• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.779-791
• /
• 2021

Common web services have been continuously targeted by hackers due to an access control policy that must be allowed to an unspecified number of people. In order to cope with this situation, companies regularly check web vulnerabilities and take measures according to the risk of discovered vulnerabilities. The risk of these web vulnerabilities is calculated through preliminary statistics and self-evaluation of domestic and foreign related organizations. However, unlike static diagnosis such as security setting and source code, web vulnerability check is performed through dynamic diagnosis. Even with the same vulnerability item, various attack results can be derived, and the degree of risk may vary depending on the subject of diagnosis and the environment. In this respect, the predefined risk level may be different from that of the actual vulnerability. In this paper, to improve this point, we present a web vulnerability risk assessment model based on the attack result centering on the cyber kill chain.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.809-820
• /
• 2016

The smart grid, a new open platform, is a core application for facilitating a creative economy in the era of the Internet of Things (IoT). Advanced Metering Infrastructure (AMI) is one of the components of the smart grid and a two-way communications infrastructure between the main utility operator and customer. The smart meter records consumption of electrical energy and communicates that information back to the utility for monitoring and billing. This paper investigates the impact of a cybersecurity attack on the smart meter. We analyze the cost to the smart grid in the case of a smart meter attack by authorized users based on a high risk scenario from NESCOR. Our findings could be used by policy makers and utility operators to create investment decision-making models for smart grid security.

• Journal of Digital Convergence
• /
• v.14 no.11
• /
• pp.125-133
• /
• 2016

In recent years, various crimes such as "random killing' crime continue to rise. Despite the government's crime prevention efforts and crime related researches, crime increases and a different approach is needed. Therefore, this study proposes the alternative for crime prevention by analyzing big data. To achieve this objective, this study was to perform visualization utilizing the histogram, the bubble chart and the hit map and association analysis. To analyze the relationship between crime and some variables, this study analyzed data of Seongnam city, Korea National Police Agency and etc. The results of analysis showed that CCTV will be to reduce the crime rate and security light is not significantly relevant. And the result showed that other types of crime focused by time of the day and day of the week and showed that an increase of the foreigners and crime increase are associated. This study presents a scheme for reducing the crime rate on the basis of this analysis result.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.233-240
• /
• 2019

In order to predict and respond to cyber attacks, a number of security companies quickly identify the methods, types and characteristics of attack techniques and are publishing Security Intelligence Reports(SIRs) on them. However, the SIRs distributed by each company are huge and unstructured. In this paper, we propose a framework that uses five analytic techniques to formulate a report and extract key information in order to reduce the time required to extract information on large unstructured SIRs efficiently. Since the SIRs data do not have the correct answer label, we propose four analysis techniques, Keyword Extraction, Topic Modeling, Summarization, and Document Similarity, through Unsupervised Learning. Finally, has built the data to extract threat information from SIRs, analysis applies to the Named Entity Recognition (NER) technology to recognize the words belonging to the IP, Domain/URL, Hash, Malware and determine if the word belongs to which type We propose a framework that applies a total of five analysis techniques, including technology.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.4
• /
• pp.509-515
• /
• 2023

As the trend towards expanding the functions of modern governments continues, there are also problems such as misconduct and waste that arise as government activities and operations increase. To solve these issues, countries are establishing and developing internal control mechanisms. In this process, the U.S. Inspector General system has been operating for over 40 years with the aim of balancing and overseeing the government and the legislature. Accordingly, this study analyzed in detail the development process of the inspector system, one of the internal control systems promoted by U.S. government agencies, the formation of an inspector community, and the deployment, cooperation, and supervision of inspectors. As a result, the internal control system of domestic government agencies also needs to continue research so that the government and parliament can maintain close relations and introduce the inspector system according to the domestic situation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.859-866
• /
• 2019

Cybersecurity attack targeting a specific user is rising in number, even enterprises are trying to strengthen their cybersecurity. Network segmentation environment where public network and private network are separated could block information coming from the outside, however, it is unable to control outside information for business efficiency and productivity. Even if enterprises try to enhance security policies and introduce the network segmentation system and a solution incorporating CDR technology to remove unnecessary data contained in files, it is still exposed to security threats. Therefore, we suggest a system that uses file format conversion to transmit a secure file in the network separation environment. The secure file is converted into an image file from a document, as it reflects attack patterns of inserting malicious code into the document file. Additionally, this paper proposes a system in the environment which functions that a document file can keep information for incident response, considering forensic readiness.

• Journal of the Korea Convergence Society
• /
• v.10 no.6
• /
• pp.157-164
• /
• 2019

This research examines how IoT makes a significant contribution to the innovation of media firms. The media firms will be able to find new reveue sources and strengthen firms' competence through innovating product, process and business model. While IoT increases the experience of interactivity and immersion for consumption, it improves the way ads are exposed and its impact is measured, leading to revenue increase. For these benefits fulfilled, innovation friendly media eco-system must be established. It is the most critical that media firms should change skeptical attitude toward IoT's potential and actively invest it to employ IoT. The government should create regulatory framework to best utilize the innovative advantages of IoT.

• Korean Security Journal
• /
• no.14
• /
• pp.161-179
• /
• 2007

The numerous definition of terrorism is viewed as the use of force or violence by individual or group that is directed toward civilian populations and intended to instill fear as a means of coercing individuals or groups to change their political or social positions. Recently, the paradigm of terror has been developed as new terrorism motivated by 9. 11 terror in 2001. In these contexts, this study analyzed the case study of recent counter-terrorism of international events and suggested the policy implications. This study is split into four chapters. Chapter I is the introduction part. Chapter II introduces the reader to new terrorism theory, and Chapter III deals with the case study of the international counter-terrorism policy around the world, Chapter IV deals with the policy implications of the case study. The greater the political, economical and social advantages opening large international ceremonies, the larger the probability of being targets for terrorists and criminals. As terrorism is one of the important issue, the security problems at international ceremonies in Korea, rising country as political essence in Asian-Pacific region, become very important. With experienced know-hows against terror and preparations for security, local and central governments must promote the private security companies filling up vacancies of police and official security system and develop international ceremonies, rising high valuable industries in 21st century, with diplomatic efforts. International major events is the largest event related events with politics, economy, culture, and such large-scale events should be a comprehensive counterplan in the light of safety check for the location of a hazard and safety check of facilities in and out, attendance on athlete and visitor and escort of VIPs.

• Journal of Service Research and Studies
• /
• v.14 no.3
• /
• pp.206-230
• /
• 2024

Background: The advancement of information and communication technology acts as a key driver in the implementation of smart cities. Smart Public Facilities leverage this technological progress to innovate urban operations, optimizing various city functions, enhancing the quality of public services, and improving citizens' accessibility and convenience. These Smart Public Facilities are introduced for the sustainable development of cities and the enhancement of citizens' quality of life. Method: This study systematically analyzed the public design policies of local governments and examined the use cases of Smart Public Facilities domestically and internationally to evaluate their functions and roles. Through this, the effectiveness and sustainability of public design policies were comprehensively reviewed, and the impact of Smart Public Facilities on urban operations and citizens' lives was analyzed from multiple perspectives. Results: The introduction of Smart Public Facilities significantly enhances the implementation and efficiency of public design policies, playing a crucial role in sustainable urban development and improving citizens' quality of life. Furthermore, positive impacts were observed in various areas such as energy management, transportation systems, and environmental monitoring. Major challenges included managing technological changes, ensuring data privacy and cybersecurity, and strengthening citizen participation. Conclusion: Smart Public Facilities serve as essential infrastructure for improving urban efficiency, sustainability, and citizens' quality of life. Successful implementation and operation require systematic management and citizen participation. Through this, Smart Public Facilities will support sustainable urban development and play a critical role in responding to environmental changes. To ensure that Smart Public Facilities function effectively as urban infrastructure, it is necessary to comprehensively evaluate their impact on the efficiency of public design policies, sustainability, citizens' quality of life, and the local economy, and to suggest concrete measures for their introduction and operation.

• Convergence Security Journal
• /
• v.14 no.1
• /
• pp.3-10
• /
• 2014

Private security organizations are complementary to the national safety of life and property of individuals as a social role to play in maintaining peace and order. Pursuit of profit is to the public practice according to the logic of capitalist markets and customers seeking to protect the lives and property. However, the legal and institutional constraints of private security is being requirements inhibited by the development. Crime prevention as a private security role that the private companies, which will pursue the public interest. After all, the expansion of the private security crime is results in an increase in unit. The current level of private security in the 1970s remain, and the constraints is being under goodwill and expertise outside of the training system on the market. Variety of crimes, including cyber crime increases and considering the reality of the constraints on private security requirements are able to improve or supplement shall be realistic. In particular, the legal, regulatory and institutional factors must be improved, with goodwill, and for the creation of new industrial policy as a complement to the public interest should be also provided. The private security law interests through integration of private security guards should be guaranteed, and the term of the theorem, sales activities, ensuring the training of professional staff with professional qualifications system is to be settled. As a private security guard industry growth and development can be based on this composition.