• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.1-13
• /
• 2022

With the development of network technologies, the security to protect organizational resources from internal and external intrusions and threats becomes more important. Therefore in recent years, the anomaly detection algorithm that detects and prevents security threats with respect to various security log events has been actively studied. Security anomaly detection algorithms that have been developed based on rule-based or statistical learning in the past are gradually evolving into modeling based on machine learning and deep learning. In this study, we propose a deep-autoencoder model that transforms LSTM-autoencoder as an optimal algorithm to detect insider threats in advance using various machine learning analysis methodologies. This study has academic significance in that it improved the possibility of adaptive security through the development of an anomaly detection algorithm based on unsupervised learning, and reduced the false positive rate compared to the existing algorithm through supervised true positive labeling.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.348-351
• /
• 2021

본 논문에서는 지속적으로 늘어나고 있는 내부의 유출자를 탐지하기위해 컨소시엄 블록체인 기술을 활용하여 기업간 직원의 PC사용 행위 로그 데이터를 가명처리하여 블록에 기록하여 네트워크에 참여한 다른 기업들간의 안전한 공유를 통해 내부자 유출 데이터 및 시나리오의 확장하여 내부에서의 유출을 탐지할 수 있는 데이터 셋을 확보하는 연구를 제안한다. 현재 내부자 위협탐지의 한계점중 가장 큰 요소를 차지하는 부족한 실제 사례의 내부자 유출 데이터 셋의 문제점을 본 연구를 통해서 네트워크 참여 기업간의 내부자 유출 데이터를 확장하고 타기업의 유출 사례를 활용해 기업에서 발생할 수 있는 내부자 유출을 미연에 방지할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.259-273
• /
• 2016

After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.957-966
• /
• 2020

According to the recent statistics of the National Industrial Security Center, about 80% of the confidential leak are caused by former and current employees in the case of domestic confidential leak accidents. Most of the information leak incidents by these insiders are due to poor security management system and information leak detection technology. Blocking confidential leak of insiders is a very important issue in the corporate security sector, but many previous researches have focused on responding to intrusions by external threats rather than by insider threats. Therefore, in this research, we design an internal information leak scenario to effectively and efficiently detect various abnormalities occurring in the enterprise, analyze the key indicators of the leak symptoms derived from the scenarios by using data analytics and propose a model that accurately detects leak activities.

• Information Systems Review
• /
• v.18 no.1
• /
• pp.1-23
• /
• 2016

This study proposes an alternative to minimize insider-caused security threats that are relatively difficult to control and cause high uncertainty in information security management. Therefore, we investigate the relationship between organizational effort and the security understanding of employees to eventually enhance security compliance intention among employees. We develop a research model and formulate hypotheses on the basis of past findings. Accomplished questionnaires are collected from 526 employees working in organizations where information security policy is being implemented. In addition, we prove the hypotheses using a structural model. After reviewing the structural model, the security knowledge of employees and information security culture are determined to positively influence the security compliance intention of employees. Moreover, top management support, security policy, security visibility, and security education programs are proven to be antecedent factors in establishing a security culture in organizations. The findings of this study could guide organizations in formulating information security strategies to enhance the security compliance intention of employees.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.987-997
• /
• 2012

A Point-of-Sales (POS) terminal manages the selling process by a salesperson accessible interface in real time. Using a POS system makes a business and customer management much more efficient. For these reasons, many store install POS terminal and used it. But it has many problem that stealing personal information by hacking and insider corruption. Because POS system stored payment information like that sales information, card valid period, and password. In this paper, I proposed software integrity verification technique in POS system based on White list. This method can prevent accidents that personal information leak by hacking and POS system forge and falsification. This proposed method provides software integrity, so it can prevent inside and outside threats in advance.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.87-98
• /
• 2019

In recent years, many organizations protect their information resources by investing in information security technology. However, information security threats from insiders have not been reduced. This study proposes a method for reducing information security threats within an organization by mitigating negative information security behaviors of employees. Specifically, the study finds a relationship between information security related role stress and negative behavior and suggests whether organizational justice mitigates role stress. That is, the purpose of the study is to suggest a mechanism between organizational justice, information security related role stress, and negative behavior. Negative behavior consist of avoidance behavior and deviant behavior, and security related role stress consist of role conflict and role ambiguity. Organizational justice consist of distributional justice, procedural justice, and informational justice. The research model is verified through structural equation modeling. After establishing a research model and hypothesis, we develop a survey questionnaire and collect data from 383 employees whose organizations have already implemented security policies. The findings appear that security related role stress increases negative behavior and that organizational justice mitigates role stress. The results of the analysis suggest the direction of organizational strategy for minimizing insider's security-related negative behaviors.

• Korean Security Journal
• /
• no.26
• /
• pp.29-58
• /
• 2011

Since 11 September 2001, warnings of risk in the nexus of terrorism and nuclear weapons and materials which poses one of the gravest threats to the international community have continued. The purpose of this study is to analyze the aim, principles, characteristics, activities, impediments to progress and developmental recommendation of the Global Initiative to Combat Nuclear Terrorism(GICNT). In addition, it suggests implications of the GICNT for the ROK policy. International community will need a comprehensive strategy with four key elements to accomplish the GICNT: (1) securing and reducing nuclear stockpiles around the world, (2) countering terrorist nuclear plots, (3) preventing and deterring state transfers of nuclear weapons or materials to terrorists, (4) interdicting nuclear smuggling. Moreover, other steps should be taken to build the needed sense of urgency, including: (1) analysis and assessment through joint threat briefing for real nuclear threat possibility, (2) nuclear terrorism exercises, (3) fast-paced nuclear security reviews, (4) realistic testing of nuclear security performance to defeat insider or outsider threats, (5) preparing shared database of threats and incidents. As for the ROK, main concerns are transfer of North Korea's nuclear weapons, materials and technology to international terror groups and attacks on nuclear facilities and uses of nuclear devices. As the 5th nuclear country, the ROK has strengthened systems of physical protection and nuclear counterterrorism based on the international conventions. In order to comprehensive and effective prevention of nuclear terrorism, the ROK has to strengthen nuclear detection instruments and mobile radiation monitoring system in airports, ports, road networks, and national critical infrastructures. Furthermore, it has to draw up effective crisis management manual and prepare nuclear counterterrorism exercises and operational postures. The fundamental key to the prevention, detection and response to nuclear terrorism which leads to catastrophic impacts is to establish not only domestic law, institution and systems, but also strengthen international cooperation.