• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.9
• /
• pp.464-472
• /
• 2017

In the ICT (Information and Communication Technology) convergence security environment, a lot of companies use an external public web system for the external disclosure and sharing of product information, manufacturing technology, service manualsand marketing materials. In this way, the web system disclosed on the Internet is an important aspect of cyber security management and has an always-on vulnerability requiringan information protection solution and IT vulnerability checks. However, there are limits to vulnerability detection management in anexternal environment. In this study, in order to solvethese problems, we constructed a system based on digital forensics and conducted an empirical study on the detection of important information in enterprises by using forensic techniques. It was found thatdue to the vulnerability of web systems operated in Korea and overseas, important information could be revealed,such as the companies' confidential data and security management improvements. In conclusion, if a system using digital forensic techniques is applied in response to theincreasing number of hacking incidents, the security management of vulnerable areas will be strengthened and the cyber security management system will be improved.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.99-119
• /
• 2007

The USB flash drive is common used for portable storage. That is able to store large data and transfer data quickly and carry simply. But when you lose your USB flash drive without any security function in use, all stored data will be exposed. So the new USB flash drive supported security function was invented to compensate for the problem. In this paper, we analyze vulnerability of 6 control access program for secure USB flash drives. And we show that exposed password on communication between secure USB flash drive and PC. Also we show the vulnerability of misapplication for initialization. Further we develop a protection profile for secure USB flash drive based on the common criteria version 3.1. Finally, we examine possible threat of 6 secure USB flash drives and supports of security objectives which derived from protection profile.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.184-186
• /
• 2022

Recently, as interest in personal information protection has increased, various apps for personal information protection have emerged. These apps protect data in various formats, such as photos, videos, and documents containing personal information, using encryption and hide functions. These apps can have a positive effect on personal information protection, but in digital forensics, they act as anti-forensic because they can be difficult to analyze data during the investigation process. In this paper, finds out PIN, an access control function, through reverse engineering on Calculator - photo vault, one of the personal information protection apps, and files such as photos and documents to which encryption and hide were applied. In addition, the vulnerability to this app was analyzed by research decryption for database files where logs for encrypted and hide files are stored.

• The Korean Journal of Food And Nutrition
• /
• v.29 no.1
• /
• pp.104-114
• /
• 2016

In this study, we investigated protection motivation and behavioral intention to prevent serious illnesses related to excessive sodium intake among the university students in Gyeongnam and Busan. Within the protection motivation theory (PMT) framework, a survey questionnaire was developed to measure participants' perceptions on the severity of and the vulnerability to the threat of serious diseases due to the high sodium intake as well as the effectiveness of preventive measures (response efficacy), and the ability to perform them (self-efficacy) along with their willingness to follow recommendations (behavioral intention). Data was collected in June 2015. Study participants were divided into either low (n=117) or high (n=177) sodium intake behavior groups based on their current behaviors. Exploratory factor analysis was performed to measure construct validity and Cronbach's alpha was calculated to check reliability of measurement items. The high sodium intake behavior group perceived higher vulnerability than the low sodium intake behavior group among four PMT factors. Differences of the other three factors were not significant between the two groups. The results of hierarchical regression analysis indicated that self-efficacy and response efficacy affected behavioral intention of high sodium intake behavior among students. Hence, development of strategies to increase self-efficacy and response efficacy are strongly recommended.

• Journal of the Korean Dietetic Association
• /
• v.26 no.4
• /
• pp.278-288
• /
• 2020

This study examined the effects of response-facilitating factors(Food-related Knowledge, Response-Efficacy, and Self-Efficacy) and response-inhibiting factors(Severity, Vulnerability, and Consumer Stress) on the consumer' behavior intention based on protection motivation theory, which explains the behavioral change to protect oneself. This study was conducted to reduce the customers' concerns regarding food safety accidents and introduce ways to make them more interested in food safety. A sample of 225 adults over 19 years of age was collected in February 2018 through a self-administered questionnaire. The results of the cognitive mediation process of protective motivation theory showed that the consumers' knowledge and self-efficacy which are response-facilitating factors, positively influence the behavioral intention. Severity and consumer stress were response-inhibiting factors. On the other hand, response-efficacy, which is a response-facilitating factor, and vulnerability, which is a response-inhibiting factor, did not influence the behavioral intention. Therefore, severity and consumer stress are response-inhibiting factors. The results were analyzed as a result of a behavioral change to protect oneself from food safety accidents. The applicability of the theory of protection motivation on the topic of food safety was also confirmed.

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.2
• /
• pp.43-48
• /
• 2012

As the major information communication infrastructure had been getting more important, 'Act on the Protection of Information and Communications Infrastructure'(APICI) was legislated in Korea 2001. Consequently, the major information system, nationwide monitering service systems and government administration operation & management systems have been registered and managed under the APICI. The authorized organizations related to above service and system, perform vulnerability analysis and evaluation for chief communication infrastructures by themselves or registered agencies. In this research, we propose an advanced model for vulnerability analysis and evaluation and apply it to the main information and communication infrastructures through the case study. We hope each related organization could apply this model for analysis and evaluation of vulnerability in these infrastructures.

• Structural Monitoring and Maintenance
• /
• v.2 no.2
• /
• pp.115-132
• /
• 2015

This paper presents a new method for seismic vulnerability assessment of buildings with reference to their operational limit state. The importance of this kind of evaluation arises from the civil protection necessity that some buildings, considered strategic for seismic emergency management, should retain their functionality also after a destructive earthquake. The method is based on the identification of experimental modal parameters from ambient vibrations measurements. The knowledge of the experimental modes allows to perform a linear spectral analysis computing the maximum structural drifts of the building caused by an assigned earthquake. Operational condition is then evaluated by comparing the maximum building drifts with the reference value assigned by the Italian Technical Code for the operational limit state. The uncertainty about the actual building seismic frequencies, typically significantly lower than the ambient ones, is explicitly taken into account through a probabilistic approach that allows to define for the building the Operational Index together with the Operational Probability Curve. The method is validated with experimental seismic data from a permanently monitored public building: by comparing the probabilistic prediction and the building experimental drifts, resulting from three weak earthquakes, the reliability of the method is confirmed. Finally an application of the method to a strategic building in Italy is presented: all the procedure, from ambient vibrations measurement, to seismic input definition, up to the computation of the Operational Probability Curve is illustrated.

• The Korean Journal of Health Service Management
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2015

In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.749-751
• /
• 2016

Internet technology is universal, news from the Web browser, shopping, search, etc., various activities have been carried out. Its size becomes large, increasing the scale of information security incidents, as damage to this increases the safety for the use of the Internet is emphasized. IE browser is ASLR, such as Isolated Heap, but has been continually patch a number of vulnerabilities, such as various protection measures, this vulnerability, have come up constantly. And, therefore, in order to prevent security incidents, it is necessary to be removed to find before that is used to exploit this vulnerability. Therefore, in this paper, we introduce the purge is a technique that is used in the discovery of the vulnerability, we describe the automation technology related thereto. And utilizing the known vulnerabilities, and try to show any of the typical procedures for the analysis of the vulnerability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1167-1177
• /
• 2019

In this paper, the improved security operation model based on the vulnerability database is studied. The proposed model consists of information protection equipment, vulnerability database, and a dashboard that visualizes and provides the results of interworking with detected logs. The evaluation of the model is analyzed by setting up a simulated attack scenario in a virtual infrastructure. In contrast to the traditional method, it is possible to respond quickly to threats of attacks specific to the security vulnerabilities that the asset has, and to find redundancy between detection rules with a secure agent, thereby creating an optimal detection rule.