• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.25-32
• /
• 2011

In this study, software products developed in the course of testing, software managers in the process of testing software test and test tools for effective learning effects perspective has been studied using the NHPP software. The Weibull distribution applied to distribution was based on finite failure NHPP. Software error detection techniques known in advance, but influencing factors for considering the errors found automatically and learning factors, by prior experience, to find precisely the error factor setting up the testing manager are presented comparing the problem. As a result, the learning factor is greater than automatic error that is generally efficient model could be confirmed. This paper, a numerical example of applying using time between failures and parameter estimation using maximum likelihood estimation method, after the efficiency of the data through trend analysis model selection were efficient using the mean square error and $R_{sq}$.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.29 no.3
• /
• pp.139-155
• /
• 2018

This study proposed an integrated management system model of researcher identifiers using the ISNI(International Standard Name Identifier) that can prevent duplicate issuance of identifiers and can be used to reorganize the authors' information. We looked at the metadata structure and management system of the ISNI that can be applied in various fields among identifiers. And we have designed the integrated ID system and system model that can manage the identifiers issued by each institute based on the ISNI. This model consists of data structure layer, platform layer, application layer, management and security layer (4 layers) and we have presented some of the key features and issues to consider when managing the integrations.

• Information Systems Review
• /
• v.18 no.4
• /
• pp.17-42
• /
• 2016

Information security incidents caused by authorized insiders are increasing in financial firms, and this increase is particularly increased by outsourced contractors. With the increase in outsourcing in financial firms, outsourced contractors having authorized right has become a threat and could violate an organization's information security policy. This study aims to analyze the differences between own employees and outsourced contractors and to determine the factors affecting the violation of information security policy to mitigate information security incidents. This study examines the factors driving employees to violate information security policy in financial firms based on the theory of planned behavior, general deterrence theory, and information security awareness, and the moderating effects of employee type between own employees and outsourced contractors. We used 363 samples that were collected through both online and offline surveys and conducted partial least square-structural equation modeling and multiple group analysis to determine the differences between own employees (246 samples, 68%) and outsourced contractors (117 samples, 32%). We found that the perceived sanction and information security awareness support the information security policy violation attitude and subjective norm, and the perceived sanction does not support the information security policy behavior control. The moderating effects of employee type in the research model were also supported. According to the t-test result between own employees and outsourced contractors, outsourced contractors' behavior control supported information security violation intention but not subject norms. The academic implications of this study is expected to be the basis for future research on outsourced contractors' violation of information security policy and a guide to develop information security awareness programs for outsourced contractors to control these incidents. Financial firms need to develop an information security awareness program for outsourced contractors to increase the knowledge and understanding of information security policy. Moreover, this program is effective for outsourced contractors.

• Proceedings of the Korea Association of Information Systems Conference
• /
• 1998.10a
• /
• pp.20-30
• /
• 1998

고도화된 정보통신의 확산으로 인해 인터넷(internet)을 통한 지역간의 거리를 극복 한 전자상거래가 점점 발달하고 있으며 이에 따른 시장의 잠재성 또한 커지고 있다. 그러나 현재 구축된 인터넷 쇼핑몰도 그 규모나 숫자에 비해서 매출액은 아직 높은 편이 아니다. 이에 대한 많은 이유가 있겠지만 가장 큰 이유중의 하나가 구매자 수의 부족을 들을 수 있 다. 이에 본 연구에서는 인터넷 쇼핑몰에 방문한 고객이 기꺼이 구매할 수 있는 환경을 제 공해 주기 위해 '지능형 메타몰(Intelligent Meta-Mall)'을 제안하고, 인터넷 쇼핑몰 중에서 사용자가 직접 마주치는 부분인 프론트 오피스(Front Office) 부분에서 제공되어야 하는 기 능 37가지를 제안하였다. 그리고 이들 기능을 일반관리 기능 및 소비자 구매과정 모형에 따 라 분류한 후, 현재 국내에서 운영되고 있는 쇼핑 몰의 웹마스터에게 설문조사를 실시함으 로써 상대적으로 중요한 기능과 불필요한 기능들을 파악하였다. 상대적으로 중요한 기능은 (1) One-stop Shopping 기능, (2) 비교쇼핑기능, (3) 단어(keyword) 탐색 기능, (4) 보안 모니터링 기능, (5) 부도 보증 기능, (6) 반품 관리 기능, (7) 속달 기능, (8) One-stop Payment 등으로 조사되었다. 상대적으로 불필요한 기능은 (1) 경매제품 탐색 기능, (2) 인 터페이스 수정 기능, (3) 사이버 머니 제공 기능, (4) 신원확인 기능, (5) No Blank 페이지 제공 기능, (6) 기본 사양 여과(filtering) 기능, (7) 다국어 지원 기능, (8) 보안 모니터링 기 능 등으로 조사되었다.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.

• Journal of Platform Technology
• /
• v.8 no.1
• /
• pp.10-15
• /
• 2020

Recently, various industrial sectors have introduced cloud service actively in their business because cloud computing technology enables storage·management and analysis·utilization of data easily in anytime, anywhere. Especially in financial sector, the business provocatively adopted the service and creates various innovative cases; furthermore, already in abroad, the sector has been accelerating digitization of analysis in cases of credit risk, financial fraud data, stock trading etc. On the contrary, in the domestic financial industry, not only the cloud service introduction and innovation cases are underperformed, but most of them are focused on the back-office service. Most Korean financial corporations are burdened with the adoption of cloud service due to various conservative regulatory requirements, such as regulations on data storage and management, regulations on privacy, and other tasks such as developing decision models and establishing responsibility standard for security incidents and service failures. In this study, it would be aimed to contribute to promote the introduction of the cloud in the domestic financial sector by drawing up preemptive challenges and inspecting priorities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.425-433
• /
• 2016

In smart grid, enhancement of efficiency and interoperability of electric power system is achieved through the connection with outer network, and this induces that power grid system is threatened increasingly, becomes the main target of cyber terrorism, and is sincerely required to design the secure power system. Although SSDLC(Secure System Development Life Cycle) is used for risk management from the design phase, traditional development life cycle is somewhat limited for satisfaction of information security indicator of power control system. Despite that power control system should reflect control entities of information security considering its own characteristics, validation elements are insufficient to apply into real tasks based on existing compliance. To make design of diagnostic model and assessment process for power control system possible and to give a direction for information security and present related indicator, we propose the new risk management framework of power control system which is applied operational security controls and standard architecture presented by IEC 62351 TC 57 with enterprise risk management framework.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.1093-1096
• /
• 2021

우리는 1 인 가구가 늘어나고 있고 주거 침입 사고도 많이 발생하고 있는 현재 사회에 맞게 도어락에 보안을 강화하고, 집안에 CCTV 를 설치하여 감시하는 서비스를 제공하여 거주자의 불안감을 덜어내도록 한다. 사용한 H/W 는 아두이노와 지문인식센서로 도어락의 지문인증에, 라즈베리파이와 웹 캠은 도어락의 얼굴인증, CCTV 에 사용하여 구축했다. 또한 도어락 인증에 성공하면 집 모형의 문을 열어주기 위해 서보 모터를 사용했다. 사용한 S/W 는 데이터 저장, 얼굴 인증은 AWS 클라우드 서비스를 활용했고, 스마트폰 알람은 FCM 을 사용하였다. OpenCV 를 사용해 움직임 감지를 하고, Flask, Ngrok 를 활용해 실시간 스트리밍이 가능하도록 했다. 어플에서는 관리자가 데이터를 관리(조회, 추가, 삭제)를 할 수 있다.

• Korean Security Journal
• /
• no.61
• /
• pp.203-234
• /
• 2019

The damages from security accidents continue to increase as technology leaks from suppliers cause risks to the management of large companies, which are their customers, and their image and reliability to fall. However, the current industrial structure is practically impossible for large companies to form their own businesses and strategic alliances with business partners are essential, but it is changing into an industrial structure where the exchange of information is increased and the dependence of the information system is maximized, as well as legal demands and demands from stakeholders are increasing due to the complexity of the work process and the strengthening of security-related laws. The status of technology protection of small and medium-sized enterprises shows that they are not equipped with a security system due to relatively poor environment and financial difficulties compared to large enterprises, whereas the industrial structure between large and small business partners is indispensable for sharing the IT system, and the security system of large business, which is a customer company, should be improved by considering the fact that it is impossible to maintain security system between large businesses. Thus, the government intends to examine the system for shared growth of small businesses and the model for evaluating the capabilities of various agencies for information protection, and propose measures to introduce the certification system for small business partners.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.957-966
• /
• 2020

According to the recent statistics of the National Industrial Security Center, about 80% of the confidential leak are caused by former and current employees in the case of domestic confidential leak accidents. Most of the information leak incidents by these insiders are due to poor security management system and information leak detection technology. Blocking confidential leak of insiders is a very important issue in the corporate security sector, but many previous researches have focused on responding to intrusions by external threats rather than by insider threats. Therefore, in this research, we design an internal information leak scenario to effectively and efficiently detect various abnormalities occurring in the enterprise, analyze the key indicators of the leak symptoms derived from the scenarios by using data analytics and propose a model that accurately detects leak activities.