• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.10
• /
• pp.1311-1319
• /
• 2019

Currently, the web environment is a commonly used area for sharing information and conducting business. It is becoming an attack point for external hacking targeting on personal information leakage or system failure. Conventional signature-based detection is used in cyber threat but signature-based detection has a limitation that it is difficult to detect the pattern when it is changed like polymorphism. In particular, injection attack is known to the most critical security risks based on web vulnerabilities and various variants are possible at any time. In this paper, we propose a novelty detection technique to detect abnormal state that deviates from the normal state on web-server log dataset(WSLD). The proposed method is a machine learning-based technique to detect a minor anomalous data that tends to be different from a large number of normal data after replacing strings in web-server log dataset with vectors using machine learning-based embedding algorithm.

• Journal of the Korean Institute of Gas
• /
• v.27 no.1
• /
• pp.63-69
• /
• 2023

Although Korea is the world's No. 1 semiconductor producing country, most studies are conducted with risk assessment for simple material risks due to the closedness of the site for industrial protection. In terms of industrial safety, a monitoring system such as a gas detector to determine the leakage of hazardous substances has been established, but research on effectively discharging harmful gastritis substances in case of leakage has only recently begun. Semiconductor manufacturing facilities (gas boxes) where a large amount of flammable materials are handled are currently being safety managed by using a gas detector and blocking the air inlet. It is difficult to dilute in a short time in case of leakage of flammable substances. Therefore, in this study, based on various criteria, the size of the duct according to the size of the gas box is determined and the appropriate size of the air inlet is studied to minimize the exhaust performance requirement without exposing hazardous chemicals to the outside in the event of a flammable leak. We want to do an optimal exhaust design.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.19-26
• /
• 2023

The impact of environmental, social and governance (ESG) performance on investors' decision-making is growing. Investors' focus on the financial performance of firms in the past is expanding to the non-financial performance of the interests of stakeholders surrounding firms. Against this backdrop, this study conducted a panel regression analysis on firms evaluated by Korea Corporate Governance Service to analyze the impact of ESG performance, a firm's non-financial performance, on firm risk. According to the analysis, ESG performance has a negative (-) effect on all three firm risks (systematic risk, unsystematic risk, and total risk), indicating that the stakeholder theory and risk management theory are supported. The implications of this study are: First, ESG reduces not only unsystematic risk but also broad and indiscriminate systematic risk; Second, investors can reduce the risk of their investment portfolio by executing ESG investments; Third, companies can achieve stable financial performance even in adverse circumstances by utilizing the insurance function of ESG management; Lastly, the government can enhance the stability of the financial market while improving the financial soundness of firms through reasonable ESG-related regulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.527-536
• /
• 2024

In the digital age, the growth of AI and digital technologies brings opportunities and cybersecurity risks. At the forefront of this change are teenagers, referred to as 'digital natives'. However, they may have difficulty using technology safely without proper information security knowledge. This paper highlights the need for information security education for teenagers in South Korea by referring to cases in the UK, Australia, and the US. These countries are already providing education that prepares young people for cyber threats and future societal needs. Reflecting this trend, South Korea should also establish comprehensive information security education for teenagers to equip them for the digital age.

• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.3-11
• /
• 2024

Information security is crucial not only for protecting against external cyber-attacks but also for identifying and blocking internal data leakage risks in advance. To this end, many companies and institutions implement digital rights management(DRM) document security solutions, which encrypt files to prevent content access if leaked, and data loss prevention(DLP) solutions, which control devices such as USB ports on computing equipment to prevent data leaks. At a time when efforts to prevent internal data leaks are crucial, there is a growing need for control policies such as device control and the identification of information assets in standalone network environments, which could otherwise fall into unmanaged domains. In this study, we propose a Generation-Distribution-Application model for device control policies that are uniquely applied to standalone information assets that are not connected to internal networks. To achieve this, we developed an authentication technique linked with the asset management system, where information assets are automatically registered upon acquisition. This system allows for precise identification of information assets and enables flexible device control, and we have designed and implemented a system based on these principles.

• Korean Security Journal
• /
• no.25
• /
• pp.185-208
• /
• 2010

This study is to suggest the current security education programs and improvement of industrial security curriculums in Korea. We live in a world of insecurity; the world is changing at an ever accelerating pace. Life, society, economics, international relations, and security risk are becoming more and more complex. The nature of work, travel, recreation, and communication is radically changing. We live in a world where, seemingly with each passing year, the past is less and less's guide to the future. Security is involved in on one way or another in virtually every decision we make and every activity we undertake. The global environment has never been more volatile, and societal expectations for industrial security and increasing if anything. The complexities of globalization, public expectation, regulatory requirements, transnational issues, jurisdictional risks, crime, terrorism, advances in information technology, cyber attacks, and pandemics have created a security risk environment that has never been more challenging. We had to educate industrial security professional to cope with new security risk. But, how relevant is a college education to the security professional? A college degree will not guarantee a job or advancement opportunities. But, with a college and professional training, a person has improved chances for obtaining a favored position. Commonly, Security education and experience are top considerations to find a job so far, also training is important. Today, Security is good source to gain competitive advantage in global business. The future of security education is prospect when one considers the growth evident in the field. Modern people are very security-conscious today, so now we had to set up close relevant industrial security programs to cope with new security risk being offered in colleges or several security professional educational courses.

• Journal of the Korea Convergence Society
• /
• v.12 no.4
• /
• pp.95-103
• /
• 2021

This study was aimed to investigate the education needs for prevention and control of infectious diseases by lifecycle based on age group and to provide the fundamental data to develop the educational programs. A research was conducted with 328 adults over 19 years old for a month of February 2021 through online and mobile survey by Gallup Korea. Research contents include the general characteristics, personal hygiene practices related to infection, perceived risks related to infection, importance and level of knowledge on infectious diseases, and education needs for prevention and control of infectious diseases. For the research data analysis, PASW Statistics Ver 20.0 was used as a statistical program. Ranks from analysis upon conversion as the formula of Borich needs to sum up with importance and knowledge level showed first (Borich 3.11) with treatments for infectious diseases; second (Borich 2.15) with process in case of suspicion and diagnosis of infectious diseases; third (Borich 1.75) with transmission routes of infectious diseases; fourth (Borich 1.73) with preventive ways of infectious diseases; fifth (Borich 1.50) with diagnostic and test methods of infectious diseases; sixth (Borich 1.45) with characteristics of infectious diseases; and seventh (Borich1.38) with main symptoms of infectious diseases. It is anticipated that development of educational programs applying education needs for prevention and control of infectious diseases in this research can contribute to enhance the physical health, mental health, and psychological well-being of the subjects.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.