• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

• Journal of Intelligence and Information Systems
• /
• v.27 no.1
• /
• pp.1-21
• /
• 2021

As the global business environment changes, uncertainties in technology development and market needs increase, and competition among companies intensifies, interests and demands for R&D activities of individual companies are increasing. In order to cope with these environmental changes, R&D companies are strengthening R&D investment as one of the means to enhance the qualitative competitiveness of R&D while paying more attention to facility investment. As a result, facilities or R&D investment elements are inevitably a burden for R&D companies to bear future uncertainties. It is true that the management strategy of increasing investment in R&D as a means of enhancing R&D capability is highly uncertain in terms of corporate performance. In this study, the structural factors that influence the R&D capabilities of companies are explored in terms of technology management capabilities, R&D capabilities, and corporate classification attributes by utilizing data mining techniques, and the characteristics these individual factors present according to the level of R&D capabilities are analyzed. This study also showed cluster analysis and experimental results based on evidence data for all domestic R&D companies, and is expected to provide important implications for corporate management strategies to enhance R&D capabilities of individual companies. For each of the three viewpoints, detailed evaluation indexes were composed of 7, 2, and 4, respectively, to quantitatively measure individual levels in the corresponding area. In the case of technology management capability and R&D capability, the sub-item evaluation indexes that are being used by current domestic technology evaluation agencies were referenced, and the final detailed evaluation index was newly constructed in consideration of whether data could be obtained quantitatively. In the case of corporate classification attributes, the most basic corporate classification profile information is considered. In particular, in order to grasp the homogeneity of the R&D competency level, a comprehensive score for each company was given using detailed evaluation indicators of technology management capability and R&D capability, and the competency level was classified into five grades and compared with the cluster analysis results. In order to give the meaning according to the comparative evaluation between the analyzed cluster and the competency level grade, the clusters with high and low trends in R&D competency level were searched for each cluster. Afterwards, characteristics according to detailed evaluation indicators were analyzed in the cluster. Through this method of conducting research, two groups with high R&D competency and one with low level of R&D competency were analyzed, and the remaining two clusters were similar with almost high incidence. As a result, in this study, individual characteristics according to detailed evaluation indexes were analyzed for two clusters with high competency level and one cluster with low competency level. The implications of the results of this study are that the faster the replacement cycle of professional managers who can effectively respond to changes in technology and market demand, the more likely they will contribute to enhancing R&D capabilities. In the case of a private company, it is necessary to increase the intensity of input of R&D capabilities by enhancing the sense of belonging of R&D personnel to the company through conversion to a corporate company, and to provide the accuracy of responsibility and authority through the organization of the team unit. Since the number of technical commercialization achievements and technology certifications are occurring both in the case of contributing to capacity improvement and in case of not, it was confirmed that there is a limit in reviewing it as an important factor for enhancing R&D capacity from the perspective of management. Lastly, the experience of utility model filing was identified as a factor that has an important influence on R&D capability, and it was confirmed the need to provide motivation to encourage utility model filings in order to enhance R&D capability. As such, the results of this study are expected to provide important implications for corporate management strategies to enhance individual companies' R&D capabilities.

• Journal of Korea Game Society
• /
• v.5 no.2
• /
• pp.19-27
• /
• 2005

The core price policy of on-line game marketing are FPP(Fixed Pre Paid model and PPU(Pay Per Use) model. These two models have been a on-line game company's billing system and a fundamental of MMORPG in Korea. However, they took root billing system only for first movers recently. In now, the market share of several first movers is exceeding 80%, late movers witch have same billing system cannot take part in pair competition. Even though in MMORPG, many games of late movers were favorably noticed by a lot of gamers during Evaluation. Test, a lot of companies are bankrupt before make business. Late Movers declare free game first thing, they maintain their existence and win over customers in on-line game market. And next, they guarantee item selling, give multiple experience value and game money, at last, induce their customers to pay service. As it makes trouble between pay user and free user, and it linked up with the collapse of game contents balance that designed for FPP billing system, And then meet unexpected result which reduction of game life cycle. In this Paper, we classified several contents services based on game contents, and suggested contents premium services which adopted low cost strategy lead to micro payment. we hope it will apply to late movers' new billing system in MMORPG.

• Journal of Nuclear Fuel Cycle and Waste Technology(JNFCWT)
• /
• v.9 no.3
• /
• pp.191-198
• /
• 2011

In general, conventional criticality analyses for spent fuel transport/dry storage systems have been performed based on assumption of fresh fuel concerning the potential uncertainties from number density calculation of Transuranic and Fission Products in spent fuel. However, because of economic loss due to the excessive criticality margin, recently the design of transport/dry storage systems with Burnup Credit(BUC) application has been actively developed. The uncertainties in criticality analyses on transport/storage systems with BUC technique show strong dependance upon initial enrichment and burnup rate, whereas those in the conventional criticality evaluation based on fresh fuel assumption do not show such a dependance. In this study, regulatory-required uncertainties of the criticality analyses for BK 26 Cask, which is conceptually designed spent fuel transport cask with BUC corresponding to the limiting circumstances on nuclear power plants in Korea, are evaluated as a function of initial enrichment and burnup rate. Results of this study will be used as basic data for spent fuel loading curve of BK 26 Cask.

• Journal of the Korea Convergence Society
• /
• v.12 no.9
• /
• pp.11-19
• /
• 2021

A software system is required to change during its life cycle due to various requirements such as adding functionalities, fixing bugs, and adjusting to new computing environments. Such program code modification should be considered as carefully as a new system development becase unexpected software errors could be introduced. In addition, when reusing open source programs, we can expect higher quality software if code changes of the open source program are predicted in advance. This paper proposes a Convolutional Neural Network (CNN)-based deep learning model to predict source code changes. In this paper, the prediction of code changes is considered as a kind of a binary classification problem in deep learning and labeled datasets are used for supervised learning. Java projects and code change logs are collected from GitHub for training and testing datasets. Software metrics are computed from the collected Java source code and they are used as input data for the proposed model to detect code changes. The performance of the proposed model has been measured by using evaluation metrics such as precision, recall, F1-score, and accuracy. The experimental results show the proposed CNN model has achieved 95% in terms of F1-Score and outperformed the multilayer percept-based DNN model whose F1-Score is 92%.

• Journal of Korean Society of Disaster and Security
• /
• v.12 no.2
• /
• pp.1-13
• /
• 2019

In this study, we propose rainfall frequency criteria for the development of early-warning system based on the evaluation of the highway debris flow that includes the contents of the rainfall recurrence cycle. The rainfall criterion was recommended based on the results of previous researches and the recommended rainfall criterion was 1 hour, 6 hours, and 3 days. At this time, the study subjects were located in Gangwon area and the probability rainfall of 8 stations in Gangwon area was collected. Also, the probabilistic distribution of the 1 hour, 6 hour, and 3 day rainfall criteria to be used for the early warning for the highway debris flow in Kangwon area was estimated through the probability analysis. In addition, we analyzed the correlation between 3 types of rainfall criteria selected from the rainfall data and the actual destructive damages of debris flow at 12 points in 7 lines of Gangwon highways. At this time, the rainfall criterion on the probability distribution was divided into an average value and a lower limit value. As a result of the review, it was found that the case of using the lower limit value of the rainfall according to the recurrence intervalwell simulates the situation of actual debris flow hazards.

• Journal of Korean Home Economics Education Association
• /
• v.33 no.2
• /
• pp.115-133
• /
• 2021

The purpose of this study is to develop a teaching-learning plans for middle school Home Economics that practices clothing life in response to climate change. Four steps of analysis, design, development, and evaluation were used for the research. 'Phenomenon and cause, impact (environmental, economic and social) and response (relaxation and adaptation)' were selected as educational content elements for climate change through reviewing the literature related to climate change. Six types of middle school Technology and Home Economics textbooks under the 2015 revised curriculum were analyzed using the selected content elements for climate change as the basis for analysis according to the data type(reading data, picture data, activity data) and clothing use cycle (production, purchase, use, and disposal). Based on the content elements of climate change in the clothing life area extracted through textbook analysis, a total of 12 teaching-learning plans in response to climate change were developed by utilizing various teaching and learning methods, data and media. The teaching-learning plans were designed based on an integrated understanding of the phenomena, causes, effects, and responses of climate change for the students to realize the seriousness of climate change and to exercise positive influence on families and society.

• The Mathematical Education
• /
• v.63 no.1
• /
• pp.35-61
• /
• 2024

The purpose of this study is to examine changes in Korean middle school students' affective attitudes toward mathematics over the past 5 cycles of TIMSS. To this end, we first analyzed the changes in students' affective attitudes towards mathematics in five major countries, and then analyzed the changes in Korean students' affective attitudes toward mathematics by item. As a result of the study, there were positive changes in Korean students' interest, confidence, and value perception of mathematics during the recent 5 cycle of TIMSS. Korean male students' affective attitude toward mathematics is higher than that of female students, and the gender gap has been increasing recently. There was a large difference in the affective attitudes toward mathematics among Korean students, depending on their achievement level, and in particular, the affective attitudes toward mathematics of students at the lower achievement level remained significantly low. Item-level analysis revealed a decrease in Korean students' awareness of the necessity of mathematics in daily life. Based on these results, we discussed the implications for cultivating Korean students' affective attitudes. It is hoped that the results of this study will be meaningfully used as basic data for examining the performance of mathematics education in Korea and contribute to developing measures to foster students' positive attitudes toward mathematics.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.8 no.4
• /
• pp.177-191
• /
• 2013

6th Industry reduced agricultural income and rural areas, the economic downturn is going to be activated is attracting attention as an alternative. 6th industry means that the integrated or linked, the manufacture and processing of secondary industry based on primary industry, the distribution and service of tertiary industry. Park Geun-hye government to realize the creative economy in agriculture as an alternative to specifically evaluate the 6th industries and suggests various policy alternatives. In addition, to support the development of models and analysis of best practices, including sleep studies are in progress. However, the 6th Industry management body for performing management level, technical level, the leader in comprehensive evaluation of competencies and indicators on the development of an evaluation study is insufficient. In this regard, the present study performed 6th industry management body for the management level, technical level, the leader competency evaluation indicators to develop a comprehensive evaluation by utilizing AHP method was developed indicators. The results achieved in Korea As different countries and the FTA as cheap agricultural imports increased 6th industry revenues associated with the management body is very likely to be worse. The endless competition to survive in the most important of the strategy for each individual project management body to operate on their own, rather than to strengthen internal capacity by strengthening linkages with other industries, products, and services that promote the sale will be. This also is that you need to improve revenue management body. Thus, all 6th industry management body at the location of their efforts to gain the trust of consumers will require, moreover, for each management body to build cooperation between the various measures will be sought. In addition to the smart era rapidly changing needs of customers, depending on the life cycle of products and services are getting faster and the new consumer is getting more and more tend to find new products. Thus, customers and management body 6th industry changes quickly and accurately predict market trends, and also to market new products and services that further efforts would be needed.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.4
• /
• pp.881-893
• /
• 2007

IT(Information Technology)-based industries have caused a recent digital revolution and the appearance of various types' information service, being largely expanded toward info-communication device company, info-communication service company, software company etc.. Therefore, the needs to evaluate the company value of IT business for M&A or liquidation are growing tremendously. Unlike other industries, however, IT industry has a short lift cycle and so it doesn't have not only a company value-evaluating model for general businesses but the objective one for IT companies yet. So, this thesis analyzes various value-evaluating technique and newly rising ROV. DCF, the change method of company's cash flow including tangible assets into future value, had been applied during the past industrialization economy era and has been persuasively applied to the present. However, the DCF valuation has no option but to make many mistakes because IT companies have more intangible assets than tangible assets. Accordingly, it is ROV, recognized as the new method of evaluating companies' various options normally and quantitatively, that is brought up recently. But the evaluation on the companies' various options is too subjective and theoretical up to now and due to the lack of objective ground and options, it's not possible to be applied to reality. In this thesis, it is found that ROV is more accurate than DCF, comparing DCF and ROV through four examples. As the options applied to ROV are excessively limited, we tried to develop ROV into a new method by deriving five invisible value factors within IT companies. Therefore, on this occasion, we should set up the basic valuation methods on IT companies and should research and develop an effective and various valuation methods suitable to each company like an internet-based company, a S/W developing enterprise, a network-related company among IT companies.