• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.747-763
• /
• 2018

Information Technology (IT) plays an increasingly important role for small and medium-sized enterprises. It has become fundamental for these companies to protect information and IT assets in relation to risks and threats that have grown in recent years. This study aims to understand the importance and structure of an information security policy, using a quantitative study that intends to identify the most important and least relevant elements of an information security policy document. The findings of this study reveal that the top three most important elements in the structure of a security policy are the asset management, security risk management and define the scope of the policy. On the other side, the three least relevant elements include the executive summary, contacts and manual inspection. Additionally, the study reveals that the importance given to each element of the security policy is slightly changed according to the sectors of activity. The elements that show the greatest variability are the review process, executive summary and penalties. On the other side, the purpose of the policy and the asset management present a stable importance for all sectors of activity.

• Journal of Korea Multimedia Society
• /
• v.17 no.12
• /
• pp.1494-1502
• /
• 2014

Since smartphones are utilized in the ranges from personal usages to governmental data exchanges, known but not patched vulnerabilities in smartphone operating systems are considered as major threats to the public. To minimize potential security breaches on smartphones, it is necessary to estimate possible security threats. So far, there have been numerous studies conducted to evaluate the security risks caused by mobile devices qualitatively, but there are few quantitative manners. For a large scale risk evaluation, a qualitative assessment is a never ending task. In this paper, we try to calculate relative risk levels triggered by software vulnerabilities from unsecured smartphone operating systems (Android and iOS) among 51 Asian countries. The proposed method combines widely accepted risk representation in both theory and industrial fields. When policy makers need to make a strategic decision on mobile security related agendas, they might find the presented approach useful.

• East Asian Economic Review
• /
• v.22 no.4
• /
• pp.507-529
• /
• 2018

This paper evaluates the whole impact of quantitative easing on inflation in Korea implemented by the central banks in four major advanced economies, the U.S., Euro Area, U.K. and Japan. According to the analysis employing a VAR-X model with the security holdings of those central banks an exogenous variable, quantitative easing is estimated to exert downward pressures on inflation in Korea. Considering the impulse responses of Korean macroeconomic variables to a quantitative easing shock, the spillover effect is transmitted through exchange rate channel while trade channel turns out to be ineffective. In an additional analysis assessing the impact of each quantitative easing program of the central banks, only those of the Fed and European Central Bank are estimated to be significant. The empirical results prove to be robust even if using long-term interest rates as an alternative indicator of quantitative easing.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.634-644
• /
• 2009

A diversity of wireless networks, with rapidly evolving wireless technology, are currently in service. Due to their innate physical layer vulnerability, wireless networks require enhanced security components. WLAN, WiBro, and UMTS have defined proper security components that meet standard security requirements. Extensive research has been conducted to enhance the security of individual wireless platforms, and we now have meaningful results at hand. However, with the advent of ubiquitous service, new horizontal platform service models with vertical crosslayer security are expected to be proposed. Research on synchronized security service and interoperability in a heterogeneous environment must be conducted. In heterogeneous environments, to design the balanced security components, quantitative evaluation model of security policy in wireless networks is required. To design appropriate evaluation method of security policies in heterogeneous wireless networks, we formalize the security properties in wireless networks. As the benefit of security protocols is indicated by the quality of protection (QoP), we improve the QoP model and evaluate hybrid security policy in heterogeneous wireless networks by applying to the QoP model. Deriving relative indicators from the positive impact of security points, and using these indicators to quantify a total reward function, this paper will help to assure the appropriate benchmark for combined security components in wireless networks.

• Journal of Broadcast Engineering
• /
• v.13 no.2
• /
• pp.261-273
• /
• 2008

Multimedia service whose use is rapidly increasing supports effective services to convert and transmit multimedia data based on network speed, noise circumstance, terminal computation, and type of contents for satisfying QoS. For supporting information protection of multimedia service, it offers middle level of singular security service or security mechanism which is based on policy of service provider, depending on present terminal computation and type of contents. It can support security mechanism for more effective multimedia service, if we study security of application layer and network layer for supporting multimedia service. In this paper, we propose Multimedia security framework reflected on quantitative analysis of the WLAN(Wireless Local Area Network) mesh network security using the utility function in the level of the sorority, violation and addictive compensation model.

• The Journal of Society for e-Business Studies
• /
• v.25 no.4
• /
• pp.15-32
• /
• 2020

Increasing uncertainties in the technological innovation environment and increasing technology competition also present new challenges in terms of industrial technology security. Therefore, the purpose of this study was to identify the direction of policy change necessary for the improvement of related policies in the future by examining the importance and implementation of the government's industrial technology security support policies for small and medium-sized enterprises engaged in industrial technology innovation activities. As a result of the analysis, first of all, small and medium-sized enterprises that responded to the government's industrial technology security support policy were perceived to be less performing than the importance of the program. These results can be said to mean that selective budget expansion for related policy programs may be necessary, along with efforts to improve the quality of each program. Second, an analysis of the differences in group recognition between new technology certification firms and industrial technology verification(certification) companies showed that significant differences exist between groups for the program. These results suggest that more effective operation of the relevant policies may require policy enforcement in consideration of the level of security and will of each company in industrial technology, as much as the quantitative characteristics of the entity. This study is meaningful in providing the necessary policy directional basic information for the design and execution of more specific and effective industrial technology security policies by presenting empirical research results that domestic small and medium-sized enterprises are aware of about the government's industrial technology security policies.

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.633-642
• /
• 2005

Ubiquitous computing system is about networked processors, which is constructed with one or more computers interconnected by the networks. However, traditional security solution lacks a Proactive maintenance technique because of its focusing on developing the qualitative detection and countermeasure after attack. Thus, in this paper, we propose a quantitative assessment modeling technique, by which the general infrastructure can be improved and the attacks on a specific infrastructure be detected and protected. First of all, we develop the definition of survivality and modeling technique for quantitative assessment modeling with the static information on the system random information, and attack-type modeling. in addition, the survivality analysis on TCP-SYN attack and code-Red worm attack is performed for validating the proposed technique.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1707-1721
• /
• 2004

In this paper, we propose a distributed communication model of intrusion detection system(IDS) in which integrated security management at networks level is possible, model it at a security node and distributed system levels, design and implement a simulator. At the node level, we evaluate the transfer capability of alert message based on the analysis of giga-bit security node architecture which performs hardware-based intrusion detection. At the distributed system level, we perform the evaluation of transfer capability of detection and alert informations between components of distributed IDS. In the proposed model, we carry out the performance evaluation considering decision factors of communication mechanism and present the results in order to gain some quantitative understanding of the system.

• Health Policy and Management
• /
• v.28 no.3
• /
• pp.210-216
• /
• 2018

National Health Insurance Service (NHIS) has put a great effort on extending life expectancy, for last 40 years. The system has also made remarkable outcomes in achieving universal health coverage. However, it is facing challenges of low health insurance benefits and sustainability risk due to low birth rate and aging society at the same time. To overcome the difficulties and build a lifelong health security system for the nation, it is required for NHIS to make multilateral changes in its roles. Based on the quantitative growth achieved so far, NHIS needs to strive for the growth in quality by not only increasing coverage and reforming contribution imposition system, but also reorganizing the relevant systems such as lifelong health management support, rational adjustment to the medical fee, and benefit costs monitoring. In addition, it's important for NHIS to restructure the organizational culture by having specialty and communicating with people for high quality of administration and health insurance sustainability.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.17-31
• /
• 2011

Damage caused by private information breach causes serious problems and huge social losses. In order to make a better policy that prevents society from suffering from the damage, we have to know about the actual size of damage. So it is needed to develop a quantitative model of private information breach that helps catching the more accurate size of damage. In our study, we suggest a method which calculate not only the costs of damage from firms' perspective but also those from individual and social perspectives. In this process, we refer to methods adopted by JNSA(Japan Network Security Association) and Ponemon Research Institue and modify it with considering our current situation. Also we try to make a new model by using new methods(web traffic analysis, survey, indirect comparison, etc.) and verify it with theories and methods from econometrics, cost accounting and theory of producer.