• Journal of the Korean Society of Industry Convergence
• /
• v.24 no.4_2
• /
• pp.421-434
• /
• 2021

The expansion of information sharing activities using online can increase the threat of information exposure by increasing the diversity of approaches to information within an organization. The purpose of this study is to present conditions for improving the information security compliance intention of insiders to improve the level of information security within the organization. In detail, the study applies the theory of planned behavior that clearly explains the cause of an individual's behavior and proposes a way to increase the compliance intention by integrating the social control theory and goal-setting theory. The study presented research models and hypotheses based on previous studies, collected samples by applying a questionnaire technique, and tested hypotheses through structural equation modeling. As a result, information security attitude, subjective norms, and self-efficacy had a positive influence on the intention to comply. Also, attachment, commitment, and involvement, which are the factors of social control theory, formed a positive attitude toward information security. Goal difficulty and goal specificity, which are the factors of goal setting theory, formed a positive self-efficacy. The study presents academic and practical implications in terms of suggesting a method of improving the information security compliance intention of employees.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.99-102
• /
• 2020

인터넷 사용 인구가 증가하면서 이제 사이버공간은 우리 생활에서 중요한 인프라가 되었다. 최근 인터넷 침해사고의 추세는 주로 금전적인 이익을 얻기 위하여 발생하고 있으며, 그 수법이 갈수록 지능적이고 복합적인 기법들을 사용하여 대응과 분석이 점점 어려워지고 있다. 인터넷 침해사고는 이제 특정 개인, 기업의 문제가 아닌 사회적, 국가적 이슈가 되고 있다. 이처럼 인터넷 등 정보통신의 발달에 따른 생활의 편리함 등 순기능과 함께 해킹 등과 같은 역기능도 피할 수 없는 상황이다. 침해사고에 대한 대응은 특정 계급에 국한되는 것이 아니라 사이버공간을 이용하든 모든 사용자가 대비를 해야한다. 사이버 위협에 지속적으로 대비하고, 침해사고 예방 및 대응 수준과 사용자들의 보안 인식을 높혀 개인, 기업, 국가의 안전을 보장해야 할 것이다. 이에 본 연구에서는 침해사고 사례를 바탕으로 분석해 개인 인터넷 이용자들에게 인터넷 침해사고 예방 및 대응요령을 제공한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.97-98
• /
• 2020

코로나19의 확산은 기업의 근무환경에 변화를 가져오고 있다. 최신 IT기술을 활용한 재택근무, 이동원격근무, 원격근무센터와 같은 원격근무가 대표적인 사례이다. 하지만 원격근무는 특성상 기업의 보안정책의 적용범위를 벗어나 사이버위협에 상대적으로 더 많은 노출을 동반한다. 본 논문에서는 최근 국제사회에 대규모 확산이 일어나고 있는 코로나19와 같은 감염병 확산의 영향 또는 조직의 필요에 의해 정보통신기술을 기반으로 원격근무로의 근무형태로 전환하려는 기업이나 기관 등에서 보다 안전한 근무환경을 구추하기 위한 방법의 하나로 원격근무에 대한 위협 및 위험을 분석한다. 분석결과를 활용하여 조직의 보안담당자는 안전한 보안체계를 구축하기 위한 솔루션 선택에 도움을 줄 수 있을 것으로 기대한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.597-599
• /
• 2021

5G technology will be applied to various technologies related to game changers in the defense field. In addition, the establishment of a mobile work environment will be utilized. 5G has emerged as a new threat due to major technologies different from previous technologies. And due to 5G technology, there is an increasing demand to apply mobile technology to the defense sector. In this paper, we look at the security policy for defense 5G operation and the step-by-step construction plan consisting of three.

• Journal of Navigation and Port Research
• /
• v.36 no.3
• /
• pp.261-271
• /
• 2012

The purpose of the present study is to empirically examine factors that affect the information security awareness and perceived information security risk of employees of port companies. In particular, in order to identify factors that affect the perceived information security risks, we investigated the relation of assets, threats, and vulnerabilities to it, using the risk analysis methodology. With A total of 252 valid questionnaires, we also performed the structural equation modeling analysis using AMOS. It was found that first, there was no meaningful relationship between the information assets and the perceived information security risk in the case of employees of port companies. Second, threats and vulnerabilities turned out to have positive influences on the perceived information security risk. Finally, there was a positive relationship not only between the information security awareness and the information security education, but also between the information security awareness and the intention of information security. However, there was no meaningful relationship between the information security concern and the information security awareness.

• Proceedings of the Korea Association of Information Systems Conference
• /
• 2000.05a
• /
• pp.171-175
• /
• 2000

The firewall is normally an intermediate system between the secure internal networks and the less secure external networks. It is intended to keep corporate systems safe from intruders, hackers, and accidental entry into the corporate system. The primary types of firewalls are screening routers, proxy servers, and stateful inspectors. Encryption is another form of firewall protection which is being incorporated along with other firewall methods. Before choosing a firewall architecture, a company must have the right mind set about the threat. The future will see more integration of firewall technologies and the increased use of standards in the industry. It must also determine what are the possible consequences of a breach in security and then develop a system to counter the threat. Additionally, new firewall technologies will address the potential dangers associated with the use of Java applets and Active X-controls on the Internet.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.207-218
• /
• 2004

IT, the information technology's dramatic growth made entire society's system to rely on it, and took its place as one of the core keyword of 21st centurie's big variety. It is enlarging its role boundaries to most territories such as business or economy, and making another cyber space within cyber space. This report is going to review how we are defending ourselves from external threat within such dramatic flow of changes.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.249-252
• /
• 2013

The recent cyber attacks paralyzed several major banking services, broadcasters, and affected the services of a telecommunications provider. Media outlets classified the attack as cyber terror and named it an Advanced Persistant Threat. Although the attack significantly disrupted these services for at least one day, various components used in the attack were not new. Previous major cyber attacks towards targets in South Korea employed more advanced techniques thus causing greater damage. This paper studies the anatomy of the recent 2013.3.20 attack, studies the technical sophistication of the malware and attack vectors used compared with previous attacks.

• Review of KIISC
• /
• v.29 no.6
• /
• pp.75-80
• /
• 2019

2018년까지 알려진 표적공격 그룹은 꾸준히 증가하여 현재 155개로 2016년 대비 39개가 증가하였고, 침해사고의 평균 체류시간(dwell-time)은 2016년 172일에서 2018년 204일로 32일이 증가하였다. 점점 다양해지고 심화되고 있는 APT(Advanced Persistent Threat)공격에 대응하기 위하여 국내외 기업들의 사이버 위협 인텔리전스(CTI; Cyber Threat Intelligence) 활용이 증가하고 있는 추세이다. 현재 KISA에서는 글로벌 동향에 발맞춰 CTI를 활용할 수 있는 시스템을 개발 중에 있다. 본 논문에서는 효율적인 CTI 활용을 위한 OSINT(Open Source Intelligence)기반 사이버 위협 정보 수집 및 연관관계 표현 시스템을 소개하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.4
• /
• pp.65-71
• /
• 2019

IAs smart device penetration rate is more than 90%, mobile transaction ratio using smart device is increasing. Smart contracts are used in various areas of real life including smart trading. By applying smart contracts to the platform for smart transactions through block-chain technology, the threat of hacking or forgery can be reduced. However, various threats to devices in smart transactions can pose a threat to the use of block chain Etherium, an important element in privilege and personal information management. Smart contract used in block chain Ethereum includes important information or transaction details of users. Therefore, in case of an attack of privilege elevation, it is very likely to exploit transaction details or forge or tamper with personal information inquiry. In this paper, we propose a detection and countermeasure method for privilege escalation attack, which is especially important for block chain for secure smart transaction using block chain Ethereum. When comparing the results of this study with the results of similar applications and researches, we showed about 12~13% improvement in performance and suggested the future countermeasures through packet analysis.