• Korean Security Journal
• /
• no.48
• /
• pp.35-56
• /
• 2016

The purpose of this study is to find the development of the special security business plan based on the problem that guards are now aware of special security service. In order to achieve the objectives of this study, we analyzed the data after expert survey and interview conducted by seven experts engaged in special security services more than 10 years. The guard who perform special security service proposed a development plan of special security services as follows. First, the current education system for new employees' training is required to improve the educational program of 60 hours in subjects related to special security duties by reorganization. Second, the special security service training for guards also appropriate to switch to 9-hour training program for three months through an educational organization controlled by country. Third, the special security guards should be proceeding the practical programs required in the field and quality education in the different section by competent and professional instructors. Fourth, the retirement age for special security guard stipulated in the Security Services Industry Act that needs to be readjusted upward by considering the social environment. Sixth, there needs to be organized the Special Security Association for development associated with the special security service and to protect the rights of special security guards.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.23-31
• /
• 2016

Despite the number of security incidents in healthcare sector is considerable, earlier studies have been done in business sector. We have tried to empirically analyze the misuse intention using information system for healthcare sector. As a result, the preventative security software of the information security management have positive impact on the effectiveness of sanctions. Though further analysis is needed, the security policies, security awareness program and monitoring practices are determined to have a valid impact on the effectiveness of sanctions equivalent to the preventative security software.

• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.27-31
• /
• 2016

High-tech industries in a state well enough to troubleshoot hacking information introduction a big barrier to delay the growth of the market related to IoT(Internet of Things) as is likely to be on the rise. This early on, security issues introduced in the solution, a comprehensive solution, including the institutional laws/precautions needed. Recent examples of frequent security threats while IoT is the biggest issue of introducing state-of-the-art industry information due to the vulnerable security hacking. This high-tech industries in order to bridge the information responsible for the target attribute, target range, and the protection of security and how to protect the subject, IoT environment (domestic industrial environment) considering the approach is needed. IoTs with health care and a wide variety of services, such as wearable devices emerge. This ensures that RFID/USN-based P2P/P2M/M2M connection is the implementation of the community. In this study, the issue on the high-tech industrial information and the vulnerable security issues of IoT are described.

• Journal of Information Technology Applications and Management
• /
• v.23 no.1
• /
• pp.79-96
• /
• 2016

As numerous security breaches on a variety of information assets such as personal information, corporate secrets, computer servers, and networks have occurred, information security has emerged as a critical social issue. However, researches on economically rational information security decision-making have been few. Such researches are especially rare in South Korea where information security is considered to be a discipline of engineers. This study aims to identify the preferred themes and methodologies of information security economics research in the field of information systems by reviewing papers published in Management Information Systems Quarterly (MISQ), Information Systems Research (ISR), European Journal of Information Systems (EJIS), Management Science (MS), and Information and Management (I&M). We hope that the results of the study will be helpful in rational managerial or policy decision-making for practitioners and suggest future research topics for researchers.

• Korean Security Journal
• /
• no.19
• /
• pp.43-66
• /
• 2009

For the quality improvement on private security industry, the quality of personnel in private security should be advanced through the systematic training. If the personnel in private security provide an advanced service in applying knowledge and technique to the field when in training, they can obtain the reliability from people. With the point of this side, practical and systematic training is essential to the restoration on the private security industry. The personnel of private security face many people in the field. So they must work with an active concept that can prevent additional crime from behavior suspicions through scientific observation method and systematic inquiry method rather than negative work with providing a friendly service in the field. For conducting this concept, therefore, this study suggested the improvement training program of "Question and Research Guides" from new employee training on existing private security. The scientific observation standard is specifically suggested from the study 'people watching' of Professor Morris, D. and an act contact question from lead technique that US FBI, police, and inspection institute are taking through the feature of human act and 'METT' that is the program for emotion capture training through human minute look is going to be applied on "Question and Research Guides" training. This will provide the educational mood for students with the training content that is available for the practical training program and the real work, and will help to restore the private security industry with obtaining people's reliability through the scientific work and advanced field treatment.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.27-34
• /
• 2004

The recent explosive use of the Internet and the development of computer communication technologies reveal serious computer security problem. Inspite of many studies on secure access to the system, generally, the attackers do not use the previous intrusion techniques or network flaw, rather they tend to use the vulnerabilities residing inside the program, which are the running programs on the system or the processes for the service. Therefore, the security managers must focus on updating the programs with lots of time and efforts. Developers also need to patch continuously to update the Program, which is a lot of burden for them. In order to solve the problem, we need to understand the vulnerabilities in the program, which has been studied for some time. And also we need to analyze the functions that contains some vulnerabilities inside. In this paper, we first analyzed the vulnerabilities of the standard C library, and Win32 API functions used in various programs. And then we described the design and implementation of the automated scanning tool for writing secure source code based on the analysis.

• Korean Security Journal
• /
• no.21
• /
• pp.1-18
• /
• 2009

Background: This study was to investigate the effects of spinal strengthening exercise and lumbar stabilization exercise(core exercise program) on trunk muscle strength, flexibility and balance, lumbar function. The subjects of this study were the eighteen subjects who was registered in private guard company. The each exercise group of 9 persons were chosen by random controlled trial. Methods: We used instrument BTE, Libra, Ruler Measuring tape to measured trunk muscle strength, flexibility, balance and lumbar function. Results: The result of this study were summarized below; The flexor muscle strength was improve in lumbar stabilization exercise(core exercise) group(p<.05). The extensor muscle strength was improve in lumbar stabilization exercise(core program) group(p<.05). The trunk flexibility was improve in spinal strengthening exercise group and lumbar stabilization exercise group(p<.05). The balance ability was improve in spinal strengthening group and lumbar stabilization exercise group(core program) group(p<.05). Conclusion: With the above results, demonstrated effects of spinal strengthening exercise and lumbar stabilization exercise in each private guard and security in this study.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.4
• /
• pp.838-847
• /
• 2017

CNG which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft is constructed with individual modules based on the plug-in architecture, this means CNG is exceedingly helpful in the cost of development as well as the facility of extension. On the opposite side of these advantages, considerations on security issues are quite insufficient. Therefore, a research on security assurance is strongly required in the environment of distributing and utilizing the CNG library, hence, we analyze possible security vulnerabilities on the CNG library. Based on analyzed vulnerabilities, proof-of-concept tools are implemented and vulnerabilities are verified using them. Verified results are that contents of mail, account information of mail server, and authentication information of web-sites such as Amazon, E-bay, Google, and Facebook are exposed in Outlook program and Internet Explorer program using CNG library. We consider that the analyzed result in this paper can improve the security for various applications using CNG library.

• The KIPS Transactions:PartC
• /
• v.11C no.1
• /
• pp.47-54
• /
• 2004

The growth of computer resource and network speed has increased requests for the use of remotely located computer systems by connecting through computer networks. This phenomenon has hoisted research activities for application service provision that uses server-based remote computing paradigm. The server-based remote computing paradigm has been developed as the ASP (Application Service Provision) model, which provides remote users through application sharing protocol to application programs. Security requirement such as confidentiality, availability, integrity should be satisfied to provide ASP service using centralized computing system. Existing Telnet or FTP service for a remote computing systems have satisfied security requirement by a simple access control to files and/or data. But windows-based centralized computing system is vulnerable to confidentiality, availability, integrity where many users use the same application program installed in the same computer. In other words, the computing system needs detailed security level for each user different from others, such that only authorized user or group of users can run some specific functional commands for the program. In this paper, we propose windows based centralized computing system that sets security policies for each user for the use of instructions of the application programs, and performs access control to the instructions based on the security policies. The system monitors all user messages which are executed through graphical user interface by the users connecting to the system. Ail Instructions, i.e. messages, for the application program are now passed to authorization process that decides if an Instruction is delivered to the application program based on the pre-defined security polices. This system can be used as security clearance for each user for the shared computing resource as well as shared application programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.709-720
• /
• 2013

Virtualization obfuscation makes hard to analyze the code by applying virtualization to code section. Protected code by common used virtualization obfuscation technique has become known that it doesn't have restored point and also it is hard to analyze. However, it is abused to protect malware recently. So, It is been hard to analyze and take action for malware. Therefore, this paper's purpose is analyze and take action for protected malware by virtualization obfuscation technique through implement tool which can extract virtualization structure automatically and trace execution process. Hence, basic structure and operation process of virtualization obfuscation technique will be handled and analysis result of protected malware by virtualization obfuscation utilized Equation Reasoning System, one kind of program analysis. Also, we implement automatic analysis tool, extract virtualization structure from protected executable file by virtualization obfuscation technique and deduct program's execution sequence.