• Journal of Information Technology Services
• /
• v.19 no.5
• /
• pp.33-47
• /
• 2020

In recent years, due to the demand for operating efficiency and cost reduction of industrial facilities, remote access via the Internet is expanding. the control network accelerates from network separation to network connection due to the development of IIoT (Industrial Internet of Things) technology. Transition of control network is a new opportunity, but concerns about cybersecurity are also growing. Therefore, manufacturers must reflect security compliance and standards in consideration of the Internet connection environment, and enterprises must newly recognize the connection area of the control network as a security management target. In this study, the core target of the control system security threat is defined as the network boundary, and issues regarding the security architecture configuration for the boundary and the role & responsibility of the working organization are covered. Enterprises do not integrate the design organization with the operation organization after go-live, and are not consistently reflecting security considerations from design to operation. At this point, the expansion of the control network is a big transition that calls for the establishment of a responsible organization and reinforcement of the role of the network boundary area where there is a concern about lack of management. Thus, through the organization of the facility network and the analysis of the roles between each organization, an static perspective and difference in perception were derived. In addition, standards and guidelines required for reinforcing network boundary security were studied to address essential operational standards that required the Internet connection of the control network. This study will help establish a network boundary management system that should be considered at the enterprise level in the future.

• Journal of Preventive Medicine and Public Health
• /
• v.57 no.3
• /
• pp.298-303
• /
• 2024

Objectives: The aim of this study was to estimate drug prescription indicators in outpatient services provided at Iran Social Security Organization (SSO) healthcare facilities. Methods: Data on all prescribed drugs for outpatient visits from 2017 to 2018 were extracted from the SSO database. The data were categorized into 4 main subgroups: patient characteristics, provider characteristics, service characteristics, and type of healthcare facility. Logistic regression models were used to detect risk factors for inappropriate drug prescriptions. SPSS and IBM Modeler software were utilized for data analysis. Results: In 2017, approximately 150 981 752 drug items were issued to outpatients referred to SSO healthcare facilities in Iran. The average number of drug items per outpatient prescription was estimated at 3.33. The proportion of prescriptions that included an injection was 17.5%, and the rate of prescriptions that included an antibiotic was 37.5%. Factors such as patient sex and age, provider specialty, type of facility, and time of outpatient visit were associated with the risk of inappropriate prescriptions. Conclusions: In this study, all drug prescription criteria exceeded the recommended limits set by the World Health Organization. To improve the current prescription patterns throughout the country, it would be beneficial to provide providers with monthly and annual reports and to consider implementing some prescription policies for physicians.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.951-962
• /
• 2018

In order to strengthen the information security of the organization, it is important to invest in the information security facility, but the information security awareness of the organization members is also very important. Effective education is needed to raise awareness of this information security. However, the method of collective education utilized by most organizations is not very effective. Educational methods using serious games can be a good alternative. Educational methods using serious games have already proved effective through various cases and researches and are used in many fields. In this paper, we design and implement a game program to improve the awareness of individual information security policy importance. The training was conducted for the members of the organization and the change of awareness about the importance of individual information security policy was examined through analysis of evaluation data before and after the training.

• Korean Security Journal
• /
• no.38
• /
• pp.109-136
• /
• 2014

Korea domestic casino industry has been experienced an explosive growth marking the highest quantity and quality with rapid growth of domestic economy since the 1960s. However there are really lack of study about presenting guideline for establishing risk management planning reflected characteristics of casino industry. Therefore, we analyzed previous studies about concept of the risk and criteria and drew dimension of safety supervision reflecting characteristics of casino industry. we, also, identified detailed safety management factors as well as classified three dimensions of environment, human and facility on the dimension of safety supervision. This study was designed to examine effect relationship between risk management factors and performance of security management organization focused on The mediation effect of atmosphere of organization We used two different tools for data analysis: SPSS 18.0 for the descriptive statistics and PLS 3.0 to validate the integrity of the research model and proposed hypotheses that is main effects from risk management factors to security management organization and mediation effects of atmosphere of organization. The data analysis confirmed the importance of risk management factors to enhanced performance of security management organization. The mediation effect of atmosphere of organization, also, supported relationship between risk management factors and performance of security management organization. It provided theoretical and practical implication for building risk management strategy well suited casino company and conducting security management.

• Journal of National Security and Military Science
• /
• s.8
• /
• pp.383-420
• /
• 2010

This article is focusing on the improvement of weapon system test & evaluation, aimed at the weapon system in the research development stage. This article suggests improvement directions in three aspects(organization and system, skilled manpower and technology, test facilities of weapon system test & evaluation) as follows. 1) Weapon system test & evaluation organization and system a. Establishment of comprehensive test & evaluation system b. Making regulation for comprehensive test infrastructure management. c. Standardization of test & evaluation process, which can be used in special subject to army, navy and air force. 2) Skilled manpower and technology of weapon system test & evaluation a. Training & education, management of test & evaluation experts. b. Establishment of skill management system of test & evaluation. 3) Test facilities of weapon system test & evaluation a. Establishment of comprehensive improvement direction of test & evaluation installation and equipment. b. Consideration of counter measures to prevent overlapping investment, and to use the test & evaluation resources efficiently. c. Establishment of organic network for the effective use of test & evaluation installation and equipment. d. Establishment of detailed cooperation plan for the commonage of test & evaluation facility and equipment.

• The Journal of the Korea Contents Association
• /
• v.11 no.4
• /
• pp.389-403
• /
• 2011

The objective of this study is to find out how strategic human resource management(SHRM) of a facility security firm affects its organizational culture and behaviors of its members. This study was executed in June 2010 with facility security officers(FSO) in four private security firms by using a judgment sampling technique. A total of 343 FSOs were used in final analysis. Coefficient of reliability(Cronbach's coefficient alpha) of the survey was 0.691. The conclusion was as follows: First, SHRM of facility security firms exert its influence on organizational culture. That is, promotion of education/training, compensation, making avid followers, and career development may facilitate settlement of hierarchical, development-oriented, agreement -based and rationality-oriented culture. Second, SHRM of security firms would affect organizational citizenship behaviors(OCB), i.e., the promotion of education/training, compensation, making avid followers, and career development would tend to enhance consideration for others and altruistic, participatory, conscientious and gentlemanly behaviors. On the other hand, if proper compensation is not made, above-mentioned behaviors would decrease. Third, organizational culture of security firms tends to affect OCB. That is, when hierarchical, development-oriented, agreement-based and rationality-oriented culture is settled, consideration for others, altruistic, participatory, conscientious and gentlemanly behaviors tends to be enhanced.

• The Journal of Society for e-Business Studies
• /
• v.25 no.3
• /
• pp.109-130
• /
• 2020

Recently, the importance of research and development for technological innovation is increasing. The rapid development of research and development has a number of positive effects, but at the same time there are also negative effects that accelerate crimes of information and technology leakage. In this study, a research security level measurement model was developed that can safely protect the R&D environment conducted at the organizational level in order to prepare for the increasingly serious R&D result leakage accident. First, by analyzing and synthesizing security policies related to domestic and overseas R&D, 10 research security level evaluation items (Research Security Promotion System, Research Facility and Equipment Security, Electronic Information Security, Major Research Information Security Management, Research Note Security Management, Patent/Intellectual Property Security Management, Technology Commercialization Security Management, Internal Researcher Security Management, Authorized Third Party Researcher Security Management, External Researcher Security Management) were derived through expert interviews. Next, the research security level evaluation model was designed so that the derived research security level evaluation items can be applied to the organization's research and development environment from a multidimensional perspective. Finally, the validity of the model was verified, and the level of research security was evaluated by applying a pilot target to the organizations that actually conduct R&D. The research security level evaluation model developed in this study is expected to be useful for appropriately measuring the security level of organizations and projects that are actually conducting R&D. It is believed that it will be helpful in establishing a research security system and preparing security management measures. In addition, it is expected that stable and effective results of R&D investments can be achieved by safely carrying out R&D at the project level as well as improving the security of the organization performing R&D.

• Korean Security Journal
• /
• no.26
• /
• pp.7-28
• /
• 2011

This study is to propose the improvement of security related regulations to reinforce security activity and actualize constitutionalism in the National Assembly. For the purpose, some improvements could be considered as followings; First, legislating of regulations including some articles on the scope of security activity such as order preservation at assembly hall, facility security, security agents' right and protection of personal is necessary. Second, changing the organization and command system of security management is necessary for the unification of security activity and efficiency of the job. Also clear definition of terminology on the security job is need. For the shake of above object, one officer in charge of situation management and three section such as the personal protection section, facility security section and order preservation section could be substructured under security department. Third, elimination of unnecessary article on the arrest of red handed criminal in the assembly hall and on the physical checkup of audience by security agent is need. Also legislating of regulations on the hoarding of person who could disorder is necessary. Forth, legislating of regulations on the cooperation with government branch, judicial police power, carry and use of weapon and uniform and equipment to reinforce practical efficiency of security activity. For the proper legislating of the regulations, comparition with other public organizations such as presidential security Service, police, private security could be considered.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.2
• /
• pp.65-73
• /
• 2014

An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.9 no.1
• /
• pp.25-31
• /
• 2003

In 1994, the International Maritime Organization (IMO) adopted the International Safety Management Code (ISM Code) as SOLAS convention to ensure the safe operation of ships and to protect marine environment from pollution In December 2002, the IMO adopted the International Ship and Port Facility Security Code (ISPS Code) in the Chapter XI-1 of SOLAS to ensure the security of ships, crew, cargo and port facility. With 1 July 2004 being the coming into effective date of ISPS Code, there is a sense of urgency among the shipping companies and port authorities to accomodate the ISPS Code. Although both the ISM Code and the ISPS Code are based on the management system concept introduced in the ISO 9001, two Codes pursue different objective. Accordingly, it is meaningful to compare and analyze the requirements of three standards. In this article, the backgrounds, principles and requirements of three standards are analyzed and presented to offer several suggestions on the establishment and implementation of security measures in compliance with the ISPS Code to the shipping industry in time.