• Information Systems Review
• /
• v.25 no.3
• /
• pp.179-197
• /
• 2023

As a sufficient workforce supports the industry's growth, workforce training has also been carried out as part of the industry promotion policy. However, the market still has a shortage of skilled mid-level workers. The information security disclosure requires organizations to secure personnel responsible for information security work. Still, the division between information technology work and job areas is unclear, and the pay is not high for responsibility. This paper compares job keywords in advertisements for the information security workforce for 2014, 2019, and 2022. There is no difference in the keywords describing the job duties of information security personnel in the three years, such as implementation, operation, technical support, network, and security solution. To identify the actual needs of companies, we also analyzed and compared the contents of job advertisements posted on online recruitment sites with information security sector knowledge and skills defined by the National Competence Standards used for comprehensive vocational training. It was found that technical skills such as technology development, network, and operating system are preferred in the actual workplace. In contrast, managerial skills such as the legal system and certification systems are prioritized in vocational training.

• Korean Security Journal
• /
• no.42
• /
• pp.155-178
• /
• 2015

This study surveyed the subject of companies' industrial security on priorities of the government policy for the confidentiality of corporate and the necessity of expanding the government support for the industrial security. In determining the priority, we should consider all opinions of companies, individuals, societies, and governments that associated with the confidentiality. Especially in industrial security, companies are the most significant beneficiaries and consumers of security policy and it would be the basis for supporting on policy-making. As a result, we analyzed the 50 valid questionnaires collected from security personnel of Korean corporations and 'Enhance support for education and promotion of human resource (On/Off-Line)', 'Establish Security management and Security measures', and 'Enhance Security professionals status via qualifications/certifications' are shown as 1st, 2nd, 3rd priority of government policy to protect Corporate confidential information including its customer information. All respondents of the study says that the Government support for Industrial Security should be enlarged.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1157-1166
• /
• 2017

Demand for information security consulting is increasing as the number of major information infrastructure facilities in the country is increasing and the subject of ISMS mandatory certification is expanded. The demand for manpower also increases, but the manpower to meet the needs of industry is scarce. In order to cultivate the manpower that meets the demand, the demand of the industry should be grasped first. Therefore, this study collected and analyzed job advertisements in Korea and the United States in order to grasp the needs of industry. This will contribute to the development of policy to cultivate human resources of consultants in accordance with the future demand of the enterprise, and ultimately it will be able to solve the quality disparity of security consulting personnel.

• Journal of the Semiconductor & Display Technology
• /
• v.20 no.3
• /
• pp.65-70
• /
• 2021

According to the trend of increasingly sophisticated cyber threats, the need for technology research that can be applied to cyber security personnel management and training systems is constantly being raised not only overseas but also in Korea. Previously, the US and UK have already recognized the need and have been steadily conducting related research from the past. In the United States, by encouraging applications based on related research (NICE Cybersecurity Workforce Framework) and disclosing successful use cases to the outside, it is laying the groundwork for profiling cyber security experts. However in Korea, research on cyber security expert training and profiling is insufficient compared to other countries. Therefore, in this study, in order to create a system suitable for the domestic situation, research and analysis of cases in the United States and the United Kingdom were conducted over the past few years, and based on this, a prototype was produced for the study of profiling technology for domestic cyber security experts.

• International Journal of Advanced Culture Technology
• /
• v.9 no.2
• /
• pp.106-117
• /
• 2021

The aim is to find cyber measures in consideration of physical CPTED in order to prepare countermeasures for cybercrime prevention. For this, the six applied principles of CPTED were used as the standard. A new control item was created in connection with the control items of ISO27001. A survey was conducted on former and current investigators and security experts. As a result of the reliability analysis, the Kronbar alpha coefficient value was 0.947, indicating the reliability of the statistical value. As a result of factor analysis, it was reduced to six factors. The following are six factors and countermeasures. Nature monitoring blocks opportunities and strengthens business continuity. Access control is based on management system compliance, personnel security. Reinforcement of territoriality is reinforcement of each wife and ethics. Establishment of security policy to enhance readability, security system maintenance. Increasing usability is seeking ways to utilize, periodic incentives. For maintenance, security education is strength and security-related collective cooperation is conducted. The differentiation of this study was to find countermeasures against cybercrime in the psychological part of the past. However, they approached to find in cyber measures. The limitation of the study is to bring the concept of physical CPTED to the cyber concept.

• Asia pacific journal of information systems
• /
• v.33 no.4
• /
• pp.863-898
• /
• 2023

Previous studies have shown that insiders pose risks to the security of organisations' secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations' best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel's behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.173-186
• /
• 2024

Recently, as security risks such as technology leaks continue to occur, the importance of research security is increasing. In particular, there is a lack of on-site focused guidelines for conducting practical security management activities for national research and development. Therefore, this study assigned grades to national research and development projects according to importance and designed research security management guidelines for each grade so that personnel related to the projects could perform research security activities efficiently and conveniently. First, the grading system of national research and development projects was divided into three stages according to importance and a candidate group of research security management guidelines was derived by simplifying them through an analysis of prior research on research security management items. Next, the validity of the grading system and management guideline candidates was verified through a focus group interview and research security management guidelines for each grade were prepared. This study is expected to contribute academically to future research security policies and to help establish an on-site research security management system.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.111-120
• /
• 2019

As cyber-attacks become more intelligent and sophisticated, the importance of Security Operations Center(SOC) has increased and the number of SOC has been increasing. In order to cope with cyber threats, institutions and organizations use a variety of cyber security standards to create business procedures. However, SOC often need to be improved in accordance with the SOC environment because they collaborate with managed security service specialists rather than their own personnel. The NIST cyber security framework, information security management system, and managed security service companies were compared and analyzed. As a result, it was found that the NIST CSF is a framework that is easy to apply to managed security service, The content was judged to be insufficient. Therefore, in this study, NIST CSF was used as a reference model to derive the management items required for SOC environment, and the necessity, importance and ease of each item were confirmed through an Delphi technique and an improved cyber security framework was proposed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4531-4544
• /
• 2021

Because the traditional network information security vulnerability risk assessment method does not set the weight, it is easy for security personnel to fail to evaluate the value of information security vulnerability risk according to the calculation value of network centrality, resulting in poor evaluation effect. Therefore, based on the network security data element feature system, this study designed a quantitative assessment method of network information security vulnerability detection risk under single transmission state. In the case of single transmission state, the multi-dimensional analysis of network information security vulnerability is carried out by using the analysis model. On this basis, the weight is set, and the intrinsic attribute value of information security vulnerability is quantified by using the qualitative method. In order to comprehensively evaluate information security vulnerability, the efficacy coefficient method is used to transform information security vulnerability associated risk, and the information security vulnerability risk value is obtained, so as to realize the quantitative evaluation of network information security vulnerability detection under single transmission state. The calculated values of network centrality of the traditional method and the proposed method are tested respectively, and the evaluation of the two methods is evaluated according to the calculated results. The experimental results show that the proposed method can be used to calculate the network centrality value in the complex information security vulnerability space network, and the output evaluation result has a high signal-to-noise ratio, and the evaluation effect is obviously better than the traditional method.

• Korean Security Journal
• /
• no.1
• /
• pp.351-370
• /
• 1997

This study concerns possible measures to prevent separatists' terrorist acts against overseas Korean businessmen. Of late, many Korean enterprises are helping a number of foreign countries develop their economy, by building factories and manning regional offices in those countries. But recent development of terrorism especially against Korean businessmen is alarming. This report discusses the need for Korean enterprises heading overseas to prepare themselves with awareness of terrorism and possible protective measures against it, besides their routine pursuance of profits; and for the government and prospective enterprises to refrain from investing in those countries having active separatist movements. If an investment has become inevitable, a careful survey of the region in conflict should be conducted and self-protective measures should be put in place through security information exchange, emergency coordination and training of personnel, etc. This study will first review the past terrorist incidents involving employees of overseas Korean enterprises, and then will focuss on seeking effective measures on the basis of the reported incidents. In carrying out the study, related literature from both home and abroad have been used along with the preliminary materials reported and known on the Internet from recent incidents. 1. The separatist movements of minority groups Lately, minority separatist groups are increasingly resorting to terrorism to draw international attention with the political aim of gaining extended self rule or independence. 2. The state of terrorism against overseas Korean enterprises and Koreans Korean enterprises are now operating businesses, and having their own personnel stationed, in 85 countries including those in South East Asia and Middle East regions. In Sri Lanka, where a Korean enterprise recently became a target of terrorist bombing, there are 75 business firms from Korea and some 700 Korean employees are stationed as of August 1996. A total of 19 different terrorist incidents have taken place against Koreans abroad since 1990. 3. Terrorism preventive measures Terrorism preventive measures are discussed in two ways: measures by the government and by the enterprises. ${\blacktriangleleft}$ Measures by the government - Possible measures at governmental level can include collection and dissemination of terrorist activity information. Emphasis should be given to the information on North Korean activities in particular. ${\blacktriangleleft}$ Measures by individual enterprises - Organizational security plan must be established by individual enterprises and there should also be an increase of security budget. A reason for reluctant effort toward positive security plan is the perception that the security budget is not immediately linked to an increment of profit gain. Ensuring safety for overseas personnel is a fundamental obligation of an enterprise. Consultation and information exchange on security plan, and an emergency support system at a threat to security must be sought after and implemented. 4. Conclusion Today's terrorism varies widely depending on reasons and causes, and its means has become increasingly informationalized and scientific as well while its method is becoming more clandestine and violent. Terrorist organizations are increasingly aiming at enterprises for acquisition of budgets needed for their activities. Korean enterprises have extended their business realm to foreign countries since 1970, exposing themselves to terrorism. Enterprises and their employees, therefore, should establish their own security measures on the one hand while the government must provide general measures, on the other, for the protection of the life and property of Korean residents abroad from terrorist attacks. In this regard, set-up of a counter terrorist organization that coordinates the efforts of government authorities in various levels in planning and executing counter terrorist measures is desired. Since 1965, when the hostile North Korea began to step up its terrorist activities against South Koreans, there have been 7 different occasions of assassination attempt on South Korean presidents and some 500 cases of various kidnappings and attempted kidnappings. North Korea, nervous over the continued economic growth and social stabilization of South Korea, is now concentrating its efforts in the destruction and deterioration of the national power of South Korea for its earlier realization of reunification by force. The possibility of North Korean terrorism can be divided into external terrorist acts and internal terrorist acts depending on the nationality of the terrorists it uses. The external terrorist acts include those committed directly by North Korean agents in South Korea and abroad and those committed by dissident Koreans, hired Korean residents, or international professionals or independent international terrorists bought or instigated by North Korea. To protect the life and property of Korean enterprises and their employees abroad from the threat of terrorism, the government's administrative support and the organizational efforts of enterprises should necessarily be directed toward the planning of proper security measures and training of employees. Also, proper actions should be taken against possible terrorist acts toward Korean business employees abroad as long as there are ongoing hostilities from minority groups against their governments.