• Korean Security Journal
• /
• no.61
• /
• pp.9-38
• /
• 2019

As the scales & density of the Korean national infrastructures have been increased, they will be identified as rich and attractive potential targets for intensified North Korea's attack in the rear region and terrorism attack. In addition, due to changes in security environment such as drone threats and lack of security forces under the 52-hour workweek law, I think that it is the proper time point to reevaluate the effectiveness and appropriateness of the current physical protection system and its shift to a new system. In this study, the direction and improvement of the perimeter physical protection systems of the national infrastructures are to be studied from the viewpoints of its concepts of operations and design methodology, focusing on the nuclear power plant. The reason why we focus on nuclear power plants is because they cause wide-range and long-term damages caused by radioactive materials disperal and pollution, along with short-term damage caused by the interruption of electricity generation in the event of damage to nuclear power plants. With the aim of extracting improvement directions, as we will comprehensively review domestic research trends and domestic·overseas related laws, and consider Korea's specificity, we try to reframe the concept of operation - systematization, mobilization and flexibility -, and establish criteria on system change. In order to improve the technical performance of the new perimeter physical protection system, we study on high-fidelity·multi-methodology based integrated design methodology, breaking from individual silo-type design methods, and I suggest improvement of government procurement, its expansion to export business and other national infrastructure.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.7
• /
• pp.117-128
• /
• 2024

In this paper, we propose a process for deriving priority tasks using the legal design technique in a situation where there is high uncertainty in the market and legal system regarding the commercialization of security tokens based on blockchain and distributed ledger technology. To issue and distribute securities tokens, we conducted a legal design workshop with participants who applied for innovative financial services (financial regulatory sandbox). During the workshop, participants harmonized their interests and deliberated on readiness, considering both legal and technical factors. The aim was to ascertain the feasibility of identifying prioritized objectives for future endeavors. The legal design technique facilitates consensus-building among stakeholders in an uncertain environment by confirming and adjusting differing perspectives and disagreements based on mutual understanding. The key stages include the empathetic process called "Family Therapy," the "N whys" for problem definition, and the speculative scenario design for problem-solving. This approach distinguishes itself from user-centered design thinking. Given the diverse stakeholders involved, effective facilitation by the facilitator is crucial during the legal design workshop preparation and execution.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.99-111
• /
• 2011

The management and deposit of paper document costs are increased gradually. Specially, it is too expensive to safekeeping paper document in the warehouse. Also paper based document system is exposed in several security problems. Therefore, demands of transformation process from paper document into electronic ones are quietly needed. Electronic document repository system is one of the best solutions for solving paper based document system issues. Electronic document repository system can reduce overall costs and provides some advantages in comparison with paper based document system. But, electronic document repository system has no formal methodology for guarantee safeties. Therefore, we suggest a security mechanism for establish electronic document repository system. Suggested security methodology can help for design of more secure electronic document repository system.

• Convergence Security Journal
• /
• v.6 no.1
• /
• pp.91-103
• /
• 2006

It seems necessary to have a new methodology to develop the complex embedded system in a short time with a small amount of money and secure the reliability of products. For this in this study, the investigator presents the state-of-the-art technology with which the limitation of physical prototyping and virtual prototyping can be overcome. Also as a developing methodology of the em-bedded system in which the new technology is applied, the investigator suggests a new methodology of developing process for the integrated design, integrated simulation, and debugging of the physical prototyping and the virtual prototyping.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.35-41
• /
• 2013

What is an alternative to medical information security of medical information more secure preservation and safety of various types of security threats should be taken, starting from the software design. Interspersed with medical information systems medical information to be able to integrate the real-time exchange of medical information must be reliable data communication. The software architecture design of medical information systems and sharing of medical information security issues and communication phase allows the user to identify the requirements reflected in the software design. Software framework design, message standard design, design a web-based inter-process communication procedures, access control algorithm design, architecture, writing descriptions, evaluation of various will procedure the establishing architecture. The initial decision is a software architecture design, development, testing, maintenance, ongoing impact. In addition, the project will be based on the decision in detail. Medical information security method based on the design software architecture of today's medical information security has become an important task of the framework will be able to provide.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.93-99
• /
• 2012

As the most common application development of software development time, error-free quality, adaptability to frequent maintenance, such as the need for large and complex software challenges have been raised. When developing web applications to respond to software reusability, reliability, scalability, simplicity, these quality issues do not take into account such aspects traditionally. In this situation, the traditional development methodology to solve the same quality because it has limited development of new methodologies is needed. Quality of applications the application logic, data, and architecture in the entire area as a separate methodology can achieve your goals if you do not respond. In this study secure coding, the big issue, web application factors to deal with security vulnerabilities, web application architecture, design procedure is proposed. This proposal is based on a series of ISO/IEC9000, a web application architecture design process.

• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.3-9
• /
• 2011

On health information network architecture, traffic along the path of traffic and security, blocking malicious code penetration is performed. The medical information system network security infrastructure study, which was whether to be designed based on the structure and methodology is designed to develop the security features. Health informati on system's functionality and capabilities framework for infrastructure is the backbone and structure. The design fea tures a framework for the overall network structure formation of the skeleton and forms the basic structure of the security methodology. Infrastructure capabilities to build the framework and the application functionality is being implemented. Differentiated in accordance with security zones to perform security functions and security mechanisms that operate through this study is to present. u-Healthcare future advent of cloud computing and a new health information environment, the medical information on the preparation of this study is expected to be utilized for security.

• The Journal of Information Systems
• /
• v.29 no.4
• /
• pp.57-76
• /
• 2020

Purpose Although examining the antecedents of employees' extra-role behavior (i.e. information security participation behavior) in the information security context is significant for researchers and practitioners, most behavioral security studies have focused on employees' in-role behavior (i.e. information security policy compliance). Thus, this research addresses this gap by investigating how organizational information security climate influences information security participation behavior based on social information processing theory and Griffin and Neal's safety model. Design/methodology/approach We developed a research model by applying Griffin and Neal's safety model to the information security context and then tested our research model by conducting an online survey for employees of organizations with information security policies. Structural equation modeling (SEM) with SmartPLS 3.3.2 is used to test the corresponding hypothesis. Findings Our results show that organizational information security climate, information security knowledge, information security motivation are effective in motivating information security participation behavior. Also, we find that organizational information security climate positively influences both information security knowledge and information security motivation. Our findings emphasize the importance of organizational information security climate because it is capable of affecting employees on information security participation behavior. Our study contributes to the literature on information security by exploring the role of organizational information security climate in enhancing employees' information security participation behavior.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.71-77
• /
• 2013

In our country security industry biz model analysis methodology fragmentary theory exists, but it is hard to find a comprehensive analysis methodology. Biz model analysis IT companies the external factors and internal factors to integrate the information gathered about the comprehensive analysis of the development of an information system are required. Information support system early in the software architecture of the system design decisions early decision as the design, development, testing, maintenance, has a lasting impact on the project as a guideline in the development of a framework of design abstraction. BMO evaluation support information systems architecture designs system purposes. The mission must support the execution. Information system stakeholders to determine the mission and the environment. All information systems architecture shall have architecture. Technology architecture should be documented with each other can be used. Determine the architecture based architecture descriptions are presented.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.83-89
• /
• 2013

When applying web hacking techniques and methods it needs to configure the integrated step-by-step and run an information security. Web hackings rely upon only one way to respond to any security holes that can cause a lot. In this study the diagnostic process of cross-site scripting attacks and web hacking response procedures are designed. Response system is a framework for configuring and running a step-by-step information security. Step response model of the structure of the system design phase, measures, operational step, the steps in the method used. It is designed to secure efficiency of design phase of the system development life cycle, and combines the way in secure coding. In the use user's step, the security implementation tasks to organize the details. The methodology to be applied to the practice field if necessary, a comprehensive approach in the field can be used as a model methodology.