• Journal of Information Technology and Architecture
• /
• v.9 no.4
• /
• pp.401-411
• /
• 2012

There has been increased interest for cloud computing services that can promote cost savings while increasing investment in information resources. Cloud computing, however, has a disadvantage physically located in the external information resources to take advantage of the economic benefits, the advantages and increase the vulnerability of information protection and control of information assets. In this study, due to the unique properties of the new services, including vulnerability, the vulnerability of cloud computing derive the vulnerability of cloud computing and control items were derived through the mapping between vulnerability and control items, that are not being managed to identify vulnerabilities Cloud computing risk factors are presented.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.3
• /
• pp.75-80
• /
• 2015

Vulnerability management is in compliance with security policies, and then, this is to ensure the continuity and availability of the business. In this paper, the application vulnerability management and IT infrastructure of the system is that it must be identified. And a viable vulnerability management plan should be drawn from the development phase. There are many that are not defined vulnerability in the area of identification and authentication, encryption, access control in identification and classification of vulnerabilities. They define the area without missing much in technical, managerial, and operational point of view. Determining whether the response of the identified vulnerability, and to select a countermeasure for eliminating the vulnerability.

• The Korean Journal of Health Service Management
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2015

In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.111-116
• /
• 2018

The Cyber space of the ROK Army is constantly threatened by enemy. In order to reponse to such cyber treats, vulnerabilities of information assets of the ROK Army should be identified and eliminated early. However, the ROK Army currently lacks systematic management of vulnerabilities. Therefore, this paper investigates trends of each country's vulnerability management and the actual situation of the management of the vulnerabilities in the ROK Army, and suggests ways of linking vulnerability database and the ROK Army information asset management system for effective vulnerability management of the ROK Army information assets.

• Journal of Information Technology Services
• /
• v.11 no.2
• /
• pp.319-337
• /
• 2012

To stress the importance of privacy in social networking, I presented an analysis on how information control and information management vulnerability influence trust and privacy concerns in social networking, and how trust and privacy concerns influence the sustainable usage intention of social network services. I also analyzed the factors affecting privacy concerns to present the method to alleviate social network users' concerns about privacy. Information collection control, information processing control and information management vulnerability were chosen and analyzed as the factors affecting privacy concerns. The results showed that information collection control and information management vulnerability significantly affected trust and privacy concerns; and information processing control did not significantly affect privacy concerns. The relationship between trust and privacy concerns, and sustainable usage intention was statistically significant; and the relationship between trust and expansion of communication channels was also statistically significant.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.63 no.3
• /
• pp.13-26
• /
• 2021

Recent drought events in the South Korea and the magnitude of drought losses indicate the continuing vulnerability of the agricultural drought. Various studies have been performed on drought hazard assessment at the regional scales, but until recently, drought management has been response oriented with little attention to mitigation and preparedness. A vulnerability assessment is introduced in order to preemptively respond to agricultural drought and to predict the occurrence of drought. This paper presents a method for spatial, Geographic Information Systems-based assessment of agricultural drought vulnerability in South Korea. It was hypothesized that the key 14 items that define agricultural drought vulnerability were meteorological, agricultural reservoir, social, and adaptability factors. Also, this study is to analyze agricultural drought vulnerability by comparing vulnerability assessment according to weighting method. The weight of the evaluation elements is expressed through the Analytic Hierarchy Process (AHP), which includes subjective elements such as surveys, and the Entropy method using attribute information of the evaluation items. The agricultural drought vulnerability map was created through development of a numerical weighting scheme to evaluate the drought potential of the classes within each factor. This vulnerability assessment is calculated the vulnerability index based on the weight, and analyze the vulnerable map from 2015 to 2019. The identification of agricultural drought vulnerability is an essential step in addressing the issue of drought vulnerability in the South Korea and can lead to mitigation-oriented drought management and supports government policymaking.

• Journal of Soil and Groundwater Environment
• /
• v.18 no.5
• /
• pp.26-38
• /
• 2013

In this study, priority for groundwater contamination management was assessed based on regional vulnerability in Goyang-si area, Gyonggi-do, Korea using analytic hierarchy process (AHP) and geographic information system (GIS). We proposed a concept for regional vulnerability to groundwater contamination with using socio-environmental vulnerability factors, which can be classified into three properties including regional hydrogeological property, contamination property, and groundwater use property. This concept is applied to Goyang-si area. For AHP analysis, an expertise-targeted survey was conducted. Based on the survey, a total of 10 factors (criteria) and corresponding weights for regional vulnerability assessment were determined. The result shows that regional contamination property is the most weighted factor among the three property groups (hydrogeological property: contamination property: groundwater use property = 0.3: 0.4: 0.3). Then, database layers for those factors were constructed, and regional vulnerability to groundwater contamination was assessed by weighted superposition using GIS. Results show that estimated regional vulnerability score is ranged from 22.7 to 94.5. Central and western areas of Goyang-si which have groundwater tables at shallow depths and are mainly occupied by industrial and residential areas are estimated to be relatively highly vulnerable to groundwater contamination. Based on assessed regional vulnerability, we classified areas into 4 categories. Category 1 areas, which are ranked at the top 25% of vulnerability score, take about 2.8% area in Goyang-si and give a high priority for groundwater contamination management. The results can provide useful information when the groundwater management authority decide which areas should be inspected with a high priority for efficient contamination management.

• International conference on construction engineering and project management
• /
• 2009.05a
• /
• pp.292-301
• /
• 2009

The employment of risk management theory in Urban Disaster Management System (UDMS) has become an important trend in recent years. The viewpoint of risk management is mainly a comprehensive risk assessment of various internal and external factors, and a subsequent handling of risks. Through continuous and systematic accumulation and analysis of risk information, disaster prevention and rescue system is established. Taking risk management theory as the foundation, Organization for Economic Cooperation and Development (OECD) has developed a series of UDMS in the mega-cities all over the world. With this system as a common platform, OECD cooperates with different cities to develop disaster prevention and rescue system consisting of vulnerability assessment methods, risk assessment and countermeasures. The paper refers to the urban disaster vulnerability assessment and risk management of OECD and the mega-cities of different advanced and developed countries in the world, and then constructs a preliminarily drafted structure for the vulnerability assessment methods and risk management mechanism in the metropolitan districts of Taiwan.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.87-109
• /
• 2016

This study intends to present an effective and efficient development plan about the information protection of medical institutions, by establishing the improvement plan about Personal Information Management System(PIMS) appropriate to the characteristics of medical information focusing on medical institutions generating and using domestic medical information, and doing an empirical study on medical information protection plan. For this, in view of the medical characteristics of the existing Information Security Management System(ISMS), the study presented a study model appropriated to medical institutions based on Personal Information Management Systems index specialized for personal information, and through this, presented the vulnerability diagnosis and vulnerability improvement plan. Based on ISMS index, it designed an improvement index of personal information protection management about each index. The study conducted a survey for executives and employees about PIMS. Accordingly, it presented vulnerability diagnosis items of the current management system indexes from the viewpoint of the people who establish and mange the personal information protection about patients' medical information targeting executives and employees who serve at hospitals and can access medical information.