• The Journal of Society for e-Business Studies
• /
• v.26 no.3
• /
• pp.119-132
• /
• 2021

Identification of associated knowledge based on content relevance is a fundamental functionality in managing service and security of core knowledge. This study compares the performance of methods to identify associated knowledge based on content relevance, i.e., the associated document network composition performance of keyword-based and word-embedding approach, to examine which method exhibits superior performance in terms of quantitative and qualitative perspectives. As a result, the keyword-based approach showed superior performance in core document identification and semantic information representation, while the word embedding approach showed superior performance in F1-Score and Accuracy, association intensity representation, and large-volume document processing. This study can be utilized for more realistic associated knowledge service management, reflecting the needs of companies and users.

• Informatization Policy
• /
• v.25 no.1
• /
• pp.99-114
• /
• 2018

In the past, organizations tended to focus on physical and technical aspects of managing corporate's information security (IS), rather than the aspect of human resources related to IS. Recently, increasing security incidents caused by organization members raise the issue of how to improve employees' compliance with security policies. This study conducted a field experiment to examine the effect of security awareness training and technical security services on employee's security behaviors. In Study 1, the number of spam opening cases were measured right after the IS training and re-measured three months later. In Study 2, a spam warning message was provided and then the number of employees' spam opening cases were counted to find out the effect of security services. It was found that both the IS training and the technical IS service were effective; they significantly decreased spam opening rates. However, the training effect did not last longer than three months. These findings suggest that organizations need to consider providing regular training programs and supplementary technical services to improve employees' compliance with security policies.

• The Journal of the Korea Contents Association
• /
• v.14 no.6
• /
• pp.1-10
• /
• 2014

Through the development of internet mobile devices and online business activation, sensitive data of unspecified user is being easily exposed. In such an open business environment, the outflow of sensitive personal information has often been remarked on recently for which adoption of encryption solution for database became top priority in terms of importance. In 2011, government also legislated for the protection of personal information as an information network law, and is now applying the law to a variety of industries. Firms began to comply with these regulations by establishing various measures for protection of personal information and are now quickly introducing encryption solution to reinforce security of personal information they are managing. In this paper, I present architecture and technological parts that should be considered when introducing security solution.

• Korean Security Journal
• /
• no.34
• /
• pp.279-311
• /
• 2013

This study is to explore the development of Korean National Emergency Management System. For the study's purpose, the concept of Emergency, Emergency Management and the existing system and related laws of National Emergency Management have been reviewed. In South Korea, the concept of National Emergency Management contains the variety concept of emergency management; safety management, security management, risk management and disaster management etc. and sometimes using them interchangeably. In addition, there are several laws related to emergency management, making different agencies managing inter-related emergency without nationalized coordination and control tower that results in ineffective management of national emergency. This study attempts to clarify the concept of national emergency and to suggest the necessity of National Integrated Emergency Management System(IEMS). Then, it suggests existing system and related laws's integrate for the development of South Korean National Emergency Management System.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.29-36
• /
• 2015

The hacking threats made against the Korea Hydro & Nuclear Power(KNDP) and the leakage of critical information on nuclear power safety raised the public awareness on the importance of protecting and managing national infrastructure necessary for sustaining the state and society. Cyber security activities and relevant institutions in the ROK, however, are still insufficient, because of which there is a possibility that similar incidents would reoccur and cause serious damages. Hence, a grave and direct threat is posed to the national security of the ROK. In this thesis, I would like to give my analysis and assessment on the recent cyber intrusions against infrastructure at home and abroad, measures established in response and their implementation, and the deficiency of the existing infrastructure protection system ; and lastly propose measures to reinforce infrastructure protection of the ROK.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.673-689
• /
• 2015

Resident Registration Number(RRN) has been used broadly by public institutions or civilian departments as a means of personal identification due to its effectiveness and convenience in managing the information. Recently, because of personal information leakage including resident registration number, the potential damage is increasing public anxiety. In this situation, there have been demands requiring systems that can end the link between the resident registration number and personal information. In order to solve the problem, multiple alternatives are under consideration. In this research, we will discuss limits, needs for change of the system, and the basic concepts or traits that new registration number require. Also, by comparing the alternatives being discussed, we will analyze personal information security level and the cost required for reorganizing the system to present alternative that has high effectiveness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1089-1097
• /
• 2019

An era of smart manufacturing is coming through the rapid development of information and communication technology. As a result, many companies have begun to utilize a variety of hardware and software for the efficient business of the manufacturing process. At this time, the hardware and software used are supplied through manufacturing and distribution processes. These supply processes are exposed to a variety of security threats. As the recent cases of supply chain attacks have increased, foreign countries are establishing supply chain management systems and managing supply chain risks. In Korea, on the other hand, there was research on supply chain risk management in some fields. In this paper, we emphasizes the necessity of supply chain risk management through supply chain attack cases. In addition, we analyze trends of foreign supply chain management system and explains the necessity of domestic supply chain security strategy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.121-129
• /
• 2008

This paper presents vulnerability identification method based on meaning which is making use of the concept of atomic vulnerability. Also, we are making use of decomposition and specialization processes which were used in DEVS/SES to get identifiers. This vulnerability representation method is useful for managing and removing vulnerability in organized way. It is helpful to make a relation between vulnerability assessing and intrusion detection rules in lower level. The relation enables security manager to response more quickly and conveniently. Especially, this paper shows a mapping between Nessus plugins and Snort rules using meaning based vulnerability identification method and lists usages based on three goals that security officer keeps in mind about vulnerability. The contribution of this work is in suggestion of meaning based vulnerability identification method and showing the cases of its usage for the rule integration of vulnerability assessment and intrusion detection.

• Korean Security Journal
• /
• no.48
• /
• pp.113-146
• /
• 2016

Criminal profiling is a effective and efficient measure for enhancing industrial security of casino business. Particularly, developing criminal profiling of deviant behaviors in casino will help security management to become more effective and efficient in practical ways. Unfortunately, however, there is lack of empirical profiling study in this regard. To fill the vacuum of literature on this topic, this study was purported to create offender profiles of different types of deviant behaviors in casino based on various theories and techniques in criminal profiling literature, such as investigative psychology, linkage analysis, and behavioral evidence analysis. To fulfill the purposes, this study collected behavioral evidence from 90 casino security officers in South Korea. Offenders' behavioral evidence was analyzed to develop offender profiles of seven different types of deviant behaviors, and then the profiles were compared with each profiles that security officers focus on to identify offenders during their work hours. Results showed that, first, there were unique profiles of each type of seven different categories of deviant behaviors in terms of offenders' ways of speaking and acting, their appearance and attitudes. In addition, this study found that there were some amount of gaps between actual offenders' profiles and profiles that security officers have in mind. Based on the results, this study provided policy implications in terms of managing casino industrial security, education and training for security officers, and future study on casino security.

• 한국HCI학회:학술대회논문집
• /
• 2008.02a
• /
• pp.269-273
• /
• 2008

In ubiquitous environments, clients move between domains freely and its activities in the other domains are growth. Like this environment, the service provider makes access or activity records what they are provided to clients. This record can make a privacy problem to recognize a person or trace some works. So this record must be kept and managed by user instead of the service provider. In this paper, we propose a system that can gather those records from the service provider to home domain server which client's managing by themselves. In addition, if remote domain manager requests that record by the legal process, system can transfer only a range of information which allowed by client to keep personal privacy.