• Research in Community and Public Health Nursing
• /
• v.23 no.3
• /
• pp.296-306
• /
• 2012

Purpose: This study was conducted to measure the relationships between ecological factors and Navy personnel's physical activity (PA) based on McLeroy's Ecological model. Methods: A cross-sectional survey was conducted with a convenience sample of 184 Navy personnel working in 10 Navyships. A self-reporting questionnaire consisted of measures of intrapersonal, interpersonal, organizational and community factors related to Navy personnel` s PA. Data were analyzed by descriptive statistics, $x^2$-test, t-test, analysis of variance, and hierarchical multiple regression using SPSS/WIN 17.0 programs. Results: Their mean PA level was $2,848.1{\pm}3,344.5$ MET-min/week, and mostly moderate level (50.5%). Hierarchical multiple regression analysis showed that religion, working department, working type, perceived health status and community environment were significant PA correlates. Conclusion: Community environmental factors as well as intrapersonal factors were significantly associated with Navy personnel's PA, indicating that community health nurses should expand an approach for individual-level behavioral change to incorporate Navy personnel specific community environmental barriers into PA interventions.

• Journal of Information Technology Applications and Management
• /
• v.13 no.2
• /
• pp.127-143
• /
• 2006

As the number of Internet users increases, online shopping malls are gradually flourishing and sales are continuously growing. However, since consumers are not able to check what they purchase when buying products on the Internet, they are bound to have higher risk perception than buying directly from off-line stores. Especially, sporting goods require a special attention because a preliminary test is important. Therefore, the risk perception is much higher when people purchase sporting goods online. This study first identifies the multi-dimensionality of risk perception. Then, it investigates whether online purchasing experience of sporting goods makes differences in the level of risk perception. In addition, it examines whether the risk perception by those who had an experience in purchasing sporting goods online affects the customer satisfaction. This study has identified five dimensions in the concept of risk perception, such as financial risk, performance risk, security risk, delivery risk, and psychological/physical risk. A statistical analysis shows that people without an experience in purchasing sporting goods online have perceived significantly higher performance risk, security risk, and psychological/physical risk than those with online purchasing experiences. Finally, this study has found that delivery risk, financial risk, and psychological/physical risk have significant negative influences on the customer satisfaction.

• Journal of radiological science and technology
• /
• v.31 no.4
• /
• pp.347-353
• /
• 2008

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.25-32
• /
• 2020

In the midst of the rising need for Industrial Security experts, the development of National Competency Standards(NCS) with regards to industrial security is a very important and urgent task. The NCS standardizes university-level academic curriculum and qualification systems and connects them with the industry's needs. This study has extracted, classified and analyzed security-related jobs and tasks requiring security expertise that is required within NCS. Through this study, many tasks have been confirmed to require security competencies that are different from those in IT-security, physical security that already exist as a NCS tasks. It is expected that the industry's needs of industrial security expertise will be reflected in future NCS development, which will be used as basic data for systematizing industrial security jobs and competency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.10
• /
• pp.2862-2882
• /
• 2023

With the development of networking technology, it has become common to use various types of network services to replace physical ones. Among all such services, electronic voting is one example that tends to be popularized in many countries. However, due to certain concerns regarding information security, traditional paper voting mechanisms are still widely adopted in large-scale elections. This study utilizes blockchain technology to design a novel electronic voting mechanism. Relying on the transparency, decentralization, and verifiability of the blockchain, it becomes possible to remove the reliance on trusted third parties and also to enhance the level of trust of voters in the mechanism. Besides, the mechanism of blind signature with its complexity as difficult as solving an elliptic curve discrete logarithmic problem is adopted to strengthen the features related to the security of electronic voting. Last but not least, the mechanism of self-certification is incorporated to substitute the centralized certificate authority. Therefore, the voters can generate the public/private keys by themselves to mitigate the possible risks of impersonation by the certificate authority (i.e., a trusted third party). The BAN logic analysis and the investigation for several key security features are conducted to verify that such a design is sufficiently secure. Since it is expected to raise the level of trust of voters in electronic voting, extra costs for re-verifying the results due to distrust will therefore be reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.661-666
• /
• 2016

The Internet of Things (IoT) is an infrastructure of physical objects that could be connected to the Internet. Most of these are low performance to ensure a reasonable cost for the smart physical objects. Thus, these devices usually use a lightweight messaging protocol: message queue telemetry transport with SSL/TLS. Cipher suites in device are fixed by default and selected based on preference in SSL/TLS. However, the selected cipher suite provides high security level more than expected. This limitation causes energy waste and overhead of devices. In order to counter this problem, we proposed fuzzy logic based cipher suite decision method to improve energy efficiency. Our proposed method saved 36.03% energy.

• The Journal of Korean Association of Computer Education
• /
• v.17 no.3
• /
• pp.75-84
• /
• 2014

It is a current situation that a large number of physical and financial damages are increasing due to the growth of intellectual cyber crime and unexpected Internet incidents year by year. In the large scale security incidents, digital forensics techniques for computer crime investigations are essential to secure a place in the field. However, qualified digital forensics investigators who complete with digital security technology are practically insufficient in domestic. In this paper, as one of developing human resources plans regarding to scientific investigation of Internet security incidents, an undergraduate curriculum per stage in digital forensics was proposed. For the effective curriculum per stage, the interviews, group discussion on focused group of existing digital forensics investigators and related research were performed to select curriculum, and then the level of difficulty and practical suitability on each subject designed were analyzed through survey and interview to current investigators and security professionals. After collating the survey, the digital forensic curriculum per level was designed to highly adaptable workforce for the future for working and positive suggestions and proposals are addressed.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.33-41
• /
• 2023

In recent years, advanced persistent threat (APT) attack organizations have exploited various vulnerabilities and attack techniques to target companies and institutions with national core technologies, distributing ransomware and demanding payment, stealing nationally important industrial secrets and distributing them on the black market (dark web), selling them to third countries, or using them to close the technology gap, requiring national-level security preparations. In this paper, we analyze the attack methods of attack organizations such as Kimsuky and Lazarus that caused industrial secrets leakage damage through APT attacks in Korea using the MITRE ATT&CK framework, and derive 26 cybersecurity-related administrative, physical, and technical security requirements that a company's security system should be equipped with. We also proposed a security framework and system configuration plan to utilize the security requirements in actual field. The security requirements presented in this paper provide practical methods and frameworks for security system developers and operators to utilize in security work to prevent leakage of corporate industrial secrets. In the future, it is necessary to analyze the advanced and intelligent attacks of various APT attack groups based on this paper and further research on related security measures.

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• International Journal of Computer Science & Network Security
• /
• v.22 no.11
• /
• pp.87-92
• /
• 2022

Today the system of higher education needs significant reforms. Intellectualization of the educational process in HEIs aims to improve the quality of educational services. Intellectual information technologies are information technologies that help a person to accelerate the analysis of the political, economic, social, and technical situation, as well as the synthesis of management decisions. The basis for their mastery is information and communication technologies. The purpose of the research work is to identify the relationship between the introduction of information and communication technologies and the increase in the level of intellectualization of higher education. The article substantiates the expediency of introducing information and communication technologies in order to improve the intellectualization of the educational process in higher education. An empirical study of the variables that characterize the level of intellectualization of higher education through the proposed techniques has been conducted. The tendencies characteristic of pedagogical conditions of implementation of information and communication model in the educational process were revealed. It is proved that the level of intellectualization of higher education depends on the implemented pedagogical conditions. The effectiveness of the proposed information and communication model is also confirmed. Given the data obtained during the study and the low constraints that may affect the results of further research on this issue should focus on the study of other variables that characterize the state of intellectualization of the educational process.