• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.613-628
• /
• 2019

In-Vehicle Infotainment provides navigation and various functions through the installation of the application. And infotainment is very important to control the entire vehicle by sending commands to the ECU. Infotainment supports a variety of wireless communication protocols to install and update applications. So Infotainment is becoming an attack surface through wireless communcation protocol for hacker's access. If malicious software is installed in infotainment, it can gain control of the vehicle and send a malicious purpose command to the ECU, affecting the life of the driver. Therefore, measures are needed to verify the security and reliability of infotainment software updates, and security requirements must be derived and verified. It must be developed in accordance with SDL to provide security and reliability, and systematic security requirements must be derived by applying threat modeling. Therefore, this paper conducts threat modeling to derive infotainment update security requirements. Also, the security requirements are mapped to the Common Criteria to provide criteria for updating infotainment software.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.5
• /
• pp.380-386
• /
• 2009

It is most important that identifying security threats(or vulnerabilities) of critical IT assets and checking the propriety of related security countermeasures in advance for enhancing security level. In this paper, we present a new security risk evaluation scheme based on critical assets and threats for this. The presented scheme provides the coverage and propriety of the countermeasures(e.g., intrusion detection rules and vulnerability scan rules, etc.), and the quantitative risk level of identified assets and threats. So, it is expected that the presented scheme will be utilized in threat management process efficiently compared to previous works.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.179-191
• /
• 2024

With the advancement of modern technology, cyber-attacks are always rising. Specialized defense systems are needed to protect organizations against these threats. Malicious behavior in the network is discovered using security tools like intrusion detection systems (IDS), firewall, antimalware systems, security information and event management (SIEM). It aids in defending businesses from attacks. Delivering advance threat feeds for precise attack detection in intrusion detection systems is the role of cyber-threat intelligence (CTI) in the study is being presented. In this proposed work CTI feeds are utilized in the detection of assaults accurately in intrusion detection system. The ultimate objective is to identify the attacker behind the attack. Several data sets had been analyzed for attack detection. With the proposed study the ability to identify network attacks has improved by using machine learning algorithms. The proposed model provides 98% accuracy, 97% precision, and 96% recall respectively.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.27-32
• /
• 2005

Recently The social interest regarding is coming to be high about Home Network accordong to intelligence anger of diffusions and the family home appliance machineries and tools of the superhigh speed Internet In the ubiquitous computing socioty, only neither the threat of the private life which is caused by in cyber attack will be able to increase according to the computer environment dependence degree of the individual increases in the ubiquitous computing socioty, only neither the threat of the private life which is caused by in cyber attack will be able to increase according to the computer environment dependence degree of the individual increases Beacaues of Home network is starting point to go ubiquitous computing enviorment, The Increase of Cyber attack through Internet will raise its head with the obstacle to disrupt the activation of the groove network. So there is a possibility of saying that the counter-measure preparation is urgent, In the various environment like this, It means the threat which present time than is complicated will exist. So it will analyze the Home network system environment of present time and observe the Security threat and attack type in the ubiquitous computing enviorment. So it will analyze the Home network system environment of present time and observe the Security threat and attack type in the ubiquitous computing enviorment.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.4
• /
• pp.210-220
• /
• 2008

Insider threat is becoming a very serious issue in most organizations and management is responsible for security implementation. This study is to develop a personnel security management indicators in the areas of Personnel Assurance, Personnel Competence, and Security Environment and protection against insider threats. In this study, the information security management system and related papers are examined by reviewing the existing researches and cases. Proposed indicators are verified by pilot test, empirically analyzed to expose experts' perception and the validity, importance, and risk level of each indicators through a questionnaire. Result were encouraging, but additional study focused on personnel security management using factor analysis is needed in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.439-449
• /
• 2019

The development of information technology represented by ICBMA (IoT, Cloud, Big Data, Mobile, AI), is leading to a surge in data and a numerical and quantitative increase in data centers to accommodate it. As the data center is recognized as a social infrastructure, It is very important to identify physical security threats in advance in order to secure safety, such as responding to a terrorist attack. In this paper, we develop physical security threat breakdown structure (PS-TBS) for easy identification and classification of threats, and verify the feasibility and effectiveness of the PS-TBS through expert questionnaires. In addition, we intend to contribute to the improvement of physical security level by practical use in detailed definition on items of PS-TBS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.115-128
• /
• 2017

The methods of electronic financial fraud continue to evolve. Various research and countermeasures have been proposed to counter this problem, but it is difficult to eradicate it. The purpose of this study is to analyze the risk of electronic financial fraud through MS Threat Risk Modeling and to propose the countermeasures against the electronic financial fraud. As a result of the analysis, it is confirmed that despite the difference of authentication methods, there is a high risk of pharming, and it is difficult to prevent attack by using only additional authentication means, device security or user authentication based security system. Therefore, this study suggests the introduction of preventive measures such as readjustment of transaction limit by security means, account authentication, and additional physical security measures. It also suggests the establishment and implementation of a comprehensive electronic financial fraud prevention policy through linkage of electronic fraud prevention system and improvement of public relations and user awareness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.261-270
• /
• 2010

As the usage of social network service(SNS) increases recently, great attention has been shown to the information security in SNS. However, there has been little investment in SNS environment for security while preferential investment to attract subscribers has been made so far. Moreover, there is still a lack of confidence for investment effect and an absence of framework to analyze the threat factors of information security in SNS. In this paper, we propose to model for decision-making standard of SNS information security investment by the AHP. The result shows that 'service image' is the most important criterion for the decision of SNS information security. It also shows that 'Profile-squatting and reputation slander through ID thefts' and 'Corporate espionage' are important threat factors in SNS information security.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.316-322
• /
• 2021

The problem of corruption and the spread of corruption crime today is not only one of the main social problems, but also an obstacle to the implementation of reforms in Ukraine. Given the complexity, scale and diversity of the impact of corruption, it is an undisputed threat to national security. At the state level, corruption threatens, firstly, state security as a result of its spread in public authorities and the combination of political and business spheres; secondly, in the domestic political sphere as a result of non-compliance and violation by officials of public authorities and local governments of the laws of Ukraine; thirdly, in the economic sphere as a result of the dominance of personal interests of civil servants over national ones; fourthly, in other spheres, namely, military, social, ecological, informational, foreign policy, etc. The origins of corruption are diverse and are formed not only in the country but also abroad. The current corruption threat is the result of the country's ineffective domestic and foreign anticorruption policies. Acceleration of the spread and manifestation of external corruption threats is associated with a number of unresolved foreign policy issues against the background of the development of globalization and integration processes, in particular: economic and financial dependence of the country on international financial institutions and organizations; as well as from foreign countries that pose a potential threat due to their ambitious plans to expand our country; unresolved issues regarding the international legal consolidation of borders, etc. It is noted that the current conditions for the development of state security, due to new challenges and threats, need to improve and implement new measures to prevent corruption as a negative impact of the main threats to national economic security. As a result of the study, the main measures to counter the main threats to the economic security of the state were identified.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.12 no.2
• /
• pp.29-42
• /
• 2004

This paper performs a historical review on aviation threats through a statistical survey. The impact factor, as a criterion to measure the seriousness of the threats occurred, is introduced and evaluated based on annual totals of hijacking and fatalities against aircraft 1948 through 2004. Also, the paper suggests processes of evaluating the level of threats and key functions for an effective management of the aviation security.