• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.53-70
• /
• 2019

As information security becomes more important as the fourth industrial revolution gradually emerges, an efficient and effective way to find vulnerabilities in information systems is becoming an essential requirement of information security. As the point of the protection of current information and the protection of the future industry, the Korean government has paid attention to the bug bounty, which has been recognized for its efficiency and effectiveness and has implemented through the Korea Internet Security Agency's S/W vulnerability bug bounty program. However, there are growing problems about the S/W vulnerability bug bounty program of the Korea Internet Security Agency, which has been operating for about 7 years. The purpose of this study is to identify the problems in Korean bug bounty policies through the characteristics of the bug bounty program, and to suggest the direction of the government's policy to activate the bug bounty like changes in the government's approach utilizing the market.

• Safety and Health at Work
• /
• v.10 no.2
• /
• pp.172-179
• /
• 2019

Background: Workers exposed to hazards without adequate protections are at greater risk of injury and illness. Supervisor activities have also been associated with injury risk. We examined the interplay between supervisor safety support and occupational health and safety (OHS) vulnerability on workplace injury and illness. Methods: A survey was administered to 2,390 workers employed for more than 15 hrs/week in workplaces with at least five employees who had a direct supervisor. We examined the combined effects of hazard exposure with inadequate protection (OHS vulnerability) and supervisor support on workplace injury and illness, using additive interactions in log-binomial regression models. Results: OHS vulnerability and lack of supervisor support independently increased the likelihood of physical injuries at work. Crude and adjusted models showed that the risk of physical injury was at least 3.5 times higher among those experiencing both OHS vulnerability and a lack of supervisor support than individuals without OHS vulnerability and with a supportive direct supervisor. Workers who experienced vulnerability were at less risk if they had a supervisor who was supportive. Conclusion: In workplaces where workers experience one or more types of OHS vulnerability, having a supportive supervisor may play an important role in reducing the risk of injury and protecting workers.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.19-24
• /
• 2008

Common Criteria is a standard to estimate safety of information protection product such as network-level firewall system and intrusion detection system. Recently, CC version is changed from CC v.2.3 to CC v.3.1. CC v.3.1 estimation methodology requires a secured dictionary accomodation preparation for information protection product. In this research, progressed CC v3 base composition product test and research about vulnerability analysis method. Further, this paper presents specific plan sorting composition style information protection product examination methodology to existing principle and detailed methodology.

• Journal of Information Technology and Architecture
• /
• v.9 no.4
• /
• pp.401-411
• /
• 2012

There has been increased interest for cloud computing services that can promote cost savings while increasing investment in information resources. Cloud computing, however, has a disadvantage physically located in the external information resources to take advantage of the economic benefits, the advantages and increase the vulnerability of information protection and control of information assets. In this study, due to the unique properties of the new services, including vulnerability, the vulnerability of cloud computing derive the vulnerability of cloud computing and control items were derived through the mapping between vulnerability and control items, that are not being managed to identify vulnerabilities Cloud computing risk factors are presented.

• Korean journal of food and cookery science
• /
• v.32 no.1
• /
• pp.136-146
• /
• 2016

The purpose of this study was to investigate whether there was a gender difference in motivating university students to decrease their sodium intake and to identify effective motivating factors. Within the protection motivation theory (PMT) framework, a survey questionnaire was developed to measure participants' perceptions on the severity of and the vulnerability to risk of serious diseases due to the high sodium intake, as well as the effectiveness (response efficacy) and the ability to perform preventive measures (self-efficacy). Behavioral intentions on five specific practices (checking nutrition label, consuming more fruits and vegetables, consuming less soups, avoiding spicy and pungent food, purchasing less instant or restaurant foods) related to decreasing sodium intake were also included. A total of 294 usable response data were collected from university students (92 male, 202 female) in Busan and Gyeongnam in June 2015 and analyzed using IBM SPSS 22. Severity was the highest (4.04) PMT factor followed by response efficacy (3.72), self-efficacy (3.42), and vulnerability (3.26). Compared to male students, female students thought that the threat was more severe (t=6.035, p<0.001) and reducing sodium intake would be effective to prevent serious illnesses (t=4.724, p<0.001), but their vulnerability and self-efficacy perceptions were not different from male students. Among the five items measuring behavioral intention, female students were more likely to increase fruits and vegetables consumption (t=3.811, p<0.001), while male students were more likely to avoid spicy and pungent foods (t=2.336, p=0.020). Based on findings of this study, the recommended strategy to effectively motivate university students to lower their sodium consumption level is the development of campaign focused on increased vulnerability perception, response efficacy, and ease of practicing preventive measures instead of emphasizing the severity of the consequences.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.135-141
• /
• 2020

The Ministry of National Defense is strengthening the power and capacity of cyber operations as cyber protection training is conducted. However, considering the level of enemy cyber attack capability, the level of cyber defense capability of the ministry of national defense is significantly low and the protection measures and response system for responding to cyber threats to military networks are not clearly designed, falling short of the level of cyber security capabilities of the public and private sectors. Therefore, this paper is to investigate and verify the establishment of a military internal network vulnerability mitigation system that applies the intention of attackers, tactics, techniques and procedures information (ATT&CK Framework), identified military internal network main threat information, and military information system security requirements with military specificity as factors that can establish a defense network vulnerability mitigation system by referring to the domestic and foreign cyber security framework It has the advantage of having.

• Nuclear Engineering and Technology
• /
• v.54 no.6
• /
• pp.2135-2146
• /
• 2022

A nuclear energy facility is one of the most critical facilities to be safely protected during and after operation because the physical destruction of its barriers by an external attack could release radioactivity into the environment and can cause harmful effects. The barrier walls of nuclear energy facilities should be sufficiently robust to protect essential facilities from external attack or sabotage. Physical protection system (PPS) vulnerability assessment of a typical small nuclear research reactor was carried out by simulating an external attack with a tri-nitro toluene (TNT) shaped charge and results are presented. The reinforced concrete (RC) barrier wall of the research reactor located at a distance of 50 m from a TNT-shaped charge was the target of external attack. For the purpose of the impact assessment of the RC barrier wall, a finite element method (FEM) is utilized to simulate the destruction condition. The study results showed that a hole-size of diameter 342 mm at the front side and 364 mm at the back side was created on the RC barrier wall as a result of a 143.35 kg TNT-shaped charge. This aperture would be large enough to let at least one person can pass through at a time. For the purpose of the PPS vulnerability assessment, an Estimate of Adversary Sequence Interruption (EASI) model was used, which enabled the determination of most vulnerable path to the target with a probability of interruption equal to 0.43. The study showed that the RC barrier wall is vulnerable to a TNT-shaped charge impact, which could in turn reduce the effectiveness of the PPS.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Korean journal of communication and information
• /
• v.51
• /
• pp.5-25
• /
• 2010

The purpose of this research examined the relationship between the level of news usage on Influenza A(H1N1) and media users' behavioral intention toward health protection. Specifically, the study investigated causal relationships among exposure of media information on Influenza A(H1N1) as an independent variable, psychological protection motivation factors such as perceived severity, vulnerability, response efficacy, & self-efficacy as mediated variables and behavioral intention on personal and public health protection as dependent variables using structure equation model analysis. Self-reported questionnaires were administrated to 460 college students. The result indicated the followings. First, the level of news usage on Influenza A(H1N1) was not statistically significant on influencing behavioral intention toward personal and public health protection. Second, perceived severity, vulnerability, and self-efficacy were significant variables on behavioral intention toward personal health protection whereas perceived vulnerability and response efficacy were significant on public health protection. The function among factors in protection motivation theory is dependent upon whom protected from illness.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.456-460
• /
• 2012

Privacy Protection Act of 30 March 2012 was performed. In general, personal information management to enhance security in the DB server has a security system but, PC for the protection of the privacy and security vulnerability analysis is needed to research on self-diagnosis. In this paper, from a PC to search information relating to privacy and enhance security by encrypting and for delete file delete recovery impossible. In pc found vulnerability analysis is Check user accounts, Checking shared folders ,Services firewall check, Screen savers, Automatic patch update Is checked. After the analysis and quantification of the vulnerability checks through the expression, enhanced security by creating a checklist for the show, PC security management, server management by semi-hwahayeo activates. In this paper the PC privacy and PC security enhancements a economic damage and of the and Will contribute to reduce complaints.