• Journal of Digital Convergence
• /
• v.17 no.1
• /
• pp.141-148
• /
• 2019

The advancement of digital technology accelerates intelligence, convergence, and demands better change beyond traditional methods in all aspects of business models and technologies, infrastructure, processes, and platforms. Risk management is becoming more important because of various security risks, depending on the changing business environment and aligned to business goals is emerging from the existing information asset based risk management. For business aligned risk management, it is essential to understand the risk appetite for achieving business goals, which provides a basis for decision-making in subsequent risk management processes. In this paper, we propose a framework for analyzing the risk management framework, pre - existing risk analysis, and protection motivation theory that influences decisions on security risk management. To examine the practical feasibility of the developed risk appetite framework, we reviewed the applicability and significance of the proposed risk appetite framework through an advisory committee composed of security risk management specialists.

• Journal of Korea Society of Industrial Information Systems
• /
• v.26 no.1
• /
• pp.83-95
• /
• 2021

In this study, major research trends at home and abroad were compared and analyzed in order to derive key research fields in the financial security field and to suggest directions. To this end, 689 domestic and 20,736 foreign data were collected from domestic and international academic journal DB, and major research fields related to financial security were extracted through LDA analysis. After that, hot & cold topics were derived through time series linear regression analysis. As a result of the analysis, studies related to government policy issues, personal information, and accredited certification were derived as promising research fields in Korea. In the case of foreign countries, related studies were drawn to develop advanced security systems such as cryptographic protocols and quantum security. Recently, it has become possible to apply various security technologies in Korea through the abolition of public certification. Accordingly, as changes in promising research fields are expected, the results of this study are expected to contribute to the establishment and development of a successful roadmap for domestic financial security.

• Journal of Advanced Navigation Technology
• /
• v.27 no.6
• /
• pp.733-739
• /
• 2023

The purpose of this study verify to the effect of applying the X-ray screening ability rating for security screening persons in Incheon International Airport. Data collected through a evaluation score of 1,034 security screening persons in Incheon International Airport. Data analysis performed using paired sample t-test. The research results found that it was a statistically significant difference pre-test and post-test applying the X-ray screening ability rating. In this article, we asserts that the X-ray screening ability rating is effective in improving the X-ray screening ability of security screening persons. This paper contribute to the academic expansion of motivation theory and self-determination theory. This study is valuable as a preemptive empirical research that provides practical implications about the application of X-ray screening ability rating for security screening persons.

• Journal of Korea Technology Innovation Society
• /
• v.1 no.1
• /
• pp.96-105
• /
• 1998

Electronic cash affects central bank in many areas, in particular regarding the issuance of money, supervision of cashless payments, supervision of the banking system and monetary policy. The effects of electronic cash on central bank policies, the security and integrity of the payment system, and naturally also on single sector such as company engaged in the transport of money and valuables, depend mainly on the extent to which the new payment methods can replace cash. The possible development of electronic cash merits special attention from central banks for at least three reasons. First, central banks are concerned that the introduction of the new payment instrument should have no adverse effect on public confidence in the payment system and payment media. Second, although the substitution of electronic cash for other forms of money should not theoretically hamper central bank's ability to control the money supply, it might, however, have practial implications, at least in the long run, which need to be carefully examined. Third, because electronic cash may be used for payments of very small value, they have the potential, more than any other cashless instrument, to take over the role of notes and coins in the economy and, therefore, have implications for central bank's activities and revenues.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

• Journal of Korean Society of Disaster and Security
• /
• v.14 no.3
• /
• pp.1-16
• /
• 2021

Recently, large-scale projects are required in the water resources sector considering safety and publicitythe due to uncertainty of securing water resources and changes in the ecological environment by climate change. Among these large-scale projects, the projects that fall under the preliminary feasibility study are determined by comprehensive analysis based on economic analysis, policy analysis, and balanced regional development analysis. However, most of the results of the preliminary feasibility study showed a tendency to depend heavily on economic analysis. For this reason, projects in non-metropolitan areas sometimes fail in the preliminary feasibility study. To supplement this point, the Korea Development Institute revised the standard guidelines for preliminary feasibility studies for water resources sector projects that place a high weight on policy feasibility analysis. Therefore, the objective of this study is to analyze the cases of the preliminary feasibility study conducted previously and to suggest the direction of policy analysis in the preliminary feasibility study for water resources sector projects. For this, we analyze preliminary feasibility studies conducted for 18 years from 2002 to 2019, and suggest direction of policy analysis method using the benefit items not included in the economic analysis.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.5 no.5
• /
• pp.477-486
• /
• 2010

This Study suggests security directions to reconstruct separate network of Smart Grid and information communication network as one communications system and implement Smart Grid integrated information communication network. In addition, it suggests prevention directions to prevent future cyber attacks by reorganizing network as the key three-stage network and separating TCP/IP four layers that consist of existing information communication network from Smart Grid. Moreover, it suggests the foundation for the study and the test by providing current problems of Smart Grid, weak points, and three security models. This study is meaningful to suggest development directions and situations as a technology of future-oriented electric industries, integrate attacks and preventions of TCP/IP Layers with Smart Grid, and seek for a new technology of Smart Grid and future tasks for Smart Grid information security.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.195-200
• /
• 2019

The role of the Internet of Things in the Fourth Industrial Revolution is in the era of collecting data at the end and analyzing big data through technology to analyze the future or behavior. Therefore, due to the nature of the IoT, it is vulnerable to security and requires a lightweight security protocol. The spread of things Internet technology is changing our lives a lot. IT companies all over the world are already focusing on products and services based on things Internet, and they are going to the era of all things internet that can communicate not only with electronic devices but also with common objects. People, people, people and objects, things and things interact without limitation of time and space, collecting, analyzing and applying information. Life becomes more and more smart, but on the other hand, the possibility of leakage of personal information becomes greater. Therefore, this study proposed security threats that threaten the protection of personal information and countermeasures, and suggested countermeasures for building a secure IoT environment suitable for the Fourth Industrial Revolution.

• Journal of Platform Technology
• /
• v.9 no.1
• /
• pp.46-57
• /
• 2021

Recently, research has been actively conducted to utilize blockchain technology in various fields. In particular, blockchain-based smart contracts are applied to various automation systems that require reliability as they have the characteristics of recording data in a distributed ledger environment to verify the integrity and validity of data. However, blockchain does not provide data access control and information security because data is shared among network participants. In this paper, we propose a user dynamic access control mechanism utilizing smart contracts in blockchain environments. The proposed mechanism identifies the user's contextual information when accessing data, allocating the user's role and dynamically controlling the data access range. This can increase the security of the system and the efficiency of data management by granting data access dynamically at the time of user authentication, rather than providing the same services in roles assigned to each user group of the network system. The proposed mechanism is expected to provide flexible authentication capabilities through dynamic data access control by users to enhance the security of data stored within blockchain networks.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.233-240
• /
• 2019

In order to predict and respond to cyber attacks, a number of security companies quickly identify the methods, types and characteristics of attack techniques and are publishing Security Intelligence Reports(SIRs) on them. However, the SIRs distributed by each company are huge and unstructured. In this paper, we propose a framework that uses five analytic techniques to formulate a report and extract key information in order to reduce the time required to extract information on large unstructured SIRs efficiently. Since the SIRs data do not have the correct answer label, we propose four analysis techniques, Keyword Extraction, Topic Modeling, Summarization, and Document Similarity, through Unsupervised Learning. Finally, has built the data to extract threat information from SIRs, analysis applies to the Named Entity Recognition (NER) technology to recognize the words belonging to the IP, Domain/URL, Hash, Malware and determine if the word belongs to which type We propose a framework that applies a total of five analysis techniques, including technology.