• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.1-6
• /
• 2009

Current paradigm of industrial security is changing into the effective operation and management from simple establishment of security equipments. If the physical security system(entry control system, video security system, etc.) and the IT integrated security control system are conversed, it makes us possible to prevent, disrupt and track afterwards the insider's information leakage through the risk and security management of enterprise. That is, Without the additional expansion of the existing physical security and IT security manpower, the establishment of systematic conversion security management process in a short time is possible and can be expected the effective operation of professional organization system at all times. Now it is needed to build up integrated security management system as an individual technique including the security event collection and integrated management, the post connected tracking management in the case of security accident, the pattern definition and real time observation of information leakage and security violation, the rapid judgement and response/measure to the attempt of information leakage and security violation, the establishment of security policy by stages and systematically and conversion security.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.53-58
• /
• 2012

Network Access Control System that is one of the efforts to protect the information of internal applies to effectively control of insider and automatic network management and security. However, it has some problems : spoofing the authorized PC or mobile devices, connect to the internal network using a system that authorized users are away. In addition, information leakage due to malicious code in the same system. So in this paper, Network 2-Factor Access Control System based on RFID security control system is proposed for safety communication environment that performing a two-factor authentication using authorized user and devices to connect to the internal network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.79-90
• /
• 2017

If digital forensic investigators can utilize file access logs when they audit insider information leakage cases or incident cases, it would be helpful to understand user's behaviors more clearly. There are many known artifacts related to file access in MS Windows. But each of the artifacts often lacks critical information, and they are usually not preserved for enough time. So it is hard to track down what has happened in a real case. In this thesis, I suggest a method to utilize SACL(System Access Control List) which is one of the audit functions provided by MS Windows. By applying this method of strengthening the Windows's audit settings, even small organizations that cannot adopt security solutions can build better environment for conducting digital forensic when an incident occurs.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.4
• /
• pp.357-364
• /
• 2019

As industrial information disclosure by insider's rate is around 80%, most of relevant researches explain briefly its causes are discontent of salary or human resources system. This paper scrapes texts on Jobplanet, an anonymous company review website and analyzes discontent keyword by 7 related area and their contexts to find out more details on brief causes referred above. After drawing LGG (Local Grammar Graph) by each areas with related dictionary list, this paper shows an example of concordance as a proof and several ways for human resources leakage prevention. Finally, text analysis results are compared with previous researches based on survey with limited questions and answers. This study is meaningful to expand the scope of employee discontent analysis with company review text and provide more specific, granular and honest discontent vocabularies.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.5
• /
• pp.105-116
• /
• 2019

Most of the public and private buildings in Korea are installing CCTV for crime prevention and follow-up action, insider security, facility safety, and fire prevention, and the number of installations is increasing each year. In the questionnaire conducted on the increasing CCTV, many reactions were positive in terms of the prevention of crime that could occur due to the installation, rather than negative views such as privacy violation caused by CCTV shooting. However, CCTV poses a lot of privacy risks, and when the image data is collected using the cloud, the personal information of the subject can be leaked. InseCam relayed the CCTV surveillance video of each country in real time, including the front camera of the notebook computer, which caused a big issue. In this paper, we introduce a system to prevent leakage of private information and enhance the security of the cloud system by processing the privacy technique on image information about a subject photographed through CCTV.

• Smart Media Journal
• /
• v.11 no.10
• /
• pp.46-53
• /
• 2022

Today, due to the 4th industrial revolution and extensive R&D funding, domestic companies have begun to possess world-class industrial technologies and have grown into important assets. The national government has designated it as a "national core technology" in order to protect companies' critical industrial technologies. Particularly, technology leaks in the shipbuilding, display, and semiconductor industries can result in a significant loss of competitiveness not only at the company level but also at the national level. Every year, there are more insider leaks, ransomware attacks, and attempts to steal industrial technology through industrial spy. The stolen industrial technology is then traded covertly on the dark web. In this paper, we propose a system for detecting industrial technology leaks in the dark web environment. The proposed model first builds a database through dark web crawling using information collected from the OSINT environment. Afterwards, keywords for industrial technology leakage are extracted using the KeyBERT model, and signs of industrial technology leakage in the dark web environment are proposed as quantitative figures. Finally, based on the identified industrial technology leakage sites in the dark web environment, the possibility of secondary leakage is detected through the PageRank algorithm. The proposed method accepted for the collection of 27,317 unique dark web domains and the extraction of 15,028 nuclear energy-related keywords from 100 nuclear power patents. 12 dark web sites identified as a result of detecting secondary leaks based on the highest nuclear leak dark web sites.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.647-656
• /
• 2020

Recently, there has been an increasing number of cases in which important data (personal information, technology, etc.) of national and public institutions are leaked to the outside world. Surveys show that the largest cause of such leakage accidents is "insiders." Insiders of organization with the most authority can cause more damage than technology leaks caused by external attacks due to the organization. This is due to the characteristics of insiders who have relatively easy access to the organization's major assets. This study aims to present an optimized property selection model for detecting such abnormalities through supervised learning algorithms among machine learning techniques using actual data such as CrossNet data transfer system transmission log, e-mail transmission log, and personnel information, which safely transmits data between separate areas (security area and non-security area) of the business network and the Internet network.

• Journal of Advanced Navigation Technology
• /
• v.15 no.3
• /
• pp.462-470
• /
• 2011

Since, Davis(1991) has proposed the TAM(Technology Acceptance Model) through a literature review of informatization promotion, which insists that a user conveniency is judged by the degree of effectiveness caused by IT, the advancement of IT such as the Internet, e-mail, electronic data exchange, and groupware have brought into various changes in ordinary corporations and public institutions. However, with the right function, the advancement of IT has provided various benefits including additional reverse functions. Based on an integrated environment of business process, unauthorized user could access to information and a management of information becomes more difficult than before due to informatization of critical information. Furthermore, external hacking or information leakage by insider becomes easier owing to advancement in communication technology. This study has tried to develop a specified management procedure and implementation method for confidential documents.

• KIISE Transactions on Computing Practices
• /
• v.22 no.7
• /
• pp.332-337
• /
• 2016

System administrator or security managers need to collect logs of computing device (desktop or server), which are used for the purpose of cause-analysis of security incident and discover if damage to system was either caused by hacking or computer virus. Furthermore, appropriate log maintenance helps preventing security breech incidents through identification of vulnerability. In addition, it can be utilized for prevention of data leakage through the insider. In the paper, we present log collection system developed using open source supported by commands and basic methods of Windows. Furthermore, we aim to collect log information to enable search and analysis from diverse perspectives and to propose a way to integrate with open source-based search engine system.

• The Journal of the Korea Contents Association
• /
• v.19 no.12
• /
• pp.313-320
• /
• 2019

One of the causes of many damage cases that occur today by hacking attack is social engineering attack. The attacker is usually a malicious traitor or an ignorant insider. As a solution, we are strengthening security training for all employees in the organization. Nevertheless, there are frequent situations in which computers are shared. In this case, the person in charge of the computer has difficulty in tracking and responding when a specific representative accessed and what a specific representative did. In this paper, we propose the method that the person in charge of the computer tracks in real time through the smartphone when a representative access the computer, when a representative access offline using hacked or shared authentication. Also, we propose a method to prevent the leakage of important information by encrypting and backing up important files of the PC through the smartphone in case of abnormal access.