• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• 한국IT서비스학회:학술대회논문집
• /
• 2003.11a
• /
• pp.543-549
• /
• 2003

다속성 위험평가는 위협과 보안요구사항의 집합을 순위화해서 계량적으로 위험을 평가하는 유용한 체계를 제공해 준다. 본 논문의 목적은 위험을 파악해서 순위화 하는 과정을 다속성 위험평가에 의해서 분석하는 이론과 사례를 제시하는 것이다.

• Health Policy and Management
• /
• v.32 no.4
• /
• pp.380-388
• /
• 2022

Background: Emerging infectious diseases, such as Middle East respiratory syndrome or coronavirus disease 2019, pose a continuous threat to public health, making a risk assessment necessary for infectious disease control and prevention. Therefore, we aimed to investigate the risk assessment methods for infectious diseases used by major foreign countries and organizations. Methods: We conducted an investigation and comparative analysis of risk assessment and risk determination methods for infectious diseases. The risk assessment tools included the strategic toolkit for assessing risks, influenza risk assessment tool, pandemic severity assessment framework, and rapid risk assessment methodology. Results: The most frequently reported risk elements were disease severity, antiviral treatment, attack rate, population immunity, and basic productive ratio. The risk evaluation method was evaluated quantitatively and qualitatively by the stakeholders at each institution. Additionally, the final risk level was visualized in a matrix, framework, and x and y-axis. Conclusion: Considering the risk assessment tools, the risk element was classified based on the duplicate of each indicator, and risk evaluation and level of risk assessment were analyzed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.951-958
• /
• 2021

With the growing cyber threat to information assets, it has become important to share threat information quickly. This paper examines the sharing of cyber threat information and presents a method to determine the importance of threat indicators in the information sharing market by calculating weights. The analysis was conducted using AHP techniques, with a pairwise comparison of the four factors(attacker & infected system indicators, role indicators, malicious file indicators, technique & spread indicators) and the details of each factor. Analysis shows that malicious file indicators are the most important among the higher evaluation factors and infected system IP, C&C and Smishing are the most important factors in comparison between detailed items. These findings could be used to measure the preference of consumers and the contribution of information provider for facilitating information sharing.

• Journal of the Society of Naval Architects of Korea
• /
• v.49 no.3
• /
• pp.254-263
• /
• 2012

The survivability of warship is assessed by susceptibility, vulnerability and recoverability. Essentially, a vulnerability assessment is a measure of the effectiveness of a warship to resist hostile weapon effects. Considering the shot line and its penetration effect on the warship, present study introduces the procedural aspects of vulnerability assessments of warship. Present study also considers the prediction of penetration damage to a target caused by the impact of projectiles. It reflects the interaction between the weapon and the target from a perspective of vulnerable area method and COVART model. The shotline and tracing calculation have been directly integrated into the vulnerability assessment method based on the penetration equation empirically obtained. A simplified geometric description of the desired target and specification of a threat type is incorporated with the penetration effect. This study describes how to expand the vulnerable area assessment method to the penetration effect. Finally, an example shows that the proposed method can provide the vulnerability parameters of the warship or its component under threat being hit through tracing the shotline path thereby enabling the vulnerability calculation. In addition, the proposed procedure enabling the calculation of the component's multi-hit vulnerability introduces a propulsion system in dealing with redundant Non-overlapping components.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.6
• /
• pp.1113-1118
• /
• 2012

The e-navigation in IMO(International Maritime Organization) has been developed as a strategy for user oriented service followed by HEAP(Human Element Analysing Process) to assess the solutions in view of human ergonomics. Although IMO already had an interim guideline for human element assessment, it did not include appropriate human elements for user-oriented assessment, therefore there should be a need for revising the human elements of current guideline for ergonomic assessment of e-navigation. We have developed user-oriented human element checklist, threat elements caused by human external condition and error elements originated by human itself in line with the e-navigation development concept of user-based approach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.929-943
• /
• 2020

Various methods are being presented to identify the movements of COVID-19 infected persons and to protect personal privacy at the same time. Among them, 'Exposure Notification' released by Apple and Google follows a decentralized approach using Bluetooth. However, the technology must always turn on Bluetooth for use, which can create a variety of security threats. Thus, in this paper, the security assessment of 'Exposure Notification' was performed by applying 'STRIDE' and 'LINDDUN' among the security threat modeling techniques to derive all possible threats. It also presented a new Dell that derived response measures with security assessment results and improved security based on them.

• Journal of the Korean Society of Environmental Restoration Technology
• /
• v.24 no.3
• /
• pp.99-114
• /
• 2021

We examined a current status of damage in biodiversity and its causing factors in Hasidong Anin coastal dune, Gangneung-si, Gangwon province which is designated as ecological and landscape conservation area. In this study, we found that ecosystem and biodiversity have been primarily damaged by anthropogenic factors such as the construction of surrounding area, military facilities illegally dumped garbage and the expansion of windbreak forest. These factors occur to damage the landscape, ecosystem and biodiversity etc. There is a significant lack of basic data needed for preservation and restoration due to the lack of prior research and value assessment. In order to establish solutions for preservation and restoration, it is critical to collect fundamental data and implement value assessments. Therefore, further studies such as ecosystem services assessment, increasing biodiversity, spatial analysis and monitoring of various items related to coastal dunes are needed.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.05a
• /
• pp.238-239
• /
• 2019

Cyber attacks can be caused by all equipment that perform communication functions, and the link between ship and land due to the development of communication technology means that the ship sector as well as the land sector can be easily exposed to cyber threat vulnerability. In this paper, we analyze cyber threat trend changes to identify cyber security vulnerabilities in the maritime sector and propose measures to enhance cyber security through other industry case studies.

• ETRI Journal
• /
• v.44 no.6
• /
• pp.991-1003
• /
• 2022

Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.