• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.6
• /
• pp.69-79
• /
• 2016

If the security incidents are occurred then, the company concentrates on the quick reaction to security incidents, reports the reason of incidents, it's problem, the result of measure to the top management team. There will be the case that actively finding problems and taking it's actions with linking the internal problems whenever external security incidents are occurred or that having only interest of problems at the moment. It is important that lasting the preventing action to prevent security incidents than not concentrating on only the security incidents are occurred. To do this, the systematical and consistent method for this should be provided. In this paper, we will provide a security incident forecast system. The security incident forecast system updates the incident induction factor which helping to forecast the potential security incidents on the database inferred from the direct security incidents which are occurred inside the company as well as the indirect security incidents which are occurred outside the company and makes interact with the incident experience and the measure process systematically. The security incident forecast system is the efficient measure about the potential security incidents in taking precaution.

• Convergence Security Journal
• /
• v.20 no.3
• /
• pp.89-97
• /
• 2020

Recently, security issues on industrial technology are undergoing rapid changes around the world. Developed countries are establishing response strategies to protect their own core technologies while creating conflicts with global value chains and foreign capital movement. Also in Korea, we are approaching industrial security issues in the mid- to long-term industrial competitiveness. The purpose of this study is to survey on the awareness of the industrial security ecosystem and derive key policy issues. Based on a three round survey, four policies were suggested as followings : systemization of industrial security control tower, enhancement of security company's technical skills and training of security specialists, improvement of technology leakage prevention system through retirement personnel and M&A, reinforcement of research security in R&D process and proactive technology protection. It is hoped that this study will serve as a basis for policy-making as an evidence-based study reflecting the policy demands of industrial security.

• Advanced Industrial SCIence
• /
• v.2 no.2
• /
• pp.25-30
• /
• 2023

The purpose of this study is to empirically analyze the impact of corporate innovation activities on corporate innovation performance using data from companies participating in the smart farm project. A company's innovation activities were divided into planning capacity, R&D capacity, and commercialization capacity, and the impact of each innovation activity on the company's sales and patent creation was estimated. The moderating effect was also analyzed. Regression analysis was conducted as a research method, and as a result of the analysis, it was found that planning capacity, R&D capacity, and commercialization capacity related to innovation within a company have an impact on corporate performance creation. appeared to be In order to increase the business performance of technology commercialization, it was confirmed that planning and R&D capabilities as well as governmental technology policy support are needed.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.35-44
• /
• 2022

Among the five promotion strategies of Defense Innovation 4.0(DI 4.0), the military structure/operation optimization strategy aims to innovate the military structure based on advanced science&technology(S&T), and to integrate advanced S&T in the field of defense operation such as education&training and human resource development. As the future battlefield expands to AI-based unmanned/robot combat systems, space, cyberspace, and electromagnetic fields, it is necessary to train officers with the capabilities required in these battlefields. It is necessary to develop capabilities from junior officers who will lead the future battlefield to operating core advanced power based on the 4^th industrial revolution S&T. We review the education system of the military in universities and propose a method of redesigning the education system that is compatible with DI 4.0 and can develop technology-intensive capabilities based on advanced S&T. We propose a operation plan of major and extra-programs that can develop the capabilities of junior officers required for the future battlefield, and also suggest ways to support the army's practical training.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.125-142
• /
• 2013

As a reinforcing strategic-alignment of IT business, Financial Service becomes more rely on IT systems. It needs to continuous information security activities to provide a secure and reliable finance service. Performance measurement of information security activities can be useful for decision and management support. The purpose of this study is to derive CSF(Critical Success Factor) and KPI(Key Performance Indicator) based on K-ISMS, Financial IT Information Security Standards. Providing a rationale can be used to determine key performance indicators, which are utilized as basic data for establishing security policies for financial IT security competency.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.5
• /
• pp.737-746
• /
• 2017

In 2017, amid changes in the security market such as integrated security (IS) and convergence security (CS), a variety of security paradigms in terms of operation and management have been suggested. Rather than changing existing network infrastructure and bringing about fluid, multi-dimensional changes, these solutions and technologies focus entire security capacity on a primary protection, leading to network infrastructure suffering from unexpected inherent violations and problems in a continued manner. Therefore, it is time to propose and develop a flexible network section that can protect from attacks of similar pattern and concentrated traffic attacks by applying a new concept of WB (Water-Bubble) to network infrastructure and analyzing on the basis of experiment and installation. Methodology of the WB-based highly secure flexible network section proposed in this study is expected to provide materials for studies on how to achieve network section security taking into account three major limitations and security standards: fluidity, unpredictability, and non-area scalability by contact point ratio, by changing a network area predicted to be the final target of attack into resonant network section (area) with flexible area changes.

• Journal of the Society of Disaster Information
• /
• v.9 no.3
• /
• pp.290-299
• /
• 2013

This study is to present an improvement of security for the National Assembly by survey of persons who use the National Assembly facilities. Most of respondent said that their security consciousness level is above average, and they know National Assembly building is National Major Facility First class but they did not know well what the Major Facility First class is. Many of respondents thought security design of National Assembly building is inadequate, so reinforcement of access control management is necessary. For reinforcement of access control management, security gate and preparing of some obstacles are required. They said that they could put up with inconveniences incurred as a result of reinforcement of access control management, that could be affected positively for the reinforcement. The recognition on the necessity of security education is high, but there is no proper security education program. For practical security education, contents and different method followed by different facilities user should be considered.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.

• Annual Conference of KIPS
• /
• 2023.11a
• /
• pp.165-167
• /
• 2023

정부에서는 내·외부 사이버 보안 위협 고도화에 대한 실질적이고 효과적인 대응을 위해 정보보호관리체계(Information Security Management; 이하 ISMS) 인증에 대한 법령을 시행하고 있다. ISMS 인증은 컨설팅과 인증심사를 분리하여 독립성을 확보하였으며, 현장심사 비중을 높여 기존 문서심사에 치중되었던 인증·평가제도와의 차별화를 통해 실효성을 증진시켰다. 그러나 최근 ISMS 인증을 받은 대상자임에도 불구하고 개인정보 정보유출 사고, 대규모 서비스 장애가 유발됨으로써, 다시금 ISMS 인증의 실효성 문제가 제기되고 있다. 현재 제기되고 있는 문제의 요인은 인증기준에 적합한 최소한의 요구사항만 심사·심의하는 ISMS 인증의 한계점에 기인한다. 본 논문에서는 이와 같은 ISMS 인증의 실효적 한계점을 개선하고 인증취득 대상자의 실질적 보안역량 강화시키기 위하여 성숙도 평가모델에 기반한 ISMS 인증제도 운영 방안을 제언한다.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2023.11a
• /
• pp.205-207
• /
• 2023

국제선급연합회(International Association of Classification Societies: IACS)에서는 2022년 선박 및 기자재시스템 사이버 복원력 달성을 위한 공통규칙 UR E26, E27을 발행하였으며, 이 규정은 2024년 1월 이후 건조 계약되는 선박에 의무적으로 적용될 예정이다. 현존선의 경우, OT 시스템 네트워크 변경 및 사이버보안 기능을 신규 구현하기가 어렵기 때문에 사이버 위험관리에 한계가 있으나, 본 규정을 통해 신조선 건조 단계에서 설계 보안 (secure by design)을 고려한 선박 사이버 복원력 네트워크 및 기능 구현이 가능하다. 사이버복원력 생태계가 잘 형성되기 위해서는 선주, 조선소, 제조사, 선급 등 주요 이해관계자의 역할이 중요하며 향후 다양한 프로젝트를 통한 사이버복원력 체계 내재화, 재직자 사이버보안 역량 강화, 선박 사이버안전 기술 지속적 연구가 필요하다.