• Journal of the Society of Disaster Information
• /
• v.17 no.2
• /
• pp.375-390
• /
• 2021

Purpose: Most of cybersecurity breaches occur in SMEs. As the existing cybersecurity framework and certification system are mainly focused on financial and large companies, it is difficult for SMEs to utilize it due to lack of cybersecurity budget and manpower. So it is necessary to come up with measures to allow SMEs to voluntarily manage cyber risks. Method: After reviewing Cybersecurity market, cybersecurity items of financial institutions, cybersecurity framework comparison and cybersecurity incidents reported in the media, the criticality of cybersecurity items was analyzed through AHP analysis. And cybersecurity items of non-life insurers were also investigated and made a comparison between them. Result: Cyber risk management methods for SMEs were proposed for 20 major causes of cyber accidents. Conclusion: We hope that the cybersecurity risk assessment measures of SMEs in Korea will help them assess their risks when they sign up for cyber insurance, and that cyber risk assessment also needs to be linked to ERM standardization.

• Safety and Health at Work
• /
• v.11 no.4
• /
• pp.450-457
• /
• 2020

Background: The production of glass beads in Ghana is greatly impacted by the ingenuity of Ghanaian women. Preliminary investigations revealed the lack of interest on the part of women due to poor working conditions as a result of the influence of culture-specific silence. Therefore, the study investigated the poor working conditions faced by these industrious women with the ultimate goal of suggesting ways they can be empowered. Methods: A phenomenological study was conducted in two indigenous glass bead communities in Ghana. Data were solicited via direct observations, personal interviews and focus group discussions. Twenty-six purposively sampled respondents were recruited for the study. Data from the study were analyzed using Interpretative Phenomenological Analysis. Results: The results confirmed that the elderly women glass bead makers are much influenced by the Ghanaian culture of silence. This prevents the women from speaking about the challenges they are facing in their work. Also, the women are silenced because of the fear of losing their jobs as well as the reluctance of their male managers to remedy the challenges they encounter in the course of work. This has resulted in poor remuneration, lack of insurance packages for workers, certification, and absence of personal protective tools for the women. Conclusion: The study tasks the government of Ghana, the Legal Advocacy for Women in Africa (LAWA), the Fair Wages and Salaries Commission in Ghana, the Ghana Trade Union as well as the Local Government Workers' Union to empower the women to sustain the glass bead industry in Ghana.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.3
• /
• pp.19-26
• /
• 2023

Critical information infrastructure designations for cloud service providers continue to spread around the world as energy, financial services, health, telecommunications, and transportation sectors move to the cloud. In addition, in the case of Ukraine, the removal of restrictions on the use of cloud for national critical facilities and the rapid transition of critical data to the cloud enabled the country to effectively respond to cyberattacks targeting Russian infrastructure. In Korea, the ISMS-P is operated to implement a systematic and comprehensive information protection management system and to improve the level of information protection and personal information protection management in organizations. Control items considering the cloud environment have been modified and added to the audit of companies. However, due to the different technical levels of clouds between domestic and global, it is not easy to obtain information on the findings of cloud providers such as Microsoft for the training of domestic certification auditors on hyperscale scale. Therefore, this paper analyzes findings in hyperscale clouds and suggests ways to improve cloud-specific control items by considering the compatibility of hyperscale environments with ISO/IEC 27001 and SOC(System and Organization Control) security international standards.

• Korean Medical Education Review
• /
• v.14 no.2
• /
• pp.95-101
• /
• 2012

As North Korea passed from the Devotion (Jeongseong) movement to the black market (Jangmadang) system, the medical service system in that country was effectively destroyed. North Korean physicians who have successfully defected to South Korea (North Korean defector physicians, NKDPs) have experienced socio-economic hardships on their way to becoming incorporated into the South Korean medical system due to different medico- social cultures, different (English-based) medical terminology, and the clinical knowledge gap between North and South Korea. Since 2009, we have operated programs at the Seoul Medical Center to help NKDPs prepare for the South Korean medical licensing examination. These programs consist of clinical education at the medical center, personal mentoring, arrangement of educational programs at the medical college, mock tests at the consortium, and administrative aid. Looking forward, we hope to achieve the following: 1) More systematic support plans are needed involving medical education experts, field physicians, and experts on reunification. 2) An evaluation of defector physicians' current medical knowledge may provide information about the areas where supplementary education is most needed and the standards for certificating licenses. 3) In the short term, a customized glossary should be developed to assist defector physicians prepare for the examination. 4) To secure internships and residencies is the most important issue for further sustained training of NKDP physicians to become good clinicians after certification. Hopefully, this short report on the current ongoing educational course will lead to more extensive discussion.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.12
• /
• pp.2670-2678
• /
• 2011

Because of the development of IPTV, user is provided service of multimedia data regardless the location. But the number of users who try to get service of IPTV game illegally is also increasing. In this paper, user authentication protocol in IPTV housing using PIN code not to access easily for teenagers not to access to prohibited games. The proposed protocol combines authority data in IPTV household and creates a disposable password using PIN code to prevent teenagers from accessing illegally to the prohibited games and saves the data in certification server and set-top box to prevent forced accessing.

• Journal of the Korean Society of Safety
• /
• v.27 no.5
• /
• pp.30-34
• /
• 2012

A safety helmet is a personal protective equipment to protect the head from falling and flying objects. A safety helmet has the maximum delivered impact force as shock absorption performance, the lower delivered impact force the better performance, which was not a controlled variety during manufacturing safety helmet. Accordingly there were some difficulties in establishing the standard for improved performance as there was not a clear controllable impact force for improved performance. In this study the shock absorption performance was intended to be found as coefficient of restitution related to impulse. As a research method, a coefficient of restitution during the absorption of shock was calculated using the impulse transferred to pharynx utilizing the safety helmet shock absorption performance testing device based on the theory of momentum and impulse. The estimated impulsive force curve was derived assuming that shock was not absorbed using the measured data. The sample was selected as tested goods of ABS material for safety certification available mainly in the market. As a result of study, the maximum delivered impact force of safety helmet made by a domestic safety certified a company was 735 N, and its coefficient of restitution proved to be 0.64. The smaller coefficient of restitution is, the lower maximum delivered impact force and the higher shock absorption performance. The coefficient of restitution can be used as a performance index of safety helmet.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.4
• /
• pp.22-29
• /
• 2003

In the virtual home environment (VHE), which was proposed to offer global roaming and personal service environment portability, user's profiles and service logics are conveyed from home network to visited network to provide services at the visited network. Because user's profiles and service logics may contain confidential information, some procedures for mutual authentication among entities for offering confidence are needed. For these issues, we propose and analyze three 3-Party mutual authentication Protocols adaptable to the VHE in 3G ; password based mutual authentication protocol, mutual authentication protocol with CHAP and key exchange and mutual authentication protocol with trusted third party.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.1
• /
• pp.51-58
• /
• 2013

This paper describes the design and implementation of the PKI-based EAI system which is used for delivery of sensitive personal information between business systems. For this purpose, we propose a key exchange protocol with some key process : Diffie-Hellman Schema is used to provide forward secrecy, public key-based digital signature is used for EAI Server authentication, data integrity. In addition, in order to minimize the performance impact on the overall EAI systems. The EAI server was designed simply to be used only as a gateway. This paper shows the implementation of Korea public key authentication algorithm standard and a symmetric encryption algorithm for data encryption.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1605-1618
• /
• 2016

In recent years, security incidents - such as personal information leakage, homepage hacking, DDoS and etc. - targeting finance companies(banks, securities companies, credit card companies, insurance companies and etc.) have increased steadily. In this paper, we analyze problems of information security management level in the existing electronic financial infrastructure from perspective of compliance and information security certification system and propose improvements to enable sustainable high level of information security activities under a comprehensive management system for the financial sector characteristics using ISMS, SECU-STAR and CNIVAM system.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.27-35
• /
• 2018

The certificate is electronic information issued by an accredited certification body to certify an individual or to prevent forgery and alteration between communications. Certified certificates are stored in PCs and smart phones in the form of encrypted files and are used to prove individuals when using Internet banking and smart banking services. Among the rapidly growing Android-based malicious applications are malicious apps that leak personal information, especially certificates that exist in the form of files. This paper proposes a method for judging whether malicious codes leak certificates by using DroidBox, an Android-based dynamic analysis tool.