• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.897-906
• /
• 2019

As the Information and Communication Technology developed, the administration computerization of the government was promoted, and cyber attacks targeting IT products are spreading all over the world due to the reverse functions. Accordingly, governments in each country have begun to verify the security in the introduction of IT products by national and public institutions in order to protect information, and established the policy required in the introduction process. This research analyzes the introduction policy of domestic IT products to identify the supplement point. In addition, we analyze trends of introduction of IT products in the major developed countries such as USA, UK, Japan, Canada, and Australia. Finally, we propose the improvement method of domestic introduction policy through comparison analysis with domestic introduction policy.

• Asia pacific journal of information systems
• /
• v.26 no.1
• /
• pp.163-188
• /
• 2016

Compliance with information security policies has been an important managerial concern in organizations. Unlike traditional general deterrent theory, this study proposes whistle-blowing as an alternative approach for reducing internal information security policy violations. We build on the theories of planned behavior and rational choice as well as develop a theoretical model to understand the factors that influence whistle-blowing attitudes and intention at both the organizational and individual levels. Our empirical results reveal that altruistic and egoistic concerns are involved in the development of whistle-blowing attitudes. The results not only extend our understanding of whistle-blowing motivation but also offer directions to managers in promoting internal disclosure of information security breaches.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.1B
• /
• pp.87-93
• /
• 2003

As Information Security Technology has become rather transparent, wide, and integrated than in part, exclusive, and separated, A necessity of the study about integrating the separated distributed security systems into one module, has grown However, there is no integrated framework which can manage all separate security systems as one integrated one yet. Accordingly, we propose a new policy based network admirustrative model in this paper which can integrate individual security systems and distributed control way into one effectively.

• The Korean Journal of Air & Space Law and Policy
• /
• v.34 no.1
• /
• pp.79-123
• /
• 2019

This article refers to the Space security legislation in South Korea and Poland. Both states have already prepared some legislation on Security in Space- the question is the following- if there is still a need of progress and if those presented legislation are sufficient for the practical purposes of the peaceful uses of Outer Space. South Korea is a much more experienced state in using space than Poland; the same seems with the legislation. Poland as less experienced state in this matter has lots of ambitions to create the efficient legislation on Space security, so it must follow the good examples of states and institution in this matter. One of them is Korea. On the other state, Poland as a Member of EU must implement the European law in space security (in particular SSA), which seems to be priceless and efficient for the international cooperation in Space.

• Journal of Convergence for Information Technology
• /
• v.10 no.11
• /
• pp.332-339
• /
• 2020

This study aims to analyze problems and deduce improvement plans for information security support policies for SMEs in Korea. To this end, an effective support policy necessary for reinforcing cyber safety nets to enhance the level of information security of domestic SMEs based on the analysis results by analyzing the status and problems of the previous research review and analysis, the current status of information security of SMEs and the information security support policies of major SMEs at home and abroad. I would like to suggest improvement measures. Reinforcement of awareness, legal basis, voluntary capacity building, joint response system, professional manpower and budget support, cyber security construction, untact era support, and regional strategic industry security internalization were suggested. This can be used as the government's information security support policy to raise the level of information security of SMEs in preparation for the post Covid19.

• Korean Security Journal
• /
• no.54
• /
• pp.57-75
• /
• 2018

The purpose of this study is to provide basic data to improve the working environment of industrial security workers by analyzing the effects of organizational fairness of workers in industrial security work on silence in workplace and will to adhere to security policy. The data used in this study consisted of a total of 190 respondents. Statistical analysis of correlation and multiple regression analysis was performed using the SPSS 18.0 statistical program, The results of the study are as follows. First, it can be seen that the more silent the workers in the industrial security work are not being treated fairly, the higher the silence in the workplace. Second, the factors of distribution and interaction fairness affect the will to comply with the security policy, so fair distribution and fair treatment of the compensation can increase the willingness of the industrial security worker to adhere to the security policy. Third, it was found that the dominant silent factor influenced the will to adhere to the security policy, and the more the silence about the organization and its job, the lower the will to adhere to the security policy. The results of this study show that organizational fairness and silence in the workplace directly and indirectly influence the willingness to adhere to the security policy.

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.37-51
• /
• 2012

The purpose of this study is to approach information security from a more comprehensive perspective. Particularly, information countermeasures includes a technological tool for end users, thereby increasing the end users' technological stresses. Based on the technostress framework, we investigate a effect of security awareness training on technostress, and also examine a effect of technostress on the persistent security compliance. Results showed that security awareness training influenced on techno-overload and techno-uncertainty. We also found that techno-overload and techno-uncertainty have a significant effect on the persistent security compliance. Conclusion and implications are discussed.

• Journal of the Korea Society of Computer and Information
• /
• v.9 no.2
• /
• pp.81-87
• /
• 2004

Very various intrusion by development of systems that is based on network is spread. To detect and respond this intrusion, security solutions such as firewall or IDS are bringing and management of security system that load these becomes more harder. Moreover, because environment of systems that require security is various, hard to manage establishing suitable security policy Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.9-17
• /
• 2005

Recently It's difficult to deal with about variety of attack. And Simple Security management have a problem. It is that they don't develop system measuring their system envoirment and have efficient attack detector, countermeasure organization about large network. Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

• The Journal of Society for e-Business Studies
• /
• v.7 no.1
• /
• pp.66-74
• /
• 2002

Through the increment of requirement for EC(Electronic Commerce) oriented communication services, security multicast communications is becoming more important. However, multicast to EC environment is much different from unicast concept most network security protocols. On the network security, using mandatory access control of multilevel architecture which assigns a specific meaning to each subject, so we accomplish access control. In this way, access control security based on the information security level is proposed. A security protocol based on the architecture proposed in this paper would be utilized in security multicast communications, group key management service and leveled security service through multilevel EC security policy, Also we discuss and propose the security level scaleability and key management method on the network.