• The Journal of the Convergence on Culture Technology
• /
• v.10 no.5
• /
• pp.235-242
• /
• 2024

This study analyzes the development process of Environmental, Social, and Governance (ESG) policies in Korea and corporate response strategies, comparing them with cases from major countries. The results show that while Korea has established a basic framework for ESG policies through the K-ESG guidelines and plans for mandatory ESG disclosure, these policies lack the specificity and enforceability seen in major countries. In terms of corporate response, large companies are actively formulating ESG strategies, but strengthening ESG capabilities of small and medium-sized enterprises (SMEs) remains an urgent task. Industry-specific ESG strategies reflect the characteristics of each sector, such as carbon neutrality in manufacturing, expansion of responsible investment in finance, and enhanced data security in IT. This study suggests improving Korean ESG policies by enhancing the alignment of ESG disclosure standards with international norms, strengthening tailored support for SMEs, and developing industry-specific policies. For effective corporate ESG response, the study proposes strategic integration of ESG, enhanced communication with stakeholders, and improved ESG data management capabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

• Convergence Security Journal
• /
• v.17 no.4
• /
• pp.69-78
• /
• 2017

Since the September 11, 2001, transnational crimes and terrorism have increased, the importance of border security has been emphasized and integrated CIQ capability has been required. The U.S., Canada, and Australia are consolidating CIQ to strengthen border security, focusing on strengthening travelers and goods immigration control and airports, ports and land border security. In 2003, the U.S. established the Customs and Border Protection(CBP) under the Department of Homeland Security. Canada also established the Canada Border Services Agency(CBSA) under the Public Safety Canada in 2003. The Australian Customs and Border Protection Service was integrated with the Department of Immigration and Border Protection(DIBP) and the Australian Border Force was established in 2015. However, Korea operates a distributed border management system for each CIQ task which is unable to respond to complex border threats such as illegal immigration, entry of terrorists, smuggling of drugs, and gun trade in the airports, ports and land borders. In order to solve this problem, it is possible to consider integrating sequentially the customs and quarantine services which have high similarities, and to integrate the entire CIQ tasks with the Korea Customs Service delegated to the immigration control duties in the mid to long term. There is also a plan to benchmark the CIQ single accountability agencies in the U.S., Canada, and Australia in accordance with the Korean situation and to establish a new integrated border security organization.

• Information Systems Review
• /
• v.25 no.3
• /
• pp.179-197
• /
• 2023

As a sufficient workforce supports the industry's growth, workforce training has also been carried out as part of the industry promotion policy. However, the market still has a shortage of skilled mid-level workers. The information security disclosure requires organizations to secure personnel responsible for information security work. Still, the division between information technology work and job areas is unclear, and the pay is not high for responsibility. This paper compares job keywords in advertisements for the information security workforce for 2014, 2019, and 2022. There is no difference in the keywords describing the job duties of information security personnel in the three years, such as implementation, operation, technical support, network, and security solution. To identify the actual needs of companies, we also analyzed and compared the contents of job advertisements posted on online recruitment sites with information security sector knowledge and skills defined by the National Competence Standards used for comprehensive vocational training. It was found that technical skills such as technology development, network, and operating system are preferred in the actual workplace. In contrast, managerial skills such as the legal system and certification systems are prioritized in vocational training.

• Convergence Security Journal
• /
• v.14 no.3_1
• /
• pp.45-54
• /
• 2014

After the Cold War, obligations of nation are expanded to 'Comprehensive Security' that caring citizens' safety and welfare in addition to national defense. Major nations are competing to revolutionize their army to be prepared for various threats. Major nations, including United States and United Kingdom, are tend to adopting and using PMCs eagerly. The size of PMC market estimated around 70 billion euro and growing rapidly. Korea has to adopt PMCs for building military force and operating efficiency while driving 'Military Reform 2030'. Adopting PMCs in Korea can be considered as followings reflecting security situation. So, Korean army must consider implementing and adopting PMCs in order to building army force and attaining efficiency and preparing for the N orth Korean threat and various security risks.

• Convergence Security Journal
• /
• v.15 no.1
• /
• pp.59-68
• /
• 2015

Recently, the rapid development of science and technology is a new challenge and opportunity in the policing environment. In the major industrialized countries of the West presents a strategy called SMART Policing the police to strengthen police capacity in accordance with this social change and actively utilize the science and technology in policing field. In this study, we attempted to discuss our country for the establishment of security technology research and development organization. First, I propose that installed the R&D planning department at the Office of Planning and Coordination in the National Police Agency. Secondly, it is need to establish the (provisional) Police Science and Technology Center, that integrate the functions of each organization's R&D-related work. Finally, it should integrate Police Science Institute and the National Forensic Service in (provisional) Policing Technology Research Institute.

• Journal of Convergence for Information Technology
• /
• v.10 no.11
• /
• pp.332-339
• /
• 2020

This study aims to analyze problems and deduce improvement plans for information security support policies for SMEs in Korea. To this end, an effective support policy necessary for reinforcing cyber safety nets to enhance the level of information security of domestic SMEs based on the analysis results by analyzing the status and problems of the previous research review and analysis, the current status of information security of SMEs and the information security support policies of major SMEs at home and abroad. I would like to suggest improvement measures. Reinforcement of awareness, legal basis, voluntary capacity building, joint response system, professional manpower and budget support, cyber security construction, untact era support, and regional strategic industry security internalization were suggested. This can be used as the government's information security support policy to raise the level of information security of SMEs in preparation for the post Covid19.

• Convergence Security Journal
• /
• v.16 no.3_2
• /
• pp.33-42
• /
• 2016

While evolving information-oriented society provides a lot of benefits to the human life, new types of threats have been increasing. Particularly, cyber terrorism, happen on the network that is composed of a computer system and information communication network, and the mean and scale of damage has reached a serious level. In other words, it is hard to locate cyber terror since it occurs in the virtual space, not in the real world, so identifying "Who is attacking?" (Non-visibility, non-formulas), or "Where the attack takes place?" (trans-nation) are hard. Hackers, individuals or even a small group of people, who carried out the cyber terror are posing new threats that could intimidate national security and the pace and magnitude of threats keep evolving. Scale and capability of North Korea's cyber terrorism are assessed as world-class level. Recently, North Korea is focusing on strengthen their cyber terrorism force. So improving a response system for cyber terror is a key necessity as North Korea's has emerged as a direct threat to South Korean security. Therefore, Korea has to redeem both legal and institutional systems immediately to perform as a unified control tower for preemptive response to cyber terrors arise from North Korea and neighboring countries.

• Convergence Security Journal
• /
• v.14 no.1
• /
• pp.11-21
• /
• 2014

South Korea should not be in subordinate position in international relationships like the past. As the status of middle power. South Korea achieves peaceful unification through overcoming North Korea's nuclear and conventional threats, and builds military power in Northeast Asia as a 'balancer'. This can firstly be achieved by constructing "attack systems triad". 'attack systems triad' can be established through integrating the C41SR as a common strategy for the purposes of preemptive deterrence and retaliatory deterrence against the dangers of the present and the future. Second, denial deterrence can be achieved by establishing "defense system triad" by combining common military power and defensive weapon system. Finally, development of independent advanced technological strategies can be achieved by building defense industry and combination of research and development through constructing "Infra triad". As for constructing and reinforcing the future of the ROK military, a unilateral principle and policy efforts to achieve the aforementioned force construction models are needed. This can only be achieved through the government's national vision to take on the role of mediator and a basis founded upon the consensus of the public.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.137-146
• /
• 2019

This study seeks into an education goal and an achievement level based on investigating relationships between NCS communication abilities and communication educations for petty officer major students. Also, the study looks deep into approriate Integrated document training materials. A goal of the petty officer's communication education, which is supposed to achieve more than the average standard is improving abilities to understand documents and create documents related to the real petty officer's life. The goal of this communication study is designed with considering the petty officers' ability factors and the detailed weekly achievement goals based on characteristics of petty officers. the proper way to reach the goal of the Integrated document training materials is constructed as three step process; Presenting subject - group activity - handing in final activity report. Also, the education is designed to write evaluation forms continuously for students to keep eyes on their achievement levels. As the importance of NCS is emphasized these days, the Integrated document training materials present the ways how this education is needed to go on, and this shows ways to improve students' document writing abilities. For the last, the study mentions a proposal for further tasks on this field.