• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.11-17
• /
• 2013

All u-Health system has security vulnerabilities. This vulnerability locally(local) or network(network) is on the potential risk. Smart environment of health information technology, Ad-hoc networking, wireless communication environments, u-health are major factor to increase the security vulnerability. u-health care information systems user terminal domain interval, interval public network infrastructure, networking section, the intranet are divided into sections. Health information systems by separating domain specific reason to assess vulnerability vulnerability countermeasure for each domain are different. u-Healthcare System 5 layers of security risk assessment system for domain-specific security vulnerability diagnosis system designed to take the security measures are needed. If you use this proposed model that has been conducted so far vaguely USN-based health information network security vulnerabilities diagnostic measures can be done more systematically provide a model.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.45-53
• /
• 2021

When the security monitoring system is performed in a separation network, there is little normal anomaly detection in internal networks or high-risk sections. Therefore, after the establishment of the security network, a model is needed to evaluate state-of-the-art cyber threat anomalies for internal network in separation network to complete the optimized security structure. In this study, We evaluate it by generating datasets of cyber vulnerabilities and malicious code arising from general and separation networks, It prepare for the latest cyber vulnerabilities in internal network cyber attacks to analyze threats, and established a cyber security test evaluation system that fits the characteristics. The study designed an evaluation model that can be applied to actual separation network institutions, and constructed a test data set for each situation and applied a real-time security assessment model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• Nuclear Engineering and Technology
• /
• v.44 no.8
• /
• pp.919-928
• /
• 2012

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.53-58
• /
• 2020

In this study, it suggests the High Availability (HA) implementation plan of building a continuous service infrastructure as a strategy ensuring availability, as the importance of availability securing corporate business continuity emerges in the knowledge and information society. However, if the reliability of the criticality assessment of information asset is not ensured, it requires assessment measures for availability that can be managed by mapping with service maintenance assessment items, which are availability criteria based on the asset criticality evaluated through the asset value matrix because it is difficult to maintain security in conjunction with the value of real assets. Therefore, this study suggests the assessment measures for availability of information assets.

• Journal of Korea Water Resources Association
• /
• v.53 no.spc1
• /
• pp.719-730
• /
• 2020

Recognizing a complexity of global water challenges, such as water shortage, water pollution, water-related disasters, and degradation of water environments, this study introduces the newly established concept and definition of water security and water security assessment framework based on the review of previous works on water security. In order to critically assess the situations of water security of each country, an water security assessment framework is employed highlighting the four core areas: 1) social equity; 2) economic efficiency; 3) environmental sustainability; and 4) resilience to water-related disasters. 28 Asian countries have been selected and evaluated for the level of water security, and as a consequence, Japan, Malaysia and South Korea demonstrate a high degree of water security whereas India, Pakistan and the Philippines show a relatively low level of water security. The significance of this study lies in clarifying weak areas in water security as well as suggesting the areas that should be improved for achieving sustainable water management.

• Journal of Korean Institute of Industrial Engineers
• /
• v.28 no.1
• /
• pp.44-56
• /
• 2002

For the risk analysis and risk assessment techniques to be effectively applied to the field of information technology (IT) security, it is necessary that the required activities and specific techniques to be applied and their order of applications are to be determined through a proper risk management model. If the adopted risk management model does not match with the characteristics of host organization, an inefficient management of security would be resulted. In this paper, a risk management model which can be well adapted to Korean domestic IT environments is proposed for an efficient security management of IT. The structure and flow of the existing IT-related risk management models are compared and analysed, and their common and/or strong characteristics are extracted and incorporated in the proposed model in the light of typical threat types observed in Korean IT environments.

• The Transactions of the Korean Institute of Electrical Engineers A
• /
• v.54 no.9
• /
• pp.441-448
• /
• 2005

On-line dynamic security assessment is becoming more and more important for the stable operation of power systems as load level increases. The necessity is getting apparent under Electricity Market environments, as operation of power system is exposed to more various operating conditions. For on-line dynamic security assessment, fast transient stability analysis tool is required for contingency selection. The TEF(Transient Energy Function) method is a good candidate for this purpose. The clustering of critical generators is crucial for the precise and fast calculation of energy margin. In this paper, we propose a new method for fast decision of mode of instability by using stability indices. Case study shows very promising results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.929-943
• /
• 2020

Various methods are being presented to identify the movements of COVID-19 infected persons and to protect personal privacy at the same time. Among them, 'Exposure Notification' released by Apple and Google follows a decentralized approach using Bluetooth. However, the technology must always turn on Bluetooth for use, which can create a variety of security threats. Thus, in this paper, the security assessment of 'Exposure Notification' was performed by applying 'STRIDE' and 'LINDDUN' among the security threat modeling techniques to derive all possible threats. It also presented a new Dell that derived response measures with security assessment results and improved security based on them.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.119-126
• /
• 2021

The study develops methodological aspects for modeling the determining impact of modernization on the enterprise's economic security in development competitive conditions using the model of speed, stability and spaciousness of modernization. Modeling the determining impact of modernization on the enterprise's economic security in a competitive conditions involves: firstly, the formation of estimated modeling indicators in accordance with the speed, stability and spaciousness of the enterprise's modernization; secondly, establishing the weight of indicators in the assessment system using the tools of cognitive judgment; thirdly, the establishment of reference values of sound evaluation indicators; fourthly, the calculations of the integrated impact assessment of the modernization's determining impact modeling on the enterprise's ensuring economic security in a competitive conditions; fifthly, conducting calculations and analytical summarization of the results. To determine a comprehensive integrated indicator of the modernization changes impact on the competitiveness and economic security of enterprises, we use the correlation method of the calculated value with the reference value, as well as use weights for groups of calculations. Approbation of modeling of determining influence of modernization on maintenance of economic safety of the enterprise in competitive conditions of development by authors was carried out concerning such enterprises, as: JSC "Ukrzaliznytsia", SE "Ukraerorukh", SE IA "Boryspil", SE "Ukrposhta", KP "Kyivpastrans".