• Journal of Information Technology Applications and Management
• /
• v.13 no.4
• /
• pp.141-153
• /
• 2006

According to supply of super high way internet service, importance of security becomes more emphasizing. Therefore, flawless security solution is needed for blocking information outflow when we send or receive data. large enterprise and public organizations can react to this problem, however, small organization with limited work force and capital can't. Therefore they need to elevate their level of information security by improving their information security system without additional money. No hackings can be done without passing invasion blocking system which installed at the very front of network. Therefore, if we manage.isolation log effective, we can recognize hacking trial at the step of pre-detection. In this paper, it supports information security manager to execute isolation log analysis very effectively. It also provides isolation log analysis module which notifies hacking attack by analyzing isolation log.

• Journal of Information Technology Services
• /
• v.18 no.4
• /
• pp.55-66
• /
• 2019

The career development of information security workforce affiliated in administrative department is very different from workforce affiliated in private companies. Their career development attempts are made not by voluntary motivation but by involuntary job movement by the principle of internal relocation. So they are not directly linked to monetary compensation or advancement. Due to the nature of the organization, their work attitude is very passive and there is little intention to turnover. They do not need professionalism, but they must be retrained according to the law. In this paper, we investigate and analyze the roles and responsibilities of information security workforce of each administrative department. And we do questionnaire survey to find out current roles and responsibilities of them will not affect the demand for retraining. Through these research, we would like to discuss how to manage information security workforce affiliated in administrative departments.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.282-290
• /
• 2022

A huge budget is spent on technological solutions to protect Information Systems from cyberattacks by organizations. However, it is not enough to invest alone in technology-based protection and to keep humans out of the cyber loop. Humans are considered the weakest link in cybersecurity chain and most of the time unaware that their actions and behaviors have consequences in cyber space. Therefore, humans' aspects cannot be neglected in cyber security field. In this work we carry out a systematic literature review to identify human factors in cybersecurity. A total of 27 papers were selected to be included in the review, which focuses on the human factors in cyber security. The results show that in total of 14 identified human factors, risk perception, lack of awareness, IT skills and gender are considered critical for organization as for as cyber security is concern. Our results presented a further step in understanding human factors that may cause issues for organizations in cyber space and focusing on the need of a customized and inclusive training and awareness programs.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.198-204
• /
• 2024

Correspondence security between IoT devices is a significant concern, and the blockchain makes the latest difference by reducing this matter. In the blockchain idea, the larger part or even all organization hubs check the legitimacy and precision of traded information before tolerating and recording them, regardless of whether this information is identified with monetary exchanges or estimations of a sensor or a confirmation message. In assessing the legitimacy of a traded information, hubs should agree to play out an uncommon activity. The chance to enter and record exchanges and problematic cooperation with the framework is fundamentally decreased. To share and access the executives of IoT devices data with disseminated demeanour, another confirmation convention dependent on block-chain is proposed, and it is guaranteed that this convention fulfils client protection saving and security. This paper highlights the recent approaches conducted by other researchers to secure the Internet of Things environments using blockchain. These approaches are studied and compared with each other to present their features and disadvantages.

• Journal of the Korea Convergence Society
• /
• v.6 no.4
• /
• pp.139-146
• /
• 2015

WSN has been utilized in various directions from basic infrastructure of environment composition to business models including corporate inventory, production and distribution management. However, as energy organizations' private information, which should be protected safely, has been integrated with ICT such as WSN to be informatization, it is placed at potential risk of leaking out with ease. Accordingly, it is time to need secure sensor node deployment strategies for stable enterprise business. Establishment of fragmentary security enhancement strategies without considering energy organizations' security status has a great effect on energy organizations' business sustainability in the event of a security accident. However, most of the existing security level evaluation models for diagnosing energy organizations' security use technology-centered measurement methods, and there are very insufficient studies on managerial and environmental factors. Therefore, this study would like to diagnose energy organizations' security and to look into how to accordingly establish strategies for planning secure sensor node deployment strategies.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.91-97
• /
• 2015

When we estimate any organization, we can use scientific tool such as organizational effectiveness. It is very difficult to know the level of organizational goal. If you plan how to assess the effectiveness of your organization, It is a complex and difficult problem, because a few social scientist think that there are many point of view of an concept of organizational goals based on the relatively concrete concept of organizational effectiveness. Social scientist Campbell insist that it is impossible to estimate organizational effectiveness accurately. So we should develope the perfect method to measure the organization as a system, the member's self satisfaction, the efficiency of the team. To achieve a good organizational effectiveness, we should study the method of approach about organizational effectiveness. This is theoretical study and show that the concept and method of approach about organizational effectiveness.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.3
• /
• pp.179-187
• /
• 2003

This study investigate the reasons of organizational failure in detection and appropriate response to risk signal. The Crisis does not come true suddenly, there is some risk signals in crisis. If Organization detect the risk signals the crisis is come true opportunities, if not the crisis is come true disastrous outcome. This is use the system dynamics approach. System Dynamics assume the system as a collection of causal feedback loop, so we understand the dynamics around the problems. This investigate suggest that, the focus on growth is the a kind of promotional pressure and the pressure drive the organization to less attention the risk signal, so the risk is underestimate In proportion to real risk. Ultimate, the organization entrap the promotional climate and insensible to security. This study is a kind of hypothesis-discovering research, in the further study, the discovered hypothesis will be empirically tested.

• Journal of Navigation and Port Research
• /
• v.32 no.3
• /
• pp.237-244
• /
• 2008

The General Conference of International Labour Organization adopted the Maritime Labour Convention, 2006 which created a single, coherent instrument embodying as far as possible all up-to-date standards of existing international maritime Conventions and Recommendations in its Ninety-fourth session on 23 February 2006. This Convention prescribes the social security for seafarers in the Regulation 4.5 in the Title 4. Regulation 4.1-Medical care on board ship and ashore and Regulation 4.2-Shipowner's liability are related to social security for seafarers. For the purpose of ratifying this Convention in our country, first of all, it is necessary to review the domestic laws and regulations concerned whether they fulfill or not the requirements of the Convention and have to make preparation insufficient sections. Therefore, this paper aims to find out different regulations between the domestic law and the Convention, as to be able to accept the requirements regarding the social security of the Convention, also suggest the solution on problems derived in this process.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.103-110
• /
• 2019

Recently security related attacks occur in very diverse ways, aiming at people who operate the system rather than the system itself by exploiting vulnerabilities of the system. However, to the our best knowledge, there has been very few works to analyze and strategically to deal with the risks of social engineering attacks targeting people. In this paper, in order to access risks of social engineering attacks we analyze those attacks in terms of attack routes, attack means, attack steps, attack tools, attack goals. Then, with the purpose of accessing the organizational risks we consider the characteristics and environments of the organizations because the impacts of attacks on the organizations obviously depend on the characteristics and environments of the organizations. In addition, we analyze general attack risk assessment methods such as CVSS, CWSS, and OWASP Risk Rating Methodolog. Finally, we propose the risk access scheme of social engineering attacks for the organizations. The proposed scheme allows each organization to take its own proper actions to address social engineering attacks according to the changes of its environments.

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.187-204
• /
• 2013

In this study, we developed a comprehensive model to measure the National Information Security Level based on PRM framework. The proposed model reflected a rapidly changing technology environments such as social network service, mobile devices, and etc. This new model consists of three layers:Infrastructure Layer, the Action Layer and the Performance Layer, and there are 16 sub-indexes under the 3 layers. To develop new model and sub-indexes for measuring the National Information Security Level, much amounts of documents related to security indexes or deliberation criteria and security guidelines from international organization were reviewed and then most probable index pool were composed. The Index pool were verified by expert group consisting of professors and specialists. Through five times of screening and having an evaluation review, 16 sub-indexes were deduced and then Delphi and AHP have been conducted to obtain validity and objectiveness of the indexes. Thus the new proposed national information security index will show more exact national information security level and we expect that the indexes give much implications for establishing information protection policy.