• Journal of Platform Technology
• /
• v.9 no.2
• /
• pp.26-37
• /
• 2021

E-mail is one of the important tools for communicating with people in everyday life. With COVID-19 (Coronavirus) increasing non-face-to-face activity, security incidents through e-mail such as spam, phishing, and ransomware are increasing. E-mail security incidents are increasing as social engineering attack using human psychology rather than arising from technological weaknesses that e-mails have. Security incidents using human psychology can be prevented and defended by improving security awareness. This study empirically studies the analysis of changes in response to malicious e-mail due to improved security awareness through malicious e-mail simulations on executives and employees of domestic and foreign company. In this study, the factors of security training, top-down security management, and security issue sharing are found to be effective in safely responding to malicious e-mail. This study presents a new study by conducting empirical analysis of theoretical research on security awareness in relation to malicious e-mail responses, and results obtained from simulations in a practical setting may help security work.

• Journal of the Society of Disaster Information
• /
• v.17 no.1
• /
• pp.176-183
• /
• 2021

Purpose: The introduction of smart factories that reflect the 4th industrial revolution technologies such as AI, IoT, and VR, has been actively promoted in Korea. However, in order to solve various problems arising from existing file-based operating systems, this research will focus on identifying and verifying non-file system-based data protection technology. Method: The research will measure security storage that cannot be identified or controlled by the operating system. How to activate secure storage based on the input of digital key values. Establish a control unit that provides input and output information based on BIOS activation. Observe non-file-type structure so that mapping behavior using second meta-data can be performed according to the activation of the secure storage. Result: First, the creation of non-file system-based secure storage's data input/output were found to match the hash function value of the sample data with the hash function value of the normal storage and data. Second, the data protection performance experiments in secure storage were compared to the hash function value of the original file with the hash function value of the secure storage after ransomware activity to verify data protection performance against malicious ransomware. Conclusion: Smart factory technology is a nationally promoted technology that is being introduced to the public and this research implemented and experimented on a new concept of data protection technology to protect crucial data within the information system. In order to protect sensitive data, implementation of non-file-type secure storage technology that is non-dependent on file system is highly recommended. This research has proven the security and safety of such technology and verified its purpose.

• The Magazine of the IEIE
• /
• v.43 no.7
• /
• pp.52-58
• /
• 2016

• Digital Contents
• /
• no.7 s.98
• /
• pp.38-41
• /
• 2001

사이버 아파트에 있어서 각 세대의 개인 및 가족 정보는 재산상의 직접적인 정보와 연결되어 있기 때문에 다른 어떤 분야만큼이나 중요하다고 할 수 있다. 아직은 언론이나 네티즌들에게 널리 알려지지 않은 사이버 아파트의 보안문제에 대해 살펴보고 그 법적인 검토를 해보고자 한다. 사이버아파트의 경우 웹마스터가 랜 관리까지 병행하는 경우가 많아서 웹마스터의 정보관리가 무엇보다 중요하다.

• Korean Security Journal
• /
• no.27
• /
• pp.129-159
• /
• 2011

Physical security has always been an extremely important facet within the security arena. A comprehensive security plan consists of three components of physical security, personal security and information security. These elements are interrelated and may exist in varying degrees defending on the type of enterprise or facility being protected. The physical security component of a comprehensive security program is usually composed of policies and procedures, personal, barriers, equipment and records. Human beings kept restless struggle to preserve their and tribal lives. However, humans in prehistoric ages did not learn how to build strong house and how to fortify their residence, so they relied on their protection to the nature and use caves as protection and refuge in cold days. Through the history of man, human has been establishing various protection methods to protect himself and his tribe's life and assets. Physical security methods are set in the base of these security methods. Those caves that primitive men resided was rounded with rock wall except entrance, so safety was guaranteed especially by protection for tribes in all directions. The Great Wall of China that is considered as the longest building in the history was built over one hundred years from about B.C. 400 to prevent the invasion of northern tribes, but this wall enhanced its protection function to small invasions only, and Mongolian army captured the most part of China across this wall by about 1200 A.D. European lords in the Middle Ages built a moat by digging around of castle or reinforced around of the castle by making bascule bridge, and provided these protections to the resident and received agricultural products cultivated. Edwin Holmes of USA in 20 centuries started to provide innovative electric alarm service to the development of the security industry in USA. This is the first of today's electrical security system, and with developments, the security system that combined various electrical security system to the relevant facilities takes charging most parts of today's security market. Like above, humankind established various protection methods to keep life in the beginning and its development continues. Today, modern people installed CCTV to the most facilities all over the country to cope with various social pathological phenomenon and to protect life and assets, so daily life of people are protected and observed. Most of these physical security systems are installed to guarantee our safety but we pay all expenses for these also. Therefore, establishing effective physical security system is very important and urgent problem. On this study, it is suggested methods of establishing effective physical security system by using system integration on the principle of security design about effective security system's effective establishing method of physical security system that is increasing rapidly by needs of modern society.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06a
• /
• pp.80-82
• /
• 2012

다양한 정보보호 제품이 개발됨에 따라, 정보보호 제품 보증을 위해 자체의 보안성 평가 및 인증이 중요시되고 있다. 정보보호 제품의 평가 및 인증을 위해서는 보안기능 검사와 취약점 분석 단계가 매우 중요하지만 이를 위한 정보보호 제품의 보안기능 시험과 취약성 분석을 위한 테스팅 절차에 대한 연구는 그 중요성에 비해 많이 수행되지 않았다. 현재까지는 보안제품을 기능별로 제품을 분류하여 보안성을 평가하였는데, 본 논문에서는 보안 제품들에서 공격에 취약한 SW 모듈 중심으로 테스팅 대상을 분류하는 방법을 제안한다. 분류된 SW 모듈별로 적합한 보안 테스팅 기법을 정의하고, 보안제품의 취약점을 효과적으로 탐지하기 위해 공개되어 있는 관련 취약점도 분석하였다. 이를 통해 정보보호 제품의 취약점 분석 및 제품 보안성 평가를 위한 SW 모듈별 보안 테스팅 절차를 수립하고, 테스트하였다. 실험을 통해 취약한 SW 모듈별 적절한 공격 기법 선정 시 제안 절차가 정보보호 제품 평가 인증에 활용될 수 있음을 확인하였다.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.577-584
• /
• 2004

Recently many company has been cracked by crackers information security and everyday new computer virus come out. so e-trade partners should prevent the disasters. A few studies researched e-trade securities broadly but the new trend in information security division especially focused on electronic payment, EDI, Transportation, Contracts, Insurances and that of subjects have been researched through interdisciplinary evolution. Our research e-trade security on three part, First system attack, second is data attack and third is business attack. the attacks have theirs own solution, so e-trade company use this solution timely and powerfully. It is the most important thing to prepare the cracking with securities system. also manager should catch recent hacking technologies. The research results propose that e-trade firms should use information security policies and securities systems that including H/W and S/W. therefore manager's security mind is very important and also using electronic commerce securities device and should be considered exploiting solutions by each special usage according to e-trade company' environments.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.12
• /
• pp.215-225
• /
• 2011

This paper suggests several methods of improving information securities of universities through the investigations of the current status of information securities in universities, which is becoming a hot topic in knowledge and information societies. In this paper, universities were randomly selected according to their size, and surveyed through email questionnaire to the persons in charge of security in each university, and 27 universities and 18 colleges were replied. From the survey results we confirmed that the pre-prevention is the most important thing in securing information assets, also in universities, and, in this paper, systematic support must be strengthened to establish a comprehensive security management policy and guidelines for the universities, and the importance of information assets and the necessity of security needs to be shared with the members in the universities. Moreover there must be full administrative and financial support, including recruitment and training of information security professionals and the establishing a separate security division.

• Journal of Digital Convergence
• /
• v.14 no.4
• /
• pp.209-220
• /
• 2016

Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees' information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model's factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual's information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members' expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members' information security behavior, and will be able to provide measures to establish organization's information security policy and increase members' compliance behavior.

• Journal of Digital Convergence
• /
• v.14 no.11
• /
• pp.501-505
• /
• 2016

Recently, the frequency of dealing important information regarding financial services like paying through smart device or internet banking on smart device has been increasing. Also, with the development of smart device execution environment towards open software environment, it became easier for users to download and use random application software, and its security aspect appears to be weakening. This study inspects features of hardware-based smart device security technology. Furthermore, this study proposes a realization method in MTM hardware-based secure smart device execution environment for an application software that runs in smart devices. While existing MTM provides the root of trust function only for the mobile device, the MTM-based mobile security environment technology proposed in this paper can provide numerous security functions that application program needs in mobile device. The further researches on IoT devices that are compatible with security hardware, gateway security technology and methods that secure reliability and security applicable to varied IoT devices by advancing security hardware are the next plan to proceed.