• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.4
• /
• pp.145-156
• /
• 2022

To strengthen the security of autonomous vehicles, this study derived checklists through the analysis of the status of autonomous vehicle security. The analyzed statuses include autonomous vehicle characteristics, security threats, and domestic and foreign security standards. The derived checklists are then applied to the AHP(Analytic Hierarchy Process) model to find their relative importance. Relative importance was ranked as one of cyber security management system establishment and implementation, encryption, risk assessment, etc. The significance of this study is to reduce cyber security incidents that cause human casualties as well improve the level of security management of autonomous vehicles in related companies by deriving the autonomous vehicle security level checklists and demonstrating the model. If the inspection is performed considering the relative importance of the checklists, the security level can be identified early.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1115-1122
• /
• 2012

VoIP service is steadily growing due to the spread of smartphones, enhanced network, and various VoIP applications. But, VoIP has many security vulnerabilities because it is based on IP network. This paper analyzes the important weight of VoIP security checklists for incident prevention and response using AHP. The results of AHP analysis showed that network security, incident response, and access control were the most important in technical, administrative, physical standpoint. This study proposes factor analysis of VoIP security checklist at first time. By doing this, it will be used helpfully when VoIP service providers establish their own security policies and inspect their VoIP environment according to their security policies.

• KIEAE Journal
• /
• v.16 no.3
• /
• pp.47-55
• /
• 2016

Purpose: This study was aimed at providing the basic checklist as a means to assess the crime risk in physical environment of the pedestrian passage at residential area. Method: For this purpose, the preliminary checklists were selected according to the review of the precedent studies of checklists in exterior pedestrian passage. The usefulness and the importance of the preliminary checklists were analyzed through the seven expert group meetings, the 87 questionnaires survey of the crime experts & the architectural/urban experts, preliminary assessment and field survey. Results: The assessment categories of checklists were sorted into six types, i.e. spatial structure & function, lighting, landscaping, security facilities, other facilities and cleaning & maintenance. The 49 checklists were proposed according to the assessment categories. The final checklists were divided key checklists and general checklists based on the results of experts' weighting of each list item. There were significant differences between crime experts' weighting and architectural/urban experts' weighting in several checklists, i.e. dividing between pavements and streets, the brightness of light, white light.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.287-298
• /
• 2013

Industrial Control systems which are operated in the industrial infrastructure adopts the various functions and face various threats in these days. To assure the security of the industrial control systems, the security evaluation methodology should be necessarily developed. This study suggests the processes and methodology for evaluating control systems, verifies the effectiveness of processes and methodologies through development of security checklists. The results of the study will be utilized for operators, evaluators and obtainers of industrial controls and be basis for developing and assuring the industrial controls systems.

• The Journal of Society for e-Business Studies
• /
• v.19 no.2
• /
• pp.109-124
• /
• 2014

As the emerged importance and awareness for information security, It is being implemented by each industrial sector to protect information assets. In this paper, we analyze the information security checklists or security ratings criteria to derive similarity and difference in context which used to knowledge network analysis method. The analyzed results of all checklists (ISMS, PIMS, 'FSS', 'FISS', 'G') are as follows : First, It is common factors that the protection of information systems and information assets, incident response, operations management. Second, It deals with relatively important factors that IT management, the adequacy of audit activities in the financial IT sector including common factors. Third, the criteria of ISMS contains the majority of the contents among PIMS, 'FSS', 'FISS'and 'G'.

• Journal of Information Technology Services
• /
• v.10 no.2
• /
• pp.293-308
• /
• 2011

The preliminary security assessment is an information security process to analyze security weaknesses before beginning of services. Discovering security weakness through preliminary security assessment is highly required because it costs much when security incident occur in the middle of service operation. However, this assessment is not widely spread in the online game service domain yet. In this paper, we summarize the security risk existed in the online game service, and we classify the security requirements related to the each risk. Also, through the case study, we evaluated the effectiveness of preliminary security assessment in this domain. In addition, we suggest checklists that should be reviewed once in game-client side, network-side and game-server side for the purpose of security enhancement.

• Asia pacific journal of information systems
• /
• v.9 no.4
• /
• pp.181-201
• /
• 1999

This study presents an information security level index and a quantification scheme. A comprehensive survey on previous researches in information security checklists has been performed. A candidate indicator list for information security level has been developed, Desirability of each indicator has been tested by 4 criteria, They are general validity, relative importance, probability of accident and impact of accident. 67 experts' opinion has been collected and analysed. The result shows that selected indicators are a very good candidate set for the determination of information security level. A factor analysis shows indicators are well structured. There exists strong correlation between validity and probability, validity and impact, and importance and probability. A quantification scheme of information security index has been developed by experts' judgement and statistical tests.

• Smart Media Journal
• /
• v.11 no.3
• /
• pp.54-61
• /
• 2022

With the increase in the types of information systems managed by public institutions and companies, a security certification system is being implemented in Korea to quickly respond to vulnerabilities that may arise due to insufficient security checks. The korea security evaluation system, such as ISMS-P, performs a systematic security evaluation for each category by dividing the categories for technical inspection items. NIST in the United States has developed SCAP that can create security checklists and automate vulnerability checks, and the security checklists used for SCAP can be written in OVAL. Each manufacturer prepares a security check list and shares it through the SCAP community, but it's difficult to use it in Korea because it is not categorized according to the korea security evaluation system. Therefore, in this paper, we present a mechanism to categorize the OVAL definition, which is an inspection item written in OVAL, to apply SCAP to the korea security evaluation system. It was shown that 189 out of 230 items of the Red Hat 8 STIG file could be applied to the korea security evaluation system, and the statistics of the categorized Redhat definition file could be analyzed to confirm the trend of system vulnerabilities by category.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.123-135
• /
• 2002

As the development of information technology and thus the growth of security incidents, there has been increasing demand on developing methodologies and tools for measuring the information security level of organizations for the efficient security management. However, most works from foreign countries are not realistic in constructing the checklists, moreover their tools provide neither the ease of use nor the inexpensiveness, and most domestic works are not properly considering the characteristics of the organizations when measuring the information security level. In this study, an efficient information security levelling tool is suggested, which applies the multiple variable weights for security levelling according to the characteristics of organizations and the fuzzy technique to reduce the user's subjectivity.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.4 s.36
• /
• pp.375-384
• /
• 2005

As the development of information communication technology and thus the growth of security incidents, there has been increasing demand on developing methodologies and tools for measuring the information security level of organizations for the efficient security management. However, most works from foreign countries are not realistic in constructing the checklists, moreover their tools provide neither the ease of use nor the inexpensiveness, and most domestic works are not properly considering the characteristics of the organizations when measuring the information security level. In this study, an efficient information security levelling tool is suggested, which applies the multiple variable weights for security levelling according to the characteristics of organizations and the fuzzy technique to reduce the user's subjectivity and the genetic algorithm to establish the security countermeasure.