• 한국IT서비스학회지
• /
• 제7권1호
• /
• pp.117-130
• /
• 2008

Multi-attribute risk assessments provide a useful framework for systematic quantitative risk assessment that the security manager can use to prioritize security requirements and threats. In the first step, the security managers identify the four significant outcome attributes(lost revenue, lost productivity, lost customer, and recovery cost). Next. the security manager estimates the frequency and severity(three points estimates for outcome attribute values) for each threat and rank the outcome attributes according to AHP(Analytic Hierarchy Process). Finally, we generate the threat index by using muiti-attribute function and make sensitivity analysis with simulation package(Crystal Ball). In this paper, we show how multi-attribute risk analysis techniques from the field of security risk management can be used by security managers to prioritize their organization's threats and their security requirements, eventually they can derive threat index. This threat index can help security managers to decide whether their security investment is consistent with the expected risks. In addition, sensitivity analysis allows the security manager to explore the estimates to understand how they affect the selection.

• Journal of Information Science Theory and Practice
• /
• 제7권1호
• /
• pp.52-71
• /
• 2019

An insider threat is a threat that comes from people within the organization being attacked. It can be described as a function of the motivation, opportunity, and capability of the insider. Compared to managing the dimensions of opportunity and capability, assessing one's motivation in committing malicious acts poses more challenges to organizations because it usually involves a more obtrusive process of psychological examination. The existing body of research in psycholinguistics suggests that automated text analysis of electronic communications can be an alternative for predicting and detecting insider threat through unobtrusive behavior monitoring. However, a major challenge in employing this approach is that it is difficult to minimize the risk of missing any potential threat while maintaining an acceptable false alarm rate. To deal with the trade-off between the risk of missed catches and the false alarm rate, we propose a unified psycholinguistic framework that consolidates multiple text analyzers to carry out sentiment analysis, emotion analysis, and topic modeling on electronic communications for unobtrusive psychological assessment. The user scenarios presented in this paper demonstrated how the trade-off issue can be attenuated with different text analyzers working collaboratively to provide more comprehensive summaries of users' psychological states.

• 한국항공운항학회지
• /
• 제20권2호
• /
• pp.47-57
• /
• 2012

The strengthened aviation security measurements caused by increased terror threat all around the world have air passengers annoyed by uneasy treatment and some delayed process. The service level of air travel and competitiveness of airlines industry has been weakened also. The aviation security process is mainly conducted at an airport. The threat level of airport is not usually same airport to airport, and the quality of aviation security activity is neither same. However, ICAO requires every international airport to conduct similar process to ensure aviation security without considering situational difference of each airport. The paper has objectives to develop reasonable security measurements based on risk management concept. It studied the ways of achieving target level of security of an airport, considering the threat situation of the airport and its ability to conduct security procedures.

• 한국재난관리표준학회지
• /
• 제1권1호
• /
• pp.63-67
• /
• 2008

본 연구는 위험성 분석 기법을 통해 화학 산업 시설에서 발생 가능한 화학 테러에 대한 원인 을 규명하고, 기존의 테러 대응 방법에 대한 분석 및 평가를 함으로써 효과적 대응 개선 방안을 마련하기 위 한 프로그램 개발이다 테러 위험성 평가 프로그램은 자산 분석(Asset Characterization), 위협 평가(Threat Assessment), 취약성 분석(Vulnerability Analysis), 위험성 평가(Risk Assessment), 대응책 제시(New Countermeasure)의 총 5단계의 순차적 알고리즘으로 구성되어 있다. 개발된 프로그램을 항만에 위치한 석유 저장 및 정제 공정에 적용하여 테러 위험성과 그 원인을 분석함으로써 위험성 평가 프로그램의 효용성과 신뢰성을 검증하였다. 화학 산업 시설에서의 보안 및 테러리즘에 대한 문제성 제기를 통해 그 해결책을 제시하고 테러의 취약점과 원인을 규명함으로써 테러나 재해(extreme event) 발생 시 효과적인 대응책 마련이나 대응 전략 수립에 기여하고자 개발된 프로그램이다.

• 한국전산유체공학회:학술대회논문집
• /
• 한국전산유체공학회 2006년도 PARALLEL CFD 2006
• /
• pp.292-295
• /
• 2006

The terrorist attack of September $11^{th}$ 2001 has enforced a new examination of the response of modern steel structures, such as those found in large warehouses, auditoriums and airport terminals, to terrorist bomb attack. The effort described in this paper assesses the potential damage to such a newly designed structure form a medium-size car bomb. The structure is mostly composed of a lightweight complex beam structure with large windows and skylights piercing through a corrugated roof. The structural response to the terrorist attack requires the modelling of various physics phenomena including bomb detonation, blast wave propagation, reflections, and refractions and resulting blast impact on the structure. Hence, a fluid/structure coupled methodology is used to perform the assessment.

• 한국철도학회:학술대회논문집
• /
• 한국철도학회 2005년도 추계학술대회 논문집
• /
• pp.1-6
• /
• 2005

To improve safety management of railway and cope with the factors to threat technical and social safety, we need to establish railway safety management system based on analysis of hazards and assessment of risk for railway system. So we have to conduct PHA(Preliminary Hazard Analysis) first to understand weak points and factors to possibly threat safety using analysis of related data such as past accident/incident data and safety regulation and classification standards of hazards/causes of railway accidents. Therefore in this research, we led types/dangerous events/causes of risks/factors of risks from hazard log developed based on railway accident classification and hazards of railway accident. PHA model for domestic railway system will be used in risk analysis and risk assessment of railway accident.

• 한국전자거래학회지
• /
• 제24권2호
• /
• pp.113-124
• /
• 2019

최근 많은 기업은 IoT가 적용된 제품들을 개발하여 판매하고 있으며, 외부의 위협으로부터 제품 및 사용자 정보를 보호하기 위해 기획 단계서부터 보안을 고려하고 있다. 그러나 IoT의 다양성으로 인해 제품별 보안요구사항 개발을 하기 위해 투자되는 시간과 인력의 한계가 있어 현재 낮은 수준의 보안이 적용되어 있다. IoT가 적용된 제품에서 취약점이 지속적으로 발표되고 있고, 이에 실제 Home IoT에 대한 보다 상세한 보안요구사항이 필요하게 되었다. 이를 위해 본 논문에서는 Microsoft사의 Threat Modeling Tool을 사용하여 Home IoT의 위협을 도출하였으며, 도출된 위협과 국내 외 취약점 평가 기준 및 논문 등과 비교 분석하여 실제 보안성 점검에 사용할 수 있는 항목을 개발하여 Home IoT 제품의 보안성 강화방안을 제시하였다. 또한 도출된 보안요구사항과 기존의 보안요구사항을 바탕으로 점검을 실시하여 효과성 검토를 하였으며, 그 결과 본 논문에서 도출된 보안요구사항의 취약점 발견 효과성이 대체로 높은 것으로 나타났다.

• Journal of Computational Design and Engineering
• /
• 제1권4호
• /
• pp.266-271
• /
• 2014

The survivability of the naval ship is the capability of a warship to avoid or withstand a hostile environment. The survivability of the naval ship assessed by three categories (susceptibility, vulnerability and recoverability). The magnitude of susceptibility of a warship encountering with threat is dependent upon the attributes of detection equipment and weapon system. In this paper, as a part of a naval ship's survivability analysis, an assessment process model for the ship's susceptibility analysis technique is developed. Naval ship's survivability emphasizing the susceptibility is assessed by the probability of detection, and the probability of hit. Considering the radar cross section (RCS), the assessment procedure for the susceptibility is described. It's emphasizing the simplified calculation model based on the probability density function for probability of hit. Assuming the probability of hit given a both single-hit and multiple-hit, the susceptibility is accessed for a RCS and the hit probability for a rectangular target is applied for a given threat.

• 한국컴퓨터정보학회논문지
• /
• 제12권2호
• /
• pp.333-339
• /
• 2007

대부분의 조직에서 정보시스템의 의존도가 높아짐에 따라 정보시스템 보안 사고에 대한 위험이 증가하고 있다. 본 논문에서는 정보보호관리체계와 위험분석방법을 적용하여 보안 위험분석을 위한 안정성 평가시스템을 설계 및 구현하였다. 또한, 위험평가 시 동일한 가중치를 적용한 평가와 조직의 특성에 따라 보안요소의 가중치를 가변적으로 적용한 평가를 할 수 있도록 하였으며 각 조직이 자체적으로 보안 점검을 할 수 있도록 설계함으로서 관리 측면에서 취약점을 쉽게 찾을 수 있도록 지원하며. 안정성 확보를 위하여 수행해야 할 권고를 제시한다.

• Nuclear Engineering and Technology
• /
• 제55권6호
• /
• pp.2034-2046
• /
• 2023

Industrial control systems in nuclear facilities are facing increasing cyber threats due to the widespread use of information and communication equipment. To implement cyber security programs effectively through the RG 5.71, it is necessary to quantitatively assess cyber risks. However, this can be challenging due to limited historical data on threats and customized Critical Digital Assets (CDAs) in nuclear facilities. Previous works have focused on identifying data flows, the assets where the data is stored and processed, which means that the methods are heavily biased towards information security concerns. Additionally, in nuclear facilities, cyber threats need to be analyzed from a safety perspective. In this study, we use the system theoretic process analysis to identify system-level threat scenarios that could violate safety constraints. Instead of quantifying the likelihood of exploiting vulnerabilities, we quantify Security Control Measures (SCMs) against the identified threat scenarios. We classify the system and CDAs into four consequence-based classes, as presented in NEI 13-10, to analyze the adversary impact on CDAs. This allows for the ranking of identified threat scenarios according to the quantified SCMs. The proposed framework enables stakeholders to more effectively and accurately rank cyber risks, as well as establish security and response strategies.