• Journal of Distribution Science
• /
• v.20 no.7
• /
• pp.107-117
• /
• 2022

Purpose: The scope of forensic investigations serves to identify malicious activities, including leakage of crucial corporate information. The investigations also identify security lapses in available networks. The purpose of the present study is to explore how to block distribution channels to protect illegal leakage in supply chain through digital forensic method. Research design, data and methodology: The present study conducted the qualitative textual analysis and its data collection process entails five steps: identifying and collecting data, determining coding categories, coding the content, checking validity and reliability, and analyzing and presenting the results. This methodology is a significant research method due to its high quality of previous resources. Results: Applying previous literature analysis to the results of this study, the author figured out that there are four solutions as an evidences to block distribution channels, preventing illegal leakage regarding company information. The following subtitles show clear solutions: (1) Communicate with Stakeholders, (2) Preventing and addressing illegal leakage, (3) Victims of Data Breach, (4) Focusing Solely on Technical Teams. Conclusion: There are difficult scenarios that continue to introduce difficult questions surrounding engagement with digital evidence. Consequently, it is important to enhance data handling to provide answers for organizations that suffer due to illegal leakages of sensitive information.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.36 no.2
• /
• pp.231-243
• /
• 2016

This study presents the applicability of two-dimensional (2D) flood inundation model by applying to real irrigation reservoir failure with limited available data. The study area is Sandae Reservoir placed in Gyeongju and downstream area of it and the reservoir was failured by piping in 2013. The breach hydrograph was estimated from one-dimensional (1D) hydrodynamic model and the discharge was employed for upstream boundary of 2D flood inundation model. Topography of study area was generated by integrating digital contour map and satellite data, and Cartesian grids with 3m resolution to consider geometry of building, road and public stadium were used for 2D flood inundation analysis. The model validation was carried out by comparing predictions with field survey data including reservoir breach outflow, flood extent, flood height and arrival time, and identifying rational ranges with allowed error. In addition, the applicability of 2D model is examined using different simulation conditions involving grid size, building and roughness coefficient. This study is expected to contributed to analysis of irrigation reservoirs were at risk of a failure and setting up Emergency Action Plan (EAP) against irrigation reservoir failure.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.23
• /
• pp.155-219
• /
• 2004

This paper focuses on two recent legislative developments in electronic commerce: the "Uniform Computer Information Transactions Act" ("UCITA") of USA and the "preliminary draft convention on the use of data message in [international trade] [the context of international contracts]" ("preliminary draft Convention") of UNCITRAL. UCITA provides rules contracts for computer information transactions. UCITA supplies modified contract formation rules adapted to permit and to facilitate electronic contracting. UCITA also adjusts commonly recognized warranties as appropriate for computer information transactions; for example, to recognize the international context in connection with protection against infringement and misappropriation, and First Amendment considerations involved with informational content. Furthermore, UCITA adapts traditional rules as to what is acceptable performance to the context of computer information transactions, including providing rules for the protection of the parties concerning the electronic regulation of performance to clarify that the appropriate general rule is one of material breach with respect to cancellation (rather than so-called perfect tender). UCITA also supplies guidance in the case of certain specialized types of contracts, e.g., access contracts and for termination of contracts. While for the most part carrying over the familiar rules of Article 2 concerning breach when appropriate in the context of the tangible medium on which the information is fixed, but also adapting common law rules and rules from Article 2 on waiver, cure, assurance and anticipatory breach to the context of computer information transactions, UCITA provides a remedy structure somewhat modeled on that of Article 2 but adapted in significant respects to the different context of a computer information transaction. For example, UCITA contains very important limitations on the generally recognized common law right of self-help as applicable in the electronic context. The UNCITRAL's preliminary draft Convention applies to the use of data messages in connection with an existing or contemplated contract between parties whose places of business are in different States. Nothing in the Convention affects the application of any rule of law that may require the parties to disclose their identities, places of business or other information, or relieves a party from the legal consequences of making inaccurate or false statements in that regard. Likewise, nothing in the Convention requires a contract or any other communication, declaration, demand, notice or request that the parties are required to make or choose to make in connection with an existing or contemplated contract to be made or evidenced in any particular form. Under the Convention, a communication, declaration, demand, notice or request that the parties are required to make or choose to make in connection with an existing or contemplated contract, including an offer and the acceptance of an offer, is conveyed by means of data messages. Also, the Convention provides for use of automated information systems for contract formation: a contract formed by the interaction of an automated information system and a person, or by the interaction of automated information systems, shall not be denied on the sole ground that no person reviewed each of the individual actions carried out by such systems or the resulting agreement. Further, the Convention provides that, unless otherwise agreed by the parties, a contract concluded by a person that accesses an automated information system of another party has no legal effect and is not enforceable if the person made an error in a data message and (a) the automated information system did not provide the person with an opportunity to prevent or correct the error; (b) the person notifies the other party of the error as soon as practicable when the person making the error learns of it and indicates that he or she made an error in the data message; (c) The person takes reasonable steps, including steps that conform to the other party's instructions, to return the goods or services received, if any, as a result of the error or, if instructed to do so, to destroy such goods or services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.87-95
• /
• 2014

Under only authorized AP is allowable environment, rogue AP which is generated by a smartphone tethering can be a serious security breach. To solve rogue AP problem, this paper proposes classifying algorithm of Kernel Support Vector Machine using features of RTT data. Through our experiment, we can detect rogue AP from LTE mobile network.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.219-228
• /
• 2018

The utilization of NFC has been continuously increasing due to the spread of smart phones and the development of short-range wireless communication networks. However, it has been suggested that stability and security of convenient NFC short-range wireless communications can be unstable and problematic. The unstable causes for NFC are the lack of security technologies for NFC, the controversy about personal information infringement, and the lack of social awareness on security breach against data settlement. NFC service can be conveniently used by simply touching other NFC devices and NFC tags through the NFC device. This thesis analyzes that NFC authentication technology, which is convenient for user are one of the unstable causes of security of NFC. This thesis suggest that ministry should research countermeasures and promote how users can use NFC safely. It also suggests that users should have awareness when they use payment and authentication service through NFC to prevent from security threat.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1205-1219
• /
• 2019

As the ability to use data becomes competitive power in the data-driven economy, the effort to create economic value by using personal data is emphasized as much as to protect personal data. EU's PSD2(the second Payment Service directive) became the initiative of the Open Banking trends all over the world, as it is the Mydata policy which protects the data subject's right by empowering the subject to control over the personal data with the right to data portability and promotes personal data usages and transfer. Korean government is now fast adopting EU's PSD2 in financial sector, but there is growing concerns in personal data abuse and misuse, and data breach. This study analyzes domestic financial Mydata policy in comparison with EU's PSD2 and focus on Personal information life-cycle risks of financial Mydata policy. Some suggestions on how to promote personal information and privacy in domestic financial Mydata Policy will be given.

• Journal of Integrative Natural Science
• /
• v.14 no.4
• /
• pp.189-196
• /
• 2021

Recently, as a countermeasure for cyber breach attacks and confidential leak incidents on PC hard disk memory storage data of the metaverse industry, it is required when reviewing and developing a remote-based regular/real-time monitoring and analysis security system. The reason for this is that more than 90% of information security leaks occur on edge-end PCs, and tangible and intangible damage, such as an average of 1.20 billion won per metaverse industrial security secret leak (the most important facts and numerical statistics related to 2018 security, 10.2018. the same time as responding to the root of the occurrence of IT WORLD on the 16th, as it becomes the target of malicious code attacks that occur in areas such as the network system web due to interworking integration when building IT infrastructure, Deep-Access-based regular/real-time remote. The concept of memory analysis and audit system is key.

• Journal of KIISE
• /
• v.44 no.2
• /
• pp.195-207
• /
• 2017

In recent years, data are actively exploited in various fields. Hence, there is a strong demand for sharing and publishing data. However, sensitive information regarding people can breach the privacy of an individual. To publish data while protecting an individual's privacy with minimal information distortion, the privacy- preserving data publishing(PPDP) has been explored. PPDP assumes various attacker models and has been developed according to privacy models which are principles to protect against privacy breaching attacks. In this paper, we first present the concept of privacy breaching attacks. Subsequently, we classify the privacy models according to the privacy breaching attacks. We further clarify the differences and requirements of each privacy model.

• Journal of Internet of Things and Convergence
• /
• v.8 no.5
• /
• pp.1-9
• /
• 2022

As various services are linked to IoT(Internet of Things) and portable communication terminals, cyber attacks that exploit security vulnerabilities of the devices are rapidly increasing. In particular, cyber attacks targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the response system in the event of a breach, it is necessary to apply a data enrichment mechanism for the collected artifact data to improve threat analysis and detection performance. Therefore, in this study, by analyzing the data supplementation common elements performed in the existing incident management framework for the artifacts collected for the analysis of intrusion accidents, characteristic elements applicable to the actual system were derived, and based on this, an improved accident analysis framework The prototype structure was presented and the suitability of the derived data supplementary extension elements was verified. Through this, it is expected to improve the detection performance when analyzing cyber incidents targeting artifacts collected from heterogeneous devices.

• Journal of Platform Technology
• /
• v.9 no.4
• /
• pp.32-41
• /
• 2021

The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.