• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.941-950
• /
• 2018

The form of information security organization of a financial company has various organizational forms in accordance with the responsibilities and roles of the Chief Information Officer (CIO), the Chief Information Security Officer (CISO) and the Chief Privacy Officer (CPO). However, it is necessary to examine whether these various types of information protection organizations are the optimal organizational forms. In this study, six types of information security organizations among the various types of information security organizations in terms of CISO, CIO, and CPO relationship were selected as candidates. This paper aims to study and elucidate the optimal organizational form of information security for financial companies.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.3
• /
• pp.49-62
• /
• 2000

Role-Based Access Control(RBAC) has recently received considerable attention as a alternative to traditional discretionary and mandatory access control to apply variant organizations function hierarchy of commercial or govemment. Also RBAC provides a delegation that is one of control principles in organization. In general delegation occurring in real organization is performed by an user giving permissions to another user. But, RBAC cannot implement these user-level delegation correctly. And delegation result in security problem such as destroying separation of duty policy information disclosure due to inappro-priate delegation. Besides security adminsitrator directly deals with that problem. In this thesis we suggests some methods that is created by the user.

• Korean Security Journal
• /
• no.2
• /
• pp.259-289
• /
• 1999

The Security Industry has dynamic working conditions. So this study intends to find the advisable direction for the reduction of accidents. To achieve the aim, the investigation of documents and the examinations of actual proofs have been done to figure the theoretical background and to see the basic knowledge of security industry. The questionnaire was composed of two question sheets to search real data and actual proofs, with making targets of pure security organization and personnel. The one consists of 9 questions to find the scale and extent of security organizations and the population and character of security personnel, and the other 25 questions in 3 major areas to analyze the causes, the frequency rates, the factors, and the condition of accidents. The period of survey was July 15th to October 15th in 1997 by mail/telephone/interview. The questionnaires were efficiently returned from 102 different organizations including the public security groups of Seoul Metropolitan Police Bureau and so on, with the information of 8,222 persons having worked for Korean Security Industry in 1996. So being based on the reality, some meaningful facts were found, and were compared with the national statistics of the Government. This study is made up of 5 chapters : in the 1st chapter the motivation, the object, the method, the direction and the limitation of the approach were presented ,in the 2nd chapter the theoretical background were inferred ; in the 3rd chapter the collected data of accidents in Korean Security Industry were analyzed and explained on the base of the questionnaires , in the 4th chapter the advisable facts connected with preventing accidents were mentioned ; in the last the conclusion were stated. With the replies of 102 different organizations including the information of 8,222 persons in 1996, the main facts found or analyzed through this study are as follows. Firstly, accident is an unpredictable and occasional event. It occurs to man and/or thing, but the frequency rate of accidents in Korean Government and other Institutes has been calculated and evaluated only in the point of the accident related with man. Secondly, the factors of accidents are firstly relevant to the way preventing accidents in Security Industry in Korea. However the frequency rate is academically calculated and evaluated by at once man(population) and hour(time). But the Government has done the rate only by man(population). This can be improper and inaccurate rates. Thirdly, the confused concept of security is used in Korean Government, academic society, corporation and so on. Therefore the detailed formation of the concept is needed for the development of Security Industry in Korea. Fourthly, security organizations can be classified into 'public security(public law enforcement)' and 'private security' according to its identification, and furthermore 'private security' can be divided into 'facilities-guard service', 'body-guard service', and 'patrol service' according to its major role. Fifthly, in the viewpoint of the number of both organization and population,'facilities-guard service' is centered in Korean 'private security'. According to the analyzed results of the questionnaires in this study, the frequency rate of accidents of Korean Security Industry is 0.43(%) totally in 1996 : 'facilities-guard service' 0.54(%), 'body-guard service' 0.12(%), and 'patrol service' 0.21(%) in 'private security', and 'public security' 0.20(%). With regard to the accident frequency rate of organization and population, 'facilities-guard service' is the highest. The accident frequency rate of population in 'facilities-guard service' organization ranges dispersively from 0.20(%) to 11.11(%). Sixthly, the accidented rate of workers having serviced for under one year is 57.6(%). This can mean that the main factor of accidents in Korean Security Industry is the lack of role-understanding and training/education. And another factor can be found on the time of accident occurrence. Many accidents have been occurred on the relaxed points like as just after lunch and morning rush-hour. Lastly, the major advisable facts related to preventing accidents are as follows : The workers who are over fifty years old in 'facilities-guard service' organization need to be educated for preventing accidents ; It is desirable that the training and education to prevent accidents should be practiced in the time of pre-service ; As the style of accidents and the age of the accidented are not same according to major service area('public security' and 'private security' : 'facilities-guard service', 'body-guard service', and 'patrol service'), the plans to prevent accidents must be different and various. However fracture and bruise are general accidents in Korean Security Industry ; Workers must care about traffic accident and violent fall ; It seems that the grouped working with other two persons will reduce accident occurrence possibility rather than individually single working.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.7-21
• /
• 2009

Strategies have to be employed in information systems security in order to build and operate systems for information systems security in effective and structured manner. It is also essential for the entire organization to participate for successful implementation of the strategies and making them work. Current researches on information systems security strategy in organizations, however, have mainly been focused on deployment and operation of countermeasures based on strategic thinking and decision. In consequence, it is lack of research on overall frame for containing consideration factors required for moving and leading the whole enterprise for the holistic security purpose. Therefore, this paper proposes a framework for use in establishment of organization-wide information systems security strategies based on the concept of grand strategy from the traditional strategy research and on the four dimensional features of it.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.69-78
• /
• 2006

ID security policy is generally formulated from the input of many members of an organization, including security officials, line managers, and ID resource specialists. However, policy is ultimately approved and issued by the organization's senior management. In environments where employees feel inundated with policies, directives, guidelines and procedures, an ID security policy should be introduced in a manner that ensures that management's unqualified support is clear. This paper will discuss Next Generation Cyber Certificate security policy in terms of the different types program-level and issue-specific, components, and Design and Implementation of Security Algorithm Simulation based on 4GL, PowerBuilder7.0.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.41-47
• /
• 2020

In the corporate information system environment, detecting and controlling suspicious behaviors occurring at the end point of the actual business application is the most important area to secure the organization's business environment. In order to accurately detect and block threats from inside and outside, it is necessary to be able to monitor all areas of all terminals in the organization and collect relevant information. In other words, in order to maintain a secure business environment of a corporate organization from the constant challenge of malicious code, everything that occurs in a business terminal such as a PC beyond detection and defense-based client security based on known patterns, signatures, policies, and rules that have been universalized in the past. The introduction of an EDR solution to enable identification and monitoring is now an essential element of security. In this study, we will look at the essential functions required for EDR solutions, and also study the design and development plans of smart EDR systems based on active and proactive detection of security threats.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.93-104
• /
• 2021

Today, due to the development of the 4th industrial revolution such as artificial intelligence, the security threat of the military organization is increasing. A study that can contribute to complying with military security is needed by studying the effects of influence factors occurring in this changing or newly emerging security environment on information security stress and security compliance behavior intention. In previous studies, task overload, task complexity, task uncertainty, and task conflict were extracted among environmental influencing factors that cause security stress. We empirically analyzed how these influencing factors affect security stress and whether they play a mediating role in security stress. As a result of the analysis, it was analyzed that the security stress was affected in the order of task overload, task conflict, and task uncertainty. Information security stress did not significantly affect security compliance behavior intention, but it was found to mediate the effect of task overload on security compliance behavior intention. This causes information security stress due to heavy security work in the military organization, which ultimately leads to lower security compliance behavior. Therefore, the security policy to manage this situation should be promoted first.

• Journal of Positioning, Navigation, and Timing
• /
• v.13 no.2
• /
• pp.117-129
• /
• 2024

In this paper, we survey recent trends of International Global Navigation Satellite System (GNSS) organizations such as the International Committee on GNSS (ICG), International Civil Aviation Organization (ICAO), International Maritime Organization (IMO), and International Telecommunication Union (ITU), and investigate their impact on the maritime and aviation sectors. Each international organization promotes international cooperation, improvement of service quality, assurance of security, compliance with international regulations, and technological innovation and development. ICG develops a variety of satellite navigation enhancement systems. ICAO establishes international aviation regulations and standards to enhance aviation safety and security. IMO establishes international shipping conventions and rules to protect and regulate the shipping environment. Lastly, ITU establishes international communication regulations and standards. Investigation of such international organizations plays an important role in increasing the efficiency and reliability of GNSS systems. Each international organization promotes international cooperation, improvement of service quality, assurance of security, compliance with international regulations, and technological innovation and development. In the future, interoperability and compatibility with new satellite navigation systems and other GNSS and satellite navigation enhancement systems must be secured, so and thus investigation of international organizations must be conducted first.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.57-68
• /
• 2022

As the importance and awareness of security have recently expanded, companies and governments are making continuous efforts and investments for security management. However, there are still many security threats in the organization, especially security incidents caused by internal staff. Therefore, it is very important for members to comply with security policies for organizational security management. Therefore, this study classified industrial security management into technical security, physical security, and managerial security, and applied the theory of planned behavior to investigate the impact relationship on the intention to comply with security policies. SPSS 25 and AMOS 25 were used for statistical analysis, and the study found that technical security had a positive(+) effect on subjective norms, physical security had a positive(+) effect on perceived behavior control, and attitude and perceived behavior control had a positive(+) effect on security policy compliance intention.