• Review of KIISC
• /
• v.25 no.4
• /
• pp.57-62
• /
• 2015

최근의 정보보호 관련 사고를 살펴보면 기업 내부자로 인한 개인정보의 유출과 같이 특별한 기술 없이 이루어지는 인간 중심의 정보보호가 이슈화되고 있다. 그만큼 점점 사회공학적인 위협이 증가하고 있는 추세이며, 그 위험성이 사회 전반적으로 인식되어가고 있다. 본 지를 통해 사회공학의 의미에 대해 되짚어보고, 사회공학 라이프 사이클과 최근의 사회공학 공격 기법에 대해 분석한다. 또한 일반적 사회공학 의미인 인간 상호 작용의 깊은 신뢰를 바탕으로 사람들을 속여서 보안 절차를 우회하는 등의 기존 개념에 더하여 유사한 사례를 바탕으로 인간의 대표적 감정 상태(두려움, 슬픔, 기쁨)를 이용한 사회공학 기법에 대해 논한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.4
• /
• pp.83-94
• /
• 1998

약할기반 접근통제는 현재 가장 많이 사용외는 임의적 겁근통제 및 강제적 접근통제에 비하여 유연성을 제공하며 접근통제 기법이 정교하다. 따라서, 역할기반 접근통제는 금융 및 기업 등과 같은 상업적 분야 및 행정적인 분야에서 많이 사용될 것으로 예측된다. 본 논문에서는 기존에 제안된 역할기반 접건통제 메커니즘에 역할의 속성을 정의하여 새로운 형태의 역할기반 접근통제 메커니즘을 제안하였다. 제안된 역할기반 메커니즘은 기존의 역할기반 메커니즘이 실생활에 잘 적용되지 않는 단점을 극복하였으며, 특히 살라미 공격, 내부자의 부정행위 방지에 효과적으로 적용 가능하다. 또한 역할을 부여받는 사용자의 역할 중복 방지를 위하여 차이 연산자를 정의하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1470-1473
• /
• 2009

대부분 기업의 중요 기술정보 유출은 내부자에 의해 이루어진다. 기업의 핵심기술 및 정보유출을 방지하기 위하여 여러 분야에서 많은 투자와 연구가 진행되고 있지만 기술발전에 따라 업무환경과 일하는 방법이 변화하여 물리적보안과 정보보안을 분리한 기존 개별 통제방식은 효용성이 떨어지고 있다. 새로운 환경에 대응하기 위하여 보안 패러다임의 전환이 필요한 시점이다. 이에 본 연구는 물리적보안과 정보보안을 융합한 신뢰할 수 있는 인증기반(스마트카드/생체정보) 보안저장매체의 요구기능, 각 기능에 필요한 요소기술에 대하여 고찰한다.

• International Commerce and Information Review
• /
• v.19 no.1
• /
• pp.257-278
• /
• 2017

The paper examines the ownership structure and the firm value of online firms in the world. Data are gathered by using FACTIVA database for firms in the Dow Jones index for the 2014 fiscal year. The Ordinary Least Squares regressions, the Generalized Linear Model, and the model selection criteria are employed to analyze the relationship between the dependent and the independent variables. The paper tests theories such as the convergence of interest theory, the managerial entrenchment theory, and the eclectic theory. The paper finds that the ownership structure has an influence on the firm value depending on the rank of the large shareholders. While the first large shareholders have a negative association with the firm value, the presence of the second and the third large shareholders have a positive influence on the firm value. The paper also finds that the identity of the largest shareholders whether they are insiders or outsiders have an influence on the firm value. The proportion of shareholding by a large shareholder and her identity are variables which predict a firm value.

• Journal of the Korea Convergence Society
• /
• v.10 no.11
• /
• pp.345-352
• /
• 2019

This paper examines the opportunistic behavior of corporate insiders and analyzes the relationship between equity change and the possibility of delisting. The findings are summarized as follows. First, the larger the stake reduction of insider, the greater the negative excess return after announcement. In the delisting firm group, there is a significant decrease in equity and statistically significant results in the difference test between the comparative groups. The logistic regression analysis showed that the regression coefficient of equity change was negatively statistically significant, indicating a significant correlation between insider share change and the possibility of delisting. These findings are expected not only to provide useful information for investors, but also to be evidence of capital market information asymmetry.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.27-36
• /
• 2015

Current leakage of industrial technologies with revealing state secret against nation is gradually increasing and scope of the spill is diversified from technology-oriented leakage to new economic security sector like information and communication, electrical and electronic, defense industry, illegal export of strategic material, economic order disturbance by foreign country, infringement of intellectual property, etc. So the spill damage can affect not only leaked company but also national interests and entire domestic industry. According to statistics from National Industrial Security Center of National Intelligence Service, a major cause of technology leakage is not only by external things about hacking and malignant code, but internal leakage of former and current employees account for about 80%. And technology leakage due to temptation of money and personal interests followed by technology leakage of subcontractor is steadily increased. Most studies in the field of security have tended to focus on measuring security capability of company in order to prevent leakage core assets or developing measurement Indicators for management rather than security activities of the company members that is most important. Therefore, this study analyzes the effect of most underlying security education in security activities on security capabilities of enterprise. As a result, it indicates that security education have a positive(+) correlation with security capabilities.

• Journal of Platform Technology
• /
• v.11 no.2
• /
• pp.15-25
• /
• 2023

This study analyzes the limitations of the insider threat datasets used for insider threat detection research and compares and analyzes the solution-based insider threat data with public insider threat data using a security solution to overcome this. Through this, we design a data format suitable for insider threat detection and implement a system that can safely share insider threat information between different institutions and companies using blockchain technology. Currently, there is no dataset collected based on actual events in the insider threat dataset that is revealed to researchers. Public datasets are virtual synthetic data randomly created for research, and when used as a learning model, there are many limitations in the real environment. In this study, to improve these limitations, a private blockchain was designed to secure information sharing between institutions of different affiliations, and a method was derived to increase reliability and maintain information integrity and consistency through agreement and verification among participants. The proposed method is expected to collect data through an outflow threat collector and collect quality data sets that posed a threat, not synthetic data, through a blockchain-based sharing system, to solve the current outflow threat dataset problem and contribute to the insider threat detection model in the future.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.87-98
• /
• 2019

In recent years, many organizations protect their information resources by investing in information security technology. However, information security threats from insiders have not been reduced. This study proposes a method for reducing information security threats within an organization by mitigating negative information security behaviors of employees. Specifically, the study finds a relationship between information security related role stress and negative behavior and suggests whether organizational justice mitigates role stress. That is, the purpose of the study is to suggest a mechanism between organizational justice, information security related role stress, and negative behavior. Negative behavior consist of avoidance behavior and deviant behavior, and security related role stress consist of role conflict and role ambiguity. Organizational justice consist of distributional justice, procedural justice, and informational justice. The research model is verified through structural equation modeling. After establishing a research model and hypothesis, we develop a survey questionnaire and collect data from 383 employees whose organizations have already implemented security policies. The findings appear that security related role stress increases negative behavior and that organizational justice mitigates role stress. The results of the analysis suggest the direction of organizational strategy for minimizing insider's security-related negative behaviors.

• Journal of Labour Economics
• /
• v.28 no.1
• /
• pp.105-133
• /
• 2005

This paper attempts to verify that the economic gap between the workers in (large) firms with unions and those in (small and medium size) firms with no unions has recently been widened rapidly. A comparison of the wages of the workers belonging to the business establishments with and without trade union shows that the union premium has increased very sharply since 1997, after a relatively long periods with little changes. Also found is that union sector has witnessed a sharper decline in the share of the new entrants among workers as well as a faster increase of the average tenure of workers. These all indicate that the trade unions have forced a market equilibrium to move farther away from the competitive equilibrium in recent years.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.77-86
• /
• 2015

The organization shall minimize business risks associated with customer information leaks. Enhance information security activities through voluntary pre-check and must find a way to detect the personal information leakage caused by carelessness and neglect accident. Recently, many companies have introduced an information leakage prevention solution. However, there is a possibility of internal data leakage by the internal user who has permission to access the data. By this thread it is necessary to have the environment to analyze the habit and activity of the internal user. In this study, we use the SFI analytical technique that applies RFM model to evaluate the insider activity levels were carried out case studies is applied to the actual business.