• Journal of Distribution Science
• /
• v.16 no.5
• /
• pp.61-70
• /
• 2018

Purpose - These days, an individual user, private entity, hears everyday news of hacking and personal information leakage in the era of a most-connected society. This study investigates cyber attack, cyber insurance and distribution channels for insurance goods in South Korea by analyzing various cases of cyber attacks in domestic and overseas case. Research design, data and methodology - This study adopted various study cases instead of the one large case for deep quality analysis, and focused on various cases of domestic and overseas cyber attacks with insurance. Result - As a result of analyzing the cases that were hacked, types of massive losses and damages arising out of internet blackout due to cyber risks are paralyzation of public and private website and portal, electronic administrative system, public infrastructure, and consequently a normal operation of nation is impossible. These losses and damages however can be coverable under cyber insurance. Conclusions - This paper suggests insurance carriers, as suppliers, should provide multiple channels to sell to the customer and should expand the strategy of advertisement and promotion in order for them to change their mind and compare the price and value of the information of individual users and private entity in view of cost savings.

• Journal of Navigation and Port Research
• /
• v.34 no.4
• /
• pp.287-292
• /
• 2010

The purpose of this study was to create a cyber-training & education program in response to the needs of skippers and crews operating tug-barges within Korean coastal waters and the rapid changers in this industry. Skippers and crews are inclined to operate tug-barges on the basis of experience rather than information. It is not easy to provide useful information whenever they want or to drill them in safety management skills, because of their passive attitude toward education and the few opportunities that exist. In order to increase educational opportunities, efficiency and motivation, the authors have developed this program which consists of a 'tug bridge resource management module, risk perception training module, accident case module, operating module and navigation module', and are hoping that this program will enhance and strengthen all tug-barge operations. We are also putting all our energies into designing up to date animation programs and developing new scenarios concerning the method of evaluation and certification distribution.

• Journal of Digital Convergence
• /
• v.17 no.8
• /
• pp.105-113
• /
• 2019

The purpose of this study is to analyze cyber security risk modeling of critical infrastructure, draw out limitations and improvement measures. This paper analyzed cyber security risk modeling of national critical infrastructure like as electricity sector, nuclear power plant, SCADA. This paper analyzed the 26 precedent research cases of risk modeling in electricity sector, nuclear power plant, SCADA. The latest Critical Infrastructure is digitalized and has a windows operating system. Critical Infrastructure should be operated at all times, it is not possible to patch a vulnerability even though find vulnerability. This paper suggest the advanced cyber security modeling characteristic during the life cycle of the critical infrastructure and can be prevented.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.27
• /
• pp.129-161
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• International Commerce and Information Review
• /
• v.7 no.3
• /
• pp.27-51
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.27 no.3
• /
• pp.429-438
• /
• 2021

The mandatory installation of the ECDIS (Electronic Chart Display and Information System) became an important navigational equipment for navigation officer. In addition, ECDIS is a key component of the ship's digitalization in conjunction with various navigational equipment. Meanwhile, cyber-attacks emerge as a new threat along with digitalization. Damage caused by cyber-attacks is also reported in the shipping sector, and IMO recommends that cybersecurity guidelines be developed and included in International Security Management (ISM). This study analyzed the cybersecurity hazards of ECDIS, where various navigational equipment are connected. To this end, Importance-Performance Analysis (IPA) was conducted on navigation officer using ECDIS. As a result, the development of technologies for cyber-attack detection and prevention should be priority. In addition, policies related to 'Hardware and Software upgrade', 'network access control', and 'data backup and recovery' were analyzed as contents to be maintained. This paper is significant in deriving risk factors from the perspective of ECDIS users and analyzing their priorities, and it is necessary to analyze various cyber-attacks that may occur on ships in the future.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.75-80
• /
• 2020

Damage caused by ransomware has continued to increase since last year, but cyber operations are managed without any separate classification of ransomware types in the military's guidelines for carrying out cyber operations. However, unlike other malware, ransomware is a threat that could paralyze all defense operations in one moment, and the military should reevaluate ransomware and take countermeasures. Accordingly, this paper aims to analyze the assets, vulnerabilities, and threats related to defense information service based on information security risk management, and propose alternatives to ensure continuity of defense work from ransomware threats.

• Journal of the Institute of Convergence Signal Processing
• /
• v.23 no.4
• /
• pp.209-215
• /
• 2022

The International Maritime Organization, which is in charge of the international maritime environment and ship safety, has rapidly promoted cyber systems for international dimension agreement and efficiency improvement and improved nautical efficiency. Nevertheless, maritime cyber system attacks still occur every year, and in particular, the number of international maritime cyber security incidents in 2021 appeared to increase sharply compared to 2020. This paper discusses the areas that should be taken into account in order to reduce the increasing sophistication of maritime cyber security. To this end, we will look at typical cases of cyber attacks that have increased sharply in 2021 and analyze the causes of the continuous occurrence of maritime cyber security incidents. In addition, we present several cyber system proposals regarding the current state of maritime cyber systems and the solutions to the problems they face, as well as the matters to be addressed for future maritime cyber systems that will be advanced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.59-74
• /
• 2020

The web space where web applications run is the cyber information warfare of attackers and defenders due to the open HTML. In the cyber attack space, about 84% of worldwide attacks exploit vulnerabilities in web applications and software. It is very difficult to detect web vulnerability attacks with security products such as web firewalls, and high labor costs are required for security verification and assurance of web applications. Therefore, rapid vulnerability detection and response in web space by automated software is a key and effective cyber attack defense strategy. In this paper, we establish a security risk management model by intensively analyzing security threats against web applications and software, and propose a method to effectively diagnose web and application vulnerabilities. The testing results on the commercial service are analyzed to prove that our approach is more effective than the other existing methods.

• Journal of Advanced Navigation Technology
• /
• v.21 no.6
• /
• pp.633-637
• /
• 2017

Cyber attacks on aircraft and aeronautical networks are not much different from cyber attacks commonly found in the ground industry. Air traffic management infrastructure is being transformed into a digital infrastructure to secure air traffic. A wide variety of communication environments, information and communications, navigation, surveillance and inflight entertainment systems are increasingly threatening the threat posed by cyber terrorism threats. The emergence of unmanned aircraft systems also poses an uncontrollable risk with cyber terrorism. We have analyzed cyber security standards and response strategies in developed countries by recognizing the vulnerability of cyber threats to aircraft systems and aviation infrastructure in next generation data network systems. We discussed comprehensive measures for cybersecurity policies to consider in the domestic aviation environment, and discussed the concept of security environment and quick response strategies.