• Journal of Information Technology Services
• /
• v.7 no.1
• /
• pp.23-43
• /
• 2008

Because IT security guidelines for universities and colleges mostly focus on hardware aspects, the problems such as security incidents by a user's mistake and personal information leakage by hacking are serious in our higher educational institutes. In order to solve these information protection and security problems in the educational institutes, realizable and implementable information protection and security guidelines which will contribute to escalate information protection level should be established and at the same time, specific guidelines should be provided to make the guidelines efficient. In this paper, the information security problems and cases are categorized to develop information security guidelines for the higher educational institutes in terms of short, mid, and long term aspects and the solutions to the problems are sought. In addition, a serious of approaches to the information security are proposed such as the improvement measures for the employees of the institute to have desirable security-minded, security problem prevention and resolving methods, developing conflict coordination procedure and law and regulation system establishment for making the educational institutes be information-oriented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.657-673
• /
• 2019

As various IT and OT systems such as Electronic Chart Display and Information System and Automatic Identification System are used for ships, security elements that take into account even the ship's construction and navigation environment are required. However, cyber security research on the ship and shipbuilding ICT equipment industries is still lacking, and there is a lack of systematic methodologies through threat modeling. In this paper, the Data Flow Diagram was established in consideration of stakeholders approaching the ship system. Based on the Attack Library, which collects the security vulnerabilities and cases of ship systems, STRIDE methodologies and threat modeling using the Attack Tree are designed to identify possible threats from ships and to present ship cyber security measures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.117-125
• /
• 2009

In this paper, we analyze the Contact Center's specific-security characteristics, including the threat model and weakness and study effective security measures focussing on protecting customer's personal information. Also, we establish the information security management system to reduce the possibility of information leakage from the internal employee in advance. As a result, we propose the "Security management model for protecting personal information for customer Contact Center" that complies with current ISO/IEC JTC 1 ISMS 27000 series standards.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.67-76
• /
• 2024

The Internet of Things (IoT) has revolutionized communication and device operation, but it has also brought significant security challenges. IoT networks are structured into four levels: devices, networks, applications, and services, each with specific security considerations. Personal Area Networks (PANs), Local Area Networks (LANs), and Wide Area Networks (WANs) are the three types of IoT networks, each with unique security requirements. Communication protocols such as Wi-Fi and Bluetooth, commonly used in IoT networks, are susceptible to vulnerabilities and require additional security measures. Apart from physical security, authentication, encryption, software vulnerabilities, DoS attacks, data privacy, and supply chain security pose significant challenges. Ensuring the security of IoT devices and the data they exchange is crucial. This paper utilizes the Random Forest Algorithm from machine learning to detect anomalous data in IoT devices. The dataset consists of environmental data (temperature and humidity) collected from IoT sensors in Oman. The Random Forest Algorithm is implemented and trained using Python, and the accuracy and results of the model are discussed, demonstrating the effectiveness of Random Forest for detecting IoT device data anomalies.

• Korean Security Journal
• /
• no.37
• /
• pp.325-354
• /
• 2013

The concept of national security and the fundamental system for crisis management have departed from traditional methods and the importance of a national critical infrastructure crisis management has been emphasized. A national critical infrastructure crisis means a situation where human resource, material and functional system that may have a material effect on the critical functions of the government, the vitality and integrity of society, national economy and the safety of the public becomes disabled due to causes such as terrorism or major disasters. Although North Korea had been subject to numerous rounds of negotiations and sanctions as it continually developed nuclear weapons since the 1960s, it has also showed off its nuclear armaments through successful nuclear testings and missile launches. As the development and threat of North Korea's weapons of mass destruction becomes more noticeable and the range of its risk expands, this study focuses on the potential for an absence of leadership for national crisis management where the country's leadership, which should serve the critical role and function of handling national crises, becomes completely destroyed by the unexpected initial attacks by North Korea. As a result, the purpose of this study is to propose safety measures for the country's leadership in preparation for North Korea's threat of nuclear weapons by examining the concept and degree of risk of weapons of mass destruction with a focus on nuclear weapons, analyzing the substance of the threat of North Korean nuclear weapons and evaluating such threat. In conclusion, first, to ensure the normal functioning of a national crisis management system in the event of a national crisis, we must seek safety measures that conform to the scope and succession order of the leadership of the national crisis management for an Enduring Constitutional Government (ECG) and the Continuity Of Operations (COOP). Second, in the event of a national ceremony, the gathering of the country's leadership all together in an open place should be avoided. In unavoidable circumstances, the next in rank that will act on behalf of the current leader should be designated and relevant safety measures should be taken. Third, during time of peace, in preparation for national crises, the scope of protection for the country's leadership should be prescribed and specific security and safety measures should be implemented. Fourth, the succession order for acting president in the case of the death of the president pursuant to Articles 71 and 26(1) of the National Government Organization Act should reconsidered to see whether it is a reasonable provision that takes into consideration a national crisis management that corresponds to the threat of North Korean nuclear weapons and weapons of mass destruction. Pursuant to the Basic Guidelines for National Crisis Management set out under Presidential Directive No. 229, the Korean government is currently operating a case-by-case "crisis management standard manual" and its sub-manuals and has also prepared the Presidential Security Service's security and safety measure regulations regarding the acting president. Therefore, the Korean government should actualize the above points in the case-by-case crisis management standard manual and security and safety measure regulations regarding the acting president to implement and legislate them.

• Korean Security Journal
• /
• no.33
• /
• pp.163-195
• /
• 2012

Various kinds of performances and events have been held by local governments along with the worldwide popularity of K-pop, and there is a growing concern about possible accidents. Actually, a large-scale of accident took place during the MBC pop song concert in Sangju Sports Stadium in October 3, 2005. And another great safety accident occurred during an open event in the Lotte World in Seoul in March 26, 2006. The purpose of this study is to propose improvement of security company that carry out security activity through the analysis of the cases of accidents and common causes in the event sites. The improvement of safety management for large-scale event site by the study are as followings; First, institutional measures should be taken to extend the size of private security companies. Second, more education and training should be provided for security personnels who work for the event. Third, private security companies should prepare for the security measures more thoroughly in advance. Fourth, private security companies should make every possible effort to maintain order in the event site. Fifth, private security companies should bolster their collaboration with relevant organizations. Sixth, security companies should take actions to make themselves completely ready for any possible unexpected situations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• Korean Security Journal
• /
• no.8
• /
• pp.45-64
• /
• 2004

The pivotal emphasis of the physical training for the security agents of the security headquarters in the North Korea is to inspire them with the defense physical training-centered ideology and the war spirit. Their special martial arts is the protectee-centered offensive arts rather than the self-centered arts. It puts emphasis on training black belt-holders in diverse martial arts rather than in a certain martial art. Thus, the physical training for security agents in the South Korea should be also developed into the ways to rear them as black belt-holders in diverse martial arts rather than to foster them as high grade-holders in a certain martial art. And also, professors majoring in security and physical science have to develop jointly the measures to improve the physical and mental agility and the basic physical strength to inspire rapid handling and perseverance, to develop the physical training program to reduce mental and physical stress of security guards, to develop the standard for the examination of physical strength suitable for the body figures of Korean people and the regular evaluation with the standard and to apply traditional folk-games such as the swing and the seesaw to the physical training for security guards.

• The Journal of Society for e-Business Studies
• /
• v.19 no.1
• /
• pp.63-78
• /
• 2014

This paper is to analyze how the information security leadership of top management affects controls of information security. Controls of information security include the activity related to making information security policy, the activity related to making up information security organizational structure and job responsibilities, the activity related to information security awareness and training, the activity related to technical measures installation and operation, and the activity related to emergency response, monitering and auditing. Additionally we will analyze how Internet incidents affect controls of information security and find implications.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.491-494
• /
• 2019

The results from the analysis of recent security breach cases of industrial control systems revealed that most of them were caused by the employees of a partner company who had been managing the control system. For this reason, the majority of the current company security management systems have been developed focusing on their performances. Despite such effort, many hacking attempts against a major company, public institution or financial institution are still attempted by the partner company or outsourced employees. Thus, the institutions or organizations that manage Industrial Control Systems (ICSs) associated with major national infrastructures involving traffic, water resources, energy, etc. are putting emphasis on their security management as the role of those partners is increasingly becoming important as outsourcing security task has become a common practice. However, in reality, it is also a fact that this is the point where security is most vulnerable and various security management plans have been continuously studied and proposed. A system that enhances the security level of a partner company with a Virtual Desktop Infrastructure (VDI) has been developed in this study through research on the past performances of partner companies stationed at various types of industrial control infrastructures and its performance outcomes were statistically compiled to propose an appropriate model for the current ICSs by comparing vulnerabilities, measures taken and their results before and after adopting the VDI.