• 제목/요약/키워드: cyber risk

검색결과 242건 처리시간 0.025초

전자상거래 보험의 담보범위에 관한 고찰 (A Study on the coverage of e-commerce insurance)

  • 신건훈
    • 무역상무연구
    • /
    • 제27권
    • /
    • pp.129-161
    • /
    • 2005
  • Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

  • PDF

전자상거래 보험의 시장현황 및 쟁점에 관한 고찰 (A Study on the Market Status and Issues of e-Commerce Insurance)

  • 신건훈
    • 통상정보연구
    • /
    • 제7권3호
    • /
    • pp.27-51
    • /
    • 2005
  • Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

  • PDF

Importance-Performance Analysis (IPA) of Cyber Security Management: Focused on ECDIS User Experience

  • Park, Sangwon;Chang, Yeeun;Park, Youngsoo
    • 해양환경안전학회지
    • /
    • 제27권3호
    • /
    • pp.429-438
    • /
    • 2021
  • The mandatory installation of the ECDIS (Electronic Chart Display and Information System) became an important navigational equipment for navigation officer. In addition, ECDIS is a key component of the ship's digitalization in conjunction with various navigational equipment. Meanwhile, cyber-attacks emerge as a new threat along with digitalization. Damage caused by cyber-attacks is also reported in the shipping sector, and IMO recommends that cybersecurity guidelines be developed and included in International Security Management (ISM). This study analyzed the cybersecurity hazards of ECDIS, where various navigational equipment are connected. To this end, Importance-Performance Analysis (IPA) was conducted on navigation officer using ECDIS. As a result, the development of technologies for cyber-attack detection and prevention should be priority. In addition, policies related to 'Hardware and Software upgrade', 'network access control', and 'data backup and recovery' were analyzed as contents to be maintained. This paper is significant in deriving risk factors from the perspective of ECDIS users and analyzing their priorities, and it is necessary to analyze various cyber-attacks that may occur on ships in the future.

인공호흡기 원격 통합 모니터링 및 제어 시스템 개발을 위한 소프트웨어 위험관리 및 사이버보안 (Software Risk Management and Cyber Security for Development of Integrated System Remotely Monitoring and Controlling Ventilators)

  • 정지용;김유림;장원석
    • 대한의용생체공학회:의공학회지
    • /
    • 제44권2호
    • /
    • pp.99-108
    • /
    • 2023
  • According to the COVID-19, development of various medical software based on IoT(Internet of Things) was accelerated. Especially, interest in a central software system that can remotely monitor and control ventilators is increasing to solve problems related to the continuous increase in severe COVID-19 patients. Since medical device software is closely related to human life, this study aims to develop central monitoring system that can remotely monitor and control multiple ventilators in compliance with medical device software development standards and to verify performance of system. In addition, to ensure the safety and reliability of this central monitoring system, this study also specifies risk management requirements that can identify hazardous situations and evaluate potential hazards and confirms the implementation of cybersecurity to protect against potential cyber threats, which can have serious consequences for patient safety. As a result, we obtained medical device software manufacturing certificates from MFDS(Ministry of Food and Drug Safety) through technical documents about performance verification, risk management and cybersecurity application.

전력 SCADA 시스템의 사이버 보안 위험 평가를 위한 정량적 방법론에 관한 연구 (Quantitative Methodology to Assess Cyber Security Risks of SCADA system in Electric Power Industry)

  • 강동주;이종주;이영;이임섭;김휘강
    • 정보보호학회논문지
    • /
    • 제23권3호
    • /
    • pp.445-457
    • /
    • 2013
  • 본 논문은 제어시스템에서 사이버 위협과 취약성을 평가하기 위한 정량적 모델링에 관한 연구이다. SCADA(supervisory control and data acquisition) 시스템은 대표적인 제어시스템이고 전력계통에서 가장 큰 규모를 형성하고 있다. SCADA 시스템은 초기에는 지역적으로 고립된 시스템이었으나 통신 및 제어기술이 발전하면서 광역으로 확대되어 왔다. 스마트그리드는 에너지 시스템과 IT 시스템을 통합하는 것이며, 이러한 통합의 과정에서 IT 시스템 상에서 존재하던 위협이 제어시스템으로 옮겨오게 된다. 전력시스템은 실시간 특성이 강하게 요구되며, 이는 전력시스템의 사이버 위협을 IT 시스템에 비해 보다 복잡하고 치명적으로 만드는 요인이 된다. 예를 들어, 기밀성이 IT시스템에서 가장 중요한 요소인데 반해 가용성은 제어시스템에서 가장 중요한 고려 사안이다. 이러한 맥락에서, 보다 체계적인 방식으로 전력시스템의 사이버 위험을 평가하는 과정이 요구된다. 일반적인 관점에서 위험이란, 위협, 취약성, 자산의 곱으로 산출되며 본 연구는 전력시스템 구성요소 별로 위험을 정량적으로 분석할 수 있는 프레임워크를 제안한다.

A Cyber-Training & Education Model for Tug-barge Operators

  • Lee, Eun-Bang;Yun, Jong-Hwui;Jeong, Tae-Gweon
    • 한국항해항만학회지
    • /
    • 제34권4호
    • /
    • pp.287-292
    • /
    • 2010
  • The purpose of this study was to create a cyber-training & education program in response to the needs of skippers and crews operating tug-barges within Korean coastal waters and the rapid changers in this industry. Skippers and crews are inclined to operate tug-barges on the basis of experience rather than information. It is not easy to provide useful information whenever they want or to drill them in safety management skills, because of their passive attitude toward education and the few opportunities that exist. In order to increase educational opportunities, efficiency and motivation, the authors have developed this program which consists of a 'tug bridge resource management module, risk perception training module, accident case module, operating module and navigation module', and are hoping that this program will enhance and strengthen all tug-barge operations. We are also putting all our energies into designing up to date animation programs and developing new scenarios concerning the method of evaluation and certification distribution.

Behavioral Analysis Zero-Trust Architecture Relying on Adaptive Multifactor and Threat Determination

  • Chit-Jie Chew;Po-Yao Wang;Jung-San Lee
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제17권9호
    • /
    • pp.2529-2549
    • /
    • 2023
  • For effectively lowering down the risk of cyber threating, the zero-trust architecture (ZTA) has been gradually deployed to the fields of smart city, Internet of Things, and cloud computing. The main concept of ZTA is to maintain a distrustful attitude towards all devices, identities, and communication requests, which only offering the minimum access and validity. Unfortunately, adopting the most secure and complex multifactor authentication has brought enterprise and employee a troublesome and unfriendly burden. Thus, authors aim to incorporate machine learning technology to build an employee behavior analysis ZTA. The new framework is characterized by the ability of adjusting the difficulty of identity verification through the user behavioral patterns and the risk degree of the resource. In particular, three key factors, including one-time password, face feature, and authorization code, have been applied to design the adaptive multifactor continuous authentication system. Simulations have demonstrated that the new work can eliminate the necessity of maintaining a heavy authentication and ensure an employee-friendly experience.

사이버 페미니즘(다나 헤러웨이)과 에코 페미니즘(김선희)의 비교 분석 (Study of Cyber-Feminism & Eco-Feminism)

  • 김영숙
    • 한국콘텐츠학회논문지
    • /
    • 제18권9호
    • /
    • pp.69-80
    • /
    • 2018
  • 다나 해러웨이의 사이버 페미니즘과 김선희의 에코 페미니즘은 현대 과학기술을 서로 상이한 시각에서 바라보고 있다. 사이버 페미니즘이 현대 과학기술의 성과를 긍정적인 시각에서 바라보고 그 해방적 측면을 환영한다면, 에코 페미니즘은 현대 과학기술 속에 있는 전체주의적 시각과 인간부정의 측면을 날카롭게 비판하고 있다. 사이버 페미니즘은 사이보그라는 개념을 통해 생물학적 한계와 가부장제적 질곡에 얽매인 여성이 아닌, 새로운 미래의 여성을 그림으로써 모더니즘적 인간관에서 벗어나는 해방적 성과를 보여주지만, 과학기술과 생명과학을 실질적으로 소유하는 소수의 지배권력에 의한 위험성을 간과함으로써 안이한 측면을 노정시키고 있다. 이에 반해 에코 페미니즘은 현대 과학기술이 소수의 지배권력에 의해 독점됨으로써 발생할 수 있는 위험에 주목한다는 장점을 갖고 있음에도 불구하고, 단순히 육체성과 여성성을 통해 현대 과학기술 시대의 전체주의적 사고를 극복해낼 수 있다고 봄으로써 과학기술의 성과를 페미니즘이 담아내지 못하고 모더니즘적 이원론적 인간관에 머무르고 있다.

Towards Cyber Security Risks Assessment in Electric Utility SCADA Systems

  • Woo, Pil Sung;Kim, Balho H.;Hur, Don
    • Journal of Electrical Engineering and Technology
    • /
    • 제10권3호
    • /
    • pp.888-894
    • /
    • 2015
  • This paper presents a unified model based assessment framework to quantify threats and vulnerabilities associated with control systems, especially in the SCADA (Supervisory Control and Data Acquisition) system. In the past, this system was primarily utilized as an isolated facility on a local basis, and then it started to be integrated with wide-area networks as the communication technology would make rapid progress. The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. However, an up-to-date power system often requires the real-time operations, which clearly implies that the cyber security would turn out to be a complicated but also crucial issue for the power system. In short, the purpose of this paper is to streamline a comprehensive approach to prioritizing cyber security risks which are expressed by the combination of threats, vulnerabilities, and values in the SCADA components.

4차 산업혁명 시대의 선제적 위협 대응 모델 연구 (A Study on the Model for Preemptive Intrusion Response in the era of the Fourth Industrial Revolution)

  • 최향창
    • 융합보안논문지
    • /
    • 제22권2호
    • /
    • pp.27-42
    • /
    • 2022
  • 4차 산업혁명 시대에는 산업혁신이라는 목표를 달성하기 위해 기존 산업의 생산성을 높일 수 있는 디지털 전환이 더욱 중요해지고 있다. 디지털 전환에는 디지털 뉴딜과 스마트 국방 등이 있으며, 이들은 인공지능과 빅데이터 분석기술, 사물인터넷을 이용한다. 이러한 변화는 사이버공간을 지속해서 확장함으로써 국가의 국방, 사회, 보건 등의 산업화 영역을 더 지능적인 새로운 서비스들로 혁신하고 있다. 하지만 이로 인해 업무 생산성, 효율성, 편리성, 산업 안전성 등은 강화되겠지만, 디지털 전환영역의 확대로 사이버공격에 따른 위험성 또한 지속해서 증가할 것이다. 본 고의 목표는 이러한 위협에 선제적으로 대응하기 위해 미래의 변화로 나타날 수 있는 위협시나리오를 고찰하고, 이를 해결할 근본적인 대안 중의 하나인 미래의 복합안보 상황에서 요구되는 4차 산업혁명 시대의 선제적 위협 대응 모델을 제안한다. 본고는 향후 미래 사회에서 사이버 위협에 능동적으로 대응할 사이버안보 전략과 기술 개발의 선행 연구로 활용할 수 있을 것이다.