• Journal of Internet Computing and Services
• /
• v.23 no.1
• /
• pp.49-68
• /
• 2022

The operation system of a shipping company is still maintaining the mainframe based terminal access environment or the client/server based environment. Nowadays shipping companies that try to migrate it into a web-based environment are increasing. However, in the transition, if the design is processed by the old configuration and knowledge without considering the characteristics of the web-based environment and shipping business, various security vulnerabilities will be revealed at the actual system operation stage, and system maintenance costs to fix them will increase significantly. Therefore, in the transition to a web-based environment, a security design must be carried out from the design stage to ensure system safety and to reduce security-related maintenance costs in the future. This paper examines the characteristics of various threat modeling techniques, selects suitable modeling technique for the operation system of a shipping company, applies data flow diagram and STRIDE threat modeling technique to shipping business, derives possible security threats from each component of the data flow diagram in the attacker's point of view, validates the derived threats by mapping them with attack library items, represents the attack tree having various attack scenarios that attackers can attempt to achieve their final goals, organizes into the checklist that has security check items, associated threats and security requirements, and finally presents 23 security requirements that can respond to threats. Unlike the existing general security requirements, the security requirements presented in this paper reflect the characteristics of shipping business because they are derived by analyzing the actual business of a shipping company and applying threat modeling technique. Therefore, I think that the presented security requirements will be of great help in the security design of shipping companies that are trying to proceed with the transition to a web-based environment in the future.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.21-38
• /
• 2017

It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.

• KIEAE Journal
• /
• v.16 no.3
• /
• pp.47-55
• /
• 2016

Purpose: This study was aimed at providing the basic checklist as a means to assess the crime risk in physical environment of the pedestrian passage at residential area. Method: For this purpose, the preliminary checklists were selected according to the review of the precedent studies of checklists in exterior pedestrian passage. The usefulness and the importance of the preliminary checklists were analyzed through the seven expert group meetings, the 87 questionnaires survey of the crime experts & the architectural/urban experts, preliminary assessment and field survey. Results: The assessment categories of checklists were sorted into six types, i.e. spatial structure & function, lighting, landscaping, security facilities, other facilities and cleaning & maintenance. The 49 checklists were proposed according to the assessment categories. The final checklists were divided key checklists and general checklists based on the results of experts' weighting of each list item. There were significant differences between crime experts' weighting and architectural/urban experts' weighting in several checklists, i.e. dividing between pavements and streets, the brightness of light, white light.

• Korean Journal of Air-Conditioning and Refrigeration Engineering
• /
• v.24 no.7
• /
• pp.567-577
• /
• 2012

This study examines the spatial compositions of children's reading rooms, furniture characteristics, and users' satisfaction levels for the furniture in public libraries. Field measurements and surveys were performed in 5 public libraries. Results imply that the spatial compositions of reading rooms in libraries were classified into three categories according to the locations of bookshelves and reading space. Management areas should not be located at the edge of reading rooms but be located at the center of reading rooms to avoid clerks' narrow viewing angle toward young kids and to ensure security for the kids. The evaluation for bookshelves according to evaluation checklists was acceptable, but users were not always satisfied with the bookshelves due to the inappropriate positions of books in shelves. The evaluation for desks was generally acceptable according to the checklists and users were satisfied with them. In general, the desk with higher scores by the checklist provided better satisfaction to users. However, the score by checklist for chair and user satisfaction were not always similar each other. Convenience areas in reading rooms were not enough compared to bookshelf, reading and management area. Computer tables that were designed in a way that users sit down and use the computers were highly preferred.

• The Journal of the Korea Contents Association
• /
• v.16 no.8
• /
• pp.462-469
• /
• 2016

This study researched police intervention to ensure the safety of Multi-swarm events. And this study researched best practices of foreign countries. This study propose a solution. It used the situation to police intervention and domestic Multi-swarm events leading research and safety management systems. Safety management for multi-swarm events did ministry of public safety and security, local government, police department, fire department etc. Activities of Safety management for multi-swarm events was checked the risk level, safety management, safety planning and training, safety management in accordance with the Manual. But, safety management of police had Manual maintenance is necessary for the police forces and take advantage of, it is necessary to clarify the mission, it is necessary to configure the risk of a step-by-step checklist for police safety tips in detail. This study for solve the problem proposed the United States, United Kingdom, Germany, France, Australia, the case of the Japanese.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.3 no.1 s.4
• /
• pp.1-12
• /
• 2004

Recently, the Korea Highway Company is replacing their prepaid plastic cards with a smart card, called $Hipass^{PLUS}$ Card. In order to use $Hipass^{PLUS}$Card in the prepaid payment system, LSAM, which is to store the value into $Hipass^{PLUS}$ Card is needed. LSAM is also responsible to store or retrieve the value from PPSAM. For the safety of Korea Highway electronic payment system, the functionality and security of LSAM should be faultless. This paper developed a test module including the test method, the test checklist, and the test procedure. The test module examines the functionality and security of loading the value from PPSAM to LSAM, retrieving the value from LSAM to PPSAM, and loading the value from LSAM to $Hipass^{PLUS}$ Card. The test module contains the method and the procedure to test the standard items by the test checklists. The test items and test checklists of LSAM was selected under the provision of the specification of Korea Highway Company and ISO standard. The test module evaluates the functionality, the security and the compatibility of LSAM. After the evaluation test of LSAM using the test module, LSAM satisfied the characteristics of the functionality, security, and compatibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1267-1276
• /
• 2013

Cloud consumers who use cloud computing services are obliged to review and monitor the legal compliance of cloud providers who are consigned the processes of the PII (personally identifiable information) from them. This paper presented possible scenarios for cloud PII outsourcing and suggested PIMS (personal information management system) controls for outsourcing management between cloud consumers and cloud providers by analyzing both international standards and domestic certification schemes related to cloud computing and/or privacy management based on the legal obligations for PII outsourcing from Korean "Personal Information Protection Act (PIPA)". The controls suggested can be applicable for developing the guidance of complying with privacy laws in organizations or the checklist of PII outsourcing management in PIMS certification.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.22 no.6
• /
• pp.299-312
• /
• 2023

Recently, the electronic control unit (ECU) has been integrating several functions into one beyond simple convenience functions. Accordingly, ECUs have more functions and external interfaces than before, and various cybersecurity problems are arising. The United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) issued UN Regulation No.155 to establish international standards for vehicle cybersecurity management systems in light of the growing threats to vehicle cybersecurity. According to international standards, vehicle manufacturers are required to establish a Cybersecurity Management System (CSMS) and receive a Vehicle Type Approval (VTA). However, opinions were raised that the implementation period should be adjusted because domestic preparations for this are insufficient. Therefore, in this paper, we propose a web-based solution that maps a checklist to check the status of CSMS in the requirement and various vehicle security companies and solutions to mitigate the identified gap.

• Journal of the Korean Society of Safety
• /
• v.32 no.4
• /
• pp.122-128
• /
• 2017

Recently, accidents such as human accidents are increasing rapidly due to natural disasters and changes in social conditions due to abnormal weather. As a result, damage has been causing massive damage unlike the past. In the case of small and medium enterprises excluding financial institutions and big company, there is no system for prevention and restoration for stable operation from various risks such as human and natural disasters. As the current disaster continues, public and private companies have raised the need for BCM, and with the introduction of the ISO22301 certification system, the company has been establishing and operating Enterprise Disaster Management Standards in the Ministry of Public Safety and Security since 2007. However, in most SMEs, it is hard to bear the input of internal labor and investment cost, and there is a lack of personnel with expertise to conduct BCM diagnosis. Therefore, in this paper, we will study the diagnosis level of enterprise continuity plan which is commonly used in Korea and abroad. Based on this, we will study the BCM system diagnosis method which can be applied to small and medium enterprises in Korea efficiently.

• The Journal of Korean Academic Society of Nursing Education
• /
• v.15 no.2
• /
• pp.321-328
• /
• 2009

Purpose: The aim of this study was to examine the relationship between caregivers' child rearing characteristics including discipline method, child rearing confidence, attitude, burden, attachment, and cognitive stimulation and preschooler's behavior problems in poor, urban group. Method: A cross-section study design was used. Conveniently selected one hundreds and three preschool aged children and their caregivers who are under National Security Act were recruited. Data was collected using Korean Child Behavior Checklist (K-CBC) comprised of nine sub-dimensions and caregivers' self report questionnaires. Results: Caregivers' discipline method was associated with behavior problems of child. The internalizing and externalizing behavior problem scores including aggressive behavior of children who experienced spanking were significantly higher than children who did not. In addition, Caregivers' child rearing confidence also showed associations with the children's behavior problems. Child behavior problems showed positive relationships with caregivers' child rearing burden, and negative relationships with child rearing attitude, attachment, and cognitive stimulation. Conclusion: Caregivers' negative discipline methods and low child rearing confidence showed significant relationships with children's behavior problems of poor, urban children. Nurses working in primary care and community-based settings are in key positions to address this problem and improve the parenting attitude of low-income caregivers and positively affect the behavior of their children.