• Korean System Dynamics Review
• /
• v.16 no.4
• /
• pp.31-50
• /
• 2015

The purpose of this research is to understand a structural relationship between financial regulations and security industry based on the systems thinking perspective using causal loop analysis. As a result, the positive regulations on security technology against finance security incidents shrink the autonomy of the security industry and will deteriorate the competitiveness of the security industry through the unknown feedback loop. The conclusion provides the direction that policy makers understand causal loop diagram related current regulations and open enough to the consideration of the negative regulations.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.8
• /
• pp.1466-1477
• /
• 2016

Public key infrastructure(PKI), principle technology of the certificate, is a security technology providing functions such as identification, non-repudiation, and anti-forgery of electronic documents on the Internet. Our government and financial organizations use PKI authentication using ActiveX to prevent security accident on the Internet service. However, like ActiveX, plug-in technology is vulnerable to security and inconvenience since it is only serviceable to certain browser. Therefore, the research on HTML5 authentication system has been conducted actively. Recently, domestic bank introduced PKI authentication complying with web standard for the first time. However, it still has inconvenience to register a certification on each website because of same origin policy of web storage. This paper proposes the certificate based SSO protocol that complying with web standard to provide user authentication using certificate on several sites by going around same origin policy and its security proof.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.19 no.1
• /
• pp.241-248
• /
• 2024

Socially, organizations are required to effectively manage their information resources, both in terms of acquiring information from external sources and safeguarding against potential breaches by insiders. While information security policies and technologies implemented by organizations contribute to achieving internal security, an overly complex or disorganized security structure can create uncertainty among employees. In this study, we identify factors of structural information security (IS)-related uncertainty within organizations and propose that they contribute to non-compliance. We develop a research model and hypotheses based on previous studies on the information security environment and test these hypotheses using structural equation modeling. Our findings indicate that uncertainties related to IS policy, technology, and communication decrease employees' IS role identity and their intention to comply with IS measures. By addressing these uncertainties, organizations can improve their IS environment and work towards achieving there is goals.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.155-166
• /
• 2016

In accordance with the increase of the importance of information security, organizations are making continuous investments to develop policies and adapt technology for information security. Organization should provide systemized support to enhance employees' security compliance intention in order to increase the degree of organization's internal security. This research suggests security policy goal setting and sanction enforcement as a method to improve employees' security compliance in planning and enforcing organization's security policy, and verifies the influencing relationship of Theory of Planned Behavior which explains employee's security compliance intention. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. We verified the hypotheses based on 346 responses. The result shows that the degree of goal setting and sanction enforcement has positive influence on self-efficacy and coping efficacy which are antecedents that influence employees' compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.229-245
• /
• 2013

The information security industry market is sluggish despite high expectation for its growth, and thus policies are required to define the causes and to address these issues. The policy formulation requires various historical market and human resource data for analyzing the industry, which cannot be guaranteed secured. This study executed face-to-face in-depth interviews with the frontline businesses in order to gather live opinions and to analyze industry's value chain, problems, and difficulties with a view to defining policy tasks for the development of the industry. The findings of the study revealed the current technical level of the information security industry, the frontline difficulty, and industrial ecosystem status. Based on these findings, the industry revitalization policy was devised and proposed. Objectives of the policy included the fostering of capacity to conceptualize, plan, and design industrial strategies based on the analysis of the industry's value chain and ecosystem, the expansion of the industry's value-added through the enhanced securing and management of the Intellectual Property Rights (IPR), and the nurturing of the security Human Resources (HR) in line with the industrial demand.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2011.06a
• /
• pp.165-169
• /
• 2011

저탄소 녹색성장 정책의 일환으로 추진되는 Smart Grid 사업은, 전력인프라와 IT인프라가 융합 되면서 지능화된 전기 에너지의 효율성 향상을 목적으로 전기망 내 송배전을 실시간으로 관리할 수 있게 운영하는 지능형 전기망이다. 하지만 기존의 인터넷망과 IT 통신 인프라와 융합되면서 Smart Grid 인프라에서도 IT보안 취약점 문제가 존재한다. 본 논문에서는 Smart Grid 인프라를 요소별로 분석한다. 그리고 Smart Grid 인프라의 보안성 분석을 통하여 보안의 취약점을 가져 올 수 있는 Smart Grid에 대한 보안 이슈를 분석한다. 그리고 Smart Grid 보안성 기준에 따른 보안기술정책을 연구하고, 보안 표준과 보안 방안을 제시한다. 본 연구를 통하여 안전한 Smart Grid 보안기술정책을 위한 법 제정에 기초자료가 될 것이다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.12
• /
• pp.6139-6160
• /
• 2018

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2718-2731
• /
• 2019

Conjunctive keyword search encryption is an important technique for protecting sensitive data that is outsourced to cloud servers. However, the process of searching outsourced data may facilitate the leakage of sensitive data. Thus, an efficient data search approach with high security is critical. To solve this problem, an efficient conjunctive keyword search scheme based on ciphertext-policy attribute-based encryption is proposed for cloud storage environment. This paper proposes an efficient mechanism for removing the secure channel and resisting off-line keyword-guessing attacks. The storage overhead and the computational complexity are regardless of the number of keywords. This scheme is proved adaptively secure based on the decisional bilinear Diffie-Hellman assumption in the standard model. Finally, the results of theoretical analysis and experimental simulation show that the proposed scheme has advantages in security, storage overhead and efficiency, and it is more suitable for practical applications.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.358-361
• /
• 2016

The North and South Korea for the peaceful reunification of the Republic of Korea, to lead the transformation and reform, and to complement the policy making and negotiations, there is a need for cyber security policy to practice. This paper explores the definition and overseas cyber terrorism and cyber warfare correspondence, correspondence between the versions of the technology between versions. Analysis of cyber security activities in the North and South confrontation, and research the cyber security policy against the unification. In this study, we compared the unification to build and operate a secure cyberspace from cyber threats and cyber security policy suggestions for ways of rational and legal.

• Korean Security Journal
• /
• no.24
• /
• pp.147-170
• /
• 2010

This study is to present a improvement directions for the protection of industrial key technology. For the purpose of the study, the survey was carried out on the administrative security activity of 68 enterprises including Large companies, small-midium companies and public corporations. survey result on the 10 items of security policy, 10 items of personal management and 7 items of the assets management are as follows; First, stable foundation for the efficient implement of security policy is needed. Carrying a security policy into practice and continuous upgrade should be fulfilled with drawing-up of the policy. Also for the vitalization of security activity, arrangement of security organization and security manager are needed with mutual assistance in the company. Periodic security inspection should be practiced for the improvement of security level and security understanding. Second, the increase of investment for security job is needed for security invigoration. Securing cooperation channel with professional security facility such as National Intelligence Service, Korea internet & security agency, Information security consulting company, security research institute is needed, also security outsourcing could be considered as the method of above investment. Especially small-midium company is very vulnerable compared with Large company and public corporation in security management, so increase of government's budget for security support system is necessary. Third, human resource management is important, because the main cause of leak of confidential information is person. Regular education rate for new employee and staff members is relatively high, but the vitalization of security oath for staff members and the third party who access to key technology is necessary. Also access right to key information should be changed whenever access right changes. Reinforcement of management of resigned person such as security oath, the elimination of access right to key information and the deletion of account. is needed. Forth, the control and management of important asset including patent and design should be tightened. Classification of importance of asset and periodic inspection are necessary with the effects evaluation of leak of asset.