• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.25-32
• /
• 2013

The purpose of this investigation was to determine the effect of physical activity program on body composition and cardiovascular risk factors in security guards. The subjects consisted of twenty security guards who are working to the security company in Seoul, physical activity group of 10 people and control group of 10 people in 2012. The results were as following. For body composition, there were significant decreases in body fat, also significant increases in fat free mass(p<.05). There were significant decreases in TG, elevated HDL-C was observed with physical activity group(p<.05). It is concluded that physical activity program might make beneficial effect such as increasing fat free mass, it also produces lower incidence of cardiovascular disease during 12 weeks in security guards.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.95-105
• /
• 2018

As the IT industry developed, the information held by the company soon became a corporate asset. As this information has value as an asset, the number and scale of various cyber attacks which targeting enterprises and institutions is increasing day by day. Therefore, research are being carried out to protect the assets from cyber attacks by using the attack graph to identify the possibility and risk of various attacks in advance and prepare countermeasures against the attacks. In the attack graph, security metric is used as a measure for determining the importance of each asset or the risk of an attack. This is a key element of the attack graph used as a criterion for determining which assets should be protected first or which attack path should be removed first. In this survey, we research trends of various security metrics used in attack graphs and classify the research according to application viewpoints, use of CVSS(Common Vulnerability Scoring System), and detail metrics. Furthermore, we discussed how to graft the latest security technologies, such as MTD(Moving Target Defense) or SDN(Software Defined Network), onto the attack graphs.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.31-40
• /
• 2019

Today, information security (INFOSEC) as a discipline is gaining more and more importance according to the emergence and extension of the cyberspace. Originated from Joint Doctrine for Information Operation (Joint Pub 3-13) by the U.S. Department of Defense, 'information assurance (IA)' is the concept widely used in the relevant field. Grown from the practice of information security, it encompasses broader and more proactive protection that includes countermeasures and repair, security management throughout an information system (IS)'s life-cycle, and trustworthiness of an IS in the process of risk analysis. In Korea, many industry professionals tend to misunderstand IA, remaining unaware of the conceptual differences between IA and INFOSEC. On this account, the current study attempted to provide a combined definition of IA by reviewing relevant literature. This study showed the validity of the wordings used in the proposed definition phrase by phrase.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1449-1461
• /
• 2018

As the number of software vulnerabilities grows year by year, attacks on software are also taking place a lot. As a result, the security administrator must identify and patch vulnerabilities in the software. However, it is important to prioritize the patches because patches for all vulnerabilities are realistically hard. In this paper, we propose a scoring system that expands the scale of risk assessment metric by taking into consideration attack patterns or weaknesses cause vulnerabilities with the vulnerability information provided by the NIST(National Institute of Standards and Technology). The proposed scoring system is expanded based on the CWSS and uses only public vulnerability information to utilize easily for any company. In this paper, we applied the automated scoring system to software vulnerabilities, and showed the expanded metrics with consideration for influence of attack pattern and weakness are meaningful.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.10
• /
• pp.5260-5275
• /
• 2019

In the process of constructing the traditional offensive and defensive game theory model, these are some shortages for considering the dynamic change of security risk problem. By analysing the critical indicators of the incomplete information game theory model, incomplete information attack and defense game theory model and the mathematical engineering method for solving Bayes-Nash equilibrium, the risk-averse income function for information assets is summarized as the problem of maximising the return of the equilibrium point. To obtain the functional relationship between the optimal strategy combination of the offense and defense and the information asset security probability and risk probability. At the same time, the offensive and defensive examples are used to visually analyse and demonstrate the incomplete information game and the Harsanyi conversion method. First, the incomplete information game and the Harsanyi conversion problem is discussed through the attack and defense examples and using the game tree. Then the strategy expression of incomplete information static game and the engineering mathematics method of Bayes-Nash equilibrium are given. After that, it focuses on the offensive and defensive game problem of unsafe information network based on risk aversion. The problem of attack and defense is obtained by the issue of maximizing utility, and then the Bayes-Nash equilibrium of offense and defense game is carried out around the security risk of assets. Finally, the application model in network security penetration and defense is analyzed by designing a simulation example of attack and defense penetration. The analysis results show that the constructed income function model is feasible and practical.

• Journal of the Korean Institute of Gas
• /
• v.25 no.1
• /
• pp.30-39
• /
• 2021

Natural gas is globally emerging as an important energy source for environmental, political and regional reasons. In Korea, natural gas imported from oversea natural gas resources as a LNG, it is increased for an applications as a fuel and feedstock which replace the coal and nuclear energy. Because it is relied on the import market in Korea, it is very important to analyze the security for supply. Therefore, this study suggested a method for reducing supply risk and for providing stable supply and demand through risk analysis of Korea's import structure. In order to reduce the supply risk, the concentration of importing countries should be lowered and it is necessary to lower the proportion of countries with relatively low GSSI and increase the imports from Russia. Finally increasing the number of importing countries or maintaining friendly relations with countries where the supply is stable could give us the positive impact in terms of total GSSI.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.67-81
• /
• 2011

In recently years, there are cyber-weapon aim to national infrastructure such as 'stuxnet'. Security experts of the world are paying attention to this phenomenon. The networks which controls traffic, subway, waterworks of the city are safe from threats such as computer virus, malware, because the networks were built on closed-networks. However, it's about time to develop countermeasure for the cyber-weapon. In this paper, we review status-quo of the control systems for metropolitan infrastructure and analyze the risk of industrial control system in SCADA(Supervisory Control And Data Acquisition) network. Finally, we propose a security model for control systems of metropolitan infrastructure.

• International Journal of Railway
• /
• v.2 no.3
• /
• pp.113-117
• /
• 2009

Risk management is an important part of system assurance and it is widely used in safety-related system. Railway signal system is one kind of safety-related system and its most important goal is to guarantee the safety of railway system. The method based on risk management can find and solve the security issues of railway signal system more effectively. This paper introduces the basic conception of risk management, studies the whole process of risk management and related tools and techniques and discusses some key points qualitatively combining with the particularity of railway signal system.

• Information Systems Review
• /
• v.17 no.1
• /
• pp.117-140
• /
• 2015

Cloud Computing has drawn attention as one of 10 IT strategic technology trends and has various advantages such as cost reduction and enhancing business flexibility. However, corporations hesitate to adopt the service because of unexpected risks. Especially compared to large firm, medium and small ones use public cloud that security risk is high. Meanwhile, real option strategy has drawn attention as the method to hedge uncertainty in IT projects. Therefore, in this study causal relationships among technical, security, relational, and economic risks of cloud service will be investigated. Eventually, this study investigates how those risks influence the intention to choose the real option about the cloud service. For this study, five hypotheses is drawn, and a survey is conducted about the medium and small firms which are currently using cloud service to examine hypotheses. Since the study is at organizational level, 287 questionnaire replies are recalculated to 120 firms. For statistical analysis, Smart PLS and SPSS Statistics18 are used. As a result, technical risk of cloud service has significantly positive influence on security risk. Second, security risk and relational risk of cloud service has significantly positive influence on economic risk. Third, economic risk of cloud service has significantly positive influence on the intention to purchase the delay option or abandon option. Based on this result, this research discussed practical and academic implications and the limitations.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2002.06a
• /
• pp.408-416
• /
• 2002

네트워크의 발달과 인터넷의 생활화로 컴퓨터 보안이 시대적인 중요문제로 부각하고 있다. 요즘 해킹으로 발생하는 재정적 손실은 특별하게 큰 사건이 아닌 경우에 언론에 보도되지 않을 정도로 만성적인 현상으로 인식되고 있으며 컴퓨터 범죄는 어느정도 사회현상의 하나로 여겨질 정도다. 그러나 컴퓨터 범죄를 퇴치하고 컴퓨터보안의 완벽성을 유지하고자 하는 기술적인 노력은 지속적으로 전개되고 있으나 컴퓨터 범죄는 오히려 늘어가고 있는 추세다. 이에따라 컴퓨터 범죄등 컴퓨터보안관리가 기술적인 수준에 머물지 않는 성격을 갖추고 있다는 인식이 최근들어 확산하고 있다고 할 수 있다. 이 논문은 이런 인식에서부터 출발해 새로운 개념으로 등장한 전사적 보안관리 (Enterprise Security Planning)와 컴퓨터 보안 위험 관리(Computer Security Risk Management)의 개념에 대한 이해를 중점적으로 제기했다. 또 컴퓨터 보안위험관리의 과정을 단계별로 검토해 컴퓨터 보안위험관리를 체계적으로 이해할수 있도록 제시했다. 마지막으로 본 논문은 전사적 보안관리와 컴퓨터 보안위험 관리차원에서 기업이 보안관리를 위해 갖춰야 할 새로운 흐름들, 예를 들어 보안관리자(Chief Security Officer) 제도와 보안보험 가입등 보안정책을 제시함으로써 컴퓨터범죄로부터 기업이 최대한의 안전성을 확보할 수 있는 경영전략의 틀을 제시했다.