• The Journal of the Korea Contents Association
• /
• v.9 no.4
• /
• pp.286-298
• /
• 2009

Became large a problem we were productive movement of information became large and occurring to diffusions of development of public media and Internet use. While the Internet became a generalization, public media had more influences and risks, and a crime to abuse anonymity became large in cyber space. In addition, damage is becoming expanded reproduction that infringe of ' crime victim's rights of portrait'. The point that is most important in order to improve these points is recognition regarding the special situation of crime victim, and the ethic consciousness and independent operation regulation and regulation system that these point was taken into consideration in the public media and Internet operation that are an information producer is necessary, and Internet portal shall be included like Internet newspapers to the arbitration object of the Press Arbitration Commission. Also, a legal system regarding personal responsibility shall have for protection of a crime victim's rights of portrait by personal information activity for protection in cyber space. Suggest to a portrait of a crime victim, and an individual and social rights security effort are required for activation regarding an infringement relief system.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.24 no.4
• /
• pp.50-56
• /
• 2010

Supervisory Control and Data Acquisition Systems (SCADAs) is real-time monitor and control systems. SCADA systems are used to monitor or control chemical and transportation processes, in municipal water supply systems, electric power generation, transmission and distribution, gas and oil pipelines, and other distributed processes. SCADA refers to a large-scale distributed system. The supervisory control system is placed on top of a real time control system to control external processes. Emerging security technologies and security devices are decreasing the vulnerability of the power system against cyber threats. Dealing with these threats and analyzing vulnerabilities is an important task for equipment such as RTU, IED and FEP. To reduce such risks, we develop such a SCADA testbed. This paper presents the development of a testbed designed to assess the vulnerabilities SCADA networks(including serial communication).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1467-1482
• /
• 2017

Recently, Interests on The Fourth Industrial Revolution has been increased. In the manufacturing sector, the introduction of Smart Factory, which automates and intelligent all stages of manufacturing based on Cyber Physical System (CPS) technology, is spreading. The complexity and uncertainty of smart factories are likely to cause unexpected problems, which can lead to manufacturing process interruptions, malfunctions, and leakage of important information to the enterprise. It is emphasized that there is a need to perform systematic management by analyzing the threats to the Smart Factory. Therefore, this paper systematically identifies the threats using the STRIDE threat modeling technique using the data flow diagram of the overall production process procedure of Smart Factory. Then, using the Attack Tree, we analyze the risks and ultimately derive a checklist. The checklist provides quantitative data that can be used for future safety verification and security guideline production of Smart Factory.

• Journal of Convergence for Information Technology
• /
• v.9 no.8
• /
• pp.35-44
• /
• 2019

The purpose of this study is to find out quantitative vulnerability assessment about COTS(Commercial Off The Shelf) O/S based I&C System. This paper analyzed vulnerability's lifecycle and it's impact. this paper is to develop a quantitative assessment of overall cyber security risks and vulnerabilities I&C System by studying the vulnerability analysis and prediction method. The probabilistic vulnerability assessment method proposed in this study suggests a modeling method that enables setting priority of patches, threshold setting of vulnerable size, and attack path in a commercial OS-based measurement control system that is difficult to patch an immediate vulnerability.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.366-369
• /
• 2014

Recently been viewed as a core technology of the IT industry, cloud computing services. It is expected that the market for cloud services industry showed a growth rate of 18.9% annually, to form a scale of $ 1,330 billion dollars in 2013, and to form a 1,768 billion dollars in 2015. Growth of cloud computing services industry, provides the operational efficiency and reduce costs for many companies, but the risks associated with it is also increasing. There is a problem that phenomenon is to lose control of the data on features of the cloud service, more data is gathered in one place, when a failure occurs, it is removed simultaneously the data of all devices. therefore, in the present paper is investigate the area a quick recovery with up to the problem and secure data storage INT the cloud computing service is available in only the data in the cloud service possible.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.201-208
• /
• 2020

Recently, the application of personal proofing service based on social security number(SSN) replacement means for verifying identity in non-face-to-face transactions is increasing. In this paper, we propose a method of applying differentiated personal proofing service on whether identity verification is necessary in the online service provided by ISP and if it is appropriate to apply a certain level of assurance. By analyzing the requirements related to personal proofing required by current ISPs, we analyze the risks for each of the requirements and propose a method of applying differentiated personal proofing service according to the level of identity assurance guarantee to minimize the risks. In applying the proposed method to online service provision, it is possible to reduce user's unnecessary authentication cost by minimizing the application of personal proofing service based on alternative means, and to help protect user personal information by minimizing excessively collected personal information.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.12
• /
• pp.123-132
• /
• 2014

In this paper, we study the verification techniques for OS integrity that can be more fatal than applications in case of security issues. The dissemination of smartphones is rapidly progressing and there are many similarities of smartphones and PCs in terms of security risks. Recently, in mobile network environment, there is a trend of increasing damages and now, there are active researches on a system that can comprehensively respond to this. As a way to prevent these risks, integrity checking method on operation system is being researched. As most integrity checking algorithms are classified by verification from the levels before booting the OS and at the time of passing on the control to the OS, in which, there are minor differences in the definitions of integrity checking or its methods. In this paper, we suggests the integrity verification technique of OS using a boot loader and a physically independent storing device in the mobile device.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.674-681
• /
• 2021

Cyber attacks targeting critical infrastructure are on the rise. Critical infrastructure is defined as core infrastructures within a country with a high degree of interdependence between the different structures; therefore, it is difficult to sufficiently protect it using outdated cybersecurity techniques. In particular, the distinction between the physical and logical risks of critical infrastructure is becoming ambiguous; therefore, risk management from a comprehensive perspective must be implemented. Accordingly, as a means of further actively protecting critical infrastructure, major countries have begun to apply their security and cybersecurity systems by design, as a more expanded concept is now being considered. This proactive security approach (CSbD, Cybersecurity by Design) includes not only securing the stability of software (SW) safety design and management, but also physical politics and device (HW) safety, precautionary and blocking measures, and overall resilience. It involves a comprehensive security system. Therefore, this study compares and analyzes security by design measures towards critical infrastructure that are leading the way in the US, Europe, and Singapore. It reflects the results of an analysis of optimal cybersecurity solutions for critical infrastructure. I would like to present a plan for applying by Design.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.2
• /
• pp.327-331
• /
• 2020

In that this study is a subject and character of risk, emerging security covers non-military areas in addition to traditional military security: environmental security, human security, resource security, and cyber security. The rise of these risks is not only changing the phenomenon of the new expansion of security areas, but also the expansion of the number and scope of security entities and the aspect of security world politics. These risks are transnational security issues at the global level in terms of their nature and extent of the damage, as well as multi-layered ones that affect local and personal security issues at the regional and national levels. In addition to national actors, non-state actors such as international organizations, multinational corporations, and global civil society, and furthermore, technology and social systems themselves are causing risks. Therefore, to solve the new security problem, it is necessary to establish a middle-level and complex governance mechanism that is sought at the regional and global levels beyond the fragmented dimension of the occurrence of new security issues that have been overlooked in the existing frame of perception, and to predict and find ways to respond to new security paradigms that have been identified in a broader sense.

• Journal of the Korean Society of Clothing and Textiles
• /
• v.37 no.1
• /
• pp.27-38
• /
• 2013

Word-of-mouth (WOM) communication (traditionally important in consumption) is expanding its influence into cyber space and is playing an important role in online shopping. Consumers who use online shopping might not readily make purchasing decisions due to information overload, lack of accurate product recognition, and the distrust of commercial information. Subsequently, people use WOM communication for a mutual interchange with others who share common concerns, interests, and purposes. This study examines the consumer characteristics, perceived risk on online shopping and benefits of online shopping according to WOM behavior that may significantly affect consumer actions. Factor analysis, t-test, one-way ANOVA, cluster analysis, and Chi-square analysis were used for statistical analysis to identify the differences in consumer characteristics. Online WOM behavior consumers purchased more various items than offline WOM behavior consumers; however, the most influential purchasing factor was price regardless of WOM behavior. Offline WOM behavior consumers have shown higher perceived online shopping risks and benefits.