• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.73-81
• /
• 2017

In this paper, we propose an analysis framework to capture the trends of information security incidents and evaluate the security policy based on the incident analysis. We build a big data from news media collecting security incidents news and policy news, identify key trends in information security from this, and present an analytical method for evaluating policies from the point of view of incidents. In more specific, we propose a network-based analysis model that allows us to easily identify the trends of information security incidents and policy at a glance, and a cosine similarity measure to find important events from incidents and policy announcements.

• Journal of Information Technology Services
• /
• v.6 no.2
• /
• pp.177-188
• /
• 2007

Policy-based Network Management (PBNM) has been presented as a paradigm for efficient and customizable management systems. The approach chosen is based on PBNM systems, which are a promising and novel approach to network management. These systems have the potential to improve the automation of network management processes. The Internet Engineering Task Force (IETF) has also used policy concepts and provided a framework to describe the concept as the Policy Core Information Model (PCIM) and its extensions. There are policy conflicts among the policies that are defined as the policy information model and they are not easily and effectively detected and resolved. In this paper, we present the brief description of PBNM and illustrate the concepts of policy core information model and its policy implementation for a network security. Especially we describe our framework for detecting and resolving the policy conflicts for network security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.347-363
• /
• 2024

As the number of cyberattacks against the National Critical Information Infrastructure (NCII) is steadily increasing, many countries are strengthening the protection of National Critical Information Infrastructure (NCII) through the enactment and revision of related policies and legal systems. Therefore, this paper selects countries such as the United States, the United Kingdom, Japan, Germany, and Australia, which have established National Critical Information Infrastructure (NCII) protection systems, and compares and analyzes the promotion system of each country's National Critical Information Infrastructure (NCII) protection policy. This paper compares the National Critical Information Infrastructure (NCII) protection system of each country with the cybersecurity system and analyzes the promotion structure. Based on the policy model theory, which is a modification of Allison's theory and Nakamura & Smallwood's theory, this paper analyzes the model of each country's promotion system from the perspective of policy-making and policy-execution. The United States, Japan, Germany, and Australia's policy-promotion model is a system-strengthening model in which both policy-making and policy-execution are organized around the protection of the National Critical Information Infrastructure (NCII), while the United Kingdom and South Korea's policy-promotion model is an execution-oriented model that focuses more on policy-execution.

• Korean System Dynamics Review
• /
• v.1 no.2
• /
• pp.149-174
• /
• 2000

In recent years, how to promore the Utilization of Internet is a main issue of national information policy. In this study, we focused our approach to find promoting sttategies for Internet utilization on three sector's users, governments, enterprises, and households. Promoting the Internet utilization of these three sector's users is a very difficult problem, because their information levels are different and information gap among them can be regarded as bottleneck. And since the interactions between user's demands and diverse information seccor's factors are very complex, policy leverages can not find easily. By the system dynamics methodology, this paper examines the interrelationships between three user's demand mechanism and information policy sector. Information policy sector consist of four sectors, infrastruccure policy seccor, application-contents sector, governance sector, and access and price policy sector (free access policy, literacy policy, telecommunication price policy, etc.). To find and investigate policy leverage that will help understanding dynamic behavior of users in using Internet we build a causal loop diagrams and SD models by using survey data obtained from three sectors'specialized users, 488 persons.

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.23-35
• /
• 2012

The goal of this study is to identify factors that influence on the persistent information security compliance intention of employees. Antecedents suggested in research model are security awareness training and perceived effectiveness of information security policy. Research results show that security awareness training has a positive effect on persistent information security compliance intention as well as effectiveness of information security policy. While policy breadth, which is one of the effectiveness of information security policy, influences on persistent information security compliance attitude and intention, policy brevity does not effect on persistent information security compliance intention. Conclusions and implications are discussed.

• Journal of the Korean Society for Library and Information Science
• /
• v.42 no.2
• /
• pp.295-308
• /
• 2008

For National Digital Library(NDL) to properly perform it's ideal function as a representative digital library in Korea, information service policy considering the IT and Ubiquitous environment shall be established. Information service policy of NDL was established with focus group interviews and a survey targeting the users and librarians in this study. To raise the propriety of information service policy, final draft of information service policy was proposed after the interim evaluation targeting the concerned parties of NDL and 1st & 2nd verification by external specialists and the consultation group. In this manner, vision, mission, goal, objective, strategy, etc of information service policy of NDL were proposed. Information service policy of NDL proposed in this study not only proposes the fact and base to other digital libraries that wishes to establish the information service policy and arrange detailed guidelines as a case study but also secures the direction and vision of global information service policy of NDL. Furthermore, it will contribute for NDL to build its reputation as a world renowned digital library.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.113-120
• /
• 2022

Despite the limitations of existing security policies due to technological development, companies are unable to actively respond to changes by maintaining a closed security policy. This study classified information security policy into three types: regulatory type policy, advisory type policy, and informative type policy. For each classified policy type, the effect on the information security policy compliance behavior of organizational members was investigated by applying the extended theory of planned behavior, and the moderating effect of information security stress was investigated. SmartPLS 2.0 and SPSS 21.0, which are structural equation modeling techniques, were used to analyze the relationship affecting each factor. As a result of the study, regulatory type, advisory type, and informative type security policies affected organizational members' information security policy compliance behavior, and security stress had an effect on information security compliance attitudes and subjective norms on information security, which are prerequisites for planned behavior theory. gave. This study suggests that various types of corporate information security policies can be applied and that security stress can affect information security behaviors of members.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.7
• /
• pp.3339-3352
• /
• 2016

In ciphertext-policy attribute-based encryption (CP-ABE) scheme, a user's secret key is associated with a set of attributes, and the ciphertext is associated with an access policy. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the access policy specified in the ciphertext. In the present schemes, access policy is sent to the decryptor along with the ciphertext, which means that the privacy of the encryptor is revealed. In order to solve such problem, we propose a CP-ABE scheme with hidden access policy, which is able to preserve the privacy of the encryptor and decryptor. And what's more in the present schemes, the users need to do excessive calculation for decryption to check whether their attributes match the access policy specified in the ciphertext or not, which makes the users do useless computation if the attributes don't match the hidden access policy. In order to solve efficiency issue, our scheme adds a testing phase to avoid the unnecessary operation above before decryption. The computation cost for the testing phase is much less than the decryption computation so that the efficiency in our scheme is improved. Meanwhile, our new scheme is proved to be selectively secure against chosen-plaintext attack under DDH assumption.

• Journal of the Korean Society for Library and Information Science
• /
• v.53 no.1
• /
• pp.33-55
• /
• 2019

Knowledge information resources produced by policy research institutes were categorized into knowledge information resources derived from research processes, knowledge information resources derived from research results, and knowledge information resources processed from research results, respectively. The names of these knowledge information resources and the metadata items were investigated on 13 policy research institute websites. In addition, the study examined the provision status of 8 Knowledge information resources specialized by type on the websites and confirmed that they work as knowledge resource management systems for each corresponding area. The results of the study suggest constructing a collective search system for research results based on the same research topics, developing a knowledge map of policy information, compressing reports for policy makers, building subject expert databases, producing video reports, developing metadata standards, and creating statistical databases and indicators by subject areas.

• Journal of Information Technology Applications and Management
• /
• v.22 no.2
• /
• pp.171-199
• /
• 2015

This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.