• Knowledge Management Research
• /
• v.22 no.4
• /
• pp.157-172
• /
• 2021

Information security companies were established in earnest from the mid-late 1990s to early 2000s, far shorter than other national key industries. Nevertheless, the information security industry has made rapid progress. It is expected that the proportion of the information security industry will increase rapidly with the development of advanced technology along with the 4th industrial revolution. As COVID-19, which occurred at the end of 2019, spreads around the world in 2020, non-face-to-face services and digital transformation are accelerating, and cyber threats to users are also increasing. However, there are limitations in responding to new Cyber Security threats due to the shortage of information protection manpower, insufficient security capabilities of domestic companies, and the narrow domestic information protection market. This study examines the external environmental factors of information security companies such as government information protection system operation, government influence, government support, partnership between information security companies, and internal environmental factors such as top management support, financial status, human resources, organizational capability, This study was conducted using empirical data to analyze whether it affects innovation capability and whether organizational capability and innovation capability affect financial and non-financial performance. The results of this study can be used as basic data to suggest policies and implications for information security, and to strengthen the competitiveness of the information security industry.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.31-37
• /
• 2020

In this paper, we propose a system architecture and methodology based on cyber kill chain and MITRE ATT&CK for experiment analysis on cyber warfare simulation. Threat analysis is possible by applying various attacks that have actually occurred with continuous updates to reflect newly emerging attacks. In terms of cyber attack and defense, the current system(AS-IS) and the new system(TO-BE) are analyzed for effectiveness and quantitative results are presented. It can be used to establish proactive cyber COA(Course of Action) strategy, and also for strategic decision making. Through a case study, we presented the usability of the system architecture and methodology proposed in this paper. The proposed method will contribute to strengthening cyber warfare capabilities by increasing the level of technology for cyber warfare experiments.

• Informatization Policy
• /
• v.22 no.2
• /
• pp.75-92
• /
• 2015

The purpose of this study was to analysis about the relationship among Cyber Home Learning System(CHLS) circumstance, learner construct, learning satisfaction in elementary school students. Base on the selected data which was gathered from Chungbuk & Deajeon elementary schools, Structural Equation Modeling was used to examine the relationship between factors. The main results of the research were as follow : First, CHLS circumstance factor was more effective on the CHLS satisfaction than CHLS learner construct. In CHLS circumstance factor, 'service' factor was more influential variable. Second, there is high correlation between CHLS circumstance factor and CHLS learner construct. In CHLS satisfaction, 'contents and design' factor was more influential variable. Third, the model fit, = 624.945 (p<.001), RMR .020, GFI .929, AGFI .878, NFI .927, CFI .930, RMSEA .102 was relatively satisfied with the standard using structural equation model. As based on this results, CHLS in elementary education needs elaborate circumstance for the effective achievement.

• Convergence Security Journal
• /
• v.16 no.3_2
• /
• pp.33-42
• /
• 2016

While evolving information-oriented society provides a lot of benefits to the human life, new types of threats have been increasing. Particularly, cyber terrorism, happen on the network that is composed of a computer system and information communication network, and the mean and scale of damage has reached a serious level. In other words, it is hard to locate cyber terror since it occurs in the virtual space, not in the real world, so identifying "Who is attacking?" (Non-visibility, non-formulas), or "Where the attack takes place?" (trans-nation) are hard. Hackers, individuals or even a small group of people, who carried out the cyber terror are posing new threats that could intimidate national security and the pace and magnitude of threats keep evolving. Scale and capability of North Korea's cyber terrorism are assessed as world-class level. Recently, North Korea is focusing on strengthen their cyber terrorism force. So improving a response system for cyber terror is a key necessity as North Korea's has emerged as a direct threat to South Korean security. Therefore, Korea has to redeem both legal and institutional systems immediately to perform as a unified control tower for preemptive response to cyber terrors arise from North Korea and neighboring countries.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.19-26
• /
• 2020

The purpose of this paper is to ccompare and analyze North Korean cyber attacks and our responses by government, from the Roh Moo-hyun administration to the Moon Jae-in administration. The current conflict of interests on the Korean peninsula, such as the United States, China, and Russia, is leading to a conflict for the leadership of a new world order in cyberspace. Cyber attacks are accelerating and threats are rising. Cyber threats exhibit several characteristics. Above all, it is difficult to identify or track the subject of the threat. Also, with the development of information and communication technology, attack technology has become more intelligent, and it is not easy to prepare a means to respond. Therefore, it is necessary to improve continuous and preemptive response capacity for national cybersecurity, and to establish governance among various actors, such as international cooperation between countries or private experts.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.135-141
• /
• 2020

The Ministry of National Defense is strengthening the power and capacity of cyber operations as cyber protection training is conducted. However, considering the level of enemy cyber attack capability, the level of cyber defense capability of the ministry of national defense is significantly low and the protection measures and response system for responding to cyber threats to military networks are not clearly designed, falling short of the level of cyber security capabilities of the public and private sectors. Therefore, this paper is to investigate and verify the establishment of a military internal network vulnerability mitigation system that applies the intention of attackers, tactics, techniques and procedures information (ATT&CK Framework), identified military internal network main threat information, and military information system security requirements with military specificity as factors that can establish a defense network vulnerability mitigation system by referring to the domestic and foreign cyber security framework It has the advantage of having.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.769-776
• /
• 2016

Recently, cyber attacks are continuously threatening the cyberspace of the state across the border. Such cyber attacks show a surface which is intelligent and sophisticated level that can paralyze key infrastructure in the country. It can be seen well in cases, such as hacking threat of nuclear power plant, 3.20 cyber terrorism. Especially in public institutions of the country in which there is important information of the country, advanced prevention is important because the large-scale damage is expected to such cyber attacks. Technical support is also important, but by improving the cyber security awareness and security expert knowledge through the cyber security education to the country's public institutions workers is important to raise the security level. This paper suggest education courses for the rise of the best security effect through a short-term course for the country's public institutions workers.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.10
• /
• pp.353-362
• /
• 2022

The Russian-Ukraine war is accompanied by a military armed conflict and cyberattacks are in progress. As Russia designated Korea as an unfriendly country, there is an urgent need to prepare countermeasures as the risk of cyberattacks on Korea has also increased. Accordingly, impact of 19 cyberattack cases were analyzed by their type, and characteristics and implications were derived by examining them from five perspectives, including resource mobilization and technological progress. Through this, a total of seven measures were suggested as countermeasures for the Korean government, including strengthening multilateral cooperation with value-sharing countries, securing cyberattack capabilities and strengthening defense systems, and preparing plans to connect with foreign security companies. The results of this study can be used to establish the Korean government's cybersecurity policy.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.71-81
• /
• 2021

This paper examines the ongoing research on ways to improve cybersecurity during the entire life cycle of weapons systems applied in advanced countries such as the United States, analyzes restrictions on obtaining domestic weapons systems, and presents effective security evaluation measures. By consistently performing mission-based risk assessment in the cybersecurity test and evaluation plan suitable for domestic circumstances at all stages of acquisition, important information is provided to major decision-making organizations in a timely manner to support decision-making, and to respond to identified vulnerabilities in cybersecurity. It is proposed to set the rules of engagement so that the protection measures can be verified, and a simulated invasion is proposed. In addition, the proposed cybersecurity test and evaluation system was compared with the domestic weapon system test and evaluation. Through this, the mission-based risk assessment element was grafted into the cybersecurity test and evaluation system research conducted so far to identify risks in a timely manner between acquisition projects, thereby supplementing the capability to support major decision-making.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.8
• /
• pp.123-133
• /
• 2022

In this paper, we propose a Leveled Micro-Degree Job Competency Certification Model that considers the level of the job based on the job defined in the NCS. There is a mismatch of manpower due to the problem of university education that cannot keep up with the rapidly changing technological environment caused by the 4th Industrial Revolution. The Nano-Degree and Micro-Degree systems designed to solve this problem are used for job competency certification of cyber security personnel. NCS sub-categorized job field is defined as Micro-Degree and detailed job by ability unit is defined as Nano-Degree, the level of the ability unit defined by level is equally applied to the Micro-Degree. And it is a system that certifies the job competency corresponding to the degree-based university academic background. By applying this system to the curriculum of Cyber Security School, Yeungnam University College, we proposed a method to configure the Nano-Degree course based on NCS duties. The method proposed in this paper can be used as a method for verifying job competency of Nano-Degree and Micro-Degree, which are recently introduced by many universities.