• Journal of the Korean Society of Marine Environment & Safety
• /
• v.30 no.3
• /
• pp.263-274
• /
• 2024

The digitization of ship environments has increased the risk of cyberattacks on ships. The smartization and automation of ships are also likely to result in cyber threats. The International Maritime Organization (IMO) has discussed the establishment of regulations at the autonomous level and has revised existing agreements by dividing autonomous ships into four stages, where stages 1 and 2 are for sailors who are boarding ships while stages 3 and 4 are for those not boarding ships. In this study, the level of a smart ship was classified into LEVELs (LVs) 1 to 3 based on the autonomous levels specified by the IMO. Furthermore, a risk assessment for smart ships at various LVs in different risk scenarios was conducted The cyber threats and vulnerabilities of smart ships were analyzed by dividing them into administrative, physical, and technical security; and mitigation measures for each security area were derived. A total of 22 cyber threats were identified for the cyber asset (target system). We inferred that the higher the level of a smart ship, the greater the hyper connectivity and the remote access to operational technology systems; consequently, the greater the attack surface. Therefore, it is necessary to apply mitigation measures using technical security controls in environments with high-level smart ships.

• Proceedings of the KIEE Conference
• /
• 1997.07c
• /
• pp.1130-1132
• /
• 1997

This paper proposed an application of artificial neural networks to security assessment(SA) in power system. The SA is a important factor in power system operation, but conventional techniques have not achieved the desired speed and accuracy. Since the SA problem involves classification, pattern recognition, prediction, and fast solution, it is well suited for Kohonen neural network application. Self organizing feature map(SOFM) algorithm in this paper provides two dimensional multi maps. The evaluation of this map reveals the significant security features in power system. Multi maps of multi prototype states are proposed for enhancing the versatility of SOFM neural network to various operating state.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2008.06a
• /
• pp.69-77
• /
• 2008

정보보호를 효율적이고 효과적으로 실천하는 방법으로 정보자산을 기준으로 위험관리를 수행하는 GMITS(ISO 13335)과 정보보호 관리체계 수립을 위한 ISMS(ISO 27001), 정보보호 능력성숙도 모델을 제시하는 SSE-CMM 등의 국제 표준이 존재한다. 그러나 각 표준은 위험관리를 위한 절차를 제시하거나 관리체계 수립방안, 그리고 능력성숙 수준을 제시하는 등 관리, 기술, 운영의 종합적인 보안방안을 제시하지는 못하고 있다. 또한 현 보안문제를 최고 관리자 수준에서 판단할 수 있는 종합적인 방안을 제시하지 못하고 있다. 본 논문에서는 정보시스템 보안평가를 통해 보안 기술, 관리, 운영측면의 문제점을 종합하여 위험관리가 가능하도록 하는 방안을 제안하고, 또한 제안한 위험관리를 통해 도출된 문제점을 최고관리자 수준에서 직관적으로 판단 할 수 있는 방안을 제시하여 정보보호 예산과 연계할 수 있는 방법을 제안한다.

• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.125-142
• /
• 2021

Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.

• Journal of Korean Society of Disaster and Security
• /
• v.10 no.2
• /
• pp.35-41
• /
• 2017

Recently chemical intoxication related with the use of chemical extinguishing agents occurs frequently. With the industrialization, high-rising of building and increase of fire risk, we use the various extinguishing agents and the safe use become important. In this study I carried out the risk assessment of representative chemical extinguishing agents (HCFC-123, HFC-125) using the CHARM and got the meaningful qualitative outcome. This study is significant in that the risk assessment of chemicals was conducted using CHARM, chemical risk assessment tool. It is expected that the results will be utilized as the basic data for the national chemical safety management.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.20 no.3
• /
• pp.421-430
• /
• 2017

In this research, we propose a methodology for assessing security vulnerability of the national defense intelligence system, considering not only target elements but also the interconnection relationship of the whole system. Existing approaches decide the security vulnerability of the whole system by assessing only target elements. However, those approaches have an issue with potentially showing the same outcome for the systems that have identical target elements but the different types of interconnection relationships. We propose a more practical assessment method which takes the interconnection relationship of a whole system into consideration based on the concept of SNA(Social Network Analysis).

• Journal of National Security and Military Science
• /
• s.3
• /
• pp.243-263
• /
• 2005

The purpose of present study is to applied center assess method to Military General's Promotion System. This study aim to examine assessment center method based on core competency model will be applied to Military General's Promotion System and Human Resource Management. This study propose that Military General's core competency model based on job analysis to identify competency of Army, Navy, Air Force's Generals and to identify the consequences and performances of assess center method. This study propose that assess center method applied to Military General's Promotion System have many kinds. Facilitated Simulation methods were Planning and Analysis /Oral Presentation, Presentation management Coaching, customer /Peer lnteraction. Non-facilitated Simulation methods were In-Basket game, Leaderless Group Discussion, role playing. And this study propose that Military General's assessment center method based on core competency model will be effective in Military field.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.12B
• /
• pp.1481-1488
• /
• 2011

Recently, Hacking Attacks are appearing as a various Attack techniques with evolution of the Network. and most of the network through a Various Security Systems are responding to an attack. In addition, it should be placed adding the Security Systems to protect the Internal Network's Information assets from External attacks. But, The use of Security Systems inside the network makes a significant impact on Security and Performance, as well as a result causes Economic Additional Costs. Therefore, In this paper, it will be to analyze by associated a case study and experimental results about the Additional Costs Factors(Variable situations difficult to predict and Information Security Recognition levels, Security Systems, Information Asset Assessment). This is expected to serve as a valuable Information for the Reduction of an Costs in a Network deployment and Design in a future.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.55-62
• /
• 2016

Recently, research outcome is frequently leaked in the process of progressing domestic R&D. Security system such as research security law and manual is implemented to prepare these leakage. However piecemeal solutions, simply technological measures, have a limit. Consequently, this study organizes a integrated research security framework by designing multidimensional security measures based on the R&D life cycle perspective. Concretely, this study constructs various control items predicated on law, moreover reviews the applicability of research security assessment items.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.97-106
• /
• 2006

We have been setting in The age of Ubiquitous that people are able to connect networks whenever and wherever by developing network. We can take any classes anytime we want even right checking out the result of a test through the internet with the spread of networks. The development of net-works has created WBI(Web Based Instruction) which has covered the limit of conservative education for instance, there are some content differences whenever a teacher teaches for each class, it is hard to take a lesson after having a certain period, the process of the class is changed as time goes by and so on. As the study of WBI is actively being worked in this moment, a various of class models are showing and materializing. In WBI, the exiting Objective Checking Assessment is applicable, some of the Performance Assessment which inspects and judges students' actual performance is Working whereas teachers who actually give them points don't have a embodied Performance Assessment Program. In this paper, I will present a Performance Assessment to use conveniently Performance Assessment Program not just students carrying out Performance Assessment using the internet but also teachers dealing with actual administrative works.