• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1503-1514
• /
• 2015

Non-face-to-face real name verification policy that financial authorities announced, in order to secure a face-to-face or more of accuracy, are in principle of multi check. The business model and legal entities of Internet banks is different from existing Internet banking. Relpacing real name verification from face-to-facd to non-face-to-face while maintaining the structure of identification can not only cause inconvenience to a first time member, but also can be more vulnerable to verious security risks. In this study, to evaluate a service level of a bank of the Internet, and provide an improved identification of the structure such that the registration and use of differentiated services is performed in accordance with the evaluation. In addition, the security that may occur with respect to Bank of the Internet to establish a vulnerability and attack model, the results of the analysis of the safety of the step-by-step security attributes and services of the authentication medium of each attack model, existing the safer than Internet banking, confirmed the usefulness in user registration guide.

• Journal of Korea Port Economic Association
• /
• v.28 no.3
• /
• pp.151-165
• /
• 2012

This study is to develop a job model through job analysis on port security operation using a DACUM Method. Total 8 duties and 59 tasks are drawn through job analysis on port security operation. DACUM committee evaluated the degree of importance, difficulty and frequency of execution by each work with ABC rankings. In dosing so, job analysis model on port security operation by completing a DACUM research chart including job, duty and task in the field of port security operation is concluded. Such a Job model development could be used as a basic data and information for developing a short and long-run education programme in the field of port security operation.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.3
• /
• pp.661-669
• /
• 2004

As a large number of distributed systems becoming more popular, interoperability, portability and security are becoming major concerns of modern computing. CORBA and object-oriented database which provide transparency of network and database are increasingly being used as the basis for distributed system to solve these problems. The two methods can help accomplish assurance of security by using a method-based access control technique or an attribute-based access control technique. These methods also enhance the unavailability or inefficiency caused by the delay of access process and bottleneck of the network due to the complex instance-based access control. We propose a security model on the type information based access control system that can enhance both security and availability by separating the functions delivered from CORBA and object-oriented databases. We apply the access control model specifically to enhancement of security system and also perform a test to verify the security and availability of our model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1031-1043
• /
• 2021

Recently, the importance of information security has become greater. For this reason, the number of departments related to information security at universities and professional educational institutions is increasing. It is analyzed that the curriculum of such educational institutions has a lot to do with the job competency mentioned in NCS in relation to major subjects. This has the advantage of providing a standardized level of education for each job competency. However from the perspective of students there may be limitations on duplicate curriculum quality of education according to the level of teachers and timely acquisition of necessary elemental skills. In this paper we analyze the curriculum of universities and professional educational institutions and propose a cell-based three-dimensional education model to address the limitations of students. We verified based on the college curriculum that the proposed model can effectively improve its limitations.

• The Journal of the Korea Contents Association
• /
• v.22 no.9
• /
• pp.104-112
• /
• 2022

The pandemic caused by the COVID-19 virus, which has lasted for the past three years, has changed society and the way people live in many ways. These changes also affect cyberspace, so the pre-pandemic information security model and standards have limitations when applied to the current situation. In this paper, a new method to improve the information security model of public institutions was proposed in consideration of various situations in the new normal era. In other words, through the proposed information security model, the possibility of external intrusion is blocked in advance through the policy and technical supplementation of remote work, which is a weakness of the existing information security operation of public institutions. Also, how to prevent abnormal authentication attempts by building a secure VPN environment, how to prevent social engineering cyber attacks targeting fear and uncertainty caused by COVID-19, and how to use a smooth network and create a remote work environment. For this purpose, methods for securing service availability were additionally presented.

• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.155-164
• /
• 2019

With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.

• Proceedings of the IEEK Conference
• /
• summer
• /
• pp.355-360
• /
• 2004

With the growing acceptance of XML technologies, XML will be the most common tool for all data manipulation and data transmission. Meeting security requirements for privacy, confidentiality and integrity is essential in order to move business online and it is important for security to be integrated with XML solutions. Many policies require certain conditions to be satisfied and actions to be performed before or after a decision is made. Binary yes/no decision to an access request is not enough for many applications. These issues were addressed and formalized as provisions and obligations by Betti et Al. In this paper, we propose an authorization model with provisions and obligations in XML. We introduce a formal definition of authorization policy and the issues involving obligation discussed by Betti et Al. We use the formal model as a basis to develop an authorization model in XML. We develop DTDs in XML for main components such as authorization request, authorization policy and authorization decision. We plan to develop an authorization system using the model proposed.

• Asia pacific journal of information systems
• /
• v.17 no.2
• /
• pp.29-47
• /
• 2007

Owing to the rapid growth of using the Internet, not only click-and-mortar companies but also brick-and-mortar ones have been expanding their distribution channels into online, Moreover, since online channels are more attractive than offline ones in control and maintenance, switching customers into online ones is emerged as one of very important managerial issues in a view of reduction of cost as well as expansion of services. However, the switched customers should be faced by uncertainties which could not have been experienced in offline. Specifically, in online channels, buyers and sellers are separated temporally and spacially and there are always so many kinds of threat for security as well as not enough systems and conventions for them yet. Therefore, trust has been considered as one of the most critical mechanisms for resolution of such uncertainties in online transactions. However, it is not easy to build and maintain the relationships in online since most of them are virtual and indirect generally. Therefore, in order to switch offline customers into online ones, it is very important to make strategies based on identification of the relationship between online transaction and offline trust which has been built in offline business. Generally offline trust, which has been built independent of online, could not include trust for online-dependent activities such as payment security during or after transactions, while most of online trust include it. Therefore, a customer with high offline trust does not always perceive high security and assure safe transactions. Accordingly, while online trust, where technical capabilities for online security is one of main bases, includes control trust implicitly or explicitly, offline trust does not. However. in spite of such clear discrimination and independence between offline trust and perceived security, there can be the significant dependency between these two beliefs. The customers with high offline trust believe that the company would do some activities for online security for customers' safe transactions since it has been believed of doing well for customers' trust. Theoretically, users' perception of security is interpreted as a kind of control trus, which is trust for company's technical control capacities in order to resolve technical uncertainties in online. Therefore, the relationship between two beliefs can be considered as transference from offline trust to another type trust. that is, control trust. The objective of this study is to analyze the effect of offline trust on online transaction uses mediated by perceived security. For this purpose, we suggest a research model based on technology acceptance model (TAM). Reuse intention is adopted as a dependent variable and TAM is modified by adding perceived risk (PR) as well as two beliefs of using Internet banking, perceived usefulness (PU) and perceived ease of use (PEOU). Moreover, perceive security (PS) is adopted as an external variable for PR and PU, while offline trust (OT) is an antecedent of PS. For an empirical test, sampling from 108 visitors to the banks in Daegu, Korea, we analyze our model by partial least square (PLS) approach. In result, our model is shown to explain 51.4% of the variance in reuse intention and all hypothesis are supported statistically. A theoretical implication of this study is to identify a role of PS between offline trust and reuse intention of using online transaction services. According to our result, PS can be considered as a mediation variable for bridging between two different concepts: trust that explains social aspects of customers and companies, and TAM that explains customers' reuse intention.

• Journal of Advanced Navigation Technology
• /
• v.12 no.5
• /
• pp.451-463
• /
• 2008

There are management and security of software source code equivalent to 10 assembly lines of important infrastructure in the early stage of information society directly. A support technology and framework to protect software source code are so poor state In this paper, the proposed model that is support protection and access control between software source code as object and subject that is not authenticated safely was named CRYPTEX model. And we propose active business model to provide delegate, mobile, and security/access control function for passive software source code in document state using CRYPTEX.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.91-100
• /
• 2008

The previous works in sensor networks security have focused on the aspect of confidentiality, authentication and integrity based on cryptographic primitives. There has been no prior work to assess the survivability in systematic way. Accordingly, this paper presents a survivability model of wireless sensor networks using software rejuvenation for dual adaptive cluster head. The survivability model has state transition to reflect status of real wireless sensor networks. In this paper, we only focus on a survivability model which is capable of describing cluster head compromise in the networks and able to switch over the redundant cluster head in order to increase the survivability of that cluster. Second, this paper presents how to enhance the survivability of sensor networks using software rejuvenation methodology for dual cluster head in wireless sensor network. We model and analyze each cluster as a stochastic process based on Semi Markov Process (SMP) and Discrete Time Markov Chain (DTMC). The proof of example scenarios and numerical analysis shows the feasibility of our approach.