• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.53-73
• /
• 2011

Many governments have tried to develop a liability and compliance law that can improve cyber security in a sustainable way. This paper explores whether a liability and compliance law is effective in motivating firms' information security activities. In particular, I empirically investigate the impact of the 2007 Electronic Financial Transaction Act (EFTA), a liability and compliance law in Korea, on the information security activities of financial institutions and services providers. In spite of various criticisms of the effectiveness of EFTA, the empirical findings of this study clearly show that EFTA is having a positive impact on information security activities. From these findings, this article concludes that a liability and compliance law is likely to contribute to a certain degree to the achievement of sustainable development of cyber security.

• The Journal of Society for e-Business Studies
• /
• v.26 no.3
• /
• pp.81-95
• /
• 2021

This study is to design a security game to proceed in the future based on the results of analyzing 105 research trends on gamification from 2018 to 2021 according to research period, research purpose, research subject, research topic, research method, game method, and emphasis factors. was trying to find an answer to Gamification showed a trend of increasing research related to 2021 due to the increase in the importance of non-face-to-face education in 2020, and there were not many studies targeting middle and high school students, colleges, and adults. Security-related research was a relatively incomplete and limited field, as only a small number of studies on raising awareness were conducted due to access restrictions. In the future, by referring to various research cases and statistics analyzed in this study, we will try to actually implement security education cases through gamification.

• Proceedings of the CALSEC Conference
• /
• 1999.07b
• /
• pp.491-500
• /
• 1999

Recent increase of commercial network Integration to World Wide Web(WWW) shifts an ordinary commerce to electronic environment. This draws more people to examine re-assurance of their secure transaction. This study investigates current status of security methodology for Electronic Payment System and extracts important axis of security level for electronic payment. Using these axis as security evaluation criteria, the research proposes a security matrix which consists of four different level of security granularity, hence allowing evaluation of a nation-wide credit card based payment system. Feasible usage of this matrix contributes to security analysis of the electronic system as whole, hence providing better secured electronic environment.

• Convergence Security Journal
• /
• v.14 no.3_2
• /
• pp.61-70
• /
• 2014

The purpose of this study was to examine the types and state of the private sector's cooperative activities for public peace and order and any problems with it in an effort to step up the revitalization of police-college collaborative efforts for public security by allowing police studies majors and security science majors to participate in crime prevention activities for which the police was responsible in each local community. What problems might possibly take place if police studies majors and security science majors would be involved in crime prevention activities was investigated by making a qualitative analysis. The findings of the study were as follows: First, more human resources and equipment should be offered, as the shortage of the two was pointed out as one of problems with the police itself. Second, how to cope with accidents that might occur if police studies majors and security science majors would take part in crime prevention activities should carefully be studied. Third, it should first be carried out at college to improve an ability to properly respond to diverse situations on the spot.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.47-58
• /
• 2015

Recently, new information security vulnerabilities have proliferated with the convergence of information security environments and information and communication technology. Accordingly, new types of cybercrime are on the rise, and security breaches and other security-related incidents are increasing rapidly because of security problems like external cyberattacks, leakage by insiders, etc. These threats will continue to multiply as industry and technology converge. Thus, the main purpose of this paper is to design and present security subjects in order to train professional security management talent who can deal with the enhanced threat to information. To achieve this, the study first set key information security topics for business settings on the basis of an analysis of preceding studies and the results of a meeting of an expert committee. The information security curriculum taxonomy is developed with reference to an information security job taxonomy for domestic conditions in South Korea. The results of this study are expected to help train skilled security talent who can address new security threats in the future environment of industrial convergence.

• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.43-49
• /
• 2015

As the cloud computing law was passed in March, 2015, many private companies and public organizations give consideration to introduce cloud computing services. However, most of them are still concerned about the security issues in cloud computing services. To solve the problem, a certification system of cloud security is necessary as an enabler for adoption of the trusted cloud services. There have been a number of studies about certification systems for cloud security, but only few studies exist about certification scheme of cloud security. Therefore, in this study, foreign certification systems for cloud security are analyzed to draw requirements for developing a domestic certification scheme for cloud security. Based on the result of analysis, this study proposes the three certification schemes of cloud security, which have been reviewed by the focus group interview method to draw advantages and disadvantages of each scheme.

• The Journal of Society for e-Business Studies
• /
• v.21 no.2
• /
• pp.121-133
• /
• 2016

All industries has expanded their research investment for development and secure of new technology, following application of ICT technology and rapid growth of industrial technology. Therefore efforts to protect the new technology have strengthened. Several governments have conducted a variety of industrial security activities with interest because these efforts are considered not only business problem level but also national level. In this paper, we research the industrial security related organization that performs the activities for industrial assets protection and technology drain prevention. Furthermore we discuss problems with the industrial security performance of government and emphasize the necessity of industrial security department in government.

• Nuclear Engineering and Technology
• /
• v.53 no.10
• /
• pp.3319-3326
• /
• 2021

As a form of industrial control systems (ICS), nuclear instrumentation and control (I&C) systems have been digitalized increasingly. This has raised in turn cyber security concerns. Cyber security for ICS is important because cyber-attacks against ICS can cause not only equipment damage and loss of production but also personal and public safety hazards unlike in general IT environments. Numerous risk analyses have been carried out to enhance the safety of ICS and recently, many studies related to the cyber security of ICS are being conducted. Many existing risk analyses and cyber security studies have considered safety and cyber security separately. However, both safety and cyber security perspectives should be considered when analyzing risks for complex and critical ICS facilities such as nuclear power plants (NPPs). In this paper, the STPA-SafeSec methodology is selected to consider both safety and security perspectives when performing a risk analysis for NPPs in order to assess impacts on the safety by cyber-attacks against the digital I&C systems. The STPA-SafeSec methodology was applied to a test-bed system that simulates a condensate water (CD) system in an NPP. The process of the application up to the development of mitigation strategies is described in detail.

• The Journal of Society for e-Business Studies
• /
• v.24 no.1
• /
• pp.17-27
• /
• 2019

With the occurrence of the 4th Industrial Revolution, environmental change is happening in the healthcare industry as overall flow of Industry heads to ICT-based business environment. Healthcare Industry, which has the characteristic of public goods, is requiring a reliability and continuity of healthcare industry, however, the introduction of security is being delayed due to the problem of compatibility and extendability of existing system. Accordingly, in this research, we have built a section and role for stakeholders to be concerned in order to induce, analyze and introduce a needed security technology for rapidly building a security system in a smart healthcare environment. We have suggested a possibility of extendability regarding a multi-dimensional effort of stakeholders for establishing a healthcare security system.

• International Journal of Computer Science & Network Security
• /
• v.21 no.1
• /
• pp.107-118
• /
• 2021

The term Internet of Things (IoTs) refers to the future where things are known daily through the Internet, whether in one way or another, as it is done by the method of collecting various information from various sensors to form a huge network through which people, things and machines are helped to make a link between them at all time and anywhere. The IoTs is everywhere around us such as connected appliances, smart homes security systems and wearable health monitors. However, the question is what if there is a malfunction or outside interference that affects the work of these IoTs based devises? This is the reason of the spread of security causes great concern with the widespread availability of the Internet and Internet devices that are subject to many attacks. Since there aren't many studies that combines requirements, mechanisms, and the attacks of the IoTs, this paper which explores recent published studies between 2017 and 2020 considering different security approaches of protection related to the authentication, integrity, availability and confidentiality Additionally, the paper addresses the different types of attacks in IoTs. We have also addressed the different approaches aim to prevention mechanisms according to several researchers' conclusions and recommendations.