• The Journal of the Korea Contents Association
• /
• v.13 no.4
• /
• pp.389-398
• /
• 2013

This study aims to support rational security investment decision making through prioritizing on operational level of management measures strategically, in carrying out industrial security activities. For this, AHP survey is conducted against industrial security professionals and analyzed. Thereafter, the importance and the priority of industrial security management measures are determined. As a result, in a comparison evaluation among the criteria, 'ICT service management' represents the highest weight (0.54). And the sub-criteria could be divided into three groups (Group I, II, III), depending on their importance. The sensitivity analysis results show that if the weight of the criterion, 'ICT systems/networks access control' is doubled, the sub-criteria, 'O/S access control', 'application access control', and 'wired/wireless network access control' are enter into top rank group. In case of the criterion, 'physical/environmental security' is doubled, the sub-criteria, 'protection zoning/access control' and 'disaster prevention on business equipment/counter-terrorism' are enter into the top rank group, 'securing utilities' is enter into the mid rank group.

• IE interfaces
• /
• v.16 no.4
• /
• pp.421-431
• /
• 2003

Due to the increasing complexity of the information systems environment, modern information systems are facing more difficult and various security risks than ever, there by calling for a higher level of security safeguard. In this paper, an information technology security risk management model, which modified by adopting the concept of business processes, is applied to client/server distributed systems. The results demonstrate a high level of risk-detecting performance of the model, by detecting various kinds of security risks. In addition, a practical and efficient security control safeguard to cope with the identified security risks are suggested. Namely, using the proposed model, the risks on the assets in both of the I/O stage(on client side) and the request/processing stage(on server side), which can cause serious problems on business processes, are identified and the levels of the risks are analyzed. The analysis results show that maintenance of management and access control to application systems are critical in the I/O stage, while managerial security activities including training are critical in the request/processing stage.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.269-274
• /
• 2022

Economy of Ukraine is characterized by the rapidly increased level of financial failures at a corporate level. Conditions of doing business in Ukraine become tighter year after year and it should motivate the business owners not only to watch more accurately the state in which their business is but also to introduce new, more precise, more tight systems of crisis management and economic security. The experience shows that in order to stay afloat and not to suffer losses companies should pay more attention to different areas of economic security, such as production potential, financial indicators, logistics, staff, etc. For this purpose companies should use a system of valuation of the most important for their activity indicators and transform their values in an integral one in order to use this assessment in making managerial decisions. Such a valuation is one of the components which the article presents. The article also reveals the key points which characterize crisis management as an integral part of enterprise development and economic security. There are specified the essence and problems of crisis management and proposed the ways of raising the level of economic security of a company based on the example of an industrial and commercial enterprise. The key focus of the enterprise's economic security management is defined as constructive responses to threats from the external environment and, as a result, ensuring stable functioning and effective realization of untapped potential in the future. The current assumption is to explain the scheme of strategic management of an industrial and commercial enterprise and to calculate the methodology of an express assessment of the level of enterprise economic security, taking into account the components of crisis management. To assess the level of economic security of the enterprise, it is proposed to use the method of point assessment, which is based on a multi-level system of indicators, which covers the main areas of the enterprise's activity.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.19-30
• /
• 2019

Many organizations need to comply with ISMS-P for information systems and personal information management for ISMS-P certification. Organizations should safeguard vulnerablities to information systems. However, as the kinds of information systems are diversified and the number of information systems increases, management of such vulnerabilities manually accompanies with many difficulties. SCAP is a protocol to manage the vulnerabilities of information system automatically with security standards. In this paper, for the introduction of SCAP in domestic domains we verify the applicability of server-oriented system which is one of ISMS-P certification targets. For SCAP applicability, For obtaining this goal, we analyze the structures and functions of SCAP. Then we propose schemes to check vulnerabilities of the server-oriented system. Finally, we implement the proposed schemes with SCAP to show the applicability of SCAP for verifying vulnerabilities of the server-oriented system.

• Knowledge Management Research
• /
• v.21 no.1
• /
• pp.41-59
• /
• 2020

This explorative study examines the difference in firm performance according to the adoption of the core technology of the Fourth industrial revolution, including artificial intelligence(AI), internet of things (IoT), cloud computing, and big data technology. Additionally, we investigate the importance of internal organizational structure exclusively responsible for information security. We analyze unique microdata offered by the Korea Information Society Development Institute to examine the impact of the adoption of the new technologies and the existence of organizational structure for information protection on firm performance, i.e., firm sales. By considering the core information technology as powerful knowledge assets, we argue that the adoption of such technology leads firms to have comparative advantage comparing to the competitors. Also, we emphasize the need to consider the organizational structure suitable for information security, which can become a structural asset of a firm.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.8
• /
• pp.1911-1919
• /
• 2009

Currently, the evaluation technology for the security systems of risk analysis level measurement is maintained by only the developed countries including U.S and U.K, and the evaluation technology and its infrastructure are insufficient for the evaluation technology of security threat analysis level measurement in Korea. Therefore this paper presents the development of the security control items and the evaluation tool(ISSPET) for the security level performance. It is expected to evaluate the security management level of the current system and its security environment through analyzing the security management level of security systems using ISSPET.

• Journal of the Society of Disaster Information
• /
• v.2 no.1
• /
• pp.113-127
• /
• 2006

The suggestions that follow are about the Qualitative Improvement of private security Industrial. First, in legal and institutional policy, new establishment by law for private security and more support from government is asked. Moreover, the restructuring or M&A between petty companies and the pricing for security service should be performed. Second, in the structural aspect of private security industry, the professional education center for private security guards should be established and the terms of payment and welfare should be improved to the level above standard. In addition, it should be achieved to change the public to have a new and correct understanding of private security and develope the specialized parts suited to the characteristic and ability of each companies. Third, the construction of operating system for private security service should be achieved; recruit system for competent security guards, marketing strategy and enforcement system, widely known confidence to client, normal training system for security guards and post management system for client. This is also to be suited to the characteristic of each companies.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.9 no.5
• /
• pp.1271-1278
• /
• 2008

As the collaboration of WFMS(workflow management systems) in enterprises increases, security protocols could be considered a critical factor affecting secure operation of WMFS. The security protocol of WFMS could not reflect the nature of collaboration in WFMS, resulting to collaboration of WFMS on Internet causing the operation problems of WFMS. This study suggests collaboration based security protocols based on the collaboration of WFMS on Internet. To reflect the nature of collaboration in WFMS, this study analyzes security requirements for WFMS. Based on security requirements, this study suggests a security architecture and security protocols for WFMS using security agents.

• Proceedings of the Safety Management and Science Conference
• /
• 2005.11a
• /
• pp.418-422
• /
• 2005

Electronic commerce has provided another access for consumers to purchase products, but some researches have pointed out that there are difficulties for companies to do business on web. For lack of trust, many people not prefer purchasing through virtual channels. Based on the literature review, this study aims at empirically testing the impact of website design on individual trust in internet firms. From statistic analysis, we will conclude that security, interaction, and navigation functionality will affect on-line trust.

• Journal of the Korea Convergence Society
• /
• v.10 no.3
• /
• pp.177-184
• /
• 2019

The Defense Technology Security Act was enacted in 2015 to protect the defense industrial technology from being duplicated or interfering technologies being developed, which prevents its value and utility from deterioration and prevents inappropriate export. Defense industrial technology refers to technology that should be protected for national security among the national defense science and technology related to the defense industry. However, technical identification criteria of identification and management system of protection technology are not regulated. Therefore, in this study, through the Delphi survey, diesel engine core technology identification criteria related to the high efficiency internal combustion engine propulsion technology among the 141 defense industrial technologies is established to improve the identification and management system of the technology to be protected among the defense industrial technology protection system. As a result of the study, operational operability, durability, safety, sequencing and modularization were established as diesel engine core technology identification criteria.