• Journal of the Korea Institute of Military Science and Technology
• /
• v.24 no.5
• /
• pp.537-544
• /
• 2021

Cyber threats can bypass existing cyber-protection systems and are rapidly developing by exploiting new technologies such as artificial intelligence. In order to respond to such cyber threats, it is important to improve the ability to detect unknown cyber threats by correlating heterogeneous cyber protection systems. In this paper, to enhance cyber-attack response capabilities, we proposed command and control that enables rapid decision-making and response before the attack objectives are achieved, using Lockheed Martin's cyber kill chain and MITRE ATT&CK to analyze the purpose and intention of the attacker.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4145-4162
• /
• 2021

During the period of epidemic prevention and control, contact tracing systems are developed in many countries, to stop or slow down the progression of COVID-19 contamination. However, the privacy issues involved in the use of contact tracing apps have also attracted people's attention. First, we divide contact tracing techniques into two types: Bluetooth Low Energy (BLE) based and Global Positioning System (GPS) based techniques. In order to clear understand the system structure and its elements, we create data flow diagram (DFD) of each types. Second, we analyze the possible privacy threats contained in various types of contact tracing apps by applying LINDDUN, which is a threat modeling technique for personal information protection. Third, we make a comparison and analysis of various contact tracing techniques from privacy point of view. These studies can facilitate improve tracing and security performance to contact tracing apps through comparisons between different types.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.69-79
• /
• 2003

We analyze key business process by using IDEF method in the perspective of business continuity, identify key information assets by using Skandia model, and use Nessus Version 1.4.2 to assess vulnerability about the sever of library information system according to OCTAVE(The Operationally Critical Threat, Asset, and Vulnerability Evaluation) approach. We suggest the vulnerability assessment case for introducing improved OCTAVE method including IDEF method and Skandia model.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.365-373
• /
• 2021

Covid-19 posed a serious threat to public health worldwide, especially in the absence of vaccines or medicines. The only viable strategies to combat a virus with a high infection rate were to apply lock-down strategies, transport ban, social and physical distancing. In this work, we provide a domain-specific component model for crisis management. The model allows for building a plan for managing Covid-19 crisis and use the plan as a template to generate a system specific for managing that crisis. The crisis component model is derived from X-MAN II, a generic component model that we have developed for the aircraft industry

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.181-188
• /
• 2021

The use of the internet has become a basic need for many across the globe. The situation is very much the same for the youth in many countries like Saudi Arabia who have grown up surrounded and accessing the internet. This demographic, however, is at an increased risk of falling as victims to cybercrime because of a low level of technical awareness. This review looks at the level of technical awareness of internet use in 3 different countries which include the USA, South Africa, and New Zealand. The review will compare the situation in these nations with those in KSA. Based on the review and comparisons, recommendations are made for culturally and socially acceptable e-Safety awareness of Saudi youths.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.765-774
• /
• 2018

As the IT technology develops, the military information system develops to the current IT environment for efficient operation and rapid communication, and the threat of cyber attack against the advanced weapon system using network technology is increasing simultaneously. In order to prevent and mitigate these problems, the United States has applied the cybersecurity test evaluation system from the beginning to the beginning of weapon system development. However, in Korea, the evaluation process of cyber security test is weak, and there is concern about the damage due to cyber attack. In this paper, we analyze cybersecurity test evaluation status of U.S. and domestic weapon systems and propose a solution to the problem of cybersecurity test evaluation system.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.43-49
• /
• 2011

Web-based health information provides a lot of conveniences, however the security vulnerabilities that appear in the network environment without the risk of exposure in the use of information are growing. Web-based medical information security issues when accessing only the technology advances, without attempting to seek a safe methodology are to increase the threat element. So it is required. to take advantage of web-based information security measures as a web-based access control security mechanism-based design. This paper is based on software architecture, design, ideas and health information systems were designed based on access control security mechanism. The methodologies are to derive a new design procedure, to design architecture and algorithms that make the mechanism functio n. To accomplish this goal, web-based access control for multiple patient information architecture infrastructures is needed. For this software framework to derive features that make the mechanism was derived based on the structure. The proposed system utilizes medical information, medical information when designing an application user retrieves data in real time, while ensuring integration of encrypted information under the access control algorithms, ensuring the safety management system design.

• Convergence Security Journal
• /
• v.17 no.4
• /
• pp.3-9
• /
• 2017

Recently, Wireless communication has been widely used as a short distance communication medium in various industrial fields as well as communication connection between home appliances due to the appearance of the Internet of Things. And Most commonly used wireless communication media include WiFi, Bluetooth, and NFC. Among them, Bluetooth is widely used for communication between smart devices as well as computer peripheral devices. And Bluetooth in the home network fields is being used to control electronic products. However, since Bluetooth security vulnerabilities are known, more and more attacks are being exploited. As the application range of Bluetooth is expanding, it is necessary to prepare countermeasures accordingly. Therefore, this study investigates the security threat factors of through Bluetooth'attack case and attack technology. And By proposing countermeasures against this problem, we intend to utilize it as data for improving the security of wireless network service in the future.

• Journal of Convergence Society for SMB
• /
• v.5 no.4
• /
• pp.31-36
• /
• 2015

Recently, the necessity of Internet of Things in conjunction between devices is increasing. However, there are increasing security threats while applying various communication technologies in the Internet of Things. In this paper, we propose a security countermeasures to minimize damage to the security of a variety of security technologies used in the Internet of Things in order to improve the efficiency of the Internet of Things. The proposed method defined the environment to minimize security damage between home devices such as TV, washing machine, refrigerator, boiler and medical devices such as Analyzers, blood glucose meters, blood pressure monitors that are used in daily life. In addition, a variety of technologies(Zigbee, Wi-Fi, NFC, RFID, etc.) that are used in the Internet of Things may be under integrated management.

• Journal of Digital Contents Society
• /
• v.18 no.5
• /
• pp.1001-1008
• /
• 2017

Because cyber attacks on industrial control systems can lead to massive financial loss or loss of lives, the standardization and the research on cyber security of industrial control systems are actively under way. As a related system, the industrial control system of social infrastructures must be equipped with the verified cryptographic module according to the e-government law and appropriate security control should be implemented in accordance with the security requirements of the industrial control system. However, the industrial control system consisting of the operation layer, the control layer, and the field device layer may cause a problem in performing the main function in each layer due to the security control implementation. In this paper, we propose things to check when performing security control in accordance with the security control requirements for each layer of the industrial control system and proper application.