• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.817-839
• /
• 2021

To manage software safely, the military acquires and manages products in accordance with the RMF A&A. RMF A&A is standard for acquiring IT products used in the military. And it covers the requirements, acquisition through evaluation and maintenance of products. According to the RMF A&A, product development activities should reflect the risks of the military. In other words, developers have mitigated the risks through security by design and supply chain security. And they submit evidence proving that they have properly comply with RMF A&A's security requirements, and the military will evaluate the evidence to determine whether to acquire IT product. Previously, case study of RMF A&A have been already conducted. But it is difficult to apply in real-world, because it only address part of RMF A&A and detailed information is confidential. In this paper, we propose the evidence fulfilling method that can satisfy the requirements of the RMF A&A. Furthermore, we apply the proposed method to real-world drone system for verifying our method meets the RMF A&A.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.251-265
• /
• 2013

Cloud computing provided as a service type by sharing IT resources cannot be activated unless the issue of information security is solved. The enterprise attempts to maximize the efficiency of information and communication resources by introducing cloud computing services. In comparison to the United States and Japan, however, cloud computing service in korea has not been activated because of a lack of confidence in the security. This paper suggests core evaluation criteria and added evaluation criteria which is removed the redundancy of the security controls from existing ISMS for Korean cloud computing through a comparative analysis between domestic and foreign security controls of cloud certification scheme and guidelines and information security management system. A cloud service provider certified ISMS can minimize redundant and unnecessary certification assessment work by considering added evaluation criteria.

• Journal of Labour Economics
• /
• v.41 no.3
• /
• pp.129-159
• /
• 2018

The foremost aim of the paper is to evaluate the flexibility and stability of the Korean labor market through a cross-country comparison with OECD countries. Evaluating by the OECD Employment Protection Legislation Index, the flexibility of permanent job layoff in Korea is close to the average of OECD countries. Employment of temporary workers appears to be relatively flexible allowing for effective indicators such as the proportion of temporary workers among paid employees. As regards security, the levels of job security, income security and combination security are all far below the OECD average. A panel data analysis of OECD countries reveals that labor productivity increases as regulations on permanent job layoff become looser and regulations on temporary employment become more rigorous.

• Journal of Digital Convergence
• /
• v.11 no.3
• /
• pp.279-284
• /
• 2013

Wireless access network section needs strong security which supports high data rate and mobility not to invade patient's privacy by exposing patient's sensitive biometric from automatic implantable device that is adapted to u-healthcare service. This paper builds test bed and performs assessment and measurement of security ability of WiMAX network to transmit and receive mobile patient's biometric by building WiMAX network in wireless access network not to expose paitne's biometirc at wireless access network section to the third person. Specially, this paper compares and assesses data security, MAC control message security, handover conection delay, and frame loss and bandwidth of ECDH at the layer of WiMAX security compliance, WiMAX MAC IPSec, and MAC.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.85-92
• /
• 2012

Today, the typical web hacking attacks are cross-site scripting(XSS) attacks, injection vulnerabilities, malicious file execution and insecure direct object reference included. Web hacking security systems, access control solutions, access only to the web service and flow inside but do not control the packet. So you have been illegally modified to pass the packet even if the packet is considered as a unnormal packet. The defense system is to fail to appropriate controls. Therefore, in order to ensure a successful web services diagnostic system development is necessary. Web application diagnostic system is real and urgent need and alternative. The diagnostic system development process mu st be carried out step of established diagnostic systems, diagnostic scoping web system vulnerabilities, web application, analysis, security vulnerability assessment and selecting items. And diagnostic system as required by the web system environment using tools, programming languages, interfaces, parameters must be set.

• International Journal of Computer Science & Network Security
• /
• v.22 no.9
• /
• pp.369-375
• /
• 2022

The article substantiates the need and shows the features of introducing SMART management into the system of public management of regional development in the context of strengthening the national security of Ukraine. Disclosed are such provisions as: goal-setting; state mission; state mission in Ukraine; goals of the Ukrainian state; strategic management priorities in Ukraine. Differences between the purpose of the organization and the purpose of the state are determined. The characteristic of the goal at the state level is given. The management standards in SMART management are characterized. The issues of the exhaustibility of existing SMART criteria are reviewed and it is proposed to supplement them with two such as: inspiration (inspiration) and ity (ethics). Two main principles are defined (evaluated (assessment), reviewed (review)), which must be observed when introducing SMART management into the system of public management of regional development in the context of strengthening the national security of Ukraine.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.8
• /
• pp.2083-2100
• /
• 2023

The rise of Industry 5.0 has led to a smarter and more digital way of doing business, but with it comes the issue of user privacy and security. Only when privacy and security issues are addressed, will users be able to transact online with greater peace of mind. Thus, to address the security and privacy problems associated with industry blockchain technology, we propose a privacy protection scheme for online financial transactions based on verifiable ring signatures and blockchain by comparing and combining the unconditional anonymity provided by ring signatures with the high integrity provided by blockchain technology. Firstly, we present an algorithm for verifying ring signature based on distributed key generation, which can ensure the integrity of transaction data. Secondly, by using the block chain technique, we choose the proxy node to send the plaintext message into the block chain, and guarantee the security of the asset transaction. On this basis, the designed scheme is subjected to a security analysis to verify that it is completely anonymous, verifiable and unerasable. The protection of user privacy can be achieved while enabling online transactions. Finally, it is shown that the proposed method is more effective and practical than other similar solutions in performance assessment and simulation. It is proved that the scheme is a safe and efficient online financial transaction ring signature scheme.

• Korean Journal of Hospice Care
• /
• v.3 no.1
• /
• pp.12-30
• /
• 2003

We all human beings, should be reached the terminal of life in the world. There is the only difference between that comes suddenly or slowly. Persons who should be come the terminal stage suddenly due to disease, especially, malignancy, are Hospice patients. Hospice work is the work of all of us because anyone, anywhere, whenever can be suffered in terminal stage. The characters of Hospice-care are total care of wholistic human beings, comprehensive total assessment of the life and the team work composed of diverse team-members, for example, doctors, nurses, social workers, physical therapists, psychologists, ministers & volunteers. The care manager of the total care(the coordinator of Hospice care), should be worked systemically and, rationally. The comprehensive assessment concept should be entered to the infra-consultant of terminal care-program. The care manager should be have the ability of comprehensive assessment for terminal patients. It will also help standardization of Hospice, and application of medical insurance and social security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.1
• /
• pp.89-98
• /
• 2012

According to the enforcement of Personal Information Protection Act as of September 2011, the laws and regulations for the protection of personal information that were applied only to the certain sectors such as information & communication network, financial institutions, public sector etc. for the time being has been expanded to apply to all public and private sectors to process personal information. In particular, because the public institutions are obliged to be mandatorily conducted of the Privacy Impact Assessment, it will be enforced in earnest for each agency's informationization business that handles personal information. In this paper, I examine the most derived vulnerability and set up the improvement measure to supplement it with the examples of 10 of all the institutions conducting the Privacy Impact Assessment in the year 2011. And, I suggest the measures to be prepared by the institutions to observe the Personal Information Protection Act.

• Journal of Digital Convergence
• /
• v.19 no.8
• /
• pp.49-57
• /
• 2021

This paper aims to confirm the effect of self-control and organization-control on information security attitude. The research method is composed of a cross-design of locus of control and tightness culture. The measurement variables used in the assessment are information security actual attitude, compliace behavioral attitude, and information security efficacy. As a result, the locus of control had a significant effect on information security actual attitude, information security efficacy, information security efficacy, and it was found that influence of the internal-based condition was greater than the external-based condition. The tightness culture had a significant effect on compliace behavioral attitude, information security efficacy, and it was found that influence of the tight culture-based condition was greater than the loose culture-based condition. In addition, the discussion contatins the implications of information security direction that reflect these research results.