• 한국IT서비스학회:학술대회논문집
• /
• 2005.05a
• /
• pp.532-539
• /
• 2005

최근 세계적으로 전자정부에서의 시민역량을 증대시키기 위한 노력이 시작되는 동향을 보이고 있다. 이에 따라 거버넌스 관점에서 시민참여에 대한 이론 및 실증적 연구가 활발히 진행되고 있으나, 거버넌스 지원을 위한 차세대 전자정부시스템의 개발에 대한 연구는 상대적으로 적은 관심밖에 받지 못하고 있다. 거버넌스 지원 전자정부시스템은 주로 정부기관의 기능 강화에 초점을 두고 있는 기존의 전자정부시스템과 달리 능동적인 시민참여에 중점을 두어야 하며, 복잡하고 정보가 광역 분산된 민주사회 환경에서 보안과 프라이버시 등의 핵심 민주주의 가치를 유지하면서도 시민을 포함한 모든 구성원 사이의 정보공유와 이를 위한 조정 기능을 제공하여 모든 참여자가 정보를 적절히 공유할 수 있는 능력을 향상시킬 수 있도록 하여야 한다. 이러한 거버넌스 지원 전자정부시스템의 개발에 중요한 요소 중의 하나는 보안과 프라이버시를 유지하면서도 쌍방간의 정보공유를 가능하게 하는 P2P 통신 메커니즘이다. 본 논문은 거버넌스 지원 전자정부시스템의 특성과 요구사항을 살펴 보고 이를 바탕으로 P2P 통신에 대한 요구사항과 적합한 P2P 통신 모델에 대하여 논한다.

• Annual Conference of KIPS
• /
• 2020.05a
• /
• pp.302-305
• /
• 2020

정보처리기술이 발달함에 따라 원자력시설에 대한 사이버침해 가능성이 갈수록 높아지고 있다. 방사능방재법 및 관련 법령에 의거하여 국내 원자력시설은 각 시설 별 사이버사건 비상대응 절차를 수립하고 절차의 유효성 및 비상대응조직의 대응역량을 제고하기 위한 목적의 주기적인 사이버사건 대응훈련을 실시하고 있으며, 규제기관의 독립적인 훈련평가 결과를 통해 많은 개선사항이 도출되고 있다. 본 논문에서는 현행 원자력시설의 사이버사건 대응훈련 체계를 분석하여 사이버사건대응 훈련 정책의 개념에 대해, 국내·외 기준에 따른 사이버사건 대응훈련 정책의 요소를 식별하여 이를 개선하기 위한 구체적인 규제방안을 제시한다.

• Annual Conference of KIPS
• /
• 2024.10a
• /
• pp.328-330
• /
• 2024

침해사고 대응팀의 성숙도를 진단하는 대표적인 모델인 SIM3와 SOC-CMM는 침해사고 대응팀의 설립 또는 운영 초기단계의 조직에 적용시 제한된 기술과 역량으로 인해 성숙도 진단 및 평가에 오판을 유발한다. 본 연구는 이러한 한계를 보완하는 개선된 성숙도 진단모델을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.969-974
• /
• 2014

CC (Common Criteria) requires collecting vulnerability information and analyzing them by using penetration testing for evaluating IT security products. Under the time limited circumstance, developers cannot help but apply vulnerability analysis at random to the products. Without the systematic vulnerability analysis, it is inevitable to get the diverse vulnerability analysis results depending on competence in vulnerability analysis of developers. It causes that the security quality of the products are different despite of the same level of security assurance. It is even worse for the other IT products that are not obliged to get the CC evaluation to be applied the vulnerability analysis. This study describes not only how to apply vulnerability taxonomy to IT security vulnerability but also how to manage security quality of IT security products practically.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1011-1020
• /
• 2021

Throughout the years, cybersecurity incidents related to the shipbuilding and maritime industries are occurring more frequently as the IT industry develops. Accordingly, expertise in the information protection industry is necessary, and effective education contents on information protection are needed for this purpose. Recently, there have been more and more cases of increasing user experience by applying Metaverse technology to the educational field. Therefore, this study analyzes the existing information protection education and training and the information protection education contents in the maritime industries and proposes four directions for content development (i.e., online education and seminars, cybersecurity threat learning of virtual ships, accident reproduction, and maritime cybersecurity exhibition operation).

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.107-116
• /
• 2023

The management of professional manpower with expertise in performing specific tasks can be said to be a very important issue at the national level. Recently, interest in industrial technology protection experts continues to expand, but difficulties are growing due to the lack of policy evidence. Considering these points, this study conducted a fact-finding survey on personnel in charge of industrial technology protection, and through this, quantitative, qualitative, and job path analysis were performed for related job performers. These results are considered to be significant in that they can be used as basic information for fostering industrial technology protection experts in the future.

• Journal of Korean Society for Quality Management
• /
• v.51 no.4
• /
• pp.677-689
• /
• 2023

Purpose: The purpose of this study is to design a x-ray screening rating system to improve X-ray screening ability, which is a core job competency of security screener at Incheon International Airport, and to verify its effectiveness through empirical analysis to suggest ways to improve the level management system. Methods: In this study, the effectiveness of the research model was analyzed using T-test tests for effect analysis based on the empirical analysis results derived through the competency evaluation model, the screening rating system. Results: The results of this study are as follows. The average score for regular education before the implementation of the x-ray screening rating system was 94.1 points, but after the implementation of the x-ray screening rating system, the average score for regular education was 95.5 points, an average of 1.4 points increased. In addition, the proportion of those with 95 or more points classified as high scorers also increased significantly from 51.1% to 69.3%. Conclusion: The X-ray screening rating system of security inspectors will systematically manage the level of screening ability, which is a key job competency, and play a strong role in improving competency, while preventing security accidents through early identification and intensive training of level-lowers.

• Convergence Security Journal
• /
• v.21 no.4
• /
• pp.3-13
• /
• 2021

As new technologies such as artificial intelligence (AI), cloud, Internet of Things (IoT), big data, and mobile become organically integrated, a new era of digital transformation is emerging. As a result of this digital transformation, cybersecurity issues have surfaced as a negative side effect. Cyberspace, unlike physical space, has no clear limits, which leads to additional side effects and hazards. While promoting digital transformation in defense, conventional customs and behavioral approaches make it difficult to alter the cybersecurity strategy, even if it is vital to comprehend and prepare the attributes associated with time and technology trends. As a result, in this study, we will look at the direction of technology application in the defense as a result of digital transformation and analyze how to correlate from the standpoint of cybersecurity.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.113-125
• /
• 2015

Information Security Incidents that have recently happen rapidly spread and the scale of that incidents' damage is large. In addition, as it proceeds to the era of converged industry in the future environment and the virtual cyber world expands to the physical world, new types of security threats have occurred. Now, it is time to supply security professionals who have a multi-dimensional security capabilities that can manage the strategies of technological security and physical security from the management point of view, rather than the ones who primarily focus on the traditional technologic-centered strategies to solve new types of security threats. In conclusion, in this paper we try to produce the curriculum of information security featured in the occupational classification system and analyze the subjects that are additionally required for those who move to other occupations to cultivate security professionals who suited to the converged-industrial environment. It is expected that multi-dimensional security professionals who suited to the converged-industrial environment will be cultivated by harmoniously integrating information security subjects from technological and business/managerial perspectives, and education training courses will be developed that effectively provide core knowledges per occupational classification when people moves to other occupations in the areas of information security.

• The Journal of Korean Association of Computer Education
• /
• v.17 no.6
• /
• pp.71-80
• /
• 2014

Accidents for information disclosure occurred in a steady increase, so many information security department has been established recently. But there was a lack of differentiation between department of IT department and they cannot train appropriate students for companies. This research examined the Workforce framework and competencies, the related research for improving information security curriculum. And then this research analyzed status and characteristics of the curriculum to the information security department, based on the Workforce framework and competencies presented by NICE. The result of the research confirmed that the current curriculum mainly consists of courses dealing with development of products that secure information, so the curriculum is needed to improve by focusing on workforce framework competencies. The result will be utilized as fundamental research for improving the curriculum of information security major in the future.