• Journal of Digital Convergence
• /
• v.13 no.8
• /
• pp.133-144
• /
• 2015

In digital convergence environment, information security management plays crucial role in maintaining firms' competitiveness. Organizational citizenship behavior(OCB) enables informations security countermeasures to be more effectively worked by helping employees to have much knowledge of information security policy, by facilitating employees to participate in information security education/training. Thus, the purpose of this study is to investigate the mediating effect of OCB on the relationships between information security countermeasures and compliance intention. Questionary was designed based on prior information security research, and survey was conducted among companies' employees across the industry. Results showed that information security policy and information security education/training were found to be key predictors of compliance intention. In addition, OCB was proven to mediate the relationships between information security countermeasures and compliance intention.

• Review of KIISC
• /
• v.19 no.1
• /
• pp.29-39
• /
• 2009

오늘날 기업 활동 전반에 걸쳐 네트워크 및 정보시스템에 대한 의존도가 높아지고 있는 추세에 따라 이를 대상으로 한 정보 보안 침해 역시 증가하고 있다. 우리나라의 산업 구조상 중소기업은 전체 사업체수를 기준으로 99%이상을 차지하고 있으며 특히 소기업 및 소상공인은 전체의 96%이상을 차지하고 있다. 중소기업은 그 규모의 특성상 상대적으로 정보보안 위협에 취약함이 지적되고 있으며 이들의 보안 역량 강화는 안전한 디지털 경제 환경을 조성하기 위한 핵심 과제로 떠오르고 있다. 그 중요성에 대한 인식을 기반으로 중소기업의 특성에 맞는 정보 보안 교육 훈련이 절실히 요구되고 있다. 본 논문에서는 우리나라 중소기업 및 정보 보안 관련 주무 기관인 중소기업청, 국가정보원 등과 더불어 민간 정보기술(IT)교육 훈련 기관들에서 실시되고 있는 중소기업을 위한 정보 보안 교육 훈련의 현황을 살펴보고 문제점을 파악하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.277-280
• /
• 2015

Smishing, Phishing personal privacy caused by Incident accidents such as Phishing information security has become a hot topic. Such incidents have privacy in personal information management occurs due to a lack of user awareness. This paper is based on the existing structure of the XML Tag question bank used a different Key-Value Structure-based JSON. JSON is an advantage that does not depend on the language in the text-based interchange format. The proposed system is divided into information security sector High, Middle and Low grade. and Provides service to the user through the free space and the smart device and the PC to the constraints of time. The use of open source Apache Load Balancing technology for reliable service. It also handles the user's web page without any training sessions Require server verification result of the training(training server). The result is sent to the training server using jQuery Ajax. and The resulting data are stored in the database based on the user ID. Also to be used as a training statistical indicators. In this paper, we design a level training system to enhance the user's information security awareness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.645-656
• /
• 2019

As the number of cyber threats to control systems increases, the need for control system cyber security is also increasing. Currently, various cyber security related education and control system education are being conducted. However, it does not fully reflect the characteristics of the control system and the characteristics of the participants. In this paper, we propose a training system and technique to enhance the control system cyber security capability. To this end, we analyze the limitations of existing security education. Based on the results, we develop a control system training environment model based on the IEC62443 Standard and develop an ARCH based training method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.867-875
• /
• 2019

Security awareness and training are becoming more important as cyber security incidents tend to increase in industrial control systems, including nuclear power plants. For effective cyber security awareness and training for the personnel who manage and operate the target facility, a TEST-BED is required that can analyze the impact of cyber attacks from the sensor level to the operation status of the nuclear power plant. In this paper, we have developed an HIL system for nuclear power plant cyber security training. It includes nuclear power plant status simulations and specific system status simulation together with physical devices. This research result will be used for the specialized cyber security training program for Korean nuclear facilities.

• Journal of the Korea Convergence Society
• /
• v.11 no.10
• /
• pp.107-113
• /
• 2020

With the development of IT technology, along with the expansion of women's participation in society, the education training of information security women's workforce is becoming a very important issue. Therefore, it is important to analyze the relevant curriculum to identify the direction of fostering women's information security workforce. Therefore, in this paper, the education and training programs of the department for training women's information security workforce based in Seoul area of the Korean metropolitan area were analyzed. The main research objective of this paper is to review whether the education and training system, which consists of the department of women's information security human resources development, is in line with the direction of NIST's human resources development. The research focus was on what the women's information security department organizes courses with each security major and what task training is interested in. In addition, in this paper, we were confirmed that the curriculum of the relevant major is based on the NIST Human Resources Development Framework, and that the majors of the relevant universities have an education and training system that conforms to the relevant task. In conclusion, the related majors are judged to be focused on the development of certification evaluation personnel of convergence industry security or information security development personnel, and general cyber security personnel.

• Review of KIISC
• /
• v.33 no.4
• /
• pp.23-29
• /
• 2023

대부분의 임베디드 시스템은 기계장치와 전자기기 장치가 함께 작동되는 물리 장치로써, 이기종 네트워크, 복잡한 보안체계 등을 고려하여 가상화 기반 사이버훈련 환경이 구성되어야 한다. 또한, 차량을 대상으로 물리적인 실험환경에서 모의침투 등 사이버훈련을 수행한다는 것은 교통사고를 비롯한 안전사고 발생에 있어 위험이 존재한다. 본 논문에서는 가상 개발환경에서의 공격 기반 차량용 사이버훈련 프레임워크를 제안하고자 한다. 먼저, 공격 기반 차량용 사이버훈련 프레임워크의 작동은 자동 활성화되는 가상의 CAN 네트워크 인터페이스로 시작된다. 가상의 CAN 네트워크 인터페이스는 가상 머신에서 간단한 부트스트랩 명령어 실행을 통해 파이썬 패키지와 Ubuntu 서비스 목록 설치 명령이 자동으로 실행되면서 설치된다. 이후 내부 네트워크 시뮬레이터와 공격모듈과 관련된 UI가 자동으로 Ubuntu Systemd에 의해 백그라운드에서 실행되어 시작과 동시에 준비 상태를 유지하게 된다. 사이버훈련 UI 내 공격 모듈은 사용자에 의한 공격 선택 및 파라미터 셋팅 이후 차량의 이상 상태를 사이버훈련 UI에 다시 출력되게 된다. 본 논문에서 제안하는 가상 개발환경 기반의 차량용 사이버훈련 프레임워크는 자율주행 차량 사고의 위험이나 다른 특수한 제약 없이 사용자의 학습 경험을 확장시킬 수 있다. 또한, 기존의 가상화 기반 사이버훈련 교육 콘텐츠와는 달리 일반 사용자들이 접근하기 쉬운 형태로 확장 개발이 가능하다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1011-1020
• /
• 2021

Throughout the years, cybersecurity incidents related to the shipbuilding and maritime industries are occurring more frequently as the IT industry develops. Accordingly, expertise in the information protection industry is necessary, and effective education contents on information protection are needed for this purpose. Recently, there have been more and more cases of increasing user experience by applying Metaverse technology to the educational field. Therefore, this study analyzes the existing information protection education and training and the information protection education contents in the maritime industries and proposes four directions for content development (i.e., online education and seminars, cybersecurity threat learning of virtual ships, accident reproduction, and maritime cybersecurity exhibition operation).

• Journal of Digital Convergence
• /
• v.10 no.5
• /
• pp.37-51
• /
• 2012

The purpose of this study is to approach information security from a more comprehensive perspective. Particularly, information countermeasures includes a technological tool for end users, thereby increasing the end users' technological stresses. Based on the technostress framework, we investigate a effect of security awareness training on technostress, and also examine a effect of technostress on the persistent security compliance. Results showed that security awareness training influenced on techno-overload and techno-uncertainty. We also found that techno-overload and techno-uncertainty have a significant effect on the persistent security compliance. Conclusion and implications are discussed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1462-1464
• /
• 2008

본 논문에서는 정보시스템 운영시 발생하는 사용자 취약성(Human Vulnerability) 문제의 심각성에 대해 알아보고 이를 개선하기 위한 교육 및 훈련 프로그램을 다루고 있는 기존 관련 연구들을 조사 분석 한다. 아울러 기존 연구에서 보완되어야 할 개선 요구사항 들을 도출하여 향후 효과적인 취약성 개선 프로그램 제공을 위한 가상머신에 기반한 보안 훈련장 시스템 아키텍쳐를 제안한다.