• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.273-279
• /
• 2014

Recently, it was occurred in the nation's largest Information spill about 140 million cases of credit card customers' personal and credit information. As such, it was rapidly to increase in consumer complaints about the privacy of personal information in accordance with outflow of financial companies increased accident. But it is still not clear precaution. Therefore, in financial customer position, it is possible to confirm and determine in advance whether or not superior to the security company. In addition, It is time to be required institutional device that can be a real effort to equip a good security company. This report is considered a model of "Disclosure of corporate security assessment " of these devices institutional study. And We study in realistic and objective stance about why do we need this policy.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.635-637
• /
• 2021

Cybersecurity assessment is the process of assessing the risk level of a system through threat and vulnerability analysis to take appropriate security measures. Accurate security evaluation models are needed to prepare for the recent increase in cyberattacks and the ever-developing intelligent security threats. Therefore, we present a risk assessment model through a matrix-based security assessment model analysis that scores by assigning weights across security equipment, intervals, and vulnerabilities. The factors necessary for cybersecurity evaluation can be simplified and evaluated according to the corporate environment. It is expected that the evaluation will be more appropriate for the enterprise environment through evaluation by security equipment, which will help the cyber security evaluation research in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.161-170
• /
• 2008

Despite the recent growth in size and frequency of damages caused by illegal information breaches, current business counter-measures and precautionary systems are greatly limited. Some major companies have developed Information Security Management Systems (ISMS) to safeguard their vital information; however, such measures are largely based on the ISO27001 and lacks in many aspects to grasp the holistic corporate security level and reinforce precautionary measures. The information protection level evaluation model introduced in this paper is a pragmatic evaluative tool that can be utilized to devise effective corporate information security precautionary measures and countermeasures, based on the BSC (Balanced ScoreCard) method for an actual and realistic corporate information security level evaluation possible.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.53-58
• /
• 2020

In this study, it suggests the High Availability (HA) implementation plan of building a continuous service infrastructure as a strategy ensuring availability, as the importance of availability securing corporate business continuity emerges in the knowledge and information society. However, if the reliability of the criticality assessment of information asset is not ensured, it requires assessment measures for availability that can be managed by mapping with service maintenance assessment items, which are availability criteria based on the asset criticality evaluated through the asset value matrix because it is difficult to maintain security in conjunction with the value of real assets. Therefore, this study suggests the assessment measures for availability of information assets.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.269-274
• /
• 2022

Economy of Ukraine is characterized by the rapidly increased level of financial failures at a corporate level. Conditions of doing business in Ukraine become tighter year after year and it should motivate the business owners not only to watch more accurately the state in which their business is but also to introduce new, more precise, more tight systems of crisis management and economic security. The experience shows that in order to stay afloat and not to suffer losses companies should pay more attention to different areas of economic security, such as production potential, financial indicators, logistics, staff, etc. For this purpose companies should use a system of valuation of the most important for their activity indicators and transform their values in an integral one in order to use this assessment in making managerial decisions. Such a valuation is one of the components which the article presents. The article also reveals the key points which characterize crisis management as an integral part of enterprise development and economic security. There are specified the essence and problems of crisis management and proposed the ways of raising the level of economic security of a company based on the example of an industrial and commercial enterprise. The key focus of the enterprise's economic security management is defined as constructive responses to threats from the external environment and, as a result, ensuring stable functioning and effective realization of untapped potential in the future. The current assumption is to explain the scheme of strategic management of an industrial and commercial enterprise and to calculate the methodology of an express assessment of the level of enterprise economic security, taking into account the components of crisis management. To assess the level of economic security of the enterprise, it is proposed to use the method of point assessment, which is based on a multi-level system of indicators, which covers the main areas of the enterprise's activity.

• ETRI Journal
• /
• v.44 no.6
• /
• pp.991-1003
• /
• 2022

Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.53-60
• /
• 2024

Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.73-83
• /
• 2021

The information space, the main components of which are information resources, means of information interaction, and information infrastructure, is a sphere of modern social life in which information communications play a leading role. The objective process is the gradual but stable entry of the national information space into the European and world information sphere, in the context of which there is a legitimate question of its protection as one of the components of the national security of Ukraine. However, the implementation of this issue in practice immediately faces the need to respect the rights and fundamental freedoms guaranteed by international regulations and the Constitution of Ukraine, especially in the field of cybersecurity. The peculiarity of the modern economy is related to its informational nature, which affects the sharp increase in cyber incidents in the field of information security, which is widespread and threatening and affects a wide range of private, corporate, and public interests. The problem of forming an effective information security system is exacerbated by the spread of cybercrime as a leading threat to information security both in Ukraine and around the world. The purpose of this study is to analyze the state of cybersecurity and on this basis to identify new areas of the fight against cybercrime in Ukraine. Methods: the study is based on an extensive regulatory framework, which primarily consists of regulatory acts of Ukraine. The main methods were inductions and deductions, generalizations, statistical, comparative, and system-structural analysis, grouping, descriptive statistics, interstate comparisons, and graphical methods. Results. It is noted that a very important component of Ukraine's national security is the concept of "information terrorism", which includes cyberterrorism and media terrorism that will require its introduction into the law. An assessment of the state of cybersecurity in Ukraine is given. Based on the trend analysis, further growth of cybercrimes was predicted, and ABC analysis showed the existence of problems in the field of security of payment systems. Insufficient accounting of cybercrime and the absence in the current legislation of all relevant components of cybersecurity does not allow the definition of a holistic system of counteraction. Therefore, the proposed new legal norms in the field of information security take into account modern research in the field of promising areas of information technology development and the latest algorithms for creating media content.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.1-8
• /
• 2022

This work provides a reliable and classified stocks dataset merged with Saudi stock news. This dataset allows researchers to analyze and better understand the realities, impacts, and relationships between stock news and stock fluctuations. The data were collected from the Saudi stock market via the Corporate News (CN) and Historical Data Stocks (HDS) datasets. As their names suggest, CN contains news, and HDS provides information concerning how stock values change over time. Both datasets cover the period from 2011 to 2019, have 30,098 rows, and have 16 variables-four of which they share and 12 of which differ. Therefore, the combined dataset presented here includes 30,098 published news pieces and information about stock fluctuations across nine years. Stock news polarity has been interpreted in various ways by native Arabic speakers associated with the stock domain. Therefore, this polarity was categorized manually based on Arabic semantics. As the Saudi stock market massively contributes to the international economy, this dataset is essential for stock investors and analyzers. The dataset has been prepared for educational and scientific purposes, motivated by the scarcity of data describing the impact of Saudi stock news on stock activities. It will, therefore, be useful across many sectors, including stock market analytics, data mining, statistics, machine learning, and deep learning. The data evaluation is applied by testing the data distribution of the categories and the sentiment prediction-the data distribution over classes and sentiment prediction accuracy. The results show that the data distribution of the polarity over sectors is considered a balanced distribution. The NB model is developed to evaluate the data quality based on sentiment classification, proving the data reliability by achieving 68% accuracy. So, the data evaluation results ensure dataset reliability, readiness, and high quality for any usage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.253-261
• /
• 2020

This study examines the technologies and application processes related to the use of pseudonym data of companies after the passage of the Data 3 Act to activate the data economy in earnest, and what companies should prepare to use pseudonym data and what will happen in the process It was intended to contribute to the elimination of uncertainty. In the future, companies will need to extend the information security management system from the perspective of the existing IT system to manage and control data privacy protection and management from a third party provisioning perspective. In addition, proper pseudonym data use control should be implemented even in the data use environment utilized by internal users. The economic effect of market change and heterogeneous data combination due to the use of pseudonymized data will be very large, and standards for appropriate non-identification measures and risk assessment criteria for data utilization and transaction activation should be prepared in a short time.