• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.77-84
• /
• 2012

The control network has been operated in a closed. But it changes to open to external for business convenience and cooperation with several organizations. As the way of connecting with user extends, the risk of control network gets high. Thus, in this paper, proposed the technique of an anomalous event detection using white-list for control network security and minimizing the cyber threats. The proposed method can be collected and cataloged of only normal data from traffic of internal network, control network and field devices. Through way to check the this situation, we can separate normal and abnormal behavior.

• Information Systems Review
• /
• v.9 no.1
• /
• pp.105-120
• /
• 2007

With the fast development of the Internet and the increasing dependence on information infrastructures, companies are faced with various information security threats such as information leakages, modifications, and information breaches. South Korea is one of the leading countries in the Internet usage, but is ranked relatively low when it comes to information security. In fact, many Korean firms have suffered financial losses and damaged corporate images from the information security breaches. However, because of the difficulties in quantifying the costs of the information security breaches, Korean companies tend to delay their investment decisions on information security. The purpose of this study is to measure the cost of information security breach and the economic value of security investment using the event study methodology. Our results show that the announcement of an information security breach negatively influenced the market value of the corresponding company. The effect was statistically significant at the significance level of p=0.05. The breached companies lose, on average, 0.86% of their market values on the day of the announcement - an average loss in market capitalization of $55 million. On the other hand, the investment on information security had no effect on the stock price or the market value of the firm.

• Journal of the Korea Convergence Society
• /
• v.7 no.6
• /
• pp.237-247
• /
• 2016

This study analyzed quantitative effects of ISMS certification. To measure the company value change the stock data was used and the methodology of event study was also applied. Event study methodology is a method of analyzing the effects of information or public announcement about certain events on the stock market through abnormal return of stock price. First, ISMS certification was acquired followed by the measurement of abnormal excess return of company. Based on the increase or decrease of abnormal excess return, the group was classified. There are 3 types of groups("Increase", "Reduce", "Maintain"). Next, the cluster analysis was performed for each group. Cluster analysis or clustering is the task of grouping a set of objects in such a way that objects in the same group (called a cluster) are more similar (in some sense or another) to each other than to those in other groups(clusters). The purpose of this study is to have a quantitative measurement of performance of ISMS certification. So, the result of this study will be promoted a company's ISMS certification acquisition. And it would further be beneficial to your company's information security activities.

• Journal of Korean Society of societal Security
• /
• v.1 no.1
• /
• pp.63-67
• /
• 2008

This study focuses on assessing the security ri sk or the terrorism in chemical process industries. This research modifies conventional method for assessing the terrorism risk. The risk assessment method is developed and it is implemented as software to analyze the possibility of terrorism and sabotage. This program includes five steps; asset characterization, threat assessment, vulnerability analysis, risk assessment and new countermeasures. It is a systematic, risk based approach in which risk is a function of the severity of consequences of an undesired event, the likelihood of adversary attack, and the likelihood of adversary success in causing the undesired event. The reliability of the program is verified using a dock zone case. The case dock zone includes a storage farm, a manufacturing plant, an electrical supply utility, a hydrotreater unit, many containers, and administration buildings. This study represents chemical terrorism response technology, the prevention plan, and new countermeasure to mitigate by using risk assessment methods in the chemical industry and public sector. This study suggests an effective approach to the chemical terrorism response management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.373-385
• /
• 2021

To provide convenience and safety of drivers, the recent vehicles are being equipped with a number of electronic control units (ECUs). Multiple ECUs construct a network inside a vehicle to share information related to the vehicle's status; in addition, the CAN protocol is normally applied. As the modern vehicles provide highly convenient and safe services, it provides many types of attack surfaces; as a result, it makes them vulnerable to cyber attacks. The automotive IDS (Intrusion Detection System) is one of the promising techniques for securing vehicles. However, the existing methods for automotive IDS are able to analyze only periodic messages. If someone attacks on non-periodic messages, the existing methods are not able to properly detect the intrusion. In this paper, we present a method to detect intrusions including an attack using non-periodic messages. Moreover, we evaluate our method on the real vehicles, where we show that our method has 0% of FPR and 0% of FNR under our attack model.

• Korean Security Journal
• /
• no.39
• /
• pp.37-61
• /
• 2014

Nowadays the world is threatened because of terrors that take aim at Soft-Targets available and easy to access to the people rather than more secured Hard-Targets. The inspection department of the Presidential Security Service develops and acts a perfect safety plan wherever the President stays so that it is possible to get immediate actions for various contingencies. Some events, in which the President take part, could be held in a lower or higher store in a tall building. Additional to the routine work at this case it is to emphasize on a plan of fire precaution to check the spot and respond to a real fire situation, so that the damage could be minimized. First, the agents of the President Security Service should possess basic knowledge concerning to the fire accidents and be trained on their manuals, even in a busy events plan. An organization, whatever it is, could be improved in that it tries to develop not only the personal abilities, but also education programs of the organization continually. And enhanced abilities of the members lead to the driving force for the advance. The knowledge of fire accident should be able to adapt to the real situation. Second, related to the event, it should be cooperated with the relevant departments, so that it is possible to conduct and control the system. It is urgently required to know that the security event could not be done perfectly with only one part or department. Third, from the time of recognizing of the event it is necessary for the fire department to get an action plan with fire fighting measures, evacuation measures based of the instructions given by the Security Service. Fourth, on the knowledge of the action plan of the fire department the Security Service should inspect the safety activities of the spot and establish the practical operation plan through the fire fighting and evacuation plan. Fifth, the Security Service should share final informations and plan of fire fighting in a high-rise building with the other relevant departments. If not, it could cause a great confusion that could lead to a great damage.

• Convergence Security Journal
• /
• v.15 no.2
• /
• pp.43-55
• /
• 2015

Security infrastructure of Educational Network responds to threats by collecting and analyzing security events from various information protection system based on the integrated management system. Even if this system provides useful and detailed information to the administrator, there are some problems that this system does not provide effective response process and management systems for various threatening situations and the simultaneous threat processes. To solve this problem, we propose and develop security agents that enable the administrator to effectively manage integrated security for Educational Network. The proposed solution provides the administrator with efficient management techniques and process scheduling for various security events so that the administrator can response promptly to problems with the initial threat to Educational Network.

• Korean Security Journal
• /
• no.14
• /
• pp.161-179
• /
• 2007

The numerous definition of terrorism is viewed as the use of force or violence by individual or group that is directed toward civilian populations and intended to instill fear as a means of coercing individuals or groups to change their political or social positions. Recently, the paradigm of terror has been developed as new terrorism motivated by 9. 11 terror in 2001. In these contexts, this study analyzed the case study of recent counter-terrorism of international events and suggested the policy implications. This study is split into four chapters. Chapter I is the introduction part. Chapter II introduces the reader to new terrorism theory, and Chapter III deals with the case study of the international counter-terrorism policy around the world, Chapter IV deals with the policy implications of the case study. The greater the political, economical and social advantages opening large international ceremonies, the larger the probability of being targets for terrorists and criminals. As terrorism is one of the important issue, the security problems at international ceremonies in Korea, rising country as political essence in Asian-Pacific region, become very important. With experienced know-hows against terror and preparations for security, local and central governments must promote the private security companies filling up vacancies of police and official security system and develop international ceremonies, rising high valuable industries in 21st century, with diplomatic efforts. International major events is the largest event related events with politics, economy, culture, and such large-scale events should be a comprehensive counterplan in the light of safety check for the location of a hazard and safety check of facilities in and out, attendance on athlete and visitor and escort of VIPs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1123-1129
• /
• 2015

Macro(automatic hunting) of mobile game is a program that touch the screen by defined rules like a game bot in PC online games, and it is used by make various ways like android application or windows application program. This gives honest users deprivation and make to lose their interest. Finally they would leave the game and gradually game life would be shorten. Although many studies to prevent these problems in PC online game are conducted, applying mobile game to PC's way is difficult because mobile games are limited to use the network and device performance is different with PC. In this paper, we propose a framework for macro detection by using the touch event information. A touch event on the mobile game is a necessary control command to the game. Because macro touches the screen with the same pattern, there is a difference between normal user's behavior and macro's operation. In mobile games that casual games are mostly, Touch event is the best difference that identify normal user against macro for a short period of time. As a result of detecting macros used in real mobile game by using the proposed framework it showed 100% accuracy and 0% false positive rate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1181-1190
• /
• 2013

The GOOSE(Generic Object Oriented Substation Event) is used as a network protocol to communicate between IEDs(Intelligent Electronic Devices) in international standard IEC 61850 of substation automation system. Nevertheless, the GOOSE protocol is facing many similar threats used in TCP/IP protocol due to ethernet-based operation. In this paper, we develop a IDS(Intrusion Detection System) for secure GOOSE Protocol using open software-based IDS Snort. In this IDS, two security functions for keyword search and DoS attack detection are implemented through improvement of decoding and preprocessing component modules. And we also implement the GOOSE IDS and verify its accuracy using GOOSE packet generation and communication experiment.