• Title/Summary/Keyword: cyber risk

Search Result 242, Processing Time 0.022 seconds

A Study on the coverage of e-commerce insurance (전자상거래 보험의 담보범위에 관한 고찰)

  • Shin, Gun-Hoon
    • THE INTERNATIONAL COMMERCE & LAW REVIEW
    • /
    • v.27
    • /
    • pp.129-161
    • /
    • 2005
  • Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

  • PDF

A Study on the Market Status and Issues of e-Commerce Insurance (전자상거래 보험의 시장현황 및 쟁점에 관한 고찰)

  • Shin, Gun-Hoon
    • International Commerce and Information Review
    • /
    • v.7 no.3
    • /
    • pp.27-51
    • /
    • 2005
  • Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

  • PDF

Importance-Performance Analysis (IPA) of Cyber Security Management: Focused on ECDIS User Experience

  • Park, Sangwon;Chang, Yeeun;Park, Youngsoo
    • Journal of the Korean Society of Marine Environment & Safety
    • /
    • v.27 no.3
    • /
    • pp.429-438
    • /
    • 2021
  • The mandatory installation of the ECDIS (Electronic Chart Display and Information System) became an important navigational equipment for navigation officer. In addition, ECDIS is a key component of the ship's digitalization in conjunction with various navigational equipment. Meanwhile, cyber-attacks emerge as a new threat along with digitalization. Damage caused by cyber-attacks is also reported in the shipping sector, and IMO recommends that cybersecurity guidelines be developed and included in International Security Management (ISM). This study analyzed the cybersecurity hazards of ECDIS, where various navigational equipment are connected. To this end, Importance-Performance Analysis (IPA) was conducted on navigation officer using ECDIS. As a result, the development of technologies for cyber-attack detection and prevention should be priority. In addition, policies related to 'Hardware and Software upgrade', 'network access control', and 'data backup and recovery' were analyzed as contents to be maintained. This paper is significant in deriving risk factors from the perspective of ECDIS users and analyzing their priorities, and it is necessary to analyze various cyber-attacks that may occur on ships in the future.

Software Risk Management and Cyber Security for Development of Integrated System Remotely Monitoring and Controlling Ventilators (인공호흡기 원격 통합 모니터링 및 제어 시스템 개발을 위한 소프트웨어 위험관리 및 사이버보안)

  • Ji-Yong Chung;You Rim Kim;Wonseuk Jang
    • Journal of Biomedical Engineering Research
    • /
    • v.44 no.2
    • /
    • pp.99-108
    • /
    • 2023
  • According to the COVID-19, development of various medical software based on IoT(Internet of Things) was accelerated. Especially, interest in a central software system that can remotely monitor and control ventilators is increasing to solve problems related to the continuous increase in severe COVID-19 patients. Since medical device software is closely related to human life, this study aims to develop central monitoring system that can remotely monitor and control multiple ventilators in compliance with medical device software development standards and to verify performance of system. In addition, to ensure the safety and reliability of this central monitoring system, this study also specifies risk management requirements that can identify hazardous situations and evaluate potential hazards and confirms the implementation of cybersecurity to protect against potential cyber threats, which can have serious consequences for patient safety. As a result, we obtained medical device software manufacturing certificates from MFDS(Ministry of Food and Drug Safety) through technical documents about performance verification, risk management and cybersecurity application.

Quantitative Methodology to Assess Cyber Security Risks of SCADA system in Electric Power Industry (전력 SCADA 시스템의 사이버 보안 위험 평가를 위한 정량적 방법론에 관한 연구)

  • Kang, Dong-Joo;Lee, Jong-Joo;Lee, Young;Lee, Im-Sop;Kim, Huy-Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.3
    • /
    • pp.445-457
    • /
    • 2013
  • This paper is about the study to build a quantitative methodology to assess cyber threats and vulnerabilities on control systems. The SCADA system in power industry is one of the most representative and biggest control systems. The SCADA system was originally a local system but it has been extended to wide area as both ICT and power system technologies evolve. Smart Grid is a concept to integrate energy and IT systems, and therefore the existing cyber threats might be infectious to the power system in the integration process. Power system is operated on a real time basis and this could make the power system more vulnerable to the cyber threats. It is a unique characteristic of power systems different from ICT systems. For example, availability is the most critical factor while confidentiality is the one from the CIA triad of IT security. In this context, it is needed to reflect the different characteristics to assess cyber security risks in power systems. Generally, the risk(R) is defined as the multiplication of threat(T), vulnerability(V), and asset(A). This formula is also used for the quantification of the risk, and a conceptual methodology is proposed for the objective in this study.

A Cyber-Training & Education Model for Tug-barge Operators

  • Lee, Eun-Bang;Yun, Jong-Hwui;Jeong, Tae-Gweon
    • Journal of Navigation and Port Research
    • /
    • v.34 no.4
    • /
    • pp.287-292
    • /
    • 2010
  • The purpose of this study was to create a cyber-training & education program in response to the needs of skippers and crews operating tug-barges within Korean coastal waters and the rapid changers in this industry. Skippers and crews are inclined to operate tug-barges on the basis of experience rather than information. It is not easy to provide useful information whenever they want or to drill them in safety management skills, because of their passive attitude toward education and the few opportunities that exist. In order to increase educational opportunities, efficiency and motivation, the authors have developed this program which consists of a 'tug bridge resource management module, risk perception training module, accident case module, operating module and navigation module', and are hoping that this program will enhance and strengthen all tug-barge operations. We are also putting all our energies into designing up to date animation programs and developing new scenarios concerning the method of evaluation and certification distribution.

Behavioral Analysis Zero-Trust Architecture Relying on Adaptive Multifactor and Threat Determination

  • Chit-Jie Chew;Po-Yao Wang;Jung-San Lee
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.9
    • /
    • pp.2529-2549
    • /
    • 2023
  • For effectively lowering down the risk of cyber threating, the zero-trust architecture (ZTA) has been gradually deployed to the fields of smart city, Internet of Things, and cloud computing. The main concept of ZTA is to maintain a distrustful attitude towards all devices, identities, and communication requests, which only offering the minimum access and validity. Unfortunately, adopting the most secure and complex multifactor authentication has brought enterprise and employee a troublesome and unfriendly burden. Thus, authors aim to incorporate machine learning technology to build an employee behavior analysis ZTA. The new framework is characterized by the ability of adjusting the difficulty of identity verification through the user behavioral patterns and the risk degree of the resource. In particular, three key factors, including one-time password, face feature, and authorization code, have been applied to design the adaptive multifactor continuous authentication system. Simulations have demonstrated that the new work can eliminate the necessity of maintaining a heavy authentication and ensure an employee-friendly experience.

Study of Cyber-Feminism & Eco-Feminism (사이버 페미니즘(다나 헤러웨이)과 에코 페미니즘(김선희)의 비교 분석)

  • Kim, Yeoung-Sook
    • The Journal of the Korea Contents Association
    • /
    • v.18 no.9
    • /
    • pp.69-80
    • /
    • 2018
  • D. J. Haraway's cyber-feminism and Kim Seon Hee's eco-feminism are so different in the perspective of the modern scientific technology. While cyber-feminism thinks the outcome of the modern scientific technology positively, eco-feminism criticizes the totalitarianism and the human negation which the modern scientific technology gives rise to. Cyber-feminism gives us an image of the future female, but exposes an easygoing way of thinking of the modern scientific technology. On the other hand eco-feminism takes notice of the risk, that the modern scientific technology can be abused by the power of the minority, but fails in overcoming of the traditional view of female.

Towards Cyber Security Risks Assessment in Electric Utility SCADA Systems

  • Woo, Pil Sung;Kim, Balho H.;Hur, Don
    • Journal of Electrical Engineering and Technology
    • /
    • v.10 no.3
    • /
    • pp.888-894
    • /
    • 2015
  • This paper presents a unified model based assessment framework to quantify threats and vulnerabilities associated with control systems, especially in the SCADA (Supervisory Control and Data Acquisition) system. In the past, this system was primarily utilized as an isolated facility on a local basis, and then it started to be integrated with wide-area networks as the communication technology would make rapid progress. The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. However, an up-to-date power system often requires the real-time operations, which clearly implies that the cyber security would turn out to be a complicated but also crucial issue for the power system. In short, the purpose of this paper is to streamline a comprehensive approach to prioritizing cyber security risks which are expressed by the combination of threats, vulnerabilities, and values in the SCADA components.

A Study on the Model for Preemptive Intrusion Response in the era of the Fourth Industrial Revolution (4차 산업혁명 시대의 선제적 위협 대응 모델 연구)

  • Hyang-Chang Choi
    • Convergence Security Journal
    • /
    • v.22 no.2
    • /
    • pp.27-42
    • /
    • 2022
  • In the era of the Fourth Industrial Revolution, digital transformation to increase the effectiveness of industry is becoming more important to achieving the goal of industrial innovation. The digital new deal and smart defense are required for digital transformation and utilize artificial intelligence, big data analysis technology, and the Internet of Things. These changes can innovate the industrial fields of national defense, society, and health with new intelligent services by continuously expanding cyberspace. As a result, work productivity, efficiency, convenience, and industrial safety will be strengthened. However, the threat of cyber-attack will also continue to increase due to expansion of the new domain of digital transformation. This paper presents the risk scenarios of cyber-attack threats in the Fourth Industrial Revolution. Further, we propose a preemptive intrusion response model to bolster the complex security environment of the future, which is one of the fundamental alternatives to solving problems relating to cyber-attack. The proposed model can be used as prior research on cyber security strategy and technology development for preemptive response to cyber threats in the future society.