• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.363-374
• /
• 2015

Instrumentation and control(I&C) system has been mainly designed and operated based on analog technologies in existing Nuclear Power Plants(NPPs). However, As the development of Information Technology(IT), digital technologies are gradually being adopted in newly built NPPs. I&C System based on digital technologies has many advantages but it is vulnerable to cyber threat. For this reason, cyber threat adversely affects on safety and reliability of I&C system as well as the entire NPPs. Therefore, the software equipped to NPPs should be developed with cyber security attributes from the initiation phase of software development life cycle. Moreover through cyber security assessment, the degree of confidence concerning cyber security should be measured and if managerial, technical and operational work measures are implemented as intended should be reviewed in order to protect the I&C systems and information. Currently the overall cyber security program, including cyber security assessment, is not established on I&C systems. In this paper, we propose cyber security assessment methods in the Software Development Life Cycle by drawing cyber security activities and assessment items based on regulatory guides and standard technologies concerned with NPPs.

• Proceedings of the KIEE Conference
• /
• 2005.07a
• /
• pp.12-14
• /
• 2005

Security problem has been a fundamental issue in the operation and planning of power system. Voltage instability is widely recognized as an important issue of power system blackout. As far as real-time operation is concerned, there is a need for appropriate tools to identify dangerous contingencies, assess security margins and suggest corrective actions. In this paper, we propose the framework design of Voltage Security Assessment(VSA) using QSS(Quasi Steady-State) analysis method in order to implement fast time domain simulation engine as a major part of VSA.

• Journal of Korea Multimedia Society
• /
• v.17 no.12
• /
• pp.1494-1502
• /
• 2014

Since smartphones are utilized in the ranges from personal usages to governmental data exchanges, known but not patched vulnerabilities in smartphone operating systems are considered as major threats to the public. To minimize potential security breaches on smartphones, it is necessary to estimate possible security threats. So far, there have been numerous studies conducted to evaluate the security risks caused by mobile devices qualitatively, but there are few quantitative manners. For a large scale risk evaluation, a qualitative assessment is a never ending task. In this paper, we try to calculate relative risk levels triggered by software vulnerabilities from unsecured smartphone operating systems (Android and iOS) among 51 Asian countries. The proposed method combines widely accepted risk representation in both theory and industrial fields. When policy makers need to make a strategic decision on mobile security related agendas, they might find the presented approach useful.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.405-414
• /
• 2014

It is very important to IT users that the Cloud service provides dynamic extension of IT resources and cost-saving. However, the reliability for Cloud service hinders utilizing Cloud service actively. Existing studies on assessment program for Cloud Service are executed by extracting information security assessment articles and adding features of cloud services by referencing ISO/IEC 27001:2005. This paper will review the recently released ISO/IEC 27001:2013 for the addition, reduction, and changing of articles for Controls and Control objectives. Comparative analysis for the Controls of ISO/IEC 27001:2013 with those of CSA CCMv.3, FedRAMP which is an assessment program for Cloud service will suggest Control Objects of Information Security Management System for related Cloud service. The suggestion of Controls will be an important reference index for the security policy of companies which manage the information security management system based on Cloud service.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.107-114
• /
• 2005

This paper proposes to analyze a security level about information property systems. This method uses objective and quantitative risk level assessment. The method analyzes administrative, physical and technical aspects of information property system commonly. This method also uses administrative, physical and technical weights. Individually according to requirements security assessment purpose. And it shows risks weighting mean and importance of information property by graph. The most right and up systems in maps is prior to other systems. Also, Quantitative analysis presents more objective and efficient results for security level assessment of information system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.777-785
• /
• 2016

Engineering education accreditation addresses evaluation for program outcomes according to educational objectives and assessment process, which students are expected to obtain by the time of graduation in order to train international competitive engineers with continuous quality improvement in engineering programs. This paper shows a case study of a program outcomes assessment system including performance criteria, evaluation process, document system and continuous quality improvement process and an achievement evaluation by the assessment system for program outcomes in Information Security Program of Hoseo university.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1483-1490
• /
• 2017

Wearable devices need a host device to be paired with because of connectivity, functionality and ease personalization. There should be frequent update and backup processes between the paired devices even without user's consciousness. Due to pairing process, user-specific data are copied from smartphone and transferred to paired smartwatch. We focus on what happens in smartwatch because of pairing process. We perform an experiment study by observing and extracting data from smartwatch under real world usage phases. With a survey of user awareness on smartwatch regarding security and privacy, moreover, we suggest risk assessment on smartwatch in five levels, particularly considering pairing process based on security and privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1447-1461
• /
• 2019

Evaluating battle damage after conducting an attack on selected targets during warfare is essential. However, regarding the assessment of battle damage caused by cyber-attacks, some methods available under limited circumstances have been suggested so far. Accordingly, this paper suggests a militarily applicable, comprehensive, and specific method of battle damage assessment from battle damage assessment methods in combat assessment theories from the understanding of cyberspace. By using cyberspace components, this paper classifies cyber targets, suggests the assessment methods of data damage, social cognitive damage, derived damage, and the existing battle damage assessment methods such as physical damage, functional damage, and target systems, and provides an example to demonstrate that this method is applicable to the actual past cyberattack cases.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.269-274
• /
• 2022

Economy of Ukraine is characterized by the rapidly increased level of financial failures at a corporate level. Conditions of doing business in Ukraine become tighter year after year and it should motivate the business owners not only to watch more accurately the state in which their business is but also to introduce new, more precise, more tight systems of crisis management and economic security. The experience shows that in order to stay afloat and not to suffer losses companies should pay more attention to different areas of economic security, such as production potential, financial indicators, logistics, staff, etc. For this purpose companies should use a system of valuation of the most important for their activity indicators and transform their values in an integral one in order to use this assessment in making managerial decisions. Such a valuation is one of the components which the article presents. The article also reveals the key points which characterize crisis management as an integral part of enterprise development and economic security. There are specified the essence and problems of crisis management and proposed the ways of raising the level of economic security of a company based on the example of an industrial and commercial enterprise. The key focus of the enterprise's economic security management is defined as constructive responses to threats from the external environment and, as a result, ensuring stable functioning and effective realization of untapped potential in the future. The current assumption is to explain the scheme of strategic management of an industrial and commercial enterprise and to calculate the methodology of an express assessment of the level of enterprise economic security, taking into account the components of crisis management. To assess the level of economic security of the enterprise, it is proposed to use the method of point assessment, which is based on a multi-level system of indicators, which covers the main areas of the enterprise's activity.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.1-11
• /
• 2010

The purpose of this study is, by recognizing that recently, as crimes using information and various adverse-effect phenomena such as hacking and virus occur frequently with rapid development of information network such as Internet in every field of industry, the range of security is widening to the field of industrial areas for preventing the leaking of industrial technology and protecting that technology as well as information security only limited to IT area, and by establishing common concept about industrial security through education on the industrial security at the point of increasing importance of industrial security, to prepare the base of comprehensive risk management system for protecting company's assets (physical factor, technical factor and managerial factor) safely from the random threats or attacks inside and outside the company through assessment of important assets of the company, evaluation of threats and weak points, and risk assessment by building industrial security management system in order to protect company's information assets and resources which are connected to the existence of the company safely from the threats or attacks from inside or outside the company and to spread stable business activities.