• Journal of Information Processing Systems
• /
• v.20 no.1
• /
• pp.38-52
• /
• 2024

The 5G is the 5th generation mobile network that provides enhanced mobile broadband, ultra-reliable & low latency communications, and massive machine-type communications. New services can be provided through multi-access edge computing, network function virtualization, and network slicing, which are key technologies in 5G mobile communication. However, these new technologies provide new attack paths and threats. In this paper, we analyzed the overall threats of 5G mobile communication through a literature review. First, defines 5G mobile communication, analyzes its features and technology architecture, and summarizes possible security issues. Addition, it presents security threats from the perspective of user devices, radio access network, multi-access edge computing, and core networks that constitute 5G mobile communication. After that, security requirements for threat factors were derived through literature analysis. The purpose of this study is to conduct a fundamental analysis to examine and assess the overall threat factors associated with 5G mobile communication. Through this, it will be possible to protect the information and assets of individuals and organizations that use 5G mobile communication technology, respond to various threat situations, and increase the overall level of 5G security.

• Asia pacific journal of information systems
• /
• v.29 no.4
• /
• pp.817-837
• /
• 2019

The medical industry is rapidly evolving into a combination of artificial intelligence (AI) and ICT technology, such as mobile health, wireless medical, telemedicine and precision medical care. Medical artificial intelligence can be diagnosed and treated, and autonomous surgical robots can be operated. For smart medical services, data such as medical information and personal medical information are needed. AI is being developed to integrate with companies such as Google, Facebook, IBM and others in the health care field. Telemedicine services are also becoming available. However, security issues of medical information for smart medical industry are becoming important. It can have a devastating impact on life through hacking of medical devices through vulnerable areas. Research on medical information is proceeding on the necessity of privacy and privacy protection. However, there is a lack of research on the practical measures for protecting medical information and the seriousness of security threats. Therefore, in this study, we want to confirm the research trend by collecting data related to medical information in recent 5 years. In this study, smart medical related papers from 2014 to 2018 were collected using smart medical topics, and the medical information papers were rearranged based on this. Research trend analysis uses topic modeling technique for topic information. The result constructs topic network based on relation of topics and grasps main trend through topic.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.113-125
• /
• 2015

Information Security Incidents that have recently happen rapidly spread and the scale of that incidents' damage is large. In addition, as it proceeds to the era of converged industry in the future environment and the virtual cyber world expands to the physical world, new types of security threats have occurred. Now, it is time to supply security professionals who have a multi-dimensional security capabilities that can manage the strategies of technological security and physical security from the management point of view, rather than the ones who primarily focus on the traditional technologic-centered strategies to solve new types of security threats. In conclusion, in this paper we try to produce the curriculum of information security featured in the occupational classification system and analyze the subjects that are additionally required for those who move to other occupations to cultivate security professionals who suited to the converged-industrial environment. It is expected that multi-dimensional security professionals who suited to the converged-industrial environment will be cultivated by harmoniously integrating information security subjects from technological and business/managerial perspectives, and education training courses will be developed that effectively provide core knowledges per occupational classification when people moves to other occupations in the areas of information security.

• The Journal of Information Technology
• /
• v.9 no.3
• /
• pp.1-14
• /
• 2006

China has recently (28 August 2004) adopted a new act legalizing the electronic signature. This new act provides electronic signatures with the same legal status as handwritten signatures, and states that on-line certification providers will have to be created in order to ensure the security of on-line operations made using said signatures. This new act is intended to increase Chinese electronic business, and thus to raise the revenue China can expect from said business. And the law grants electronic signatures the same legal effect as handwritten signatures and seals in business transactions, and sets up the market access system for online certification providers to ensure the security of e-commerce. As Internet trade requires a reliable third party to identify the signers, the credibility of online certifying organizations is significant for the transaction security. So, considering the weakness of China's social credibility system, the law regulates that the online signatures certification providers should be approved and administered by governments.

• Asia pacific journal of information systems
• /
• v.8 no.2
• /
• pp.105-119
• /
• 1998

As the first step to information security, the security policy and organizational control need to be established. The purpose of this study is to investigate the policy and management of information security of five major Korean business groups. The results of case study on five giant groups can be summarized as follows. There exists a basic policy for information security. But it is outdated and not realistic in the present. The security audit and education need to be upgraded. It is also necessary to use security tools actively. The security level is low in companies which do not have independent information security divisions. Therefore, it is desirable to build information security teams. The number of security personnel is not enough for the task although there exist an information security team in the company. It is important to check if the team has the ability of perform information security task. The interview with security managers reveals that the total security management should be integrated with physical and computer security. It is suggested that an Information Security Center play the major role for information security. The study on the information security management for industry level is expected to be performed in the future.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.2
• /
• pp.103-108
• /
• 2012

Recently, IT Governance has been applied to business management environment. In this paper, we study business model that can minimize information security risk using IT governance in cloud computing environment. Especially, we propose the interaction model that link risk management for subject of information security governance. In our model, synergy means the effective, strategic and secure business support. And interaction analysis of BMIS's 4 elements and 6 dynamic interconnections is required. Therefore we propose interaction model which can link risk management based on COSO ERM or COBIT Risk IT Framework.

• The Journal of Society for e-Business Studies
• /
• v.8 no.3
• /
• pp.241-257
• /
• 2003

XML is a global standard for the Internet and e-business, and its use is growing in proportion to the spreading speed of e-Commerce. Thus, a policy for providing more safe security service for exchanging e-documents within e-Commerce is necessary. XKMS, one of XML security specification, defines the protocol for distributing and registering public keys for verifying electronic signatures and enciphering e-documents of e-Commerce applications with various and complicate functions. In this paper, we propose X-KISS service reference model and implement service component based on standard specification. Also describes the analysis and security of XML key information service for safe e-Commerce, paying attention to the features of XML based security service. This reference model supported include public key location by given identifier information, the binding of such keys to identifier information. The client service component controls the number of locate threads and validate threads to analyze the minimum requirements of real-time key retrievals. This service modeling offers the security construction guideline for future domestic e-business frameworks.

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.99-121
• /
• 2017

Standard makers in both private and public sectors have been increasingly mandating security standards upon organizations to protect organizational digital assets. A major issue in security standardization is that standards often cannot regulate all possible security efforts by the standard maker because some efforts are unverifiable by nature. This paper studies from an analytical perspective how a standard maker should design the standard using a verifiable security control in the presence of another related unverifiable one. We compare it with two benchmark standards; $na{\ddot{i}}ve$-standard which refers to the standard maker who ignores the existence of the unverifiable control, and complete-information standard which refers to the maker sets standards on both controls. Optimal standard and benchmark standard depend critically on how the two controls are configured. Under parallel configuration, the existence of the unverifiable control induces the policy maker to set a higher standard (the complete-information standard is optimal); under serial configuration, a lower standard is applied (neither benchmark works). Under best-shot configuration and if the verifiable control is more cost-efficient, the existence of the unverifiable control has no impact on the optimal standard (the $na{\ddot{i}}ve$ standard is optimal).

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1970-1979
• /
• 2017

Computerization of educational administration following educational informatization of government has been steadily improved for the purpose of teachers' offload and job efficiency, finally resulting that NEIS(National Education Information System) has been completed. The NEIS consists of Nationwide service of NEIS, Business portal system of NEIS, Authentication management system and so on. Students, parents and civil petitioners handle civil affairs through Nationwide service of NEIS and teachers and persons of task conduct theirs business by accessing the Business portal system of NEIS. At this time, users have to obtain their certification from Authentication management system. Previous Studies were mainly focused on the evaluation about its performance according to the introduction of NEIS. But from now on there is a growing interest in security assessment and an efficient method for security improvement to check if NEIS works properly. Therefore, in this thesis, we'll propose an analytic framework in which security assessment is carried out after comprehending the fault structures through performing Fault Fishbone Analysis based on the Fault Tree Analysis. As a result of the system applied, the system had the highest rate of improvement to 47.7 percent.

• The Journal of Society for e-Business Studies
• /
• v.7 no.1
• /
• pp.66-74
• /
• 2002

Through the increment of requirement for EC(Electronic Commerce) oriented communication services, security multicast communications is becoming more important. However, multicast to EC environment is much different from unicast concept most network security protocols. On the network security, using mandatory access control of multilevel architecture which assigns a specific meaning to each subject, so we accomplish access control. In this way, access control security based on the information security level is proposed. A security protocol based on the architecture proposed in this paper would be utilized in security multicast communications, group key management service and leveled security service through multilevel EC security policy, Also we discuss and propose the security level scaleability and key management method on the network.