of information security, recently into the spotlight. Matching skill elements from the International Patent Classification (IPC) with skill units from job analysis, the study tries to track trends in the skills needs based on IPC time-pattern. It then verifies the validity of the outlook for future skills needs by addressing the situation through the use of patents. The research assesses the usability of patent information for this type of analysis. While this study is limited to the information security sector by using Korean patent information, it can be expanded in the future to other areas and patents in the United States and Europe.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.11
• /
• pp.75-84
• /
• 2018

Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.16-22
• /
• 2020

In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

• The Journal of Korean Association of Computer Education
• /
• v.14 no.1
• /
• pp.55-67
• /
• 2011

Due to recent various online problems, the necessity of information security education has increased. The information security education was strengthened thanks to the informatics curriculum of middle school in 2007, but the educational fields lacked detailed educational materials that could be utilized. Thus to give appropriate information security education for elementary and middle school students, this research developed an unplugged activity for them. The activity was designed by applying Lickona's integrated ethical model and design patterns of unplugged activities, and developed through expert's review and pilot tests targeted to elementary school students. Developed activity was applied to 21 middle school students and the usability was evaluated. As results, first, the activity showed similar expectations from the previous activities. Second, persistence was also similar or higher compared to the previous activities, so the activity developed from this research secured the minimum usability. The unplugged activity developed from this research would give implications in producing various educational contents for information security education.

• Journal of the Korea Convergence Society
• /
• v.11 no.10
• /
• pp.107-113
• /
• 2020

With the development of IT technology, along with the expansion of women's participation in society, the education training of information security women's workforce is becoming a very important issue. Therefore, it is important to analyze the relevant curriculum to identify the direction of fostering women's information security workforce. Therefore, in this paper, the education and training programs of the department for training women's information security workforce based in Seoul area of the Korean metropolitan area were analyzed. The main research objective of this paper is to review whether the education and training system, which consists of the department of women's information security human resources development, is in line with the direction of NIST's human resources development. The research focus was on what the women's information security department organizes courses with each security major and what task training is interested in. In addition, in this paper, we were confirmed that the curriculum of the relevant major is based on the NIST Human Resources Development Framework, and that the majors of the relevant universities have an education and training system that conforms to the relevant task. In conclusion, the related majors are judged to be focused on the development of certification evaluation personnel of convergence industry security or information security development personnel, and general cyber security personnel.