• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.11a
• /
• pp.137-139
• /
• 2022

As cyber threats in the maritime industry increase due to the digital transformation, the needs for cyber security training for ship's crew and port engineers has increased. The training of seafarers is related to the IMO's STCW convention, so cyber security training also managed and certified, and it is necessary to develop a cybersecurity training system that reflects the characteristics of the OT systemof ships and ports. In this paper, with the goal of developing a training model based on the IMO cyber risk management guideline, developing a cyber security training model based on the characteristics of maritime industry threats, and improving the effectiveness of cyber security training using AR/VR and metaverse, A method for developing a system for nurturing cyber security experts is presented.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.4
• /
• pp.145-156
• /
• 2022

To strengthen the security of autonomous vehicles, this study derived checklists through the analysis of the status of autonomous vehicle security. The analyzed statuses include autonomous vehicle characteristics, security threats, and domestic and foreign security standards. The derived checklists are then applied to the AHP(Analytic Hierarchy Process) model to find their relative importance. Relative importance was ranked as one of cyber security management system establishment and implementation, encryption, risk assessment, etc. The significance of this study is to reduce cyber security incidents that cause human casualties as well improve the level of security management of autonomous vehicles in related companies by deriving the autonomous vehicle security level checklists and demonstrating the model. If the inspection is performed considering the relative importance of the checklists, the security level can be identified early.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.189-200
• /
• 2024

In recent years, the development of defense technology has become digital with the introduction of advanced assets such as drones equipped with artificial intelligence. These assets are integrated with modern information technologies such as industrial IoT, artificial intelligence, and cloud computing to promote innovation in the defense domain. However, the convergence of the technology is increasing the possibility of transfer of cyber threats, which is emerging as a problem of increasing the vulnerability of defense assets. While the current cybersecurity methodologies focus on the vulnerability of a single asset, interworking of various military assets is necessary to perform the mission. Therefore, this paper recognizes these problems and presents a mission-based asset management and evaluation methodology. It aims to strengthen cyber security in the defense sector by identifying assets that are important for mission execution and analyzing vulnerabilities in terms of cyber security. In this paper, we propose a method of classifying mission dependencies through linkage analysis between functions and assets to perform a mission, and identifying and classifying assets that affect the mission. In addition, a case study of identifying key assets was conducted through an attack scenario.

• Journal of Digital Convergence
• /
• v.12 no.12
• /
• pp.119-127
• /
• 2014

As the disclosure of privacy information has grown steadily, concerns about mobile services based on the personal information also increased. We aspired to reveal factors influencing the use of Location-Based services(LBS) App and analyse how the perceived risk affected between these factors and the use of LBS App. Results showed that usefulness and social influence influenced on the use of LBS App. We also found that the group who highly recognized the perceived risk was highly affected by usefulness and the group who lowly recognized the perceived risk was highly affected by social influence. Findings show that the company's strategy should be different depending on the level of consumers' perceived risk.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.19-26
• /
• 2023

The impact of environmental, social and governance (ESG) performance on investors' decision-making is growing. Investors' focus on the financial performance of firms in the past is expanding to the non-financial performance of the interests of stakeholders surrounding firms. Against this backdrop, this study conducted a panel regression analysis on firms evaluated by Korea Corporate Governance Service to analyze the impact of ESG performance, a firm's non-financial performance, on firm risk. According to the analysis, ESG performance has a negative (-) effect on all three firm risks (systematic risk, unsystematic risk, and total risk), indicating that the stakeholder theory and risk management theory are supported. The implications of this study are: First, ESG reduces not only unsystematic risk but also broad and indiscriminate systematic risk; Second, investors can reduce the risk of their investment portfolio by executing ESG investments; Third, companies can achieve stable financial performance even in adverse circumstances by utilizing the insurance function of ESG management; Lastly, the government can enhance the stability of the financial market while improving the financial soundness of firms through reasonable ESG-related regulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.425-433
• /
• 2016

In smart grid, enhancement of efficiency and interoperability of electric power system is achieved through the connection with outer network, and this induces that power grid system is threatened increasingly, becomes the main target of cyber terrorism, and is sincerely required to design the secure power system. Although SSDLC(Secure System Development Life Cycle) is used for risk management from the design phase, traditional development life cycle is somewhat limited for satisfaction of information security indicator of power control system. Despite that power control system should reflect control entities of information security considering its own characteristics, validation elements are insufficient to apply into real tasks based on existing compliance. To make design of diagnostic model and assessment process for power control system possible and to give a direction for information security and present related indicator, we propose the new risk management framework of power control system which is applied operational security controls and standard architecture presented by IEC 62351 TC 57 with enterprise risk management framework.

• Knowledge Management Research
• /
• v.23 no.4
• /
• pp.43-67
• /
• 2022

One of the dark sides of the development of information and communication technology is the significant increase in cybercrime. In particular, investigators in charge of cyber sexual crime are repeatedly exposed to video data of illegal sexual violence; hence, they are at high risk of post-traumatic stress disorder (PTSD) and experiencing vicarious trauma. Notwithstanding, few studies have focused on these investigators' PTSD, and, to the best of our knowledge, no study has been conducted on the vicarious trauma of cyber sexual crime investigators. Therefore, this study identifies investigators' mental health status (trauma-related, especially) and examines their perception of the currently operating psychological support programs. Further, by reviewing the psychological support system of overseas institutions, we would suggest psychological support and policies necessary for domestic cyber sexual crime units to manage investigators' work stress and prevent mental illness under domestic circumstances.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.91-102
• /
• 2023

The Energy Management System (EMS) communicates with power plants and substations, monitors the substations and plant operational status of the transmission and substation system for stability, continuity, real-time, and economy of power supply, and controls power plants and substations. Currently, the power exchange EMS communicates with power plants and substations based on the serial communication-based Distributed Network Protocol (DNP) 3.0 protocol. However, problems such as the difficulty of supply and demand of serial communication equipment and the lack of installation space for serial ports and modems are raised due to the continuous increase in new facilities to perform communication, including renewable power generation facilities. Therefore, this paper presents a TCP/IP-based communication method instead of the existing serial communication method of the power exchange EMS, and presents a security risk analysis that may occur due to changes in the communication method and a countermeasure to the security risk.

• International Journal of Human Ecology
• /
• v.11 no.2
• /
• pp.51-61
• /
• 2010

Using data from the 2007 SCF, this study examined the use of information source for investment decisions of elderly consumers. The results indicated that many elderly consumers (about 88%) involved savings /investment decisions. The elderly used 'Experts' (39.48%) as a major information source for their investment decisions, followed by 'Friends' (24.18%). The results of the multinomial logit analysis suggested that the perceived value, the cost for search, knowledge, risk and some of the demographic factors were significantly related to the choice of the information sources for investments by elderly consumers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.135-141
• /
• 2008

The risk enlargement of cyber infringement and hacking is one of the latest hot issues. To solve the problem, the research for Security Risk Analysis, one of Information Security Technique, has been activating. However, the evaluation for Security Risk Analysis has many burdens; evaluation cost, long period of the performing time, participants’ working delay, countermeasure cost, Security Management cost, etc. In addition, pre-existing methods have only treated Analyzing Standard and Analyzing Method, even though their scale is so large that seems like a project. the Analyzing Method have no option but to include assessors’ projective opinion due to the mixture using that both qualitative and quantitative method are used for. Consequently, in this paper, we propose the Security Risk Analysis Methodology which manage the quantitative evaluation as a project and use Case-Based Reasoning Algorithm for define the period of the performing time and for select participants.