• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.3-9
• /
• 2022

Recently, as the environment of the 4th industrial revolution has arrived, the opening, sharing and convergence of data are actively being achieved in any organization. However, the opening and sharing of data inevitably leads to security vulnerability and there is ambivalence that is a threat that can affect the existence of an organization operated in the 4th industrial revolution environment. Especially security issues in the organization of the military can be a threat to the state, not the military itself, so it is always necessary to maintain a high level of security discipline. In this paper, 14 variables were selected through structural equation model applying theory of planned behavior, deterrence and protection motivation to find out the security level development measures by extracting factors that can affect security level. As a result, the theory of planned behavior that the security knowledge embodied through the usual security regulation education and evaluation affects the behavior was adopted, and the theory of deterrence and protection motivation showed the significance of the rejection level. In addition, it was confirmed that the variables that have the greatest impact on the military security level through the measured values of the three-year security audit were commanders and mental security. In conclusion, in order to improve the security level, it is suggested that security education, definite reward and punishment, and security system upgrading should be firmly established and mental security posture should be secured.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.39-44
• /
• 2017

The existing enterprise information security activities were centered on the information security organization, and the top management considers information security and enterprise management to be separate. However, various kinds of security incidents are constantly occurring. In order to cope with such incidents, it is necessary to protect information in terms of business management, not just information security organization. In this study, we examine the existing corporate governance and IT governance, and present an information security governance model that can reflect the business goals of the enterprise and the goals of the management. The information security governance model proposed in this paper induces the participation of top management from the planning stage and establishes information security goals. We can strengthen information security activities by establishing an information security plan, establishing and operating an information security system, and reporting the results to top management through compliance audit, vulnerability analysis and risk management.

• Asia pacific journal of information systems
• /
• v.15 no.1
• /
• pp.115-133
• /
• 2005

This study is to develop an information security management model(ISMM) for small and medium sized enterprises(SMEs). Based on extensive literature review, a five-pillar twelve-component reference ISMM is developed. The five pillars of SME's information security are: centralized decision making, ease of management, flexibility, agility and expandability. Twelve components are: scope & organization, security policy, resource assessment, risk assessment, implementation planning, control development, awareness training, monitoring, change management, auditing, maintenance and accident management. Subsequent survey designed and administered to expose experts' perception on the importance of these twelve components revealed that five out of tweleve components require relatively immediate attention than others, especially in SME's context. These five components are: scope and organization, resource assessment, auditing, change management, and incident management. Other seven components are policy, risk assessment, implementation planning, control development, awareness training, monitoring, and maintenance. It seems that resource limitation of SMEs directs their attention to ISMM activities that may not require a lot of resources. On the basis of these findings, a three-phase approach is developed and proposed here as an SME ISMM. Three phases are (1) foundation and promotion, (2) management and expansion, and (3) maturity. Implications of the model are discussed and suggestions are made for further research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.393-399
• /
• 2019

In a situation where an unauthorized SW brought into the organization without being authorized is emerging as a threat to the network security, the security of the network based on the SDN(Software-Defined Network) can be strengthened through the development of the security application considering the organization's characteristics. Security technology of existing SDN environment has been studied to protect internal network from external networks such as firewalls and Intrusion Detection Systems, but the research for resolving insider threat was insufficient. Therefore, We propose a system that protects the internal network from unauthorized SW, which is one of the insider threats in the SDN environment.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.49-57
• /
• 2013

Power-saving PC software enables the inexpensive power control, but the installation of the power-saving software in all computers in the organization is not an easy task. Computer users in the organization are usually not cooperative as they do not think the power-saving cost is directly related to themselves. The PC power-saving system provides advantage to driving active participation in which users installs the power saving software by restricting IP address through the power management server. However, the problem with this approach is the security vulnerability to IP spoofing attacks, therefore we need to solve the problem that disrupt the entire network system rather than saving electric power. This paper proposes the security authentication system that can implement the efficiency saving power by providing high security for the members' computer system of the public institutions based on the PC power-saving system. Also, by analyzing it in comparison with other method, it is possible to check that the prospects of safety and efficiency are strengthened.

• Knowledge Management Research
• /
• v.21 no.1
• /
• pp.41-59
• /
• 2020

This explorative study examines the difference in firm performance according to the adoption of the core technology of the Fourth industrial revolution, including artificial intelligence(AI), internet of things (IoT), cloud computing, and big data technology. Additionally, we investigate the importance of internal organizational structure exclusively responsible for information security. We analyze unique microdata offered by the Korea Information Society Development Institute to examine the impact of the adoption of the new technologies and the existence of organizational structure for information protection on firm performance, i.e., firm sales. By considering the core information technology as powerful knowledge assets, we argue that the adoption of such technology leads firms to have comparative advantage comparing to the competitors. Also, we emphasize the need to consider the organizational structure suitable for information security, which can become a structural asset of a firm.

• Journal of the Korea Safety Management & Science
• /
• v.13 no.2
• /
• pp.219-229
• /
• 2011

A empirical study about dual commitment of members of labor union for logistics companies based around the capital for their companies and union was carried out. This paper reviewed the effects of job security, organizational justice and social capital on dual commitment, and the mediating effect of social capital between job security and organizational justice, and dual commitment. Also, by establishing the social capital as a mediating variable, whether the effects of job security and organization justice to dual commitment exhibit mediating effects was identified.

• Korean Security Journal
• /
• no.32
• /
• pp.123-150
• /
• 2012

The purpose of this study was to seek practical intelligences for certain persons who wish to be a guard by studying for what practical public guards' recognition of organization and vocation is. The results of this study were as follows. First, Six study participants presented 'Respect within members', 'Atmosphere like family', 'Premium members', and 'Economic compensation & wealth of budget' as essential requirements for the best guard organization. Second, they also presented 'Systematic daily task & training', 'Exact selection system', and 'Strong cohesion & teamwork' as strong points of their organization. Third, they mentioned 'Internal evaluation system', 'Lack of education contents', and 'Limited position circulation' as weak points of their organization. Fourth, they mentioned that they feel encouraged itself as they work in the best guard organization, while they were skeptical when the citizens did not cooperate with them and they were not fully rewarded for their injury. Fifth, they expressed 'Difficulty of business cooperation', 'Unstable living patterns', 'Inconsistent assessment', and 'Continuing tension' as difficulties for performing the duties and stress causes. Lastly, they recognized of job security and self-esteem as they work in the best guard organization as advantages of a job, while they recognized of controlled life, low salaries and welfare level compared to duty importance and risks as disadvantages of a job. Consequently, students who wish to be a guard should consider job and organization attributes and set their career goals refer to these results.

• Korean Security Journal
• /
• no.59
• /
• pp.109-132
• /
• 2019

The purpose of this study is to analysis the change of composition and terminology of the official public relation(PR) brochures of the Presidential Security Service of Korea. For this purpose, the qualitative study was conducted on the official PR brochures of the Presidential Security Service. The results of this study are as follows. First, the compositions of the official PR brochures of the Presidential Security Service have been gradually changing from the Presidential Security Service to the public. Second, the terminologies of the official PR brochures of the Presidential Security Service have been gradually increasing the using public friendly terms in the middle of the using rigid terms because of the nature of the Presidential Security Service. Therefore, the Presidential Security Service should fulfill the public's rights to know through active PR efforts in the future and concentrate the capabilities in securing the legitimacy of presidential security service while leading the academic development of security service. In addition, it is necessary to consider ways to renew specific concrete grounds for organization, functions, and employees through legal and institutional improvements to secure the professionalism of the Presidential Security Service, and to extend the scope of work to the field of national security management and coordination.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.38 no.4
• /
• pp.193-201
• /
• 2015

Corporation's valuable intelligent asset is being threatened from the skills of threatening subject that has been evolved along with the growth of the information system and the amount of the information asset. Domestically, attempts of various private information attacks, important information extortion, and information damage have been detected, and some of them have abused the vulnerability of security of information system, and have become a severe social problem that generates security incident. When accessing to the security, most of companies used to establish a strategy with a consistent manner and a solution plan. However, this is not a proper way. The order of priorities vary depending on the types of business. Also, the scale of damage varies significantly depending on the types of security incidents. And method of reaction and critical control point vary depending on the types of business and security incidents. In this study, I will define the security incidents by their types and preponderantly examine how one should react to those security incidents. In this study, analyzed many types of security accidents that can occur within a corporation and an organization considering various factors. Through this analysis, thought about factors that has to be considered by corporations and organizations when they intend to access to the information security. This study focuses on the response methodology based on the analysis of the case analysis of the leakage of industrial secret and private secret other than the conceptual response methodology that examines the way to prevent the leakage of the industry security systems and the industry information activities. And based on these factors, want to be of help for corporations to apply a reasonable approach when they establish a strategy to information security.