• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.51-60
• /
• 2007

It is important to assess vulnerability of network and information system to countermeasure against a variety of attack in effective and efficient way. But vulnerability and risk assessment methodology for network and information systems could not be directly applied to sensor networks because sensor networks have different properties compared to traditional network and information system. This paper proposes a vulnerability assessment framework for cluster based sensor networks. The vulnerability assessment for sensor networks is presented. Finally, the case study in cluster based sensor networks is described to show possibility of the framework.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.24 no.6
• /
• pp.670-678
• /
• 2018

In coastal waters where the traffic volume of the ship is high, there is a high possibility of a collision accident because complicated encounter situations frequently occurs between ships. To reduce the collision accidents at sea, a quantitative collision risk assessment is required in addition to the navigator's compliance with COLREG. In this study, a new collision risk assessment system was developed to evaluate the collision risk on ship's planned sailing routes. The appropriate collision risk assessment method was proposed on the basis of reviewing existing collision risk assessment models. The system was developed using MATLAB and it consists of three parts: Map, Bumper and Assessment. The developed system was applied to the test sea area with simple computational conditions for testing and to actual sea areas with real computational conditions for validation. The results show the length of own ship, ship's sailing time and sailing routes affect collision risks. The developed system is expected to be helpful for navigators to choose the optimum safe route before sailing.

• Journal of Multimedia Information System
• /
• v.8 no.4
• /
• pp.259-266
• /
• 2021

Security vulnerabilities have been reported in major design software systems such as Adobe Photoshop and Illustrator, which are recognized as de facto standard design tools in most of the design industries. Companies need to evaluate and manage their risk levels posed by those vulnerabilities, so that they could mitigate the potential security bridges in advance. In general, security vulnerabilities are discovered throughout their life cycles repeatedly if software systems are continually used. Hence, in this study, we empirically analyze risk levels for the three major graphical design software systems, namely Photoshop, Illustrator and GIMP with respect to a software vulnerability discovery model. The analysis reveals that the Alhazmi-Malaiya Logistic model tends to describe the vulnerability discovery patterns significantly. This indicates that the vulnerability discovery model makes it possible to predict vulnerability discovery in advance for the software systems. Also, we found that none of the examined vulnerabilities requires even a single authentication step for successful attacks, which suggests that adding an authentication process in software systems dramatically reduce the probability of exploitations. The analysis also discloses that, for all the three software systems, the predictions with evenly distributed and daily based datasets perform better than the estimations with the datasets of vulnerability reporting dates only. The observed outcome from the analysis allows software development managers to prepare proactively for a hostile environment by deploying necessary resources before the expected time of vulnerability discovery. In addition, it can periodically remind designers who use the software systems to be aware of security risk, related to their digital work environments.

• Journal of Korean Society of Disaster and Security
• /
• v.9 no.2
• /
• pp.15-21
• /
• 2016

According to the disaster statistics issued by the Ministry of Public Safety and Security, traffic accidents, fire, collapses and others are classified into twenty-three (23) categories. In the past, disasters were mainly caused by the influence of nature, such as typhoon or drought. On the other hand, as society has become city-centered, social disasters' types, frequencies and scales are becoming more diversified and ever-increasing. However, there are no specific criteria and assessment methods that can measure degrees of social disasters-related risks objectively. Therefore, this study targeted traffic accidents, fire and collapses from major social disasters, utilized data that are related to occurrence rate, scale of casualties and scale of property loss in past eight years, and calculated the disaster risk index using the distance (Euclidean distance) between two points on the 3D spatial coordinates, in order to make the objective assessment by social disaster type possible. These results will enable the objective evaluation of risk index of major social disaster to be used as the foundational data when building the national disaster management system.

• The KIPS Transactions:PartC
• /
• v.12C no.7 s.103
• /
• pp.989-998
• /
• 2005

Information systems are today becoming larger and mostly broadband-networked. This exposes them at a higher risk of intrusions and hacking than ever before. Of the technologies developed to meet information system security needs, risk analysis is currently one of the most actively researched areas. Meanwhile, due to the extreme diversity of assets and complexity of network structure, there is a limit to the level of accuracy which can be achieved by an analysis tool in the assessment of risk run by an information system. Also, the results of a risk assessment are most oftennot up-to-date due to the changing nature of security threats. By the time an evaluation and associated set of solutions are ready, the nature and level of vulnerabilities and threats have evolved and increased, making them obsolete. Accordingly, what is needed is a risk analysis tool capable of assessing threats and propagation of damage, at the same time as security solutions are being identified. To do that, the information system must be simplified, and intrusion data must be diagrammed using a modeling technique this paper, we propose a modeling technique information systems to enable security risk analysis, using SPICE and Petri-net, and conduct simulations of risk analysis on a number of case studies.

• Journal of Korea Society of Industrial Information Systems
• /
• v.29 no.4
• /
• pp.43-54
• /
• 2024

This study presented a cybersecurity risk management system in a smart factory environment. A smart factory refers to a factory that optimizes the production system and increases efficiency. However, this digitized environment is vulnerable to cyber attacks, and manufacturing companies can suffer serious damage from disruptions in production systems or information leaks. Therefore, a systematic approach to effectively managing cyber security risks is essential in smart factories. In this study, a continuous security risk management system for each stage of the smart factory was proposed along with business process-based security risk assessment. These studies will help to further improve cybersecurity risk management in smart factories. It will also play an important role in ensuring that smart factories operate safely and efficiently.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.199-206
• /
• 2015

Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

• Journal of Information Processing Systems
• /
• v.16 no.5
• /
• pp.1064-1073
• /
• 2020

The general situation of system composition and safety management of high-speed railway terminal is investigated and a comprehensive evaluation index system of operational security is established on the basis of railway laws and regulations and previous research results to evaluate the operational security management of the high-speed railway terminal objectively and scientifically. Index weight is determined by introducing interval eigenvalue method (IEM), which aims to reduce the dependence of judgment matrix on consistency test and improve judgment accuracy. Operational security status of a high-speed railway terminal in northwest China is analyzed using the traditional model of fuzzy comprehensive evaluation, and a general technique idea and references for the operational security evaluation of the high-speed railway terminal are provided. IEM is introduced to determine the weight of each index, overcomes shortcomings of traditional analytic hierarchy process (AHP) method, and improves the accuracy and scientificity of the comprehensive evaluation. Risk factors, such as terrorist attacks, bad weather, and building fires, are intentionally avoided in the selection of evaluation indicators due to the complexity of risk factors in the operation of high-speed railway passenger stations and limitation of the length of the paper. However, such risk factors should be considered in the follow-up studies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.537-552
• /
• 2024

Domestic nuclear power plants operate under the establishment of the "Information System Security Regulations" in accordance with the Nuclear Safety Act, introducing and implementing a cybersecurity system that encompasses organizational structure as well as technical, operational, and managerial security measures for assets. Despite attempts such as phased approaches and alternative measures for physical protection systems, the reduction in managed items has not been achieved, leading to an increased burden on security capabilities due to limited manpower at the site. In the main text, an analysis is conducted on Type A1 assets performing nuclear safety functions using Maintenance Rules (MR) and EPRI Technical Assessment Methodology (TAM) from both a maintenance perspective and considering device characteristics. Through this analysis, approaches to re-evaluate the impact of cyber intrusions on asset functionality are proposed.

• Journal of Korean Society of Disaster and Security
• /
• v.15 no.3
• /
• pp.31-40
• /
• 2022

Domestic disaster risk maps are mainly produced and studied as a single disaster map by grid unit and disaster type. In particular, it is necessary to present an evaluation method of the disaster risk map that is more suitable for the relevant facility (local road) in order to utilize the work of practitioners who are mainly in charge of facility maintenance. In this study, an evaluation method was presented to evaluate the risk with a focus on local roads by using the landslide risk map and debris flow risk map provided by the Korea Forest Service. In addition, the risk was evaluated and verified for the provinces located in Gangwon-do. As a result of the evaluation, it was possible to evaluate the risk of grades 1 to 5 for 1,513 evaluation sections in the evaluation section with a total length of 234.59 km.