• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.111-120
• /
• 2019

As cyber-attacks become more intelligent and sophisticated, the importance of Security Operations Center(SOC) has increased and the number of SOC has been increasing. In order to cope with cyber threats, institutions and organizations use a variety of cyber security standards to create business procedures. However, SOC often need to be improved in accordance with the SOC environment because they collaborate with managed security service specialists rather than their own personnel. The NIST cyber security framework, information security management system, and managed security service companies were compared and analyzed. As a result, it was found that the NIST CSF is a framework that is easy to apply to managed security service, The content was judged to be insufficient. Therefore, in this study, NIST CSF was used as a reference model to derive the management items required for SOC environment, and the necessity, importance and ease of each item were confirmed through an Delphi technique and an improved cyber security framework was proposed.

• Korean Security Journal
• /
• no.34
• /
• pp.161-184
• /
• 2013

The purpose of this research is to achieve qualitative growth for private security industry as a sector of service industry to attract clients and promote the growth of the private security industry by analyzing the factors which influence the customer's service satisfaction in using the private security services. A regression analysis was conducted to determine the factors which influences the satisfaction of private security service to ultimately achieve the research purpose. In the regression analysis, the difference between corporate clients and individual clients were analyzed for the sake of providing better security services and marketing applications. As a result, the factors that influences the satisfaction of the categorized groups were very clearly signified. Both individual and corporate clients showed increase in satisfaction rate when the fear of crime decreased. This result implies that the private security firms must possess segmented strategies as well as strategies to lower the fear factors of clients. There were no differences in all satisfaction-influencing factors when the fear reduction variable was exempted among both corporate and individual clients in usage satisfaction. This result shows that clients demand varies according to the client and the security firms must react to these demands by the clients. Although private security industry possess very clear publicity, it is a profit generating industry sector therefore, like other service industry, the private security services must implement strategies to keep up with the paradigm. If the satisfaction determinants from the research results are grafted into strategies such relationship marketing and target market selection, higher service satisfaction can be achieved from the clients.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.25-30
• /
• 2021

Due to the current COVID-19 pandemic, companies and institutions are introducing virtual desktop technology, one of the logical network separation technologies, to establish a safe working environment in a situation where remote work is provided. With the introduction of virtual desktop technology, companies and institutions can operate the network separation environment more safely and effectively, and can access the business network quickly and safely to increase work efficiency and productivity. However, when introducing virtual desktop technology, there is a cost problem of high-spec server, storage, and license, and it is necessary to supplement in terms of operation and management. As a countermeasure to this, companies and institutions are shifting to cloud computing-based technology, virtual desktop service (DaaS, Desktop as a Service). However, in the virtual desktop service, which is a cloud computing-based technology, the shared responsibility model is responsible for user access control and data security. In this paper, based on the shared responsibility model in the virtual desktop service environment, we propose a cloud-based hardware security module (Cloud HSM) and edge-DRM proxy as an improvement method for user access control and data security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.1
• /
• pp.69-78
• /
• 2015

Internet of Things(IoT) is electronic devices and household appliances use wireless sensor network in environment of high speed wireless network and LTE mobile service. The combination of the development of Internet and wireless network led to development of new forms of service such as electronic devices and household appliances can connect to the Internet through various sensors and online servers such as a Home Network. Even though Internet of Things is useful, there are problems in Internet of Things. In environment of Internet of Things, information leakage could happens by illegal eavesdropping and spoofing. Also illegal devices of wireless communication interference can cause interfere in Internet of things service, physical damage and denial of service by modulation of data and sensor. In this thesis, it will analyze security threats and security vulnerability in environment of mobile services and smart household appliances, then it will suggest plan. To solve security issues, it is important that IT and RFID sensor related companies realize importance of security environment rather than focus on making profit. It is important to develop the standardized security model that applies to the Internet of Things by security-related packages, standard certification system and strong encrypted authentication.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.96-101
• /
• 2005

Spotlighted as an innovative information technology environment, ubiquitous computing has been actively researched on recently. Especially, domestic and global researches focus on the RFID system, which is being eyed to replace the existing bar-code system. As an essential technology for ubiquitous computing, the RFID system can be applied for various purposes. The security issues of the RFID system focus on how the low-priced tag type could have reasonable price competitiveness. The Auto-ID Center in the U.S. is spearheading the research on distribution service and omni-directional security. As for Japan, the researches on omni-directional security and EPC application are necessary in securing the technology for ubiquitous computing with support from the Ministry of Public Management Home Affairs, Posts, and Telecommunication. In this paper, a method of ensuring the availability of the RFID system service will be presented based on the ubiquitous computing environment with the existing omni-directional security and user-friendly interface. While the existing researches focus on the RF reader system and tag-based security, this paper's suggestion also considers the availability of a sen ice to suggest ways of increasing the practical usage of a low-priced RF tag.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.59-68
• /
• 2016

Recently, many domestic and foreign industries is increasing gradually in the importance of security such as the emergence of a Convergence Information Technology(internet of things, cloud computing service, big data etc). Among these techniques, the industrial security market is expected to grow gradually and the evolution of security technologies, as well as vulnerabilities are also expected to increase. Therefore, an increase in physical vulnerability factors it is no exaggeration to standards that are determining the security of industrial security. In this paper will be analyzed to the physical security technology and case study, physical vulnerability factor. Thereby this is expected to be utilized as a basis for the countermeasure of physical corresponding infringement and attack in a future.

• ETRI Journal
• /
• v.37 no.2
• /
• pp.428-437
• /
• 2015

This study was conducted to analyze the effect of information security activities on organizational performance. With this in mind and with the aim of resolving transaction stability in the securities industry, using an organization's security activities as a tool for carrying out information security activities, the effect of security activities on organizational performance was analyzed. Under the assumption that the effectiveness of information security activities can be bolstered to enhance organizational performance, such effects were analyzed based on Herzberg's motivation theory, which is one of the motivation theories that may influence information protection activities. To measure the actual attributes of the theoretical model, an empirical survey of the securities industry was conducted. In this explorative study, the proposed model was verified using partial least squares as a structural equation model consisting of IT service, information security, information sharing, transaction stability, and organizational performance.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.73-83
• /
• 2021

The information space, the main components of which are information resources, means of information interaction, and information infrastructure, is a sphere of modern social life in which information communications play a leading role. The objective process is the gradual but stable entry of the national information space into the European and world information sphere, in the context of which there is a legitimate question of its protection as one of the components of the national security of Ukraine. However, the implementation of this issue in practice immediately faces the need to respect the rights and fundamental freedoms guaranteed by international regulations and the Constitution of Ukraine, especially in the field of cybersecurity. The peculiarity of the modern economy is related to its informational nature, which affects the sharp increase in cyber incidents in the field of information security, which is widespread and threatening and affects a wide range of private, corporate, and public interests. The problem of forming an effective information security system is exacerbated by the spread of cybercrime as a leading threat to information security both in Ukraine and around the world. The purpose of this study is to analyze the state of cybersecurity and on this basis to identify new areas of the fight against cybercrime in Ukraine. Methods: the study is based on an extensive regulatory framework, which primarily consists of regulatory acts of Ukraine. The main methods were inductions and deductions, generalizations, statistical, comparative, and system-structural analysis, grouping, descriptive statistics, interstate comparisons, and graphical methods. Results. It is noted that a very important component of Ukraine's national security is the concept of "information terrorism", which includes cyberterrorism and media terrorism that will require its introduction into the law. An assessment of the state of cybersecurity in Ukraine is given. Based on the trend analysis, further growth of cybercrimes was predicted, and ABC analysis showed the existence of problems in the field of security of payment systems. Insufficient accounting of cybercrime and the absence in the current legislation of all relevant components of cybersecurity does not allow the definition of a holistic system of counteraction. Therefore, the proposed new legal norms in the field of information security take into account modern research in the field of promising areas of information technology development and the latest algorithms for creating media content.

• The Journal of Asian Finance, Economics and Business
• /
• v.9 no.5
• /
• pp.75-86
• /
• 2022

The service industry has been acknowledged as a critical part of mobile banking services in recent years. This study examines the impact of e-service quality and loyalty on the intention to use and use behavior of mobile banking services in Mongolia, a Central Asian country. As a result, based on past research, a conceptual model was suggested. This study comprises 209 completed questionnaires from young Mongolians who own a bank account and a smartphone. The data was collected based on convenience sampling, and it was analyzed with SmartPLS software using a partial least squares-structural equation modeling (PLS-SEM) technique. The findings indicate that system quality, interface design, and security assurance have a significant positive impact on service quality; service quality has a positive impact on loyalty. Moreover, the results reveal that service quality and loyalty have a significant influence on the intention to use mobile banking services. The findings of this study suggest that local or international banks and financial institutions in Mongolia should consider system quality, interface design, and security concerns as key successors to building perceived security quality to retain current mobile banking users and attract new customers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.1
• /
• pp.64-83
• /
• 2012

The number of smart phone users is rapidly growing due to recent increase in wireless Internet usage, development of a wide variety of applications, and activation of M2M (Machine to machine) services. Although the smart phone offers benefits of mobility and convenience, it also has serious security problems. To utilize M2M services in the smart phone, a flexible integrated authentication and access control facility is an essential requirement. To solve these problems, we propose a context-aware single sign-on and access control system that uses context-awareness, integrated authentication, access control, and an OSGi service platform in the smart phone environment. In addition, we recommend Fuzzy Logic and MAUT (Multi-Attribute Utility Theory) in handling diverse contexts properly as well as in determining the appropriate security level. We also propose a security system whose properties are flexible and convenient through a typical scenario in the smart phone environment. The proposed context-aware security system can provide a flexible, secure and seamless security service by adopting diverse contexts in the smart phone environment.