• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.109-123
• /
• 2011

The maintenance prices in information security industry between Korean companies and foreign companies have been a big difference. Korea Information Security SW maintenance standards were not adequate for the rate, and there was disagreement between domestic companies and governments. This research, therefore, surveyed a standard of information SW and the status of maintenance payment rates. The study suggests an estimation method and verifies the method and an appropriate maintenance cost rate. According to the results of the study, the current maintenance cost should be increased or decreased independent with a kind of information security systems. Based on the study, Korea government is able to change the maintenance policy in information security. And the domestic companies get a theoretical ground for improving the rates of maintenance costs in information security systems and are able to allot the resources effectively.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.8
• /
• pp.67-76
• /
• 2019

Along with the diversification of digital content services using wired/wireless networks, the market for the construction of base systems is growing rapidly. Cloud computing services are recognized for a reasonable cost of service and superior system operations. Cloud computing is convenient as far as system construction and maintenance are concerned; however, owing to the security risks associated with the system construction of actual cloud computing service, the ICT(Information and Communications Technologies) market is lacking regardless of its many advantages. In this paper, we conducted an experiment on a cloud computing security enhancement model to strengthen the security aspect of cloud computing and provide convenient services to the users. The objective of this study is to provide secure services for system operation and management while providing convenient services to the users. For secure and convenient cloud computing, a single sign-on (SSO) technique and a system access control technique are proposed. For user authentication using SSO, a security level is established for each user to facilitate the access to the system, thereby designing the system in such a manner that the rights to access resources of the accessed system are not abused. Furthermore, using a user authentication ticket, various systems can be accessed without a reauthorization process. Applying the security technique to protect the entire process of requesting, issuing, and using a ticket against external security threats, the proposed technique facilitates secure cloud computing service.

• The Journal of Information Systems
• /
• v.10 no.2
• /
• pp.103-128
• /
• 2001

At present, the EDI systems are indispensable software in port logistics industry. Currently, a monopolistic VAN/EDI service provider operates the EDI services. The current EDI client software has the 2-tier fat client/server architecture. However, the current EDI software is lack of Web interface and causes lots of cost for maintenance. Therefore, a variety of implementation architecture has been being tried by using script, XML and distributed object-oriented technology. Web/EDI and XML/EDI are the new EDI systems, However, the EDI systems have some limitations such as speed. This study intends to compare the variety implementation architecture for the EDI systems in the users' perspective and explore the strong and weak points of each architecture. We compared the EDI systems based on our experience of more than 2-years of implementation project for the EDI systems of port logistics. We categorized the EDI systems as client application EDI, Web EDI using script, XML/EDI, and 3-tier distributed object-oriented EDI system. We compared them with criteria such as speed, program maintenance, easiness of implementation and usage, security, and load balancing and fail-over. Finally we discuss the direction of optimal EDI system architecture for the future.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4226-4241
• /
• 2014

Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2043-2060
• /
• 2020

Developed from Digital Multimedia Broadcasting (DMB), DMB+ changes the application focus fundamentally. The plus symbol "+" indicates that DMB+ is no longer for digital radio/videos, instead it works as a general data transmission technique. The merits of wireless transmission, broad coverage, high quality, information security and low building/maintenance cost make DMB+ suitable for a wide range of applications with numerous terminals and users, such as public information release, alarm and administration etc. The concept of DMB+ base station enables DMB+ to be used in building independent networks and for remote control and management, as well as for Industry 4.0. DMB+ will access into a new field that till now has been dominated by communication techniques, will open a huge commercial opportunity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.757-770
• /
• 2020

Industrial Control System(ICS) is a system that measures, monitors, and controls various distributed assets, and is used in industrial facilities such as energy, chemical, transportation, water treatment, and manufacturing plants or critial infrastructure. Because ICS system errors and interruptions can cause serious problem and asset damage, research on prevention and minimization of security threats in industrial control systems has been carried out. Previously wireless communication was applied in limited fields to minimize security risks, but the demand for industrial wireless communication devices is increasing due to ease of maintenance and cost advantages. In this paper, we analyzed the security threats of industrial wireless communication devices supporting WirelessHART and ISA100.11a. Based on the analysis results, we proposed the security requirements for adopting and operating industrial wireless communication devices. We expect that the proposed requirements can mitigate security threats of industrial wireless devices in ICS.

• Korean Journal of Digital Imaging in Medicine
• /
• v.7 no.1
• /
• pp.33-38
• /
• 2005

Modern hospitals have been greatly facilitated with information technology (IT) such as hospital information system (HIS). One of the most prominent achievements is medical imaging and image data management so-called Picture Archiving and Communication Systems (PACS). Due to inevitable use of diagnostic images (such as X-ray, CT, MRI), PACS made tremendous impact not only on radiology department but also nearly all clinical departments for exchange and sharing image related clinical information. There is no doubt that better use of PACS leads to highly efficient clinical administration and hospital management. However, due to rapid and widespread acceptance of PACS storage and management of digitized image data in hospital introduces overhead and bottleneck when transferring images among clinical departments within and/or across hospitals. Despite numerous technical difficulties, financing for installing PACS is a major hindrance to overcome. In addition, a mirroring or a clustering backup can be used to maximize security and efficiency, which may not be considered as cost-effective approach because of extra hardware expenses. In this study therefore we have developed a new based on grid of distributed PACS in order to balance between the cost and network performance among multiple hospitals.

• Asia pacific journal of information systems
• /
• v.17 no.2
• /
• pp.29-47
• /
• 2007

Owing to the rapid growth of using the Internet, not only click-and-mortar companies but also brick-and-mortar ones have been expanding their distribution channels into online, Moreover, since online channels are more attractive than offline ones in control and maintenance, switching customers into online ones is emerged as one of very important managerial issues in a view of reduction of cost as well as expansion of services. However, the switched customers should be faced by uncertainties which could not have been experienced in offline. Specifically, in online channels, buyers and sellers are separated temporally and spacially and there are always so many kinds of threat for security as well as not enough systems and conventions for them yet. Therefore, trust has been considered as one of the most critical mechanisms for resolution of such uncertainties in online transactions. However, it is not easy to build and maintain the relationships in online since most of them are virtual and indirect generally. Therefore, in order to switch offline customers into online ones, it is very important to make strategies based on identification of the relationship between online transaction and offline trust which has been built in offline business. Generally offline trust, which has been built independent of online, could not include trust for online-dependent activities such as payment security during or after transactions, while most of online trust include it. Therefore, a customer with high offline trust does not always perceive high security and assure safe transactions. Accordingly, while online trust, where technical capabilities for online security is one of main bases, includes control trust implicitly or explicitly, offline trust does not. However. in spite of such clear discrimination and independence between offline trust and perceived security, there can be the significant dependency between these two beliefs. The customers with high offline trust believe that the company would do some activities for online security for customers' safe transactions since it has been believed of doing well for customers' trust. Theoretically, users' perception of security is interpreted as a kind of control trus, which is trust for company's technical control capacities in order to resolve technical uncertainties in online. Therefore, the relationship between two beliefs can be considered as transference from offline trust to another type trust. that is, control trust. The objective of this study is to analyze the effect of offline trust on online transaction uses mediated by perceived security. For this purpose, we suggest a research model based on technology acceptance model (TAM). Reuse intention is adopted as a dependent variable and TAM is modified by adding perceived risk (PR) as well as two beliefs of using Internet banking, perceived usefulness (PU) and perceived ease of use (PEOU). Moreover, perceive security (PS) is adopted as an external variable for PR and PU, while offline trust (OT) is an antecedent of PS. For an empirical test, sampling from 108 visitors to the banks in Daegu, Korea, we analyze our model by partial least square (PLS) approach. In result, our model is shown to explain 51.4% of the variance in reuse intention and all hypothesis are supported statistically. A theoretical implication of this study is to identify a role of PS between offline trust and reuse intention of using online transaction services. According to our result, PS can be considered as a mediation variable for bridging between two different concepts: trust that explains social aspects of customers and companies, and TAM that explains customers' reuse intention.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.1
• /
• pp.634-640
• /
• 2020

The information security management system (ISMS) and the personal information management system (PIMS) have been integrated into a personal information & information security management system (ISMS-P) certification scheme in response to requests to reduce the time and cost to prepare certification schemes. Integration of the certification system has made it possible for the system operator to gain the advantage of easy management of the ISMS-P certification system, and the certification target organization can enjoy the advantage of easy acquisition and maintenance of certification. However, ambiguity in the application criteria of the target organization, and ambiguity in the certification criteria control items require the target organization to operate an excessive management system, and the legal basis to be applied to the certification target organization is ambiguous. In order to improve these problems, this paper uses case studies to identify the types of certification bodies that apply the certification criteria, and to change the control items applied during certification audits based on the types of certification bodies. Institutions that wish to obtain only ISMS certification have proposed three solutions, excluding controls covered by the ISMS-P. This paper suggests ways to operate an efficient certification system, and can be used as a basis for improving problems in the ISMS-P certification system.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.87-93
• /
• 2007

We propose a mobile point-of-sale system, which consists of only mobile information terminals and personal computers. The proposed system provides most of functionalities related with resource planning, adminstration and management, provided by medium-scale or large-scale POS systems, with additional functionalities, such as automatic information gathering and management through mobile interconnection, while eliminating the necessity of additional special-purpose devices, such as bar-code systems. The proposed system transmits order information through wireless and wired communication lines, thus allowing real-time sharing of order information among diverse information devices, such as mobile order receiving terminals, main server within stores, monitors and printers located in production lines. Also, the system is able to transfer such detail information produced within stores in real-time to the enterprise-level accounting, sales, logistics, personnel management system, which facilitate enterprise-wide management and administrative decision-making. No additional programs are required for mobile terminals. Order information received by such terminals are entered into databases through web server of main server and that information is again transferred to main server and production line printers. The proposed system can handle all the point-of-sale information and can provide almost of the POS functionalities by simply utilizing wireless internet, personal computers, and mobile terminals without installing specific-purpose peripheral devices. The proposed system can be widely applied to the small-scale stores and will contribute in reducing construction and maintenance cost required for point-of-sale management.