• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Korean journal of food and cookery science
• /
• v.32 no.1
• /
• pp.136-146
• /
• 2016

The purpose of this study was to investigate whether there was a gender difference in motivating university students to decrease their sodium intake and to identify effective motivating factors. Within the protection motivation theory (PMT) framework, a survey questionnaire was developed to measure participants' perceptions on the severity of and the vulnerability to risk of serious diseases due to the high sodium intake, as well as the effectiveness (response efficacy) and the ability to perform preventive measures (self-efficacy). Behavioral intentions on five specific practices (checking nutrition label, consuming more fruits and vegetables, consuming less soups, avoiding spicy and pungent food, purchasing less instant or restaurant foods) related to decreasing sodium intake were also included. A total of 294 usable response data were collected from university students (92 male, 202 female) in Busan and Gyeongnam in June 2015 and analyzed using IBM SPSS 22. Severity was the highest (4.04) PMT factor followed by response efficacy (3.72), self-efficacy (3.42), and vulnerability (3.26). Compared to male students, female students thought that the threat was more severe (t=6.035, p<0.001) and reducing sodium intake would be effective to prevent serious illnesses (t=4.724, p<0.001), but their vulnerability and self-efficacy perceptions were not different from male students. Among the five items measuring behavioral intention, female students were more likely to increase fruits and vegetables consumption (t=3.811, p<0.001), while male students were more likely to avoid spicy and pungent foods (t=2.336, p=0.020). Based on findings of this study, the recommended strategy to effectively motivate university students to lower their sodium consumption level is the development of campaign focused on increased vulnerability perception, response efficacy, and ease of practicing preventive measures instead of emphasizing the severity of the consequences.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1449-1461
• /
• 2018

As the number of software vulnerabilities grows year by year, attacks on software are also taking place a lot. As a result, the security administrator must identify and patch vulnerabilities in the software. However, it is important to prioritize the patches because patches for all vulnerabilities are realistically hard. In this paper, we propose a scoring system that expands the scale of risk assessment metric by taking into consideration attack patterns or weaknesses cause vulnerabilities with the vulnerability information provided by the NIST(National Institute of Standards and Technology). The proposed scoring system is expanded based on the CWSS and uses only public vulnerability information to utilize easily for any company. In this paper, we applied the automated scoring system to software vulnerabilities, and showed the expanded metrics with consideration for influence of attack pattern and weakness are meaningful.

• Journal of Environmental Health Sciences
• /
• v.40 no.5
• /
• pp.355-366
• /
• 2014

Objectives: This study seeks to evaluate the vulnerability assessment of the human health sector for $PM_{10}$, which is reflected in the regional characteristics and related disease mortality rates for $PM_{10}$ in Busan over the period of 2006-2010. Methods: According to the vulnerability concept suggested by the Intergovernmental Panel on Climate Change (IPCC), vulnerability to $PM_{10}$ is comprised of the categories of exposure, sensitivity, and adaptive capacity. The indexes of the exposure and sensitivity categories indicate positive effects, while the adaptive capacity index indicates a negative effect on vulnerability to $PM_{10}$. Variables of each category were standardized by the rescaling method, and each regional relative vulnerability was computed through the vulnerability index calculation formula. Results: The regions with a high exposure index are Jung-Gu (transportation region) and Saha-Gu (industrial region). Major factors determining the exposure index are the $PM_{10}$ concentration, days of $PM_{10}{\geq}50$, ${\mu}g/m^3$, and $PM_{10}$ emissions. The regions that show a high sensitivity index are urban and rural regions; these commonly have a high mortality rate for related disease and vulnerable populations. The regions that have a high adaptive capacity index are Jung-Gu, Gangseo-Gu, and Busanjin-Gu, all of which have a high level of economic/welfare/health care factors. The high-vulnerability synthesis of the exposure, sensitivity, and adaptive capacity indexes show that Dong-Gu and Seo-Gu have a risk for $PM_{10}$ potential effects and a low adaptive capacity. Conclusions: This study presents the vulnerability index to $PM_{10}$ through a relative comparison using quantitative evaluation to draw regional priorities. Therefore, it provides basic data to reflect environmental health influences in favor of an adaptive policy limiting damage to human health caused by vulnerability to $PM_{10}$.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.30 no.3
• /
• pp.263-274
• /
• 2024

The digitization of ship environments has increased the risk of cyberattacks on ships. The smartization and automation of ships are also likely to result in cyber threats. The International Maritime Organization (IMO) has discussed the establishment of regulations at the autonomous level and has revised existing agreements by dividing autonomous ships into four stages, where stages 1 and 2 are for sailors who are boarding ships while stages 3 and 4 are for those not boarding ships. In this study, the level of a smart ship was classified into LEVELs (LVs) 1 to 3 based on the autonomous levels specified by the IMO. Furthermore, a risk assessment for smart ships at various LVs in different risk scenarios was conducted The cyber threats and vulnerabilities of smart ships were analyzed by dividing them into administrative, physical, and technical security; and mitigation measures for each security area were derived. A total of 22 cyber threats were identified for the cyber asset (target system). We inferred that the higher the level of a smart ship, the greater the hyper connectivity and the remote access to operational technology systems; consequently, the greater the attack surface. Therefore, it is necessary to apply mitigation measures using technical security controls in environments with high-level smart ships.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.7
• /
• pp.177-180
• /
• 2019

A typical vulnerability scoring system is Common Vulnerability Scoring System(CVSS). However, since CVSS does not differentiate among the individual vulnerability impact of the asset and give higher priority for the more important assets, it is impossible to respond effectively and quickly to high-risk vulnerabilities on large systems. We propose a Layered weight based Vulnerability impact assessment Scoring System which can hierarchically group the importance of assets and weight the number of layers and the number of assets to effectively manage the impact of vulnerabilities on a per asset basis.

• Structural Engineering and Mechanics
• /
• v.26 no.6
• /
• pp.617-634
• /
• 2007

Algeria is a country with a high seismic activity. During the last decade, many destructive earthquakes occurred, particularly in the northern part, causing enormous losses in human lives, buildings and equipments. In order to reduce this risk in the capital and avoid serious damages to the strategic existing buildings, the government decided to invest into seismic upgrade, strengthening and retrofitting of these buildings. In doing so, seismic vulnerability study of this category of buildings has been considered. Structural analysis is performed on the basis of site investigation (inspection of the building, collecting data, materials, general conditions of the building, etc), and existing drawings (architectural plans, structural design, etc). The aim of these seismic vulnerability studies is to develop guidelines and a methodology for rehabilitation of existing buildings. This paper will provide insight to the vulnerability assessment and strengthening of the telecommunication centre, according to the new code RPA 99/version 2003. Both, static equivalent method and non linear dynamic analysis are performed in this study.

• Earthquakes and Structures
• /
• v.11 no.2
• /
• pp.371-386
• /
• 2016

During the last decades, many destructive earthquakes occurred in Algeria, particularly in the northern part of the country (Chlef (1980), Constantine (1985), Tipaza (1989), Mascara (1994), Ain-Benian (1996), Ain Temouchent (1999), Beni Ourtilane (2000), and recently $Boumerd{\acute{e}}s$ (2003), causing enormous losses in human lives, buildings and equipments. In order to reduce this risk and avoid serious damages to the strategic existing buildings, the authorities of the country, aware of this risk and in order to have the necessary elements that let them to know and estimate the potential losses in advance, with an acceptable error, and to take the necessary countermeasures, decided to invest into seismic upgrade, strengthening and retrofitting of those buildings. To do so, seismic vulnerability study of this category of buildings has been considered. Structural analysis is performed based on the site investigation (inspection of the building, collecting data, materials characteristics, general conditions of the building, etc.), and existing drawings (architectural plans, structural design, etc.). The aim of these seismic vulnerability studies is to develop guidelines and a methodology for rehabilitation of existing buildings. This paper presents the methodology, based on non linear and seismic analysis of existing buildings, followed in this study and summarizes the vulnerability assessment and strengthening of one of the strategic buildings according to the new Algerian code RPA 99/version 2003. As a direct application of this methodology, both, static equivalent method and non linear dynamic analysis, of composite concrete masonry existing building in the city of "CONSTANTINE", located in the east side of ALGERIA, are presented in this paper.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.8
• /
• pp.271-276
• /
• 2014

This study analyzed that N/A check items affect the results of the security level degree, when performing vulnerability analysis evaluation. For this, we were used vulnerability analysis evaluation range, check items and quantitative calculation method. Furthermore, were applied grade and weight for the importance of the items. In addition, because technology develop rapidly, the institution is always exposed risk. therefore, this study was carried out empirical analysis by applying RAL(Risk Acceptabel Level). According to the analyzed result N/A check items factors affecting the level of security has been proven. In other words, this study found that we shall exclude inspection items irrelevant to the institution characteristics, when perform vulnerability analysis evaluation. In this study suggested that security level evaluation shall performed, after that exclude items irrelevant to the institution characteristics based on empirical verification. And also, it proposed that model research is required for establish check items for which analysis-evaluate vulnerability based on empirical verification.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.41 no.6
• /
• pp.13-22
• /
• 2004

This study proposes a risk analysis methodology for information system security management in which the complexity on the procedure that the existing risk analysis methodology is reduced to the least. The proposed risk analysis methodology is composed of 3 phases as follows: beforehand processing phase, counter measure setting phase, post processing phase. The basic risk analysis phase is a basic security management phase in which fixed items are checked when the information security system is not yet established or a means for the minimum security control is necessary for a short period of time. In the detailed risk analysis phase, elements of asset a vulnerability, and threat are analysed, and using a risk degree production table produced from these elements, the risk degree is classified into 13 cases. In regard to the risk, the 13 types of risk degree will execute physical, administrative, and technical measures through ways such as accepting, rejecting, reducing, and transferring. Also, an evaluation on a remaining risk of information system is performed through a penetration test, and security policy set up and post management phase is to be carried out.