• Journal of Information Processing Systems
• /
• 제16권1호
• /
• pp.61-82
• /
• 2020

The security risk management used by some service providers is not appropriate for effective security enhancement. The reason is that the security risk management methods did not take into account the opinions of security experts, types of service, and security vulnerability-based risk assessment. Moreover, the security risk assessment method, which has a great influence on the risk treatment method in an information security risk assessment model, should be security risk assessment for fine-grained risk assessment, considering security vulnerability rather than security threat. Therefore, we proposed an improved information security risk management model and methods that consider vulnerability-based risk assessment and mitigation to enhance security controls considering limited security budget. Moreover, we can evaluate the security cost allocation strategies based on security vulnerability measurement that consider the security weight.

• 융합정보논문지
• /
• 제11권7호
• /
• pp.7-13
• /
• 2021

최근 클라우드 컴퓨팅의 다양한 특징과 장점들로 인하여 전 세계의 다양한 산업군에서 클라우드 서비스 도입 및 전환이 빠르게 확산하는 추세이다. 이러한 멀티클라우드 기반의 서비스가 확산함에 따라 보안 취약성 또한 증대되고 있어 클라우드 컴퓨팅 서비스에서의 데이터 유출 사고도 증가할 것으로 전망되고 있다. 이에 본 연구에서는 데이터 보안이 강화되면서도 클라우드 구축 비용을 절감할 수 있는 AWS Well-Architected 기반의 보안 아키텍처 구성방안을 제안한다. 제안하는 AWS 클라우드 보안 아키텍처는 개인정보 처리 시 요구되는 보안 항목을 충족하는 Standard 보안 참조모델 및 비용 효율화를 고려한 Shared Security 참조모델로 설계하였다. 본 연구에서 제안하는 AWS 보안 아키텍처는 안전하고 신뢰성 높은 AWS 클라우드 시스템을 구성하는 기업과 기관에 도움을 줄 수 있을 것으로 기대한다.

• 정보화정책
• /
• 제21권2호
• /
• pp.49-66
• /
• 2014

클라우드 컴퓨팅이 지속적 성장세를 보이고 향후 정보통신기술 산업에서 그 중요성이 부각되면서 실무계에서는 클라우드 컴퓨팅 수용에 따른 이점과 우려 등이 활발히 논의되고 있는 반면, 학술적 관점에서 클라우드 컴퓨팅에 관한 실증연구도 이루어지고 있지만 매우 부족한 편이며, 클라우드 컴퓨팅 환경에서의 보안, 프라이버시, 신뢰를 다룬 실증연구는 찾아보기 힘든 상황이다. 본 연구는 향후 클라우드 컴퓨팅 서비스 이용이 확대될 것으로 예상되는 지방자치단체 공무원들을 대상으로 클라우드 컴퓨팅 서비스 이용의도에 중요한 역할을 할 것으로 기대되는 지각된 위험, 인터넷상의 프라이버시와 신뢰에 관한 연구들을 토대로 클라우드 컴퓨팅 서비스 이용자의 지각된 보안위험, 프라이버시 염려, 신뢰, 그리고 태도와 이용의도간의 인과관계를 규명할 수 있는 개념적 모형을 설정하고 이를 실증연구를 통하여 검증하였다. 연구결과 지각된 보안위험은 프라이버시 염려에 정(+)의 효과를 미치는 것으로 나타났고 프라이버시 염려는 신뢰에 부(-)의 효과를 미치는 것으로 확인되었다. 한편 신뢰는 태도에 정(+)의 효과를 미치며, 태도와 클라우드 컴퓨팅 서비스 이용의도와의 관계도 유의한 것으로 나타났다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제18권3호
• /
• pp.685-703
• /
• 2024

Cloud computing provides each consumer with a large-scale computing tool. Different Cyber Attacks can potentially target cloud computing systems, as most cloud computing systems offer services to many people who are not known to be trustworthy. Therefore, to protect that Virtual Machine from threats, a cloud computing system must incorporate some security monitoring framework. There is a tradeoff between the security level of the security system and the performance of the system in this scenario. If strong security is needed, then the service of stronger security using more rules or patterns is provided, since it needs much more computing resources. A new way of security system is introduced in this work in cloud environments to the VM on account of resources allocated to customers are ease. The main spike of Fog computing is part of the cloud server's work in the ongoing study tells the step-by-step cloud server to change the tremendous measurement of information because the endeavor apps are relocated to the cloud to keep the framework cost. The cloud server is devouring and changing a huge measure of information step by step to reduce complications. The Medical Data Health-Care (MDHC) records are stored in Cloud datacenters and Fog layer based on the guard intensity and the key is provoked for ingress the file. The monitoring center sustains the Activity Log, Risk Table, and Health Records. Cloud computing and Fog computing were combined in this paper to review data movement and safe information about MDHC.

• Asia pacific journal of information systems
• /
• 제22권3호
• /
• pp.99-124
• /
• 2012

Our society has long been talking about necessity for innovation. Since companies in particular need to carry out business innovation in their overall processes, they have attempted to apply many innovation factors on sites and become to pay more attention to their innovation. In order to achieve this goal, companies has applied various information technologies (IT) on sites as a means of innovation, and consequently IT have been greatly developed. It is natural for the field of IT to have faced another revolution which is called cloud computing, which is expected to result in innovative changes in software application via the Internet, data storing, the use of devices, and their operations. As a vehicle of innovation, cloud computing is expected to lead the changes and advancement of our society and the business world. Although many scholars have researched on a variety of topics regarding the innovation via IT, few studies have dealt with the issue of could computing as IT. Thus, the purpose of this paper is to set the variables of innovation attributes based on the previous articles as the characteristic variables and clarify how these variables affect "Performance Expectancy" of companies and the intention of using cloud computing. The result from the analysis of data collected in this study is as follows. The study utilized a research model developed on the innovation diffusion theory to identify influences on the adaptation and spreading IT for cloud computing services. Second, this study summarized the characteristics of cloud computing services as a new concept that introduces innovation at its early stage of adaptation for companies. Third, a theoretical model is provided that relates to the future innovation by suggesting variables for innovation characteristics to adopt cloud computing services. Finally, this study identified the factors affecting expectation and the intention to use the cloud computing service for the companies that consider adopting the cloud computing service. As the parameter and dependent variable respectively, the study deploys the independent variables that are aligned with the characteristics of the cloud computing services based on the innovation diffusion model, and utilizes the expectation for performance and Intention to Use based on the UTAUT theory. Independent variables for the research model include Relative Advantage, Complexity, Compatibility, Cost Saving, Trialability, and Observability. In addition, 'Acceptance for Adaptation' is applied as an adjustment variable to verify the influences on the expected performances from the cloud computing service. The validity of the research model was secured by performing factor analysis and reliability analysis. After confirmatory factor analysis is conducted using AMOS 7.0, the 20 hypotheses are verified through the analysis of the structural equation model, accepting 12 hypotheses among 20. For example, Relative Advantage turned out to have the positive effect both on Individual Performance and on Strategic Performance from the verification of hypothesis, while it showed meaningful correlation to affect Intention to Use directly. This indicates that many articles on the diffusion related Relative Advantage as the most important factor to predict the rate to accept innovation. From the viewpoint of the influence on Performance Expectancy among Compatibility and Cost Saving, Compatibility has the positive effect on both Individual Performance and on Strategic Performance, while it showed meaningful correlation with Intention to Use. However, the topic of the cloud computing service has become a strategic issue for adoption in companies, Cost Saving turns out to affect Individual Performance without a significant influence on Intention to Use. This indicates that companies expect practical performances such as time and cost saving and financial improvements through the adoption of the cloud computing service in the environment of the budget squeezing from the global economic crisis from 2008. Likewise, this positively affects the strategic performance in companies. In terms of effects, Trialability is proved to give no effects on Performance Expectancy. This indicates that the participants of the survey are willing to afford the risk from the high uncertainty caused by innovation, because they positively pursue information about new ideas as innovators and early adopter. In addition, they believe it is unnecessary to test the cloud computing service before the adoption, because there are various types of the cloud computing service. However, Observability positively affected both Individual Performance and Strategic Performance. It also showed meaningful correlation with Intention to Use. From the analysis of the direct effects on Intention to Use by innovative characteristics for the cloud computing service except the parameters, the innovative characteristics for the cloud computing service showed the positive influence on Relative Advantage, Compatibility and Observability while Complexity, Cost saving and the likelihood for the attempt did not affect Intention to Use. While the practical verification that was believed to be the most important factor on Performance Expectancy by characteristics for cloud computing service, Relative Advantage, Compatibility and Observability showed significant correlation with the various causes and effect analysis. Cost Saving showed a significant relation with Strategic Performance in companies, which indicates that the cost to build and operate IT is the burden of the management. Thus, the cloud computing service reflected the expectation as an alternative to reduce the investment and operational cost for IT infrastructure due to the recent economic crisis. The cloud computing service is not pervasive in the business world, but it is rapidly spreading all over the world, because of its inherited merits and benefits. Moreover, results of this research regarding the diffusion innovation are more or less different from those of the existing articles. This seems to be caused by the fact that the cloud computing service has a strong innovative factor that results in a new paradigm shift while most IT that are based on the theory of innovation diffusion are limited to companies and organizations. In addition, the participants in this study are believed to play an important role as innovators and early adapters to introduce the cloud computing service and to have competency to afford higher uncertainty for innovation. In conclusion, the introduction of the cloud computing service is a critical issue in the business world.

• Journal of Information Processing Systems
• /
• 제15권3호
• /
• pp.632-644
• /
• 2019

The remote monitoring and warning system for dangerous chemicals is designed with the concept of the Cyber-Physical System (CPS) in this paper. The real-time perception, dynamic control, and information service of major hazards chemicals are realized in this CPS system. The CPS system architecture, the physical layer and the applacation layer, are designed in this paper. The terminal node is mainly composed of the field collectors which complete the data acquisition of sensors and video in the physical layers, and the use of application layer makes CPS system safer and more reliable to monitor the hazardous chemicals. The cloud application layer completes the risk identification and the prediction of the major hazard sources. The early intelligent warning of the major dangerous chemicals is realized and the security risk images are given in the cloud application layer. With the CPS technology, the remote network of hazardous chemicals has been completed, and a major hazard monitoring and accident warning online system is formed. Through the experiment of the terminal node, it can be proved that the terminal node can complete the mass data collection and classify. With this experiment it can be obtained the CPS system is safe and effective. In order to verify feasible, the multi-risk warning based on CPS is simulated, and results show that the system solves the problem of hazardous chemicals enterprises safety management.

• 대한안전경영과학회지
• /
• 제12권4호
• /
• pp.139-143
• /
• 2010

The small and medium construction companies are facing potential EHS(Environment, Health & Safety) of major accidents to cause casualties or a financial loss and increasing social responsibility. So, they have to voluntarily accomplish the EHS management system rather than passively with regard to EHS regulation. In this study, the framework of integrated EHS management system is developed based on cloud computing, and construction companies are to materialize self-regulation EHS process of construction workplace and to standardize the total EHS business process using the developed system. The proposed system also provides risk analysis, education/control and continuous improvement for EHS tasks and users can easily access the system on the web at a low price through cloud computing service. Eventually, the integrated system contributes to the managerial improvement by minimizing economic and physical loss caused by construction accidents.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권9호
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.

• 한국산학기술학회:학술대회논문집
• /
• 한국산학기술학회 2010년도 추계학술발표논문집 2부
• /
• pp.859-861
• /
• 2010

The construction companies are facing potential EHS(Environment, Health & Safety) of major accidents to cause casualties or a financial loss and increasing social responsibility. So, they have to voluntarily accomplish the EHS management system rather than passively with regard to EHS regulation. In this study, the integrated EHS management system is developed based on cloud computing, and construction companies are to materialize self-regulation EHS process of construction workplace and to standardize the total EHS business process using the developed system. The proposed system also provides risk analysis, education/control and continuous improvement for EHS tasks and users can easily access the system on the web at a low price through cloud computing service. Eventually, the integrated system contributes to the managerial improvement by minimizing economic and physical loss caused by construction accidents.

• International Journal of Internet, Broadcasting and Communication
• /
• 제9권4호
• /
• pp.44-50
• /
• 2017

To understand whether Falling, which is one of the causes of injuries, occurs, various behavior recognition research is proceeding. However, in most research recognize only the fact that Falling has occurred and provide the service. As well as the occurrence of the Falling, the risk varies greatly based on the type of Falling and the situation before and after the Falling. Therefore, when Falling occurs, it is necessary to infer the user's current situation and provide appropriate services. In this paper, we propose to base on Fog Computing and Cloud Computing to design Context-aware System using analysis of behavior data and process sensor data in real-time. This system solved the problem of increase latency and server overload due to large capacity sensor data.