• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1083-1095
• /
• 2021

With the recent increase in users' dependence on the Internet and the spread of various IT devices, the influence of information security on the users' has expanded compared to the past. Therefore, it is expected to have an increased influence on information security in personal life. In addition, as the intrusion factors that threaten security continue to become more advanced and diversified (eg., fake news, cyberbullying, identity theft), the need for nurturing information security experts is increasing. Furthermore, not only corporate information security workers, but also all individuals, cannot be free from the threat of information security. Therefore, it is necessary to prepare various information security education to improve information security awareness and induce proactive information security behaviors. In this study, characteristics of domestic and foreign information security education courses are analyzed and provide a standardized framework for information security education applicable to the domestic environment.

• Strategy21
• /
• s.33
• /
• pp.148-177
• /
• 2014

The regional security and stability in Northeast Asia has become more complicated because of a sudden establishment of China's Air Defense Identification Zone (ADIZ) on 23 November 2013. One dimensional conflicts on the territorial sovereignty over the islands between the regional States has developed into the two dimensional conflicts like maritime delimitations among the States concerned since they have all ratified the 1982 United Nations Convention on the Law of the Sea which adopts the 200 nautical mile Exclusive Economic Zone regime. Moreover, due to the notion of the outer limit of the continental shelf, the conflicts have developed into three dimensional ones in order to acquire more natural resources even in the seabed. To make matters worse, such three dimensional conflicts have expanded to the airspace as well. The paper will analyze what implications the sudden declaration of China's ADIZ have for the regional security in Northeast Asia from the perspectives of public international law. To this end, the paper 1) starts with the debates on the legal nature of the ADIZ, 2) identifies the Chinese government's political motives for the establishment of the ADIZ over the East China Sea, 3) assesses the responses of the regional States and the USA to the China's establishment of the ADIZ, and then 4) discuss what implications the overlapped ADIZ of the three key States in the region have for the regional security and stability.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.46 no.1
• /
• pp.86-94
• /
• 2018

As the use of software is increasing in aircraft system, an exposure to the threat of safety and security also continues to grow. Although certification criteria for software safety such as DO-178C have already been established, specific certification criteria for software security have not yet been included. Recently DO-326A, DO-356 and DO-355 have been published separately for aircraft and system airworthiness security certification criteria. However, to comply individual certification criteria and procedures, it requires the additional cost and effort. Therefore, this paper proposes the efficient integrated certification criteria saving cost, effort and time by combining the certification criteria for software safety and security.

• Journal of Advanced Navigation Technology
• /
• v.14 no.4
• /
• pp.504-511
• /
• 2010

The personal bio-information supplied from the PHD(Personal Health Device) for personal health management is very sensitive in relation to a personal living body in an aspect of privacy protection. On the assumption thai the information is about a patient, it is more serious problem if it is revealed to a third party. However. the established ISO (International Organizations for Standardization) standard protocol[1] in October 2009 has just considered a transmission part for mutual exchange of bio-information between individuals, but has never actually considered security elements. Accordingly, this paper is to show all sorts of security threats according to personal health management in the u-health environment and security requirements newly.

• Journal of Digital Contents Society
• /
• v.5 no.2
• /
• pp.157-162
• /
• 2004

A development of PP/ST is essential in CC environment. And, the KOREA is expected that PP/STs demand increases explosively by joining to CCRA hereafter. Specially, PP/ST development experience of the KOREA is lacking. So, development of security environment(assume, threat, policy) and security objective contents refer only PP/ST Guide(ISO/IEC PDTR 15446) are very difficult. In this paper, we propose a web service based common security environment and security objective repository model that make developers can run PP/ST creation to be simple. Through proposed model, developers who development experience is lacking are expected to achieve PP/ST development to be simple.

• Journal of Internet Computing and Services
• /
• v.7 no.1
• /
• pp.31-38
• /
• 2006

The importance of the Security Risk Analysis has emerged as security breaches and information leaks has occurred in the companies and organization: threats toward information system and its vulnerabilities has grown up as the dependence on the information-communication systems goes higher as a result of technological advances in IT industry, A Risk Analysis Tool helps to mitigate overall risk of an organization by analysing and evaluating critical information systems and providing security measures against threats to systems and its vulnerabilities as a means to identify the inherent dangers and prevent security intrusion incident, This paper defines risk analysis process by introducing Common Criteria Scheme and suggest a risk analysis tool that can be easily implemented by an information security manager.

• Convergence Security Journal
• /
• v.5 no.4
• /
• pp.1-6
• /
• 2005

Today the malicious approach and information threat against a network system increase and, the demage about this spread to persnal user from company. The product which provides only unit security function like an infiltration detection system and an infiltration interception system reached the limits about the composition infiltration which is being turn out dispersion anger and intelligence anger Necessity of integrated security civil official is raising its head using various security product about infiltration detection, confrontation and reverse tracking of hacker. Because of the quantity to be many analysis of the event which is transmitted from the various security product and infiltration alarm, analysis is difficult. So server is becoming the charge of their side. Consequently the dissertation will research the method to axis infiltration alarm data to solve like this problem.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.51-58
• /
• 1995

The importance of the risk analysis tool has been recognized and its use also has been emphasized by a number of researchers recently The methodology were examined but neither algorithms nor practical applications have been implemented or practiced in Korea. In this paper, the architecture of the Buddy System, one of the automated risk assessment tools. is analyzed in depth to provide the algorithmic understanding and to promote the development of the risk analysis methodology. The Buddy System mainly uses three main factors of vulnerability, threat and countermeasures as a nucleus of the qualatative analysis with the modified loss expectancy value. These factors are identified and assessed by the separation of duties between the end user and security analyst. The Buddy System uses five axioms as its bases of assessment algorithm and the assessed vulnerability level is strictly within these axioms. Since the In-place countermeasures reduce the vulnerability level up to a certain level. the security analyst may use "what if " model to examine the impact of additional countermeasures by proposing each to reduce the vulnerability level further to within the acceptable range. The emphasis on the qualitative approach on vulnerability leveling is very well balanced with the quantitative analysis that the system performance is prominent.prominent.

• Convergence Security Journal
• /
• v.7 no.4
• /
• pp.123-131
• /
• 2007

Recently, various threat and security incident are occurred for unspecified individuals, and this problem increases as the rapid of information sharing through Internet. The using of Information Security System such as IDS, Firewall, VPN etc. makes this problem minimal. However, professional knowledge or skill is needed in that case, normal user can't operate the Information Security System. This paper designs and implements File Access Control Module(FACM) to use easily for normal user against malicious threats and attacks. The FACM can exclude from malicious threats and attacks based on operation system rather than detection of threats and attacks. The FACM is working not only Windows System but also Linux System, and the FACM has effect on access control, integrity and non-repudiation for a file with an access control over files on the each OS that are used by multi-user.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.537-544
• /
• 2012

With wireless network infrastructure, the number of smart-phone users is remarkably increasing in the world and the amounts of damage due to the smart-phone malwares are also raised. Many security solutions for wireless network have come into the market but these solutions are for companies or large enterprises, therefore, the public users of smart-phone don't feel easy to select as their solutions and it is difficult to detect unknown malwares. In this paper, we propose the mobile security diagnostic system for public smart-phone users, which provides functions like smart-phone system check, comparison with blacklist of applications and collecting malwares.