• Journal of Information Technology Applications and Management
• /
• v.25 no.4
• /
• pp.67-77
• /
• 2018

With the types and targets of cyber attacks expanding and with personal information leaks increasing, the quantitative demand for information security specialists has increased. The base for training the workforce has expanded accordingly, but joblessness and job-seeking still coexist. To resolve the gap between labor demand and supply, education and training systems that can supply demand quickly are needed. It takes a considerable amount of time for information security education and new manpower supply through universities and graduate schools to be reflected in the market. However, if information security retraining is carried out in terms of career development of information security and related workforce, the problem of lack of experts could be solved in a relatively short period. This paper investigates and analyzes the information security work of the information security workforce, the degree of skill level, the need for retraining, and the workplace migration experience; it also discusses the direction of career development retraining.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.695-706
• /
• 2018

In recent years, industrial convergence centered on ICBM (internet of things (IoT), cloud, big data, mobile) has been experiencing rapid development in various fields such as agriculture and the financial industry. In order to prepare for cyber threats, one of the biggest problems facing the convergence industry in the future, the development of the industry must proceed in tandem with a framework of information security. In this study, we analyze the details of the current industrial development policy and related information protection policies using cross impact analysis and present policy priorities through the expert questionnaire. The aim of the study was to clarify the priorities and interrelationships within information security policy as a first step in suggesting effective policy direction. As a result, all six information security policy tasks derived from this study belong to key drivers. Considering the importance of policies, policies such as improving the constitution of the security industry and strengthening of support, training of information protection talent, and investing in the information security industry need to be implemented relatively first.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.16-22
• /
• 2020

In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

• Convergence Security Journal
• /
• v.16 no.2
• /
• pp.11-17
• /
• 2016

The purpose of this research is to explore the effective response methods for the prevention of cyber-terror in South Korea. This research used an analysis of literature research. From the result of this research, the researchers suggested 1) enactment of the 'Cyber-terror Prevention Act' in order to enhance the effectiveness against cyber-terror; 2) establishment of practical control tower for cyber-terror; 3) expansion of the expert training for cyber-terror. The limitations of this research and the recommendations for future research were discussed at the last part of this research.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.25 no.6
• /
• pp.726-734
• /
• 2019

The current maritime industry is expected to have a significant impact on the role of maritime-related technologies and systems, especially seafarers, in the rapidly changing Fourth Industrial Revolution. The Maritime Autonomous Surface Ship (MASS) aims to reduce the number of safety accidents and improve seafarers' working environment. With regard to MASS, the International Maritime Organization has been trying to minimize unexpected impact in the maritime education and training sector by establishing international conventions such as the Standards of Training, Certification and Watchkeeping for Seafarers. However, domestic designated educational institutions have not yet established an education and training scheme to develop seafarers who will be on board for MASS. Therefore, this paper reviews the technology of MASS, analyzes the changes in education and training in order to upgrade the qualifications, and suggests the competencies of smart seafarers equipped with the integrated management ability required for Artificial Intelligence, Big Data, Cybersecurity, and the Digital System Revolution through education and training. In addition, this study provides basic information for the education and training of seafarers who are optimized for the rapidly changing technological environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1045-1054
• /
• 2021

As APT attacks become more frequent and sophisticated, not only the advancement of the security systems but also the competence of the cybersecurity officers of each institution that operates them is becoming increasingly important. In a large-scale cyber defence exercise with many blue teams participating and many systems to simulate and defend against, it should be possible to simulate attacks to generate various attack patterns, network payloads, and system events. However, if one RT framework is used, there is a limitation that it can be easily detected by the blue team. In the case of operating multiple RT frameworks, a lot of time and effort by experts for exercise setup and operation for each framework is required. In this paper, we propose iRF(integrated RT framework) that can automatically operate large-scale cyber defence exercise by integrating a number of open RT frameworks and RT frameworks created by ourselves.

• Journal of The Korean Association of Information Education
• /
• v.23 no.3
• /
• pp.229-235
• /
• 2019

By combining the elements of the game or game in education, it improves the interest of the students and improves academic achievement by creating an environment where they can participate directly. We propose a curriculum that can learn the core principles of the elementary curriculum through fusion. The proposed curriculum helps students to understand the principles of the elementary curriculum by learning the artificial intelligence method in board game form. Learning methods that incorporate such elements of the game will enable learners to learn the principles of IT so that they can develop their ability to understand objects from various perspectives and enhance their thinking skills. It is expected that the elementary artificial intelligence curriculum that incorporates the proposed gamification will contribute to the development of the information science curriculum, which has been highlighted recently from the 2015 curriculum.

• Informatization Policy
• /
• v.28 no.2
• /
• pp.98-113
• /
• 2021

This study presents implications of the Global Data Law & Policy by comparing national data strategies, data regulations and policies, and governance in South Korea, the United States, the United Kingdom, and the European Union. According to the result of the comparative analysis, the biggest difference is in data governance, in other words, the management and coordination of policies at the pan-government level and data ethics. Therefore, this study proposes the establishment of a presidential special committee on data policy or the creation of a 'National Digital Innovation Office' at the Presidential Secretariat as a national CDO for the governance of data policies. Furthermore, this paper suggests a) to enact 'the Framework Act on the Development of Data Industry' that can regulate data practices in the private sector, b) to institutionalize the data-centric security and data protection, c) to settle the public ethics and personnel management based on data expertise and professional ethics, including explainability and responsibility, and d) the education and training systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.1009-1017
• /
• 2022

Log data has been used as a basis in understanding and deciding the main functions and state of information systems. It has also been used as an important input for the various applications in cybersecurity. It is an essential part to get necessary information from log data, to make a decision with the information, and to take a suitable countermeasure according to the information for protecting and operating systems in stability and reliability, but due to the explosive increase of various types and amounts of log, it is quite challenging to effectively and efficiently deal with the problem using existing tools. Therefore, this study has suggested a multiclass classification of the security severity level of multi-source event log using machine learning based on natural language processing. The experimental results with the training and test samples of 472,972 show that our approach has archived the accuracy of 99.59%.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.61-69
• /
• 2022

When a large-scale cyber attack or terrorism occurs and the country suffers enormous damage or poses a fatal threat to security, social interest in nurturing cybersecurity workforce increases. In addition, the government often suggests policies and guideline to train cybersecurity workforce. However, the system that can systematically manage trained cyber workforce after they are employed in related organizations or companies is still weak. Software workforce has a standardized qualification level model, so appropriate jobs are set and managed for each level. Cyber workforce also need a specialized qualification level model that takes into account their career, academic background, and education&training performance. By assigning a qualification level, the duties that can be performed for each level should be set, and the position and duty of the department should also be assigned in consideration of the level. Therefore, in this paper, we propose a qualification level model for cyber security workforce.