• Korean Security Journal
• /
• no.50
• /
• pp.287-303
• /
• 2017

Industrial security research has shown a rapid increase over the past decade. With the establishment of the Korean Association for Industrial Security in 2008 and the establishment of the departments of industrial security in recent years, academic interests and research on industrial security are also spreading at a rapid pace. Although academic interest and research have grown in quantitative terms, research on theoretical fields that are the basis of academic systematization is extremely limited. There is a focus on the issue of specific issues and practical solutions without worrying about the theoretical basis including conceptualization. Therefore, in most studies, the concept of industrial security remains at the level of accepting the concept applied in the previous research. Most industrial security research focuses on the specific topic of 'industrial technology protection' because it considers the concept of industrial security to be reduced to industrial technology protection. Although industrial security is composed of a wide range of fields, recognizing a specific field as an entirety of industrial security appears to be a serious problem. As a result, the concept of industrial security in industrial security research is being used ambiguously, incorrectly, and conveniently. It is necessary to accurately and recognize the concept of industrial security based on logical clarity and empirical feasibility.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.860-877
• /
• 2013

Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.

• The Journal of Information Systems
• /
• v.29 no.4
• /
• pp.57-76
• /
• 2020

Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

• Annual Conference of KIPS
• /
• 2009.04a
• /
• pp.1457-1458
• /
• 2009

센서 네트워크는 크기가 작고 제한된 전력을 가진 센서노드들이 무작위로 다량 배치됨에 따라 안전하고 자유로운 정보 이용을 위하여 보다 유동적인 관리 환경이 필요하다. 특히 종래의 중앙 집중적인 관리 방법은 동적인 네트워크 변화가 민감한 센서 네트워크에 적용하기에 그 기능에서부터 큰 차이를 보이기 때문에 보다 신속하고 정확한 센서 노드의 관리를 위한 모바일 관리 도구의 구축을 제안한다. 모바일 관리 도구를 이용한 분산적인 센서 네트워크 관리는 유연한 센서 노드들의 관리를 가능하게 하고 이는 곧 센서 노드들이 수집하는 정보와 전달하는 정보의 신뢰도를 증가 시킬 수 있다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.19-25
• /
• 2018

With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.86-95
• /
• 2005

Location-based services or LBS refer to value-added service by processing information utilizing mobile user location. With the rapidly increasing wireless Internet subscribers and world LBS market, the various location based applications are introduced such as buddy finder, proximity and security services. As the killer application of the wireless Internet, the LBS have reconsidered technology about location determination technology, LBS middleware server for various application, and diverse contents processing technology. However, there are fears that this new wealth of personal location information will lead to new security risks, to the invasion of the privacy of people and organizations. This paper describes a novel security approach on open LBS service to validate certificate based on current LBS platform environment using XKMS (XML Key Management Specification) and SAML (Security Assertion Markup Language), XACML (extensible Access Control Markup Language) in XML security mechanism.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2174-2177
• /
• 2003

Internet is exposed to network attacks as Internet has a security weakness. Network attacks which are virus, system intrusion, and deny of service, put Internet in the risk of hacking, so the damage of public organization and banking facilities are more increased. So, it is necessary that the security technologies about intrusion detection and controlling attacks minimize the damage of hacking. Router is the network device of managing traffic between Internets or Intranets. The damage of router attack causes the problem of the entire network. The security technology about router is necessary to defend Internet against network attacks. Router has the need of access control and security skills that prevent from illegal attacks. We developed integrated security management framework for secure networking and kernel-level security engine that filters the network packets, detects the network intrusion, and reports the network intrusion. The security engine on the router protects router or gateway from the network attacks and provides secure networking environments. It manages the network with security policy and handles the network attacks dynamically.

• ETRI Journal
• /
• v.45 no.2
• /
• pp.346-357
• /
• 2023

Hardware security primitives, also known as physical unclonable functions (PUFs), perform innovative roles to extract the randomness unique to specific hardware. This paper proposes a novel hardware security primitive using a commercial off-the-shelf flash memory chip that is an intrinsic part of most commercial Internet of Things (IoT) devices. First, we define a hardware security source model to describe a hardware-based fixed random bit generator for use in security applications, such as cryptographic key generation. Then, we propose a hardware security primitive with flash memory by exploiting the variability of tunneling electrons in the floating gate. In accordance with the requirements for robustness against the environment, timing variations, and random errors, we developed an adaptive extraction algorithm for the flash PUF. Experimental results show that the proposed flash PUF successfully generates a fixed random response, where the uniqueness is 49.1%, steadiness is 3.8%, uniformity is 50.2%, and min-entropy per bit is 0.87. Thus, our approach can be applied to security applications with reliability and satisfy high-entropy requirements, such as cryptographic key generation for IoT devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.91-108
• /
• 2010

Universities are one of leading R&D institutes, however, their scarce security investment allows research information to leak outside. This paper proposes methods for improving security level of academic institutes to protect research information by analyzing security awareness and activities. To do that, we verified the current status of information security and awareness level by analyzing the survey which was conducted for a member of Seoul National University. As a result of statistical analysis using correlation, analysis of variance, multi regression and so on, we concluded that it is essential to improve security awareness, activities, professor's security level and management process for research labs. Thus, we suggest the following methods, security awareness and knowledge development through education, security management for research labs through provision, introduction of data protection softwares and physical control of visitors which are to be adopted to improve security level.

• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.111-126
• /
• 2022

As the technology hegemony war between the United States and China develops and the importance of R&D increases, countries around the world are increasing their R&D investment. In Korea, the size of R&D investment by the government and companies has steadily increased every year, and cutting-edge technologies are being developed in various fields as it shifts to the direction of creative technology development. However, the number of cases in which high-tech core technologies in Korea, which have invested a lot of budget, time, and effort, are illegally leaked overseas is also steadily increasing. Research security is an activity to safely protect protected objects in the research environment from risk factors such as leakage and deodorization, and laws and systems for research security are being reorganized not only in Korea but also in the United States and other countries around the world. In this paper we aims to derive Korea's research security policy direction, focusing on US research security cases which ranks first in R&D expenses around the world to improve the R&D system and actively discusses R&D policies and laws.