• Journal of Information Technology Applications and Management
• /
• v.11 no.1
• /
• pp.39-51
• /
• 2004

Application systems outsourcing is an important part of IT outsourcing services. Application systems outsourcing costs is determined by service levels of outsourcers. Recent researches show there is a strong need to build industry-specific cost estimation models. In this study, an industry-specific application systems operation cost estimation model is suggested. We reviewed operation cost models of previous researches, and proposed a cost estimation model for security industry. Industry-specific service factors are defined and service levels are determined by Interviews with experts. The proposed model is tested and adjusted with empirical data. The new model shows more accurate prediction than previous general models. Future research will be needed to develop outsourcing cost estimation models for other industries and to refine cost models developed in this study.

• Asia pacific journal of information systems
• /
• v.21 no.4
• /
• pp.27-43
• /
• 2011

This article explores economic models that show the optimal level of information security investment in the presence of interdependent security risks, Using particular functional forms, the analysis shows that the relationship between the levels of security vulnerability and the levels of optimal security investments is affected by externalities caused by agents' correlated security risks. This article further illustrates that, compared to security investments in the situation of independent security risks, in order to maximize the expected benefits from security investments, an agent should invest a larger fraction of the expected loss from a security breach in the case of negative externalities, while an agent should spend a smaller fraction of the expected loss in the case of negative externalities.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.2
• /
• pp.75-87
• /
• 2020

This paper aims to not only investigate the nature of financial security and its measurement, but also to compare financial security level in 629 listed companies divided into four different industries (materials, industrials, health care, and consumer goods) before building a theoretical framework and regression models to examine the determinants of financial security. By gathering 2,167 financial statements published in Vietnamese Stock Exchange during eight years from 2012 to 2019, with the support of STATA, the research results indicate that six different internal factors, which are liquidity, profitability, firm size, debt management ratios, asset management ratios, and cash flows, explain 77.7% the change of financial security ratio and 3.4% the change in sustainable growth ratio. Specifically, while firm size has a positive impact on sustainable growth ratio but a negative impact on financial security ratio, deb management and profitability have an insignificant influence on the financial security level. Furthermore, an increase in asset management ratios would result positively in both two dependent variables whereas a rise in sustainable growth and a decline in financial security ratio are expected to witness if there is an increase in cash flows.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.634-644
• /
• 2009

A diversity of wireless networks, with rapidly evolving wireless technology, are currently in service. Due to their innate physical layer vulnerability, wireless networks require enhanced security components. WLAN, WiBro, and UMTS have defined proper security components that meet standard security requirements. Extensive research has been conducted to enhance the security of individual wireless platforms, and we now have meaningful results at hand. However, with the advent of ubiquitous service, new horizontal platform service models with vertical crosslayer security are expected to be proposed. Research on synchronized security service and interoperability in a heterogeneous environment must be conducted. In heterogeneous environments, to design the balanced security components, quantitative evaluation model of security policy in wireless networks is required. To design appropriate evaluation method of security policies in heterogeneous wireless networks, we formalize the security properties in wireless networks. As the benefit of security protocols is indicated by the quality of protection (QoP), we improve the QoP model and evaluate hybrid security policy in heterogeneous wireless networks by applying to the QoP model. Deriving relative indicators from the positive impact of security points, and using these indicators to quantify a total reward function, this paper will help to assure the appropriate benchmark for combined security components in wireless networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.4
• /
• pp.805-821
• /
• 2011

Wireless Sensor Networks (WSNs) are rapidly emerging because of their potential applications available in military and civilian environments. Due to unattended and hostile deployment environments, shared wireless links, and inherent resource constraints, providing high level security services is challenging in WSNs. In this paper, we revisit various security attack models and analyze them by using a well-known standard notation, Unified Modeling Language (UML). We provide a set of UML collaboration diagram and sequence diagrams of attack models witnessed in different network layers: physical, data/link, network, and transport. The proposed UML-based analysis not only can facilitate understanding of attack strategies, but can also provide a deep insight into designing/developing countermeasures in WSNs.

• Journal of Korean Society of societal Security
• /
• v.1 no.4
• /
• pp.41-49
• /
• 2008

As bridges have been longer and bigger recently, lots of bridge management systems (BMS) have been developed for each bridge. However, the differences among the data models developed by different system developers give a serious problem in integrated information management for national security. The aim of this study is to develop a common data model which can be referred in development of the BMS. The existing BMS and work process by laws are carefully analyzed. Based on the analysis results, the bridge management and maintenance process is categorized into the four basic activity types. In addition, common data models for each the unit activity type are defined.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.5
• /
• pp.171-176
• /
• 2015

Because the specific security technology alone can not cope with sophisticated attacks, various security management models are applied. But, they do not focus on the vulnerability of the highest part because they offer so many common security management criteria. By analyzing the main information and confidential leakage cases inflicting enormous damage to our society, we found that attackers are using mainly an interface vulnerabilities - the paths that connect the internal and external of the organization, such as e-mail, web server, portable devices, and subcontractor employees. Considering the reality that time and resources to invest in security domain are limited, we point out the interface security vulnerabilities the possibility of attackers to exploit and present a convergence method of security measures. Finally, based of ROI(Return on Investment), we propose the real-time security management system through the intensive and continuous management.

• Information Systems Review
• /
• v.4 no.2
• /
• pp.293-307
• /
• 2002

In this study, industry-specific application systems operation cost estmation models are suggested. We reviewed operation cost models of previous researches, and developed a strong need for industry-specific operation outsourcing cost models. Security industry operation cost model and medical care industry outsourcing cost model are proposed, and tested with empirical data. We showed the validity of industry-specific application systems outsourcing cost models. Future research will be needed to develop outsourcing cost models for other industries and to refine cost models developed in this study.

• Annual Conference of KIPS
• /
• 2003.05c
• /
• pp.1965-1968
• /
• 2003

The importance of Security measures by means of Physical Security, Network Security and Online/Internet Security. Lack of security is one of the primary obstacles in fielding many technologies in both commercial and DoD networks. Moreover, Internet censorship may be growing and is becoming increasingly sophisticated. In this paper, we will evaluate the Practice to Policy to Theory Approach for survivability by means of software rejuvenation models. These models would be assessed the effectiveness of proactive fault management in operational software systems and determined optimal times to perform rejuvenation.