• Journal of Information Technology Services
• /
• v.7 no.3
• /
• pp.175-198
• /
• 2008

The wide spread of the Internet has become a momentum to promote informatization, and thus individuals, organizations, and government bodies are competitively participating in this kind of new wave. Informatization enables us not only to circulate and utilize information without any limitation but also to maximize users' benefits and convenience. On the other hand, it brings about negative effects-security incidents such as cyber terror, Internet fraud and technology leakage, etc. Evaluation on security level should precede over all the others in order to minimize damage by security incidents since it diagnoses current status on security as it is and can be used as a guideline for appropriate security management. In this study, evaluation domains, items and indicators of information security to evaluate information security are theoretically developed on the basis of critically reviewing the major existing research. And then the coincidence level(content validity, ease and reliability of evaluation) of each evaluation indicators are empirically analyzed through performing the field study of 83 information security experts.

• Journal of Information Technology Applications and Management
• /
• v.15 no.1
• /
• pp.139-152
• /
• 2008

Recently organizations identify information security as one of essential means for gaining competitive advantage. However, they do not actively increase investment in this area because they consider spending for information security as a cost rather than an investment. This is because organizations don't have a clear understanding of information security objectives which can be achieved through investment, and they don't have criteria for alternatives which can be considered in information security investment decision-making. In this paper we propose to model the decision-making process of information security investment by the AHP (Analytic Hierarchy Process). The results will show that availability is the most important criterion for the decision of information security alternatives, and intrusion detection is the most important information security alternative. We hope that the results of this paper provide a guideline for clear decision-making in information security investment.

• Korean Security Journal
• /
• no.60
• /
• pp.227-251
• /
• 2019

National interest in nuclear safety continues to increase. One of the policies that the government is pursuing is to change a temporary position to a permanent position for irregular special security guards of Nuclear power plants. At this point in time, it is urgent to discuss the method of their physical fitness test because duties of special security guards such as arrest and self-defense, unarmed defensive tactics, proficiency with semiautomatic rifle, etc, demands a lot of physical fitness. The purpose of this study is to analyze the physical fitness tests of police, firefighters and soldiers in Korea, US and Japan through literature review. After that, a new fitness test method suitable for special security guards of nuclear power plants was derived through expert meetings. This study also suggested a guideline to analyze the fitness test results so that the developed fitness method can be introduced to the field. For this purpose, physical fitness tests were conducted on 74 subjects. Based on the results of the experiment, the expected records of special security guard fitness tests were presented.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.9-18
• /
• 2008

Information security is a critical issue for network centric warfare(NCW). This paper provides defense information system security guidelines for NCW, which is a result of the research through a group decision making process. The purpose of the research is to intended to help military officers establish information system security measures within their organization.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.105-112
• /
• 2018

Along with the recent technological development, autonomous vehicles are being commercialized. but The accident of autonomous driving car is becoming an issue, and safety problem of autonomous driving car is becoming a hot topic. Also There are currently no specific guidelines for clear laws and security ethics. These guidelines require a lot of information and experience. This study establishes basic guidelines based on cases of accidents from past to present. This study suggests security considerations through case study of security ethics in autonomous car accident.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.899-914
• /
• 2022

A blockchain-based decentralized service can offer reliable services without the centralized server by operating the system based on the consensus among byzantine participants. Participants can interact with the blockchain network through a digital signature mechanism but the private key management issue remains unresolved. NIST SP800-57 provides a key-management guidance but this guidance is not appropriate for blockchain-based services because it does not consider a decentralized environment. In this paper, we define the core functions of the blockchain wallet application for private key management and present security protections according to NIST SP800-57, as well as related techniques to satisfy them. Finally, we propose the private key management guideline for secure blockchain-based decentralized services.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.11 no.4
• /
• pp.229-237
• /
• 2011

As smart phones have become widely adopted, they have brought about changes in individual lifestyles, as well as significant changes in the industry. As the mobile technology of smart phones has become associated with all areas of industry, it is not only accelerating innovation in other industries such as shopping, healthcare service, education, and finance, but is also creating new markets and business opportunities. The preparation of thorough security measures for smart phones is increasing in demand. While offering excellent mobility and convenience, smart phones can be exposed to a range of violation threats. In particular, it is necessary to make efforts to develop a security system that can preemptively cope with potential security threats in the banking service area, which requires a high level of reliability. This paper suggests a security reference model that is considered for the smart phone-based joint mobile banking development project being undertaken by the Bank of Korea in 2010. The purpose of this study is to make a security reference model for a reliable smart phone-based mobile financial service, by recognizing the specific security threats directed toward smart phones, and providing countermeasures to these security threats. The proposed mobile banking security reference model is useful in improving system security by systematically analyzing information security threats to the mobile financial service, and by presenting the guideline for the preparation of countermeasures.

• Journal of Information Technology Services
• /
• v.7 no.1
• /
• pp.23-43
• /
• 2008

Because IT security guidelines for universities and colleges mostly focus on hardware aspects, the problems such as security incidents by a user's mistake and personal information leakage by hacking are serious in our higher educational institutes. In order to solve these information protection and security problems in the educational institutes, realizable and implementable information protection and security guidelines which will contribute to escalate information protection level should be established and at the same time, specific guidelines should be provided to make the guidelines efficient. In this paper, the information security problems and cases are categorized to develop information security guidelines for the higher educational institutes in terms of short, mid, and long term aspects and the solutions to the problems are sought. In addition, a serious of approaches to the information security are proposed such as the improvement measures for the employees of the institute to have desirable security-minded, security problem prevention and resolving methods, developing conflict coordination procedure and law and regulation system establishment for making the educational institutes be information-oriented.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.123-130
• /
• 2021

Cybersecurity has been vital for decades and will remain vital with upcoming ages with new technological developments. Every new day brings advancement in technology, which leads to new horizons, and at the same time, it brings new security challenges. Numerous researchers around the globe are continuously striving hard to provide better solutions for the daily basis of new arising security issues. However, the challenges are always there. These challenges become new norms during the current Covid pandemic, where most industries, small industrial enterprises, education, finance, public sectors, etc. were under several attacks and threats globally. The hacker has more opportunities during the pandemic period by shifting most of the operations live. This research enlightened the several cybersecurity attacks and threats during this pandemic time globally. It provided the best possible recommendations to avoid them using the cyber awareness and with appropriately linked training. This research can provide a guideline to the above stated sector by identifying the related attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.843-853
• /
• 2017

In the case of electronic payment, the obligation to use the certificate-based authentication was abolished. As Fin-tech service providers gain autonomy, various authentication methods are provided. SMS, ARS, PIN, Text-passwords, Fingerprints are popular authentication methods in the mobile Fin-tech services. In this study evaluate the usability and security of authentication methods in a unified mobile environment. We evaluate the usability through SUS and interview. Also we evaluate the security level of authentication methods through NIST guideline. At the result of the usability evaluation, Fingerprint authentication method had been determined as the highest usability, also Fingerprint authentication method had been determined as the safest authentication method by obtaining Security Level 4.