• Korean Security Journal
• /
• no.42
• /
• pp.155-178
• /
• 2015

This study surveyed the subject of companies' industrial security on priorities of the government policy for the confidentiality of corporate and the necessity of expanding the government support for the industrial security. In determining the priority, we should consider all opinions of companies, individuals, societies, and governments that associated with the confidentiality. Especially in industrial security, companies are the most significant beneficiaries and consumers of security policy and it would be the basis for supporting on policy-making. As a result, we analyzed the 50 valid questionnaires collected from security personnel of Korean corporations and 'Enhance support for education and promotion of human resource (On/Off-Line)', 'Establish Security management and Security measures', and 'Enhance Security professionals status via qualifications/certifications' are shown as 1st, 2nd, 3rd priority of government policy to protect Corporate confidential information including its customer information. All respondents of the study says that the Government support for Industrial Security should be enlarged.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.34 no.4
• /
• pp.72-81
• /
• 2011

In this paper, we propose adaptive convergence security policies and management technologies to improve security assurance in the home networking environment. Many security issues may arise in the home networking environment. Examples of such security issues include the user privacy, the service security, the integrated networking security, the middleware security and the device failure. All these security issues, however, should be fulfilled in phase due to many difficulties including deployment cost and technical complexity. For instance, fundamental security requirements such as authentication, access control and prevention of crime and disaster should be addressed first. Then, supplementary security policies and diverse security management technologies should be fulfilled. In this paper, we classify these requirements into three categories, a service authentication, a user authentication and a device authentication, and propose security policies and management technologies for each requirement. Since the home gateway is responsible for interconnection of many home devices and external network access, a variety of context information could be collected from such devices.

• Journal of the Society of Disaster Information
• /
• v.11 no.4
• /
• pp.475-486
• /
• 2015

The objective of this study is to analyze control factors in protecting activities of business information that affects the effects of protecting leaks of industrial secretes during business security works in the ranks of staffs. A regression analysis was implemented by 36 items of protecting activities of information and 10 items of preventing industrial secretes for a total of 354 users and managers who use internal information systems in governments, public organizations, and civilian enterprises. In the recognition of protecting activities of business information that affects the prevention of controlling industrial secretes, clerks showed recognitions in physical control, environmental control, and human resource control, and software control and assistant chiefs showed recognitions in hardware control and environmental control. Also, ranks of department managers and higher levels represented recognitions in security control activities. It showed that clerks, assistant chiefs, and above department managers show effects of technical control factors on protecting activities of industrial secretes but section chiefs represent system control factors in preventing industrial secretes.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.141-149
• /
• 2015

Modern society is to have an significant impact on the competitiveness of the country in which the economic value is very high occupancy and ensure a state-of-the-art science and technology. The country's core technology or industry security crimes going seized state-of-the-art technology firms can threat of damage to the country's economic security. In particular, the defense industry serious crime that is directly related to national security. The company's core technology and trade secrets leaked once the industrial countries must prevent security breaches and offenses of strict punishment measures because it is impossible to recover. Also, some advanced countries directly has been operating industrial security crime for the country's economy and national security. In recent years, Nation core technology infringement cases are rapidly increasing in the country. In addition, industrial security crime threat to national security. Therefore, the industry security crimes damage to the national security that infringe on the business secrets of core technologies and businesses. It is necessary to identify that industry security crime associated with the visibility of the broad scope of intellectual property protection.

• Proceedings of the Safety Management and Science Conference
• /
• 2005.11a
• /
• pp.418-422
• /
• 2005

Electronic commerce has provided another access for consumers to purchase products, but some researches have pointed out that there are difficulties for companies to do business on web. For lack of trust, many people not prefer purchasing through virtual channels. Based on the literature review, this study aims at empirically testing the impact of website design on individual trust in internet firms. From statistic analysis, we will conclude that security, interaction, and navigation functionality will affect on-line trust.

• Korean Security Journal
• /
• no.59
• /
• pp.133-159
• /
• 2019

The free semester system, introduced on a trial basis in 2013, has been fully implemented in all middle schools since 2016. The free semester system for middle school students is divided into subject activities and free semester activities with the purpose of students' dream and career exploration. While the activities of various vocational groups linked to subjects during the free semester are discussed, studies on the industrial security career education in middle schools are hard to find. In addition, the career sites that provide diverse information on career path for teachers, students and parents with support from the Ministry of Education have not established any program regarding industrial security. This study aims to look at the status of career education by the analysis of keywords for industrial security in the career experience network currently operated by the Ministry of Education and in-depth interview with career education teachers, students and parents, and industrial security experts. Based on such analysis, this study attempts to figure out a comprehensive understanding of the free semester system and to explore strategies for promoting industrial security education. The results of this study found that the activation plan for industrial security education requires the industry security education through career network, development of industrial security education program, training and placement of professional industrial security lecturer, and establishment of support systems for experience in industrial security.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.4
• /
• pp.664-673
• /
• 2018

The industrial control system (ICS) has operated as a closed network in the past, but it has recently been linked to information and communications services and has been causing damage due to cyber attacks. As a countermeasure, the Information Communication Infrastructure Protection Act was enacted, but it cannot be applied to various real control environments because there is only a one-way policy-from a control network to a business network. In addition, IEC62443 defines an industrial control system reference model as an international standard, and suggests an area security model using a firewall. However, there is a limit to linking an industrial control network, operating as a closed network, to an external network only through a firewall. In this paper, we analyze the security model and research trends of the industrial control system at home and abroad, and propose an industrial control system security model that can be applied to the actual interworking environments of various domestic industrial control networks. Also, we analyze the security of firewalls, industrial firewalls, network connection equipment, and one-way transmission systems. Through a domestic case and policy comparison, it is confirmed that security is improved. In the era of the fourth industrial revolution, the proposed security model can be applied to security management measures for various industrial control fields, such as smart factories, smart cars, and smart plants.

• Journal of Information Processing Systems
• /
• v.17 no.4
• /
• pp.834-850
• /
• 2021

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

• Industrial Engineering and Management Systems
• /
• v.13 no.1
• /
• pp.87-100
• /
• 2014

Risk management is recognized as a significant element in Information Security Management while the failure mode and effects analysis (FMEA) is widely used in risk analysis in manufacturing industry. This paper aims to present the development work of the Information Security FMEA Circle (InfoSec FMEA Circle) which is used to support the risk management framework by modifying traditional FMEA methodologies. In order to demonstrate the "appropriateness" of the InfoSec FMEA Circle for the purposes of assessing information security, a case study at Hong Kong Science and Technology Parks Corporation (HKSTP) is employed. The "InfoSec FMEA Circle" is found to be an effective risk assessment methodology that has a significant contribution to providing a stepwise risk management implementation model for information security management.

• The Journal of the Korea Contents Association
• /
• v.10 no.5
• /
• pp.314-324
• /
• 2010

As our nation's economy had grown in size and its possession of the cutting-edge science and technology had increased over the years, the damages received from the outflow of our industrial technology has become a serious issue. As of today, the outflow of Korea's industrial technology has reached a serious level, but in reality there were no adequate countermeasures carried out against it. Also, it is not too much to say that the effort to prevent the outflow of the university-developed industrial technology, which is one of the main pillars for the development of the nation's technological prowess, had been carried out in passive and lukewarm manner. Therefore, as a part of the industrial security activity, we have analyzed the overall situation and major cases related to industrial security activities that have been carried out so far, in order to emphasize the importance of those universities. Also, we tried to find appropriate solutions for the universities to invigorate the industrial security activities needed.