• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.91-100
• /
• 2015

Recently many companies began to feel the pressures of cost savings due to the global recession, so they have been interested in the Cloud Computing. Cloud Computing is one of using method of IT resources through the network. Users can borrow softwares or hardwares instead of buying them. Many people expect remarkable growth in Cloud Computing industry because of it's effectiveness. But Cloud Computing industry is still at an early stage. Especially, people who in the public sector hesitate to adopt Cloud Computing Services due to security issues and their conservative views. Also, they just have limited understanding, so we need to investigate what they really know and understand. Researches about the Cloud Computing generally focus on technical issues, so we can hardly find researches reference for decision making in considering the services. The study aims to investigate diverse factors for agencies' adoption decisions, such as benefits, costs, and risk in developing the most ideal type of cloud computing service for them, and performs priority analyses by applying ANP (Analytic Network Process). The results identify that features pertaining to the risk properties were considered the most significant factors. According to this research, the usage of private cloud computing services may prove to be appropriate for public environment in Korea. The study will hopefully provide the guideline to many governmental agencies and service providers, and assist the related authorities with cloud computing policy in coming up with the relevant regulations.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.167-177
• /
• 2018

Major countries, such as the U.S., UK and Germany have reformed their national intelligence systems in the face of transnational, asymmetric and comprehensive threats since September 11, 2001 and have strengthened the intelligence capacity involved in countering terrorism and WMD proliferation, right/left extremism threats. The Korean Moon Jae-in government is preparing a reform plan to eliminate illegal political intervention and abuse of power by the National Intelligence Service(NIS) and to rebuild it as an efficient national intelligence agency for national security. In discussing the reform direction of the NIS, it is necessary to discuss in detail whether adopting a separate model of intelligence agencies to restrict domestic intelligence activities of the NIS and concentrate on foreign intelligence activities or establish new domestic intelligence agencies. Second, as for the issue of transferring anti-Communism investigation authority of the NIS to the police, it needs to be carefully considered in terms of balancing the efficiency and professionalism of intelligence agency activity in the context of North Korea's continuous military provocation, covert operations and cyber threats. Third, it should strive to strengthen the control and supervision functions of the administration and the National Assembly to ensure the political neutrality of the NIS in accordance with the democratization era, to guarantee citizens' basic rights and to improve the transparency of budget execution.

• Korean Security Journal
• /
• no.61
• /
• pp.87-107
• /
• 2019

With the government policy on converting contract workers to full-time employees, there have been significant changes about the security personnel at the nation's critical facilities, including the National Assembly Building and airports. Moreover, the scheduled disbandment of the conscripted police force in 2023 has raised concerns about security management at different government agencies. To examine the college students' perceptions on the possible alternatives to fill the expected security gap, 234 undergraduate students of security management and protection in the Seoul metropolitan region were surveyed. Particularly, a comparative analysis was conducted on the legal bases and supervision, the employment types and salaries, and the scopes of responsibility and authority of suggested alternatives were compared. The results showed that utilization of private police forces was thought to be the most effective option. Based on the research findings, the university departments should develop and maintain a quality curriculum to educate their students to be prepared security professionals with a focus on emergency response capabilities and martial arts, including the courses on private police law and emergency rescue and cardiopulmonary resuscitation (CPR).

• Korean Security Journal
• /
• no.61
• /
• pp.203-234
• /
• 2019

The damages from security accidents continue to increase as technology leaks from suppliers cause risks to the management of large companies, which are their customers, and their image and reliability to fall. However, the current industrial structure is practically impossible for large companies to form their own businesses and strategic alliances with business partners are essential, but it is changing into an industrial structure where the exchange of information is increased and the dependence of the information system is maximized, as well as legal demands and demands from stakeholders are increasing due to the complexity of the work process and the strengthening of security-related laws. The status of technology protection of small and medium-sized enterprises shows that they are not equipped with a security system due to relatively poor environment and financial difficulties compared to large enterprises, whereas the industrial structure between large and small business partners is indispensable for sharing the IT system, and the security system of large business, which is a customer company, should be improved by considering the fact that it is impossible to maintain security system between large businesses. Thus, the government intends to examine the system for shared growth of small businesses and the model for evaluating the capabilities of various agencies for information protection, and propose measures to introduce the certification system for small business partners.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.107-115
• /
• 2014

In recent years, large companies and public institutions in the Smartphone business purposes has been used a lot. Personal Smartphone are worried about security of personal information only. But if you are a corporate or business purposes requires a more cautious approach. It can destroy an organization's network to hack Smartphones have very serious damage. For this purpose, the existing solution, and try to solve security issues with MDM or MAM. However, Smartphone users discomfort and there is a limit of organizational control. In this paper, we can propose with these issues more broadly would like to suggest. Secure mobile traffic management system enables companies or agencies the ease for users to use a Smartphone. And, for organizations that provide smart phones are more powerful and can provide a means of control. In addition, wired/wireless integration and security measures that can provide new services to offer.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.21-26
• /
• 2004

The growth of incidents on the Internet has reflected growth of the internet itself and growth of the computing power. while in previous years, external attacks tended to originate from those interested trend in exploring the Internet for its own sake and testing their skills, there is an increasing trend towards intrusions motivated by financial, political, and military objectives. so, attacks on the nation's computer infrastructures are becoming an increasingly serious problem. Even though the problem is ubiquitious, government agencies are particularly appealing targets and they tend to be more willing to reveal such events than commercial organizations. The threat of damage made necessity of security's recognition, as a result, many researches have been carried out into security of system actively. Intrusion Detection technology is detection of intrusion using audit data differently from using traditional simple filtering and informs manager of it. It has security manager of system deal with the intrusion more quickly. but, cause current environment of Internet manager can't doing response Intrusion alert immediately. That's why IPS needed. IPS can response automatically the intrusion alert. so, manager is more comfortable and can response quickly.

• Journal of the Society of Disaster Information
• /
• v.11 no.1
• /
• pp.63-72
• /
• 2015

This study aims to examine the state of accidents and related issues related to Theme Groups experiential learning experiences of students and suggest ways to improve security measures to prevent future incidents. Case studies of the sunken Sewol ferry and the collapse of the gymnasium at Mauna resort in Gyeongju are conducted by analyzing the existing literature and the data collected from the media sources and related agencies. With a basis on the findings of the analyses, it is suggested that legal foundation and disaster and risk management systems (systematic revision of the laws, raised safety awareness among citizens, production and education of security managers, formation of disaster management organizations, establishment of headquarters in case of emergency and installation of first aid facilities, improved national response system, enforcement of disaster drills, introduction of assessment system, etc.) must be established to contribute to creating a safer society.

• Strategy21
• /
• s.46
• /
• pp.29-56
• /
• 2020

Despite the deep concerns against the DPRK and the harsh sanctions imposed on it, the country renders the sanctions futile by facilitating various illegal trades such as the ship-to-ship transfers of petroleum or coal. Recently, the international community went into paying attention to solve this matter. Among the measures the community can take, "reinforcing the search and inspection of the DPRK related vessels transiting in the high and territorial seas" is the best policy approach to reduce the sanction evasion and provide the international community with considerable bargaining advantages. This measure requires the forceful action by legal enforcement agencies, also known as VBSS. (Visit, Board, Search, and Seizure) It would make the deals prohibited by the UNSCRs (United Nation Security Council Resolutions) less profitable by reducing the expected return on the deals and increasing the cost for them. So, it would make the illegal deals under the table less attractive. The DPRK has been able to render the sanctions futile by exploiting the limitations of the current maritime sanctions. The resolutions are short of being specific about law enforcement, and the PSI (Proliferation Security Initiative) is legally nonbinding. However, if the UNSCRs and the PSI are combined, they can generate a new source of power and exploit the weakness of the DPRK. Noting that the recent UNSCRs stipulated all the legal discussions in the resolutions are confined and applied only to the DPRK, the PSI can target the commercial trade as well as the WMD-related materials in the case of the DPRK's illegal maritime practices. Therefore, the PSI endorsing partners should go beyond mere commitments. They should discuss action plans to implement the maritime interdictions to the extent that they discourage the DPRK and its business partners continuing the illegal activities.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.25-32
• /
• 2018

Cyber hackings are increasing and becoming more intelligent. The government and private companies conduct various information protection activities by investing lots of money and employing security personnel to protect import ant assets and personal information. It is important to evaluate the efficiency of the information protection activities that cost lots of money and manpower. However, the studies on the efficiency of the information protection activities were mainly conducted for government agencies the information of which is more readily available. This study suggests a model that can evaluate the efficiency of the activities of information protection and information security certification of various private companies. Our model evaluates the efficiency of the information protection activities by applying AHP and DEA on the information that are publicly announced by the private companies. Our model identifies the DMUs that are efficiently operated and suggests the improvement policies for the DMU that are non-efficiently operated.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.7
• /
• pp.123-131
• /
• 2019

In this paper, related studies were investigated by dividing them into cost-benefit analysis, security continuity services, and SW-centric calculations. The case analysis was conducted on A institutions in the United States, Japan and South Korea. Based on this, an improvement model was prepared through comparison with the current system. The SCS(Security Continuity Service) performance evaluation system-based information protection service cost calculation model is proposed. This method applies a service level agreement(SLA) and NIST Cybersecurity framework that are highly effective through cost-effectiveness analysis and calculates consideration based on characteristics, performance criteria, and weights by information protection service. This model can be used as a tool to objectively calculate the cost of information protection services at public institutions. It is also expected that this system can be established by strengthening the current recommended statutory level to the enforceability level, improving the evaluation system of state agencies and public institutions, introducing a verification system of information protection services by national certification bodies, and expanding its scope to all systems.