• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.9
• /
• pp.464-472
• /
• 2017

In the ICT (Information and Communication Technology) convergence security environment, a lot of companies use an external public web system for the external disclosure and sharing of product information, manufacturing technology, service manualsand marketing materials. In this way, the web system disclosed on the Internet is an important aspect of cyber security management and has an always-on vulnerability requiringan information protection solution and IT vulnerability checks. However, there are limits to vulnerability detection management in anexternal environment. In this study, in order to solvethese problems, we constructed a system based on digital forensics and conducted an empirical study on the detection of important information in enterprises by using forensic techniques. It was found thatdue to the vulnerability of web systems operated in Korea and overseas, important information could be revealed,such as the companies' confidential data and security management improvements. In conclusion, if a system using digital forensic techniques is applied in response to theincreasing number of hacking incidents, the security management of vulnerable areas will be strengthened and the cyber security management system will be improved.

• Information Systems Review
• /
• v.19 no.3
• /
• pp.201-228
• /
• 2017

Vulnerability information, which can cause serious damage to information assets, has become a valuable commodity, thereby leading to the creation of a vulnerability market. Vulnerability information is traded on the vulnerability market from several hundred dollars to hundreds of thousands of dollars depending on its severity and importance, and the types and scope of the vulnerability markets are varying. Based on previous studies on vulnerability markets and hackers, this study empirically analyzed the effects of the security researcher's vulnerability research motivation on his/her vulnerability market use intention. The results are discussed as follows. First, vulnerability research self-efficacy had a significant effect on flow and on white and black market use intention but not on perceived benefit. Second, flow had a significant effect on perceived benefit and on black market use intention but had no effect on white market use intention. Third, perceived profit had a significant effect on white and black market use intention. Fourth, vulnerability research self-efficacy had a significant effect on perceived benefit through flow. Fifth, flow had a significant effect on white and black market use intention through perceived profit. These findings can be used to predict the behavior of security researchers who have experience in exploiting vulnerabilities.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.19-30
• /
• 2019

Many organizations need to comply with ISMS-P for information systems and personal information management for ISMS-P certification. Organizations should safeguard vulnerablities to information systems. However, as the kinds of information systems are diversified and the number of information systems increases, management of such vulnerabilities manually accompanies with many difficulties. SCAP is a protocol to manage the vulnerabilities of information system automatically with security standards. In this paper, for the introduction of SCAP in domestic domains we verify the applicability of server-oriented system which is one of ISMS-P certification targets. For SCAP applicability, For obtaining this goal, we analyze the structures and functions of SCAP. Then we propose schemes to check vulnerabilities of the server-oriented system. Finally, we implement the proposed schemes with SCAP to show the applicability of SCAP for verifying vulnerabilities of the server-oriented system.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.18 no.3
• /
• pp.35-51
• /
• 2015

The purpose of this study is to improve the previous groundwater contamination vulnerability assessment method, apply it to the study area, and select priority areas for groundwater management based on the quantitative analysis of groundwater contamination vulnerability. For this purpose, first, the previous 'potential contamination' based on groundwater contamination vulnerability assessment method was upgraded to the methodology considering 'adaptation capacity' which reduced contamination. Second, the weight of groundwater contamination vulnerability assessment factors was calculated based on the analytical hierarchy process(AHP) and the result of survey targeting groundwater experts. Third, Gyeonggi-do was selected as the study area and the improved methodology and weight were implemented with GIS and actual groundwater contamination vulnerability assessment was carried out. Fourth, the priority area for groundwater contamination management was selected based on the quantitative groundwater contamination vulnerability assessment diagram. The improved detailed groundwater contamination vulnerability assessment factors in this study were a total of 15 factors, and 15 factors were analyzed as new and improved weight with higher 'adaptation capacity' than the assessment factor corresponding to the previous 'potential contamination' in the weight calculation result using AHP. Also, the result of groundwater contamination vulnerability assessment in Gyeonggi Province using GIS showed that Goyang and Gwangmyeong which were adjacent to Seoul had a high groundwater contamination vulnerability and Pocheon and Yangpyeong County had a relatively low groundwater contamination vulnerability. In this study, the previous groundwater contamination vulnerability assessment was improved and applied to study areas actually. The result of this study can be utilized both directly and indirectly for the groundwater management master plan at national and local government level in the future.

• Journal of Information Technology Applications and Management
• /
• v.27 no.6
• /
• pp.89-99
• /
• 2020

Cloud computing is rapidly increasing for achieving comfortable computing. Cloud computing has essentially security vulnerability of software and hardware. For achieving secure cloud computing, the vulnerabilities of cloud computing could be analyzed in a various and systematic approach from perspective of the service designer, service operator, the designer of cloud security and certifiers of cloud systems. The paper investigates the vulnerabilities and security controls from the perspective of administration, and systems. For achieving the secure operation of cloud computing, this paper analyzes technological security vulnerability, operational weakness and the security issues in an enterprise. Based on analysis, the paper suggests secure establishments for cloud computing.

• Proceedings of the Korean Geotechical Society Conference
• /
• 2010.03a
• /
• pp.927-932
• /
• 2010

This study made a nationwide metropolitan region map on the basis of disaster vulnerability and administrative boundary, and based on it, it divided small-sized regions and constructed disaster history of each region. For the disaster vulnerability, the study wrote slope, aspect, curvature, wetness index, and drainage density, compared and analyzed regions with disaster and geomorphic elements to distinct the factor with high correlations, and based on it, it divided small-sized regions for forecasting and warning system of middle regions(Gangwon province, Chungchung province, and Jeolla province). Through the method, Gangwon region were divided into 4 small-sized regions, Chungchung into 5 small-sized regions, and Jeolla into 6 small-sized regions.

• Asia pacific journal of information systems
• /
• v.21 no.4
• /
• pp.27-43
• /
• 2011

This article explores economic models that show the optimal level of information security investment in the presence of interdependent security risks, Using particular functional forms, the analysis shows that the relationship between the levels of security vulnerability and the levels of optimal security investments is affected by externalities caused by agents' correlated security risks. This article further illustrates that, compared to security investments in the situation of independent security risks, in order to maximize the expected benefits from security investments, an agent should invest a larger fraction of the expected loss from a security breach in the case of negative externalities, while an agent should spend a smaller fraction of the expected loss in the case of negative externalities.

• Journal of Digital Convergence
• /
• v.5 no.1
• /
• pp.55-68
• /
• 2007

It soaks but 2001 July information communication base step law enforcement and the Enforcement Ordinance are published to follow, in order to support the establishment of evaluation and protective measure in order the vulnerability analysis against the facility of the agency which manages an important information communication base hour opinion to designate information protection specialty enterprise. As information protection specialty enterprise being revealed evacuation laboratory back 12 enterprises from information communication department become designation as the consulting enterprise and they do an enterprise activity actively. It follows in diffusion of the IT and information reconciliation level the other side where our country belongs in the world-wide first group, the research against the disfunction plan of preparation comparison the fact that law it is come negligently all actuality. The network as it will give management coat fatal effect even at obstacle occurrence hour of instant for of case and IT facility of the cyber transactions which leads, in the future there to be to corporate management, there is a possibility the stable civil official of information Facilities for communications very seeing in the portion which is important. Present condition and important propulsion contents of information communication base step law enforcement after, against a vulnerability analysis of information protection relation field and evaluation consulting methodological application situation to sleep it researches from the dissertation which it sees consequently and it does.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.655-663
• /
• 2018

As digitalization accelerates, the use of digital information is increasing in public institutions such as schools and libraries, and the demand for print services is also increasing. Among many services, printing service on public PCs should charge fee to printer users, but it is a very difficult task for administrators. Print management solutions have been developed and are now widely used to automate these demanding tasks. In this paper, we analyze the vulnerability of printer management solutions used in public institutions. However, the security awareness of public PC administrators and printer management solution developers seem to be lacking.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.79-92
• /
• 2020

As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.