• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.3-9
• /
• 2022

Recently, as the environment of the 4th industrial revolution has arrived, the opening, sharing and convergence of data are actively being achieved in any organization. However, the opening and sharing of data inevitably leads to security vulnerability and there is ambivalence that is a threat that can affect the existence of an organization operated in the 4th industrial revolution environment. Especially security issues in the organization of the military can be a threat to the state, not the military itself, so it is always necessary to maintain a high level of security discipline. In this paper, 14 variables were selected through structural equation model applying theory of planned behavior, deterrence and protection motivation to find out the security level development measures by extracting factors that can affect security level. As a result, the theory of planned behavior that the security knowledge embodied through the usual security regulation education and evaluation affects the behavior was adopted, and the theory of deterrence and protection motivation showed the significance of the rejection level. In addition, it was confirmed that the variables that have the greatest impact on the military security level through the measured values of the three-year security audit were commanders and mental security. In conclusion, in order to improve the security level, it is suggested that security education, definite reward and punishment, and security system upgrading should be firmly established and mental security posture should be secured.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.843-853
• /
• 2017

In the case of electronic payment, the obligation to use the certificate-based authentication was abolished. As Fin-tech service providers gain autonomy, various authentication methods are provided. SMS, ARS, PIN, Text-passwords, Fingerprints are popular authentication methods in the mobile Fin-tech services. In this study evaluate the usability and security of authentication methods in a unified mobile environment. We evaluate the usability through SUS and interview. Also we evaluate the security level of authentication methods through NIST guideline. At the result of the usability evaluation, Fingerprint authentication method had been determined as the highest usability, also Fingerprint authentication method had been determined as the safest authentication method by obtaining Security Level 4.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.41-47
• /
• 1995

This research suggests a criterion, security quality, which is a unifying principle in computer network security that has the lack of a unifying principle. The security quality includes secrecy, integrity, recording, and availability among the factors that represent the security evaluation of the computer system. So, we defined the security quality, which is a basis for determining the security level, as the grand total of evaluation about each factor.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1153-1165
• /
• 2019

Recently, threats of hacking have been increasing on the national intelligence service network and key infrastructure, including the defense field. The defense information system responds to threats from the outside through the network separation, but if the defense information system is hacked, it has a serious impact on the operations of wartime or peacetime military forces. Today, cyberattacks and threats are rising to unpredictable levels and making it practically impossible to completely block and prevent hacking threats completly. So, in this study proposed a maturity model to assess the level of cyber-resilience, which is the ability to ensure the system's viability and maintain continuity through rapid response and recovery if signs of cyberattacks by the defense information system are expected or occurred. The proposed maturity model is expected to contribute to improving the cyber security level of the defense information system by assessing the level of cyber resilience of the defense information system and identifying and supplementing fields that are lacking.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.107-114
• /
• 2015

Since 2002, information security management system has been implemented (ISMS) certification scheme whilst providing telecommunications services to enhance the level of enterprise information security was ongoing and Prevent accidents and avoid spread of infringement, such as rapid response and there is a lot of it came true. However, this system is the protection of the country or the investment company, as part of the actual information on how management affects the performance came from or how measures are still lacking for. In this study, the companies have their own privacy ISMS certification measures the level of activity continued to improve information security performance measures and methodology are presented. The government is also based on the validity of the certification system to ensure the overall implementation of the ISMS itself is this a step increase effective information security system is to be certified in advance to prevent security incidents and to improve business performance to help.

• Korean Security Journal
• /
• no.27
• /
• pp.31-49
• /
• 2011

The subjects consisted of 60 healthy men who absence of cardiopulmonary diseases, orthopedic diseases, and metabolic diseases. The difference of physical fitness, body composition, cardiovascular risk factors, and psychological characteristics for security guards' working type were examined using one-way ANOVA through SPSS 12.0 version and was treated for the post hoc test when the difference appeared significantly. According to the result, first, there were higher level for the physical fitness according to the security guards' position and it increases body composition and cardiovascular risk factors from higher position. Second, physical fitness level is higher, body composition and cardiovascular risk factors is lower in the security guards for the field service than the security guards on inside duty according to the security guards' working type. Third, it decreases body composition and cardiovascular risk level when the physical fitness level is getting increase for the security guards. In conclusion, it needs to have a physical activity with aerobic system for the security guards of leading members and inside service to decrease the overweight or obesity and cardiovascular risk level.

• Asia pacific journal of information systems
• /
• v.8 no.2
• /
• pp.105-119
• /
• 1998

As the first step to information security, the security policy and organizational control need to be established. The purpose of this study is to investigate the policy and management of information security of five major Korean business groups. The results of case study on five giant groups can be summarized as follows. There exists a basic policy for information security. But it is outdated and not realistic in the present. The security audit and education need to be upgraded. It is also necessary to use security tools actively. The security level is low in companies which do not have independent information security divisions. Therefore, it is desirable to build information security teams. The number of security personnel is not enough for the task although there exist an information security team in the company. It is important to check if the team has the ability of perform information security task. The interview with security managers reveals that the total security management should be integrated with physical and computer security. It is suggested that an Information Security Center play the major role for information security. The study on the information security management for industry level is expected to be performed in the future.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.7
• /
• pp.123-131
• /
• 2019

In this paper, related studies were investigated by dividing them into cost-benefit analysis, security continuity services, and SW-centric calculations. The case analysis was conducted on A institutions in the United States, Japan and South Korea. Based on this, an improvement model was prepared through comparison with the current system. The SCS(Security Continuity Service) performance evaluation system-based information protection service cost calculation model is proposed. This method applies a service level agreement(SLA) and NIST Cybersecurity framework that are highly effective through cost-effectiveness analysis and calculates consideration based on characteristics, performance criteria, and weights by information protection service. This model can be used as a tool to objectively calculate the cost of information protection services at public institutions. It is also expected that this system can be established by strengthening the current recommended statutory level to the enforceability level, improving the evaluation system of state agencies and public institutions, introducing a verification system of information protection services by national certification bodies, and expanding its scope to all systems.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.248-254
• /
• 2022

The main purpose of the study is to analyze the main aspects of personnel security in the context of the public administration system. Today the civil service is the central link in increasing the efficiency of the public administration system. One of the most important directions of reforming the civil service is strengthening personnel security, since the level of formation and implementation of managerial decisions depends on the staff of professional employees with the necessary qualities, competencies and competencies. As a result, the main aspects of personnel security in the context of public administration were analyzed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.637-644
• /
• 2012

In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.