• Convergence Security Journal
• /
• v.4 no.3
• /
• pp.37-46
• /
• 2004

This paper presents the design of a certain highly efficient security policy negotiation of SPS(Security Policy System) using mobile agent system. The conventional IP security systems have some problems. A drawback to these systems is that the required policy between each security area is different. Another problem is not possible to guarantee whether a packet is transmitted through the same path by both directions and is protected by the same policy due to the topology of the network. Unlike conventional systems, the model developed herein can be resolved by using a mobile agent technology. If each domain needs a negotiation of security policy, a mobile agent manages the result of the negotiation in the form of a passport and guarantees the authentication and reliability each other by using the passport.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.8C
• /
• pp.748-757
• /
• 2002

Cyber-terror trials are increased in nowadays and these attacks are commonly using security vulnerability and information gathering method by variable services grew by the continuous development of Internet Technology. IDS's application environment is affected by this increasing Cyber Terror. General Network based IDS detects intrusion by signature based Intrusion Detection module about inflowing packet through network devices. Up to now security in network is commonly secure host, an regional issue adopted in special security system but these system is vulnerable intrusion about the attack in globally connected Internet systems. Security mechanism should be produced to expand the security in whole networks. In this paper, we analyzer the DARPA's program and study Infusion Detection related Technology. We design policy security framework for policy enforcing in whole network and look at the modules's function. Enforcement of security policy is acted by Intrusion Detection system on gateway system which is located in network packet's inflow point. Additional security policy is operated on-line. We can design and execute central security policy in managed domain in this method.

• Informatization Policy
• /
• v.26 no.2
• /
• pp.62-80
• /
• 2019

The purpose of this study is to investigate the direct effect of victimization experience on cyber security behavior and the indirect effect of information protection awareness through the Dual Process Theory. Baron & Kenny regression analysis was conducted and the results are as follows - first, victimization experience has a positive effect on cyber security behavior; second, the relationship between victimization experience and cyber security behavior is mediated by cyber security awareness; and third, the direct effect of victimization experience on cyber security behavior and the indirect mediating effect of cyber security awareness are both positive (+). The direct effect of victimization experience on cyber security behavior is analyzed to be relatively large compared to the indirect effect that cyber security awareness has on cyber security behavior. Based on these results, It is suggested that periodic cyber security education and campaign policies are needed to enhance cyber security behavior.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.239-246
• /
• 2021

This article substantiates the scientific provisions for modelling the level of Ukraine's public financial security taking into account the impact of budget policy, in the process of which identified indicators of budget policy that significantly affect the public financial security and the factors of budget policy based on regression analysis do not interact closely with each other. A seven-factor regression equation is constructed, which is statistically significant, reliable, economically logical, and devoid of autocorrelation. The objective function of maximizing the level of public financial security is constructed and strategic guidelines of budget policy in the context of Ukraine's public financial security are developed, in particular: optimization of the structure of budget revenues through the expansion of the resource base; reduction of the budget deficit while ensuring faster growth rates of state and local budget revenues compared to their expenditures; optimization of debt serviced from the budget through raising funds from the sale of domestic government bonds, mainly on a long-term basis; minimization of budgetary risks and existing threats to the public financial security by ensuring long-term stability of budgets etc.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.747-763
• /
• 2018

Information Technology (IT) plays an increasingly important role for small and medium-sized enterprises. It has become fundamental for these companies to protect information and IT assets in relation to risks and threats that have grown in recent years. This study aims to understand the importance and structure of an information security policy, using a quantitative study that intends to identify the most important and least relevant elements of an information security policy document. The findings of this study reveal that the top three most important elements in the structure of a security policy are the asset management, security risk management and define the scope of the policy. On the other side, the three least relevant elements include the executive summary, contacts and manual inspection. Additionally, the study reveals that the importance given to each element of the security policy is slightly changed according to the sectors of activity. The elements that show the greatest variability are the review process, executive summary and penalties. On the other side, the purpose of the policy and the asset management present a stable importance for all sectors of activity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.13-28
• /
• 2003

The Protection Profile(PP) is a common security function and detailed statement of assurance requirements in a specific class of Information Technology security products such as firewall and smart card. The parts of TOE security environment in the PP have to be described about assumption, treat and security policy through analyzing purpose of TOE. In this paper, we present a new security policy derivation among TOE security environment parts in the PP. Our survey guides the organizational security policy statements in CC scheme through collected and analyzed hundred of real policy statements from certified and published real PPs and CC Toolbox/PKB that is included security policy statements for DoD. From the result of the survey, we present a new generic organizational policy statements list and propose a organizational security policy derivation method by using the list.

• Asia pacific journal of information systems
• /
• v.33 no.4
• /
• pp.863-898
• /
• 2023

Previous studies have shown that insiders pose risks to the security of organisations' secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations' best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel's behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.

• The Korean Journal of Air & Space Law and Policy
• /
• no.spc
• /
• pp.247-270
• /
• 2007

Space development and utilization must be conducted within a framework of "peaceful uses" principle under Space Treaty. Japan ratified the treaty in 1967, and interpreted "peaceful uses" as "non-military uses" then. A ghost of "peaceful uses" principle has been hung over Japan up to the moment. Japan's space development and utilization has been conducted with genuine academic interest, and therefore Japan did not introduce space infrastructures to national security policy and did not facilitate growth of space industry. When the Cold War ended, Northeast Asian security environment makes Japan difficult to maintain an interpretation as "non-military uses". Besides the change of external security environment, the domestic industry situation and a series of rocket launching failure needed reexamination of Japan's space policy. Japan is gradually changing its space policy, and introducing space infrastructure in a national security policy under a "generalization" theory that gave a broad interpretation of "peaceful uses" principle. Council for Science and Technology Policy (CSTP) adopted a basic strategy of Japan's space policy in 2004. Since then, a long-term report of Japan Aerospace Exploration Agency (JAXA), an investigation report of Society of Japanese Aerospace Companies (SJAC) and a proposal of Japan Business Federation (JSF) were followed. Japan will promote space development and utilization in national security policy with a "strictly defensive defense" strategy and "non-aggressive uses"principle for protection of life and property of Japanese people and stabilization of East Asian countries.

• Journal of Information Technology Services
• /
• v.6 no.2
• /
• pp.177-188
• /
• 2007

Policy-based Network Management (PBNM) has been presented as a paradigm for efficient and customizable management systems. The approach chosen is based on PBNM systems, which are a promising and novel approach to network management. These systems have the potential to improve the automation of network management processes. The Internet Engineering Task Force (IETF) has also used policy concepts and provided a framework to describe the concept as the Policy Core Information Model (PCIM) and its extensions. There are policy conflicts among the policies that are defined as the policy information model and they are not easily and effectively detected and resolved. In this paper, we present the brief description of PBNM and illustrate the concepts of policy core information model and its policy implementation for a network security. Especially we describe our framework for detecting and resolving the policy conflicts for network security.

• The Journal of Economics, Marketing and Management
• /
• v.10 no.6
• /
• pp.17-26
• /
• 2022

Purpose: This study analyzes advanced cases of overseas smart cities and examines policy implications related to the creation of smart cities in Korea. Research design, data, and methodology: Analysis standards were established through the analysis of best practices. Analysis criteria include Technology, Privacy, Security, and Governance. Results: In terms of technology, U-City construction experience and communication infrastructure are strengths. Korea's ICT technology is inferior to major countries. On the other hand, mobile communication, IoT, Internet, and public data are at the highest level. The privacy section created six principles: legality, purpose limitation, transparency, safety, control, and accountability. Security issues enable urban crime, disaster and catastrophe prediction and security through the establishment of an integrated platform. Governance issues are handled by the Smart Special Committee, which serves as policy advisory to the central government for legal system, standardization, and external cooperation in the district. Conclusions: Private technology improvement and participation are necessary for privacy and urban security. Citizens should participate in smart city governance.