• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1605-1618
• /
• 2016

In recent years, security incidents - such as personal information leakage, homepage hacking, DDoS and etc. - targeting finance companies(banks, securities companies, credit card companies, insurance companies and etc.) have increased steadily. In this paper, we analyze problems of information security management level in the existing electronic financial infrastructure from perspective of compliance and information security certification system and propose improvements to enable sustainable high level of information security activities under a comprehensive management system for the financial sector characteristics using ISMS, SECU-STAR and CNIVAM system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.4
• /
• pp.97-107
• /
• 2014

The development of ICT has led positive aspects such as popularization of Internet. It, on the other hand, is causing a negative aspect, Cyber Terror. Although the causes for recent and continuous increase of cyber security incidents are various such as lack of technical and institutional security measure, the main cause which threatens the cyber security is the users' lack of awareness and attitude. The purpose of this study is the positive analysis of how the personal and job characteristics influence the cyber security training participation rate and the response ability to cyber terror response training with a sample case of K-corporation employees. In this paper, the relationship among career, gender, department, whether he/she is a cyber security specialist, whether he/she is a regular employee), "ratio of cyber security training courses during recent three years", "ratio that he/she has opened the malicious email in cyber terror response training during recent three years", "response index of virus active-x installation (higher index means poorer response)" is closely examined. Moreover, based on the examination result, the practical and political implications regarding K-corporation's cyber security courses and cyber terror response training are studied.

• Convergence Security Journal
• /
• v.2 no.2
• /
• pp.123-135
• /
• 2002

As the development of information technology and thus the growth of security incidents, there has been increasing demand on developing methodologies and tools for measuring the information security level of organizations for the efficient security management. However, most works from foreign countries are not realistic in constructing the checklists, moreover their tools provide neither the ease of use nor the inexpensiveness, and most domestic works are not properly considering the characteristics of the organizations when measuring the information security level. In this study, an efficient information security levelling tool is suggested, which applies the multiple variable weights for security levelling according to the characteristics of organizations and the fuzzy technique to reduce the user's subjectivity.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.4 s.36
• /
• pp.375-384
• /
• 2005

As the development of information communication technology and thus the growth of security incidents, there has been increasing demand on developing methodologies and tools for measuring the information security level of organizations for the efficient security management. However, most works from foreign countries are not realistic in constructing the checklists, moreover their tools provide neither the ease of use nor the inexpensiveness, and most domestic works are not properly considering the characteristics of the organizations when measuring the information security level. In this study, an efficient information security levelling tool is suggested, which applies the multiple variable weights for security levelling according to the characteristics of organizations and the fuzzy technique to reduce the user's subjectivity and the genetic algorithm to establish the security countermeasure.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.6
• /
• pp.143-152
• /
• 2016

Currently many central administrative agencies, municipalities and public and private institutions operate Managed security services to cope with cyber security incidents. These entities exert efforts in operating efficiencies rather than introduction of services as they used to. Accordingly, quite a few policies, directions and guidelines have been established for stable operation of Managed security services. Still, Managed security is operated by individuals, whose competencies influence the quality of Managed security services to a great extent. In this respect, the present article examines Managed security technology and methods and describes evaluation methods and examples relevant to human competencies, so as to seek for some potential courses for further development as well as more efficient approaches to human resource management in terms of institutional Managed security services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.901-911
• /
• 2012

The removal of security vulnerabilities during the developmental stage is found to be much more effective and much more efficient than performing the application during the operational phase. The underlying security vulnerabilities in software have become the major cause of cyber security incidents. Thus, secure coding is drawing much attention for one of its abilities includes minimizing security vulnerabilities at the source code level. Removal of security vulnerabilities at the software's developmental stage is not only effective but can also be regarded as a fundamental solution. This thesis is a research about the methods of Mobile-Secure Coding Self Assessment in order to evaluate the security levels in accordance to the application of mobile secure coding of every individual, groups, and organizations.

• Journal of information and communication convergence engineering
• /
• v.9 no.5
• /
• pp.562-566
• /
• 2011

As telecommunication technologies in telemedicine services are developed, the expeditious development of wireless and mobile networks has stimulated wide applications of mobile electronic healthcare systems. However, security is an essential system requirement since many patients have privacy concerns when it comes to releasing their personal information over the open wireless channels. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well prepared. In this paper, we analyzed authentication and authorization procedures for healthcare system architecture to apply secure M-health systems in the hospital environment. From the analyses, we estimate optimal requirements as a countermeasure to its vulnerabilities.

• Journal of information and communication convergence engineering
• /
• v.10 no.2
• /
• pp.156-161
• /
• 2012

An increasing number of people who use a smart phone or tablet PC are accessing wireless networks in public facilities including cafes and shopping centers. For example, iPhones and Android Phones have been available since 2010. However, security incidents may occur through all sorts of malicious code infection of users' personal information during the use of an insecure wireless network. In this paper, we will describe the Wi-Fi protected access (WPA) and WPA2 encryption systems used to access a wireless network from a smart phone and tablet PC, and demonstrate the access point (AP) hacking process in a wireless network to which a password is applied on the basis of the analyzed WPA and WPA2 passwords. We will analyze the method of successful AP hacking and propose an approach to enhancing wireless LAN security. This study will contribute to enhancing the security and stability of wireless networks.

• The Korean Journal of Air & Space Law and Policy
• /
• v.30 no.2
• /
• pp.201-248
• /
• 2015

In Korea the number of unlawful interference act on board aircrafts has been increased continuously according to the growth of aviation demand, and there were 55 incidents in 2000, followed by 354 incidents in 2014, and an average of 211 incidents a year over the past five years. In 1963, a number of states adopted the Convention on Offences and Certain Other Acts Committed on Board Aircraft (the Tokyo Convention 1963) as the first worldwide international legal instrument on aviation security. The Tokyo Convention took effect in 1969 and, shortly afterward, in 1970 the Convention for the Suppression of Unlawful Seizure of Aircraft(the Hague Convention 1970) was adopted, and the Convention for the Suppression of Unlawful Acts Against the Safety of Civil Aviation(the Montreal Convention 1971) was adopted in 1971. After 9/11 incidents in 2001, to amend and supplement the Montreal Convention 1971, the Convention on the Suppression of Unlawful Acts Relating to International Civil Aviation(the Beijing Convention 2010) was adopted in 2010, and to supplement the Hague Convention 1970, the Protocol Supplementary to the Convention for the Suppression of Unlawful Seizure of Aircraft(the Beijing Protocol 2010) was adopted in 2010. Since then, in response to increased cases of unruly behavior on board aircrafts which escalated in both severity and frequency,, the Montreal Protocol which is seen as an amendment to the Convention on Offences and Certain Other Acts Committed on Board Aircraft(the Tokyo Convention 1963) was adopted in 2014. Korea ratified the Tokyo Convention 1963, the Hague Convention 1970, the Montreal Convention 1971, the Montreal Supplementary Protocol 1988, and the Convention on the Marking of Plastic Explosive 1991 which have proven to be effective. Under the Tokyo Convention ratified in 1970, Korea further enacted the Aircraft Navigation Safety Act in 1974, as well as the Aviation Safety and Security Act that replaced the Aircraft Navigation Safety Act in August 2002. Meanwhile, the title of the Aviation Safety and Security Act was changed to the Aviation Security Act in April 2014. The Aviation Security Act is essentially an implementing legislation of the Tokyo Convention and Hague Convention. Also the language of the Aviation Security Act is generally broader than the unruly and disruptive behavior in Sections 1-3 of the model legislation in ICAO Circular 288. The Aviation Security Act has reflected the considerable parts of the implementation of national legislation under the Beijing Convention and Beijing Protocol 2010, and the Montreal Protocol 2014 that are the modernized international conventions relating to aviation security. However, in future, when these international conventions would come into effect and Korea would ratify them, the national legislation that should be amended or provided newly in the Aviation Security Act are as followings : The jurisdiction, the definition of 'in flight', the immunity from the actions against the aircraft commander, etc., the compulsory delivery of the offender by the aircraft commander, etc., the strengthening of penalty on the person breaking the law, the enlargement of application to the accomplice, and the observance of international convention. Among them, particularly the Korean legislation is silent on the scope of the jurisdiction. Therefore, in order for jurisdiction to be extended to the extra-territorial cases of unruly and disruptive offences, it is desirable that either the Aviation Security Act or the general Crime Codes should be revised. In conclusion, in order to meet the intelligent and diverse aviation threats, the Korean government should review closely the contents of international conventions relating to aviation security and the current ratification status of international conventions by each state, and make effort to improve the legislation relating to aviation security and the aviation security system for the ratification of international conventions and the implementation of national legislation under international conventions.

• Informatization Policy
• /
• v.24 no.2
• /
• pp.20-42
• /
• 2017

In this paper, we focus on classification of security threats and definitions of security requirements for Internet banking service. Threats are classified based on the past and potential incidents, based upon which we will be able to propose security requirements. In order to identify security threats, the structure of the Internet banking service is classified into three sections - the financial institutions, the network, and the user-terminal - and we defined arising threats for each section. We focused the analysis especially on the user-terminal section, which is relatively vulnerable, causing difficulties in securing stability of the service as a whole. The analyzed security threats are expected to serve the foundation for safe configuration of various Internet banking services.