• Title/Summary/Keyword: Risk Level of Security Incidents

Search Result 14, Processing Time 0.025 seconds

A Study on Information Access Control Policy Based on Risk Level of Security Incidents about IT Human Resources in Financial Institutions (금융IT인력의 보안사고 위험도에 기반한 정보접근 통제 정책 연구)

  • Sim, Jae-Yoon;Lee, Kyung-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.2
    • /
    • pp.343-361
    • /
    • 2015
  • The financial industry in South Korea has witnessed a paradigm shift from selling traditional loan/deposit products to diversified consumption channels and financial products. Consequently, personification of financial services has accelerated and the value of finance-related personal information has risen rapidly. As seen in the 2014 card company information leakage incident, most of major finance-related information leakage incidents are caused by personnel with authorized access to certain data. Therefore, it is strongly required to confirm whether there are problems in the existing access control policy for personnel who can access a great deal of data, and to complement access control policy by considering risk factors of information security. In this paper, based on information of IT personnel with access to sensitive finance-related data such as job, position, sensitivity of accessible data and on a survey result, we will analyze influence factors for personnel risk measurement and apply data access control policy reflecting the analysis result to an actual case so as to introduce measures to minimize IT personnel risk in financial companies.

Response to Security Threats through Importance Analysis of NFT Service Provider Security Level Check Items (NFT 서비스 제공자 보안 수준 점검 항목 중요도 분석을 통한 보안 위협 대응)

  • Dong Sung Im
    • Journal of Platform Technology
    • /
    • v.11 no.5
    • /
    • pp.126-135
    • /
    • 2023
  • Demand for NFT is expanding along with Blockchain. And cyber security threats are also increasing. Therefore, this study derives security level inspection items by analyzing status related to NFT security such as NFT features, security threats, and compliance for the purpose of strengthening NFT security. Based on this, the relative importance was confirmed by applying it to the AHP model. As a result of the empirical analysis, the priority order of importance was found in the order of Security management system establishment and operation, encryption, and risk management, etc. The significance of this study is to reduce NFT security incidents and improve the NFT security management level of related companies by deriving NFT-related security level check items and demonstrating the research model. And If you perform considering relative importance of the NFT check items, the security level can be identified early.

  • PDF

Hazardous Factors and Accident Severity of Cabling Work in Telecommunications Industry

  • Kim, Yang Rae;Park, Myoung Hwan;Jeong, Byung Yong
    • Journal of the Ergonomics Society of Korea
    • /
    • v.35 no.3
    • /
    • pp.155-163
    • /
    • 2016
  • Objective: This study aims to draw the characteristics of occupational accidents occurred in cabling work, and assess accident severity based on occupational injury data. Background: Accident factors and accident risk are different by the place of work in cabling work. Field managers require information on accident prevention that can be easily understood by workers. However, there has been a lack of studies that focus on cabling work in Korea. Method: This study classifies 450 injured persons caused in cabling work by process, and analyzes the characteristics of occupational injuries from the aspects of age, work experience and accident type. This study also analyzes accident frequency and severity of injury. Results: Results show that preparing/finishing (33.3%) was the most common type of cabling process in injuries, followed by maintenance (28.4%), routing/income (23.1%) and wiring/installation (15.1%) process. The critical incidents in the level of risk management were falls from height in the routing/incoming process, and falls from height in the maintenance process. And, incidents ranked as 'High' level of risk management were slips and trips, fall from height and vehicle incident in the preparing/finishing process, and fall from height in the wiring/installation process. Conclusion and Application: The relative frequency of accident and its severity by working process serve as important information for accident prevention, and are critical for determining priorities in preventive measures.

Web-Based Information Security Leveling Tool (웹 기반 정보보안 수준 측정 도구 설계)

  • Sung, Kyung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.4 s.36
    • /
    • pp.375-384
    • /
    • 2005
  • As the development of information communication technology and thus the growth of security incidents, there has been increasing demand on developing methodologies and tools for measuring the information security level of organizations for the efficient security management. However, most works from foreign countries are not realistic in constructing the checklists, moreover their tools provide neither the ease of use nor the inexpensiveness, and most domestic works are not properly considering the characteristics of the organizations when measuring the information security level. In this study, an efficient information security levelling tool is suggested, which applies the multiple variable weights for security levelling according to the characteristics of organizations and the fuzzy technique to reduce the user's subjectivity and the genetic algorithm to establish the security countermeasure.

  • PDF

A Research on the Development of Information Security Governance Framework (정보보호 거버넌스 프레임워크 개발에 관한 연구)

  • Lee, Seong-Il;Hwang, Kyung-Tae
    • Journal of Information Technology Applications and Management
    • /
    • v.18 no.2
    • /
    • pp.91-108
    • /
    • 2011
  • Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

An Analysis of the Relative Importance of Security Level Check Items for Autonomous Vehicle Security Threat Response (자율주행차 보안 위협 대응을 위한 보안 수준 점검 항목의 상대적 중요도 분석)

  • Im, Dong Sung
    • The Journal of The Korea Institute of Intelligent Transport Systems
    • /
    • v.21 no.4
    • /
    • pp.145-156
    • /
    • 2022
  • To strengthen the security of autonomous vehicles, this study derived checklists through the analysis of the status of autonomous vehicle security. The analyzed statuses include autonomous vehicle characteristics, security threats, and domestic and foreign security standards. The derived checklists are then applied to the AHP(Analytic Hierarchy Process) model to find their relative importance. Relative importance was ranked as one of cyber security management system establishment and implementation, encryption, risk assessment, etc. The significance of this study is to reduce cyber security incidents that cause human casualties as well improve the level of security management of autonomous vehicles in related companies by deriving the autonomous vehicle security level checklists and demonstrating the model. If the inspection is performed considering the relative importance of the checklists, the security level can be identified early.

Risk Analysis for Protecting Personal Information in IoT Environments (사물인터넷(IoT) 환경에서의 개인정보 위험 분석 프레임워크)

  • Lee, Ae Ri;Kim, Beomsoo;Jang, Jaeyoung
    • Journal of Information Technology Services
    • /
    • v.15 no.4
    • /
    • pp.41-62
    • /
    • 2016
  • In Internet of Things (IoT) era, more diverse types of information are collected and the environment of information usage, distribution, and processing is changing. Recently, there have been a growing number of cases involving breach and infringement of personal information in IoT services, for examples, including data breach incidents of Web cam service or drone and hacking cases of smart connected car or individual monitoring service. With the evolution of IoT, concerns on personal information protection has become a crucial issue and thus the risk analysis and management method of personal information should be systematically prepared. This study shows risk factors in IoT regarding possible breach of personal information and infringement of privacy. We propose "a risk analysis framework of protecting personal information in IoT environments" consisting of asset (personal information-type and sensitivity) subject to risk, threats of infringement (device, network, and server points), and social impact caused from the privacy incident. To verify this proposed framework, we conducted risk analysis of IoT services (smart communication device, connected car, smart healthcare, smart home, and smart infra) using this framework. Based on the analysis results, we identified the level of risk to personal information in IoT services and suggested measures to protect personal information and appropriately use it.

PRISM: A Preventive and Risk-reducing Integrated Security Management Model using Security Label (PRISM: 보안 레이블을 이용한 위험예방 통합보안관리 모델)

  • Kim, Dong-Soo;Kim, Tae-Kyung;Chung, Tai-Myoung
    • The KIPS Transactions:PartC
    • /
    • v.10C no.6
    • /
    • pp.815-824
    • /
    • 2003
  • Many organizations operate security systems and manage them using the intergrated secutity management (ISM) dechnology to secyre their network environment effectively. But current ISM is passive and behaves post-event manner. To reduce cost and resource for managing security and to remove possbility of succeeding in attacks by intruder, the perventive security management technology is required. In this paper, we propose PRISM model that performs preventative security management with evaluating the security level of host or network and the sensitivity level of information asset from potential risks before security incidents occur. The PRISM can give concrete and effective security management in managing the current complex networks.

A Study on the Effective Countermeasures for Preventing Computer Security Incidents (기업의 침해사고 예방을 위한 관리 모델)

  • Kang, Shin-Beom;Lee, Sang-Jin;Lim, Jong-In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.107-115
    • /
    • 2012
  • The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

Integrated Ship Cybersecurity Management as a Part of Maritime Safety and Security System

  • Melnyk, Oleksiy;Onyshchenko, Svitlana;Pavlova, Nataliia;Kravchenko, Oleksandra;Borovyk, Svitlana
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.3
    • /
    • pp.135-140
    • /
    • 2022
  • Scientific and technological progress is also fundamental to the evolving merchant shipping industry, both in terms of the size and speed of modern ships and in the level of their technical capabilities. While the freight performance of ships is growing, the number of crew on board is steadily decreasing, as more work processes are being automated through the implementation of information technologies, including ship management systems. Although there have been repeated appeals from international maritime organizations to focus on building effective maritime security defenses against cyber attacks, the problems have remained unresolved. Owners of shipping companies do not disclose information about cyberattack attempts or incidents against them due to fear of commercial losses or consequences, such as loss of image, customer and insurance claims, and investigations by independent international organizations and government agencies. Issues of cybersecurity of control systems in the world today have gained importance, due to the fact that existing threats concern not only the security of technical means and devices, but also issues of environmental safety and safety of life at sea. The article examines the implementation of cyber risk management in the shipping industry, providing recommendations for the safe ship operation and its systems in order to improve vulnerability to external threats related to cyberattacks, and to ensure the safety and security of such a technical object as a seagoing ship.