• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.19-24
• /
• 2021

The purpose of this study was to add CPTED to the information security area. The control items of ISO 27001 (11 types) and the application principles of CPTED (6 types) were mapped. And the relevance between the items was verified through the FGI meeting through 12 security experts. As a result of the survey, the control items with a relevance of at least 60% on average are security policy, physical and environmental security, accident management, and conformity. As a result, the comprehensive policy was shared with CPTED's items as a whole. The specialized control items are security organization, asset management, personnel security, operation management, access control, system maintenance, and continuity management. However, specialized control items were mapped with each item of CPTED. Therefore, information security certification and septed are related. As a result, environmental security can be added to the three major areas of security: administrative security, technical security, and physical security.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.491-494
• /
• 2019

The results from the analysis of recent security breach cases of industrial control systems revealed that most of them were caused by the employees of a partner company who had been managing the control system. For this reason, the majority of the current company security management systems have been developed focusing on their performances. Despite such effort, many hacking attempts against a major company, public institution or financial institution are still attempted by the partner company or outsourced employees. Thus, the institutions or organizations that manage Industrial Control Systems (ICSs) associated with major national infrastructures involving traffic, water resources, energy, etc. are putting emphasis on their security management as the role of those partners is increasingly becoming important as outsourcing security task has become a common practice. However, in reality, it is also a fact that this is the point where security is most vulnerable and various security management plans have been continuously studied and proposed. A system that enhances the security level of a partner company with a Virtual Desktop Infrastructure (VDI) has been developed in this study through research on the past performances of partner companies stationed at various types of industrial control infrastructures and its performance outcomes were statistically compiled to propose an appropriate model for the current ICSs by comparing vulnerabilities, measures taken and their results before and after adopting the VDI.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.1051-1055
• /
• 2003

Policies are collections of general principles specifying the desired behavior and state of a system. Network management is mainly carried out by following policies about the behavior of the resources in the network. Policy-based (PB) network management supports to manage distributed system in a flexible and dynamic way. This paper focuses on configuration management based on Internet Engineering Task Force (IETF) standards. Network security approaches include the usage of intrusion detection system to detect the intrusion, building firewall to protect the internal systems and network. This paper presents how the policy-based framework is collaborated among the network security systems (intrusion detection system, firewall) and intrusion detection systems are cooperated to detect the intrusions.

• Asia pacific journal of information systems
• /
• v.31 no.2
• /
• pp.236-256
• /
• 2021

Online financial technology products are an important consumer finance innovation. While a large body of previous research has focused on initial adoption and consumer willingness to use these products, little research explores the continued use of these products beyond the initial adoption phase. In particular, special attention should be paid to how users' trust and perceptions of privacy and security affect continued use behavior. This paper integrates the expectation confirmation model of information system continuance (ECM-ISC), the information system success model (ISSM) and the security and trust literatures to investigate continued use of online financial technology. To test the research model, we collected 398 valid questionnaires from Ant Credit Pay users. The research results show that system and service quality positively impact users' expectation confirmation, while information quality has no significant impact. Expectation confirmation and perceived usefulness positively affect user satisfaction. Moreover, the user's perception of privacy and security plays a vital role in user satisfaction. Satisfaction and perceived trust jointly promote users' continuance behaviors. Findings of this study indicates the importance of the information system success factors and security factors due to their influence on the continued use of Fintech products. This conclusion has implications for enterprises in improving the product qualities and enhancing the degree of security to meet user needs.

• Journal of Information Technology Applications and Management
• /
• v.26 no.2
• /
• pp.27-40
• /
• 2019

As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.21-28
• /
• 2006

Beginning flag security it was limited in Firewall but currently many information security solutions like Anti-virus, IDS, Firewall are come to be many. For efficiently managing different kinds of information security products ESM (Enterprise Security management) are developed and operated. Recently over the integrated security management system, TMS (Threat Management System) is rising in new area of interest. It follows in change of like this information security product and also collection information is being turning out diversification. For managing cyber threats, we have to analysis qualitative information (like vulnerabilities and malware codes, security news) as well as the quantity event logs which are from information security products of past. Information Threats and Vulnerability Auto Collector raises the accuracy of cyber threat judgement and can be utilized to respond the cyber threat which does not occur still by gathering qualitative information as well as quantity information.

• Journal of Information Processing Systems
• /
• v.2 no.2
• /
• pp.95-100
• /
• 2006

While conventional business administration-based information technology management methods are applied to the risk analysis of information systems, no security risk analysis techniques have been used in relation to information protection. In particular, given the rapid diffusion of information systems and the demand for information protection, it is vital to develop security risk analysis techniques. Therefore, this paper will suggest an ideal risk analysis process for information systems. To prove the usefulness of this security risk analysis process, this paper will show the results of managed, physical and technical security risk analysis that are derived from investigating and analyzing the conventional information protection items of an information system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• Knowledge Management Research
• /
• v.21 no.3
• /
• pp.197-213
• /
• 2020

This study analyzed the impact of information security service company certification on financial performance. The purpose of this study was to analyze the effect of the "Information Security Service Certification Company" system from a financial point of view for information security service certified & non-certified companies, and listed & unlisted companies. From a financial point of view, performance analysis was conducted using two-way ANOVA on sales, operating profit, and profit rate. This study verified whether there is a difference in management performance between an information security service certified company and an uncertified company. In the financial performance indicators of sales, operating profit, and profit rate, the information security service certification system showed an impact on financial performance because the information security service certification company showed better management performance than the uncertified company. The implications of this study are that the empirical performance analysis from the financial point of view of the information security service certified company system can be used as a basis for negative regulatory policies to revitalize the information security industry in the future, contributing to the growth of information security companies with excellent growth potential.

• 한국디지털정책학회:학술대회논문집
• /
• 2004.11a
• /
• pp.221-229
• /
• 2004

This paper aims at developing communication module and application prcgram for client management module and developing database management module and managing wireless communication facilities for server systems. To construct these aims, we have adapted DES algorithm and researched on encrypting and decrypting module development applicable to SMS Security System and optimize module size and processing speed.