• Convergence Security Journal
• /
• v.11 no.4
• /
• pp.43-49
• /
• 2011

Web-based health information provides a lot of conveniences, however the security vulnerabilities that appear in the network environment without the risk of exposure in the use of information are growing. Web-based medical information security issues when accessing only the technology advances, without attempting to seek a safe methodology are to increase the threat element. So it is required. to take advantage of web-based information security measures as a web-based access control security mechanism-based design. This paper is based on software architecture, design, ideas and health information systems were designed based on access control security mechanism. The methodologies are to derive a new design procedure, to design architecture and algorithms that make the mechanism functio n. To accomplish this goal, web-based access control for multiple patient information architecture infrastructures is needed. For this software framework to derive features that make the mechanism was derived based on the structure. The proposed system utilizes medical information, medical information when designing an application user retrieves data in real time, while ensuring integration of encrypted information under the access control algorithms, ensuring the safety management system design.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.6
• /
• pp.2062-2071
• /
• 2010

This research has been started with the goal of design and implementation of more innovative next generation security equipment system by understanding and reviewing the technological trend and status of security equipment system. The importance of environmental protection and management is ever increasing recently. Various types of equipment and system solutions are used according to the development of CCTV technology, but more efficient environmental protection and management are not in place because of situational restrictions such as expensive equipment and hard to install. Next generation security equipment system is designed and implemented to compensate and innovate these problem, and it is expected to utilize more effectively with lower cost through this research. In addition, methodology to inquire this system is proposed for security equipment system solution.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2186-2203
• /
• 2020

Security administrators of companies and organizations need to come up with proper countermeasures against cyber-attacks considering infrastructures and security policies in their possession. In order to develop and verify such countermeasures, the administrators should be able to reenact both cyber-attacks and defenses. Simulations can be useful for the reenactment by overcoming its limitations including high risk and cost. If the administrators are able to design various scenarios of cyber-attacks and to develop simulation models from their viewpoints, they can simulate desired situations and observe the results more easily. It is challenging to simulate cyber-security issues, because there is lack of theoretical basis for modeling a wide range of the security field as well as pre-defined basic components used to model cyber-attacks. In this paper, we propose a modeling method for cyber-security simulations by developing a basic component and a composite model, called Abstracted Cyber-Security Unit Model (ACSUM) and Abstracted Cyber-security SIMulation model (ACSIM), respectively. The proposed models are based on DEVS(Discrete Event systems Specification) formalism, a modeling theory for discrete event simulations. We develop attack scenarios by sequencing attack behaviors using ACSUMs and then model ACSIMs by combining and abstracting the ACSUMs from a security perspective. The concepts of ACSUM and ACSIM enable the security administrators to simulate numerous cyber-security issues from their viewpoints. As a case study, we model a worm scenario using ACSUM and simulate three types of simulation models based on ACSIM from a different security perspective.

• The Journal of Information Systems
• /
• v.24 no.3
• /
• pp.1-19
• /
• 2015

Purpose This study discusses the contradictory behavior of smart-phone users who consider security is important, but they do not follow the security recommendations. We found through literature research that this contradictory behavior is resulted from a low level of efficacy. Design/methodology/approach Research hypotheses were set based on Extended Parallel Process Model, Control Theory, and Self Efficacy Mechanism. The data were collected from undergraduate students. Total of 178 data were used for the analysis. Findings Results of the analysis, first, showed that the relationship between threat and security attitude varies with the level of coping efficacy. Second, showed that the relationship between threat and fear does not vary with the level of coping efficacy. Both the groups with high coping efficacy and low coping efficacy had a statistically significant effect on the relationship between threat and fear.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.3
• /
• pp.53-60
• /
• 2017

The purpose of this study is to provide empirical and quantitative analysis on user's perceived privacy, security, and user satisfaction when providing visualization information about objects and service provider behaviors that users can not perceive in internet service process. Through previous research, we have examined the importance of privacy and security factors as a key factor to be considered for the characteristics of the Internet of things and the Internet of things. In addition, service blueprint, which is one of the service design methodologies to examine the flow of service usage in providing Internet service of things, was examined. In the flow of things internet service utilization, it is found that the things that are out of the user's cognitive area and the behavior of the service provider take up a large part. Therefore, the hypothesis that the trust of the Internet service security and the satisfaction of the user experience can be improved by providing the security visualization information about the behavior of the object and the invisible service provider in the non-contact aspect of the user and the object. In order to verify the hypothesis, we conducted experiments and questionnaires on the use of virtual objects' internet environment and conducted statistical analysis based on them. As a result, it was analyzed that visual information feedback on non - contact and invisible objects and service provider's behaviors had a positive effect on user's perceived privacy, security, and satisfaction. In addition, we conclude that it can be used as a service design evaluation tool to eliminate psychological anxiety about security and to improve satisfaction in internet service design. We hope that this research will be a great help for the research on application method of service design method in Internet environment of objects.

• The Journal of Information Systems
• /
• v.29 no.1
• /
• pp.23-50
• /
• 2020

Purpose As information management grows in importance around the world, organizations are investing in information security technology. However, the higher the level of information security technology in an organization, the higher the techno-stress of employees. The purpose of this study is to suggest stress factors related to information security technology that affect the reduction of employees' intention to comply with information security and to suggest ways to alleviate stress. Design/methodology/approach The research presented a model for mitigating technical stress related to information security based on technical stress theory and person-organization fit theory. 346 questionnaire data were analyzed from the members of the organization who applied the information security technology, and the research hypothesis was verified through the structural equation modeling. Findings The hypothesis test confirms that security-related techno-stress reduces the information security compliance intention of employees, organizational technical support mitigates technical stress, and person-organization fitness mitigates the negative relationship between techno-stress and compliance intention. The results of the study contribute to the organization's strategy for minimizing the reduction of the information security compliance intention of employees, and are meaningful in that the theoretical basis for mitigating techno-stress is provided in the field of information security.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.105-129
• /
• 2019

Purpose Issues related to information security have been a crucial topic of interest to researchers and practitioners in the IT/IS field. This study develops a research model based on a Structure-Conduct-Outcome (SCO) framework for the social exchange relationship between employees and organizations regarding information security. Design/methodology/approach In applying an SCO framework to information security, structure and conduct are activities imposed on employees within an organizational context; outcomes are activities that protect information security from an employee. Data were collected from 438 employees working in manufacturing and service firms currently implementing an information security policy in South Korea. Structural equation modeling (SEM) with AMOS 22.0 is used to test the validation of the measurement model and the proposed casual relationships in the research model. Findings The results demonstrate support for the relationships between predicting variables in organization structure (security policy and physical security system) and the outcome variables in organization conduct (top management support, security education program, and security visibility). Results confirm that the three variables in organization conduct had a positive effect on individual outcome (security knowledge and compliance intention).

• The Journal of Economics, Marketing and Management
• /
• v.10 no.6
• /
• pp.17-26
• /
• 2022

Purpose: This study analyzes advanced cases of overseas smart cities and examines policy implications related to the creation of smart cities in Korea. Research design, data, and methodology: Analysis standards were established through the analysis of best practices. Analysis criteria include Technology, Privacy, Security, and Governance. Results: In terms of technology, U-City construction experience and communication infrastructure are strengths. Korea's ICT technology is inferior to major countries. On the other hand, mobile communication, IoT, Internet, and public data are at the highest level. The privacy section created six principles: legality, purpose limitation, transparency, safety, control, and accountability. Security issues enable urban crime, disaster and catastrophe prediction and security through the establishment of an integrated platform. Governance issues are handled by the Smart Special Committee, which serves as policy advisory to the central government for legal system, standardization, and external cooperation in the district. Conclusions: Private technology improvement and participation are necessary for privacy and urban security. Citizens should participate in smart city governance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.91-105
• /
• 2024

As the number of cases of applying IT systems to the existing isolated ICS (Industrial Control System) network environment continues to increase, security threats in the ICS environment have rapidly increased. Security threat scenarios help to design security strategies in cybersecurity training, including analysis, prediction, and response to cyberattacks. For successful cybersecurity training, research is needed to develop valid and reliable security threat scenarios for meaningful training. Therefore, this paper proposes a case-based security threat scenario development methodology for cybersecurity training in the ICS environment. To this end, we develop a methodology consisting of five steps based on analyzing actual cybersecurity incident cases targeting ICS. Threat techniques are standardized in the same form using objective data based on the MITER ATT&CK framework, and then a list of CVEs and CWEs corresponding to the threat technique is identified. Additionally, it analyzes and identifies vulnerable functions in programming used in CWE and ICS assets. Based on the data generated up to the previous stage, develop security threat scenarios for cybersecurity training for new ICS. As a result of verification through a comparative analysis between the proposed methodology and existing research confirmed that the proposed method was more effective than the existing method regarding scenario validity, appropriateness of evidence, and development of various scenarios.