• Asia pacific journal of information systems
• /
• v.15 no.2
• /
• pp.65-96
• /
• 2005

It is generally believed that, compared to traditional commerce, Electronic Commerce(EC) is more difficult to gain and sustain customers. One of the major reasons that customers do not use EC is lack of trust. Previous researches on the EC user's trust suggested that risk is an antecedent of trust and the concept of trust is highly related to risk. This study proposed a combined model in which includes the factors based on generic information security risk analysis methodology and trust factors in EC. The objectives of this study are follows; first, investigating the relationship between trust and risk that are antecedent factors of purchase intention, and second, examining the validity of information security risk analysis approach in EC environment. Based on the survey results of 143 MBA students statistical analysis showed that factors like threats and controls were significantly related to risk, but assets did not have statistically significant relationship with risk. Controls and knowledge of EC had meaningful effect on user's trust. This study found that risk analysis methodology which is generally used at organizational level is practically useful at user level on EC environment. In conclusion, the results of this study would be applied to generic situation of information security for analyzing and managing the risk. Besides, this study emphasized that EC vendors need to pay more attention to the information security risk to gain customer's trust.

• Journal of the Korea Safety Management & Science
• /
• v.23 no.4
• /
• pp.1-9
• /
• 2021

This study examines the trends of domestic and foreign smart industries and discusses safety and security issues. Based on the actual situation survey and interview of the smart factory, we would like to examine the perspectives on risks and threats. We will examine safety and health issues related to new harmful and risk factors that may occur in smart factories and suggest institutional development directions for future safety and health. First, a safety and health-related work environment for smart factory workers is investigated and interviews are conducted. Second, we investigate new risk factors and threats to prevent industrial accidents for workers in smart factories. The purpose of this study is to examine what are the new risk factors in the smart factory. In addition, we will try to find reasonable improvement measures by finding out the risks and threats of smart factories through case studies in advanced countries, on-site interviews and surveys.

• The Journal of Information Systems
• /
• v.26 no.3
• /
• pp.313-337
• /
• 2017

Purpose Financial technology, also known as FinTech, is conceptually defined as a new type of financial service which is combined with information technology and other traditional financial services like payments, investments, financing, insurance, asset management and so on. Most of the studies on FinTech services have been conducted from the viewpoint of technical issues or legal and institutional studies, and few studies are conducted from the health belief perspectives and security behavior approaches. In this regard, this study suggest an extended information protection behavior model. Design/Methodology/Approach The Health Belief Model (HBM), the Protection Motivation Theory (PMT), and the Technology Threat Avoidance Theory (TTAT) were employed to identify constructs relevant to information protection behavior of FinTech services. A new extended information protection behavior model in which the influence factors of information protection behavior (i.e., perceived susceptibility, perceived severity, perceived benefits, perceived barriers, perceived self-efficacy, subjective norms) affect perceived threats and perceived responsiveness positively, leading to information protection behavior of FinTech users eventually. This study developed an extended information protection behavior model to explain the protection behavior intention in FinTech users and collected 272 survey responses from the mobile users who had experiences with such mobile payments and FinTech services. Findings The finding of this study suggests that the influence factors of information protection behavior affect perceived threats and perceived responsiveness positively, and information protection behavior of FinTech users as well.

• Knowledge Management Research
• /
• v.22 no.4
• /
• pp.157-172
• /
• 2021

Information security companies were established in earnest from the mid-late 1990s to early 2000s, far shorter than other national key industries. Nevertheless, the information security industry has made rapid progress. It is expected that the proportion of the information security industry will increase rapidly with the development of advanced technology along with the 4th industrial revolution. As COVID-19, which occurred at the end of 2019, spreads around the world in 2020, non-face-to-face services and digital transformation are accelerating, and cyber threats to users are also increasing. However, there are limitations in responding to new Cyber Security threats due to the shortage of information protection manpower, insufficient security capabilities of domestic companies, and the narrow domestic information protection market. This study examines the external environmental factors of information security companies such as government information protection system operation, government influence, government support, partnership between information security companies, and internal environmental factors such as top management support, financial status, human resources, organizational capability, This study was conducted using empirical data to analyze whether it affects innovation capability and whether organizational capability and innovation capability affect financial and non-financial performance. The results of this study can be used as basic data to suggest policies and implications for information security, and to strengthen the competitiveness of the information security industry.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.4
• /
• pp.860-877
• /
• 2013

Cloud computing has become one of the most important technologies for reducing cost and increasing productivity by efficiently using IT resources in various companies. The cloud computing system has mainly been built for private enterprise, but public institutions, such as governments and national institutes, also plans to introduce the system in Korea. Various researches have pointed to security problems as a critical factor to impede the vitalization of cloud computing services, but they only focus on the security threats and their correspondents for addressing the problems. There are no studies that analyze major security issues with regard to introducing the cloud computing system. Accordingly, it is necessary to research the security factors in the cloud computing given to public institutions when adopting cloud computing. This research focuses on the priority of security solutions for the stepwise adoption of cloud computing services in enterprise environments. The cloud computing security area is classified into managerial, physical and technical area in the research, and then derives the detailed factors in each security area. The research derives the influence of security priorities in each area on the importance of security issues according to the identification of workers in private enterprise and public institutions. Ordered probit models are used to analyze the influences and marginal effects of awareness for security importance in each area on the scale of security priority. The results show workers in public institutions regard the technical security as the highest importance, while physical and managerial security are considered as the critical security factors in private enterprise. In addition, the results show workers in public institutions and private enterprise have remarkable differences of awareness for cloud computing security. This research compared the difference in recognition for the security priority in three areas between workers in private enterprise, which use cloud computing services, and workers in public institutions that have never used the services. It contributes to the establishment of strategies, with respect to security, by providing guidelines to enterprise or institutions that want to introduce cloud computing systems.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.549-554
• /
• 2014

Studies on the intelligent vehicles that are converged with IT and vehicular technologies are currently under active discussion. A variety of communication technologies for safety intelligent vehicle services are support. As such intelligent vehicles use communication technologies, they are exposed to the diverse factors of security threats. To conduct intelligent vehicle security authentication solutions, there are some factors that can be adopted ownership, knowledge and biometrics[6,7]. This paper proposes to analyze the factors to threaten intelligent vehicle, which are usually intruded through communication network system and the security solution using biometric authentication scheme. This study proposed above user's biometrics information-based authentication scheme that can solve the anticipated problems with an intelligent vehicle, which requires a higher level of security than existing authentication solution.

• Journal of Internet Computing and Services
• /
• v.13 no.6
• /
• pp.33-40
• /
• 2012

The cloud service has become the significant factor to save the IT operation cost and to improve the productivities in companies. It was introduced to Korea for enterprise services of major companies in 2008. As the increase of recognition for its effect, more small businesses and public institutions plan to introduce the cloud computing services. The cloud computing researches have only focused on the security threats and response technologies to them. Therefore, this research analyzed the importances of responses to security threats in specific domains. The domains were divided into managerial, physical, and technical security. The specific factors in three domains were used for the analysis in this research as well. The ordered logit model was used for the analysis and the analysis results showed that physical security and managerial security are considered to be significantly important in the cloud computing security. The results also presented that the security policy, the control and surveillance to service infrastructure, and application security are highly important in the respect of specific factors. This research will contribute to enterprises or institutions in Korea, which want to introduce the cloud computing services, by aiding the establishment of effective security strategies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.629-635
• /
• 2022

Cyber threats are also increasing with recent social changes and the development of ICT technology. Malicious codes used in cyber threats are becoming more advanced and intelligent, such as analysis environment avoidance technology, concealment, and fileless distribution, to make analysis difficult. Machine learning technology is being used to effectively analyze these malicious codes, but a lot of effort is needed to increase the accuracy of classification. In this paper, we propose a malicious code detection technology based on API call interval characteristics to improve the classification performance of machine learning. The proposed technology uses API call characteristics for each section and entropy of binary to separate characteristic factors into sections based on the extraction malicious code and API call order of normal binary. It was verified that malicious code can be well analyzed using the support vector machine (SVM) algorithm for the extracted characteristic factors.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.1
• /
• pp.251-258
• /
• 2010

The Republic of Korea is the maritime country of which its infrastructure of the country's development is based on maritime trade. This can be easily understood according to degree of dependence upon foreign trade, which is the economic indicator for expressing one country's economic characteristics. In 2008, the degree of dependence upon foreign trade of Korea is 83.5%, and this figure is much higher than that of Japan and China, which is 28.8% and 68% respectively. This in turn means that the development of Korea, and also the security of Korea depends greatly on safety of the sea. On the other hand, there is a growing trend that threats to the maritime security of Korea increases as examples seen in Somalia pirates. Thus we could say that interest on this issue should increase and also measures to counter those threats should be prepared. Also Korea should take the maritime security as important as critical factors as national security, which is similar to military threats from North Korea. Therefore all citizen's interests on the issue should be raised, and organizations that are capable of mutually integrating the functions related to maritime security should be established. Finally, Korea should actively participate international efforts on maritime security, and secure maritime security of our nation therefore contribute to the nation's prosperity and future development.

• Journal of Korea Multimedia Society
• /
• v.21 no.1
• /
• pp.26-33
• /
• 2018

As financial transactions using mobile devices have been activated, mobile payment services have appeared and many changes have been made to the existing financial service methods. Due to the simplified payment method of mobile payment service, security threats such as personal information leakage, phishing damage, and malicious code are increasing. Research that can solve this is needed. In this paper, we discuss the features and security factors of mobile payment system. In order to improve the security of mobile payment system, we propose a fault analysis method based on frequency of occurrence using Fault Fishbone Analysis(FFA) technique.