• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.901-911
• /
• 2012

The removal of security vulnerabilities during the developmental stage is found to be much more effective and much more efficient than performing the application during the operational phase. The underlying security vulnerabilities in software have become the major cause of cyber security incidents. Thus, secure coding is drawing much attention for one of its abilities includes minimizing security vulnerabilities at the source code level. Removal of security vulnerabilities at the software's developmental stage is not only effective but can also be regarded as a fundamental solution. This thesis is a research about the methods of Mobile-Secure Coding Self Assessment in order to evaluate the security levels in accordance to the application of mobile secure coding of every individual, groups, and organizations.

• The Transactions of the Korean Institute of Electrical Engineers
• /
• v.43 no.2
• /
• pp.179-188
• /
• 1994

This paper deals with implementation of an expert system to obtain an optimal plan of load transfer for fault restoration with the capability of security monitoring and assessment in distribution systems. Based on the technique of load transfer tree analysis, the proposed expert system can afford to assist system operators in proposing an optimal plan of load transfer for fault restoration, In paticular, an application of the proposed ES to practical distribution systems yields an optimal load transfer plan which ensures system security by considering security assessment for contingency of feeders and main transformers in the knowledge based sense.

• Journal of Korean Society for Quality Management
• /
• v.51 no.3
• /
• pp.435-444
• /
• 2023

Purpose: To attain advanced performance certification, safety aspects along with functionality and performance are essential. Hence, this study suggests radiation leakage assessment methods for aviation security equipment during its performance certification. Methods: Detection technology guided the choice of radiation leakage assessment targets. We then detailed measurement and evaluation methods based on equipment type and operation mode. Equipment was categorized as container or box types for establishing measurement procedures. Results: We've developed specific radiation leakage assessment procedures for different types of aviation security equipment, crucial for ensuring airport safety. Using these procedures allows efficient evaluation of compliance with radiation leakage standards. Conclusion: The suggested radiation leakage assessment method aims to enhance aviation security and reliability. Future research will focus on identifying risks in novel aviation security equipment detection technologies and establishing safety standards.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4531-4544
• /
• 2021

Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

• Asia pacific journal of information systems
• /
• v.15 no.1
• /
• pp.115-133
• /
• 2005

This study is to develop an information security management model(ISMM) for small and medium sized enterprises(SMEs). Based on extensive literature review, a five-pillar twelve-component reference ISMM is developed. The five pillars of SME's information security are: centralized decision making, ease of management, flexibility, agility and expandability. Twelve components are: scope & organization, security policy, resource assessment, risk assessment, implementation planning, control development, awareness training, monitoring, change management, auditing, maintenance and accident management. Subsequent survey designed and administered to expose experts' perception on the importance of these twelve components revealed that five out of tweleve components require relatively immediate attention than others, especially in SME's context. These five components are: scope and organization, resource assessment, auditing, change management, and incident management. Other seven components are policy, risk assessment, implementation planning, control development, awareness training, monitoring, and maintenance. It seems that resource limitation of SMEs directs their attention to ISMM activities that may not require a lot of resources. On the basis of these findings, a three-phase approach is developed and proposed here as an SME ISMM. Three phases are (1) foundation and promotion, (2) management and expansion, and (3) maturity. Implications of the model are discussed and suggestions are made for further research.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.6
• /
• pp.223-234
• /
• 2019

Cyber attacks are an important factor that determines the victory and defeat of Network-centric wars in which advanced weapon systems are highly interlinked. In addition the increasing dependability on software as its develop as the latest fighter is demanding enhanced security measures for fighter software to Cyber attacks. In this paper, we apply the DO-326A, which is an airworthiness security certification standard, to design a risk-based security threat assessment process by reflecting characteristics and operational environment of fighter aircraft. To do this, we add the following steps in security threat assessment stage of DO-326A's airworthiness security certification process. First, we derive security threats of fighter. And then, we scored the security threat in terms of possibility and impact on the fighter. Finally, we determine the security risk severity.

• Journal of Advanced Navigation Technology
• /
• v.13 no.5
• /
• pp.763-772
• /
• 2009

According as information-oriented society is propelled, development of various information security systems is achieved, and introduction of information security system is increasing for service offer securing from nation and public institution. In particular, government information system is increasing interest about security assessment service of government information system because verification about security is weighed first of all. Accordingly, study about various security assessment services is preceded in domestic and overseas. In this paper, analyze security assessment service of Britain and Canada, and we proposed about pre-qualification introduction plan of government information system that can offer user of nation and public institution reliability.

• Proceedings of the KIEE Conference
• /
• 2003.11a
• /
• pp.28-30
• /
• 2003

Probabilistic Load Flow(PLF) solution based on the method of moments is used for security assessment of bus voltages in power systems. Bus voltages, line currents, line admittances, generated real and reactive power, and bus loads are treated as complex random variables. These complex random variables are known in terms of probability density functions(PDF). Also, expressions for the convolutions of complex random variables in terms of moments and cumulants have been derived. Proposed PLF solution using the method of moments is fast, because the process of convolution of various complex random variables is performed in moment and cumulant domain. Therefore, the method is applied to security assessment of power systems in this paper. Finally, system operator also can be used information of security assessment to improve reliability of power systems.

• Journal of the Korean Society of Safety
• /
• v.12 no.3
• /
• pp.67-75
• /
• 1997

This paper presents a study on the application of Asynchronous Team(A-Team) theory for QVC(Reactive power control) and security assessment in a power system. Reactive power control problem is the one of optimally establishing voltage level given reactive power sources, which is very important problem to supply the demand without interruption and needs methods to alleviate a bus voltage limit violation more quickly. It can be formulated as a mixed-integer linear programming(MILP) problem without deteriorating of solution accuracy to a certain extent. The security assessment is to estimate the relative robustness of the system and deterministic approach based on AC load flow calculations is adopted to assess it, especially voltage security. A distance measure, as a measurement for voltage security, is introduced. In order to analyze the above two problem, reactive power control and static security assessment, In an integrated fashion, a new organizational structure, called an A-team, is adopted. An A-team is well-suited to the development of computer-based, multi-agent systems for operation of large-scaled power systems. In order to verify the usefulness of the suggested scheme herein, modified IEEE 30 bus system is employed as a sample system. The results of a case study are also presented.

• Journal of Electrical Engineering and Technology
• /
• v.1 no.4
• /
• pp.414-422
• /
• 2006

Deterministic techniques have been applied in power system planning for many years and there is a growing interest in combining these techniques with probabilistic considerations to assess the increased system stress due to the restructured electricity environment. The overall reliability framework proposed in this paper incorporates the deterministic N-1 criterion in a probabilistic framework, and results in the joint inclusion of both adequacy and security considerations in system planning. The combined framework is achieved using system well-being analysis and traditional adequacy assessment. System well-being analysis is used to quantify the degree of N-1 security and N-1 insecurity in terms of probabilities and frequencies. Traditional adequacy assessment is Incorporated to quantify the magnitude of the severity and consequences associated with system failure. The concepts are illustrated by application to two test systems. The results based on the overall reliability analysis framework indicate that adequacy indices are adversely affected by a generation deficient environment and security indices are adversely affected by a transmission deficient environment. The combined adequacy and security framework presented in this paper can assist system planners to realize the overall benefits associated with system modifications based on the degree of adequacy and security, and therefore facilitate the decision making process.