• Journal of Digital Convergence
• /
• v.11 no.2
• /
• pp.19-32
• /
• 2013

The purpose of this paper is to find an answer why employees in organization violate the organizational information security policy. To do this, this study is rooted in the moral disengagment theory. This study found that moral belief and perceived sanction have an effect on security policy violation. However, if moral disengagement is involved in the research model, perceived sanction is not significant. Finally, SETA, moral belief, and perceived sanction have a negative effect on moral disengagement, which in turn moral disengagement influences positively the security policy violation. The conclusions and implications are discussed.

• Journal of Korean Society for Quality Management
• /
• v.51 no.3
• /
• pp.435-444
• /
• 2023

Purpose: To attain advanced performance certification, safety aspects along with functionality and performance are essential. Hence, this study suggests radiation leakage assessment methods for aviation security equipment during its performance certification. Methods: Detection technology guided the choice of radiation leakage assessment targets. We then detailed measurement and evaluation methods based on equipment type and operation mode. Equipment was categorized as container or box types for establishing measurement procedures. Results: We've developed specific radiation leakage assessment procedures for different types of aviation security equipment, crucial for ensuring airport safety. Using these procedures allows efficient evaluation of compliance with radiation leakage standards. Conclusion: The suggested radiation leakage assessment method aims to enhance aviation security and reliability. Future research will focus on identifying risks in novel aviation security equipment detection technologies and establishing safety standards.

• Information Systems Review
• /
• v.18 no.3
• /
• pp.137-153
• /
• 2016

Organizations depend on smart working environments, such as mobile networks. This development motivates companies to focus on information security. Information leakage negatively affects companies. To address this issue, management and information security researchers focus on compliance of employees with information security policies. Countermeasures in information security are known antecedents of intention to comply information security policies. Despite the importance of this topic, research on the antecedents of information security countermeasures is scarce. The present study proposes information security intelligence as an antecedent of information security countermeasures. Information security intelligence adapted the concept of safety intelligence provided by Kirwan (2008). Information security intelligence consists of problem solving skills, social skills, and information security knowledge related to information security. Results show that problem solving skills and information security knowledge have positive effects on the awareness of employees of information security countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1225-1241
• /
• 2014

Recently, Financial companies implement DLP(Data Leaks Prevention) security products and enforce internal controls to prevent customer information leaks. Accidental data leaks in financial business increase more and more because internal controls are insufficient. Security officials and IT operation staffs struggle to plan countermeasures to respond to all kinds of accidental data leaks. It is difficult to prevent data leaks and to control information flow in business without research applications that handle business and privacy information. Therefore this paper describes business and privacy information flow on applications and how to plan and deploy security container based OS-level and Hypervisor virtualization technology to enforce internal controls for applications. After building security container, it was verified to implement internal controls and to prevent customer information leaks. With security policies additional security functions was implemented in security container and With recycling security container costs and time of response to security vulnerabilities was reduced.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.332-338
• /
• 2021

Civil aviation cybersecurity challenges are global in nature and must be addressed using global best practices and the combined efforts of all stakeholders. This requires the development of comprehensive international strategies and detailed plans for their implementation, with appropriate resources. It is important to build such strategies on a common methodology that can be applied to civil aviation and other interrelated critical infrastructure sectors. The goal of the study was to determine the methodological basis for developing an international civil aviation cybersecurity strategy, taking into account existing experience in strategic planning at the level of international specialized organizations. The research was conducted using general scientific and theoretical research methods: observation, description, formalization, analysis, synthesis, generalization, explanation As a result of the study, it was established the specifics of the approach to formulating strategic goals in civil aviation cybersecurity programs in the documents of intergovernmental and international non-governmental organizations in the aviation sphere, generally based on a comprehensive vision of cybersecurity management. A comparative analysis of strategic priorities, objectives, and planned activities for their implementation revealed common characteristics based on a single methodological sense of cybersecurity as a symbiosis of five components: human capacity, processes, technologies, communications, and its regulatory support. It was found that additional branching and detailing of priority areas in the strategic documents of international civil aviation organizations (by the example of Cybersecurity Strategy and Cybersecurity Action Plan) does not always contribute to compliance with a unified methodological framework. It is argued that to develop an international civil aviation cybersecurity strategy, it is advisable to use the methodological basis of the Cyber Security Index.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.4
• /
• pp.582-590
• /
• 2022

As security threats caused by cyber attacks continue, security control is mainly operated in the form of a service business with expertise for rapid detection and response. Accordingly, a number of studies have been conducted on the operation of security control services. However, due to the research on the resulting management, indicators, and measurements, the work process has not been studied in detail, causing confusion in the field, making it difficult to respond to security accidents. This paper presents ISMS-P-based service management methods and proposes an easy outsourcing service management method for client by checklisting each item derived from the mapping of 64 items of ISMS-P protection requirements through business relevance analysis. In addition, it is expected to help implement periodic security compliance and acquire and renew ISMS-P in the mid- to long-term, and to contribute to enhancing security awareness of related personnel.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.51
• /
• pp.187-210
• /
• 2011

International transactions have the threat of non-payment by the buyer or non-performance by the seller. Parties tend to search for additional means of securing performance and payment beyond the mere agreement in the contract. Such security may be achieved by means of a letter of credit. When contracting parties have agreed to pay by means of a letter of credit, the buyer's bank takes upon itself the obligation to pay the purchase price when the seller tenders the documents that are stipulated in the letter of credit. The documents must comply strictly with the terms of the credit.. The documents play a crucial role in letter of credit transaction. The principles of abstraction, separability and strict compliance governing the letter of credit transaction are considered. The concept of fundamental breach of Article 25 CISG was discussed. This article examines whether a failure to deliver documents conforming to the terms of the letter of credit can constitute a fundamental breach of the sales contract as defined by Article 25 of the CISG by the seller and thereby enable the buyer to avoid the contract. For letter of credit transactions it should be accepted that the delivery of non-performing documents constitutes a fundamental breach, if the result of this breach is that the bank refuses to pay the price for the goods. On the other hand, in the interpretation of Article 25 CISG, it should be noted that if the parties have agreed to payment by means of a letter of credit, they have simultaneously agreed to apply the strict compliance principle to the delivery of documents in the sales contract. Finally the parties should ensure that inconsistency between the requirements under the documentary credit and the requirements under the contract of sale is avoided, since the buyer may be in breach of his payment obligation if the seller cannot get paid under the documentary credit when his documents conform with the contract of sale.

• Journal of the Korea Safety Management & Science
• /
• v.16 no.3
• /
• pp.433-441
• /
• 2014

Increasing the outsourcing of personal information treatment, the safe management and director for fiduciary is very important. In this paper, under the personal information protection management systems the current situation of fiduciary management and direction was reviewed and the certification system was analysed in terms of availability of the controled items. Under the basis of legal compliance at the time of the Privacy Act, the characteristics of outsourcing type was also analyzed and derived new controled items. As a result of the proposed research, new controled items for fiduciary could be used as a standard for the managing Director.

• Journal of Navigation and Port Research
• /
• v.38 no.3
• /
• pp.317-325
• /
• 2014

The government of South Korea has introduced various security measures in the supply chain, such as CSI (including a 24-hour rule) and AEO (Authorized Economic Operator), in compliance with global security trends and the war on terror. However, many participants in the import and export process are still unfamiliar with the purposes and functions of CSI, the 24-hour rule, and AEO. As such, considering these risks as obstacles or as factors that interfere with the import and export process, this study suggests proper management schemes, which can identify, measure and evaluate these risks.

• Nuclear Engineering and Technology
• /
• v.54 no.11
• /
• pp.3975-3984
• /
• 2022

Distributed control system architecture is adopted for I&C systems of Prototype Fast Breeder Reactor, where the geographically distributed control systems are connected to centralized servers & display stations via switched Ethernet networks. TCP/IP communication plays a significant role in the successful operations of this architecture. The communication tasks at control nodes are taken care by TCP/IP offload modules; local area switched network is realized using layer-2/3 switches, which are finally connected to network interfaces of centralized servers & display stations. Safety, security, reliability, and fault tolerance of control systems used for safety-related applications of nuclear power plants is ensured by indigenous design and qualification as per guidelines laid down by regulatory authorities. In the case of commercially available components, appropriate suitability analysis is required for getting the operation clearances from regulatory authorities. This paper details the proposed approach for the suitability analysis of TCP/IP communication nodes, including control systems at the field, network switches, and servers/display stations. Development of test platform using commercially available tools and diagnostics software engineered for control nodes/display stations are described. Each TCP link behavior with impaired packets and multiple traffic loads is described, followed by benchmarking of the network switch's routing characteristics and security features.