• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권2호
• /
• pp.609-625
• /
• 2023

This study is a demand research for the selection of public safety science and technology equipment and suggests an empirical research method. The technology demand survey is the beginning of the selection of innovative technology. And it is the basis of collecting information required for the technology required in the market and helping to apply it to the field. The demand survey for police science and technology can reduce the uncertainty of crime prevention and help the smooth implementation of security policies. However, in Korea, adoption of security science and technology equipment was centered on social issues or researchers' opinions rather than the demands of field users. Until, there was no research has been conducted on the demands of field police officers for selection of security science and technology equipment in Korea. Also, there was no preferential study for the demand for security science and technology equipment. Therefore, this study proposes a methodology that can systematically identify the needs for the technology and equipment of field experts suitable for the public security situation for the selection of security science and technology equipment. Specifically, we propose a sample design for a technology classification system and a survey tool for technology awareness and satisfaction. It is expected that this tool will provide a classification system for security science and technology equipment selected for the Korean police and will help determine the priority of equipment suitable for the field.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권1호
• /
• pp.24-45
• /
• 2012

In this paper, we present a survey of security and privacy preserving issues in M2M communications in Cyber-Physical Systems. First, we discuss the security challenges in M2M communications in wireless networks of Cyber-Physical Systems and outline the constraints, attack issues, and a set of challenges that need to be addressed for building secure Cyber-Physical Systems. Then, a secure architecture suitable for Cyber-Physical Systems is proposed to cope with these security issues. Eventually, the corresponding countermeasures to the security issues are discussed from four aspects: access control, intrusion detection, authentication and privacy preserving, respectively. Along the way we highlight the advantages and disadvantages of various existing security schemes and further compare and evaluate these schemes from each of these four aspects. We also point out the open research issues in each subarea and conclude with possible future research directions on security in Cyber-Physical Systems. It is believed that once these challenges are surmounted, applications with intrinsic security considerations will become immediately realizable.

• 한국컴퓨터정보학회논문지
• /
• 제23권12호
• /
• pp.95-105
• /
• 2018

As the IT industry developed, the information held by the company soon became a corporate asset. As this information has value as an asset, the number and scale of various cyber attacks which targeting enterprises and institutions is increasing day by day. Therefore, research are being carried out to protect the assets from cyber attacks by using the attack graph to identify the possibility and risk of various attacks in advance and prepare countermeasures against the attacks. In the attack graph, security metric is used as a measure for determining the importance of each asset or the risk of an attack. This is a key element of the attack graph used as a criterion for determining which assets should be protected first or which attack path should be removed first. In this survey, we research trends of various security metrics used in attack graphs and classify the research according to application viewpoints, use of CVSS(Common Vulnerability Scoring System), and detail metrics. Furthermore, we discussed how to graft the latest security technologies, such as MTD(Moving Target Defense) or SDN(Software Defined Network), onto the attack graphs.

• 한국정보시스템학회지:정보시스템연구
• /
• 제29권4호
• /
• pp.57-76
• /
• 2020

Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

• 산업경영시스템학회지
• /
• 제39권4호
• /
• pp.97-105
• /
• 2016

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

• 정보보호학회논문지
• /
• 제18권6B호
• /
• pp.233-248
• /
• 2008

Advances in electronics and wireless communication technologies have enabled the development of large-scale wireless sensor networks (WSNs). There are numerous applications for wireless sensor networks, and security is vital for many of them. However, WSNs suffer from many constraints, including low computation capability, small memory, limited energy resources, susceptibility to physical capture, and the lack of infrastructure, all of which impose unique security challenges and make innovative approaches desirable. In this paper, we present a survey on security issues in wireless sensor networks. We address several network models for security protocols in WSNs, and explore the state of the art in research on the key distribution and management schemes, typical attacks and corresponding countermeasures, entity and message authentication protocols, security data aggregation, and privacy. In addition, we discuss some directions of future work.

• Journal of the Korean Data and Information Science Society
• /
• 제19권4호
• /
• pp.1047-1058
• /
• 2008

Prediction of total sales in information security industry is considered. Exponential smoothing and spline smoothing is applied to the time series of annual sales data. Due to the different survey items of every year, we recollect the original survey data by some basic criterion and predict the sales to 2014. We show the total sales in infonnation security industry are increasing gradually by year.

• Asia pacific journal of information systems
• /
• 제30권2호
• /
• pp.308-327
• /
• 2020

The importance of information security is increasing, and various efforts are being made to improve users' information security behaviors. Among these various efforts, information security education is mainly aimed at providing users with information security knowledge and improving information security awareness. This study classified the types of information security education into offline and online to examine the effects of each education method on attitudes toward information security (perceived severity, vulnerability, self-efficacy and response-efficacy) and information security behaviors. A survey was conducted for users with information security education experiences. The results obtained by comparing the differences in the path coefficients of personal information security behaviors according to information security education experiences showed that security behaviors were more significant in the online experience group than the offline group. In addition, gender differences were analyzed, and it was found that females had a greater impact on information security attitudes than males. This study also found that among Internet users with online information security education experience, females tend to have more information security behavior than males, but there were contrasting results among users with offline information security education experiences. The results of this study finally address the necessity of reflecting users' personalities in the systematic design of information security education in the future. Furthermore, the results of this study support the need for an appropriate education system that sufficiently understands education types to maximize the effects of information security education.

• 정보보호학회논문지
• /
• 제25권1호
• /
• pp.225-235
• /
• 2015

최근 정보보호인증 및 보안감사의 감독과 절차가 강화되고 있지만 내부자에 의한 정보유출 및 보안사고는 지속적으로 늘어나고 있다. 2011 Cyber Security Watch Survey에 의하면 2010년 한 해 동안 발생한 보안사고 중 21%가 내부자에 의해 발생한 것으로 조사되었다. 기업들은 대외서비스와 달리 내부시스템 보안사고의 경우 즉각적으로 인지하지 못하거나 발생 시 비용증가, 신용도하락 등의 이유로 외부에 공시하지 않고 일시적 미봉책으로 해결하는 경우가 많았다. 본 논문은 시스템 접근관리에 대한 문제점을 실증적으로 연구하였으며, 타 시스템 또는 사업장에서 활용이 가능한 표준 프로세스를 제시하였다. 이를 통해 기업들이 쉽고 체계적으로 시스템 접근관리에 대한 문제점을 조사하고 분석하며 개선하는데 도움을 줄 것이다.

• Journal of Information Processing Systems
• /
• 제17권4호
• /
• pp.801-817
• /
• 2021

Network virtualization technologies have played efficient roles in deploying cloud, Internet of Things (IoT), big data, and 5G network. We have conducted a survey on network virtualization technologies, such as software-defined networking (SDN), network functions virtualization (NFV), and network virtualization overlay (NVO). For each of technologies, we have explained the comprehensive architectures, applied technologies, and the advantages and disadvantages. Furthermore, this paper has provided a summarized view of the latest research works on challenges and solutions of security issues mainly focused on DDoS attack and encryption.