• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.2
• /
• pp.73-86
• /
• 2016

The purpose of this study is to examine a security investment for firms experienced in confidential information leak. Information security is an apparatus for protection of secret information. The competence of information security is a competitiveness to avoid information leakage in changing business environment. The type of information security is divided into administrative security, technical security and physical security. It is necessary to improve the incident correspondence competence through information security investment of the three types. Therefore, the investment of information security is to enhance information-asset protection of firms. To reinforce accident response competence, an organization discussed an establishment, security technology development, expand investment and legal system of the security system. I have studied empirically targeting the only information leak of firms. This data is a technical security competence and technology leakage situation of firms happened in 2010. During recovery of the DDos virus damage on countries, company and individual, the collected data signify a reality of information security. The data also identify a security competence of firms worrying information security management. According to the study, the continuous investment of information security has a high competence of accident correspondence. In addition, the most of security accidents showed a copy and stealing of paper and computer files. Firm on appropriate security investment is an accident correspondence competence higher than no security investment regardless of a large, small and medium-sized, and venture firm. Furthermore, the rational security investment should choose the three security type consideration for firm size.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.41-62
• /
• 2016

In Internet of Things (IoT) era, more diverse types of information are collected and the environment of information usage, distribution, and processing is changing. Recently, there have been a growing number of cases involving breach and infringement of personal information in IoT services, for examples, including data breach incidents of Web cam service or drone and hacking cases of smart connected car or individual monitoring service. With the evolution of IoT, concerns on personal information protection has become a crucial issue and thus the risk analysis and management method of personal information should be systematically prepared. This study shows risk factors in IoT regarding possible breach of personal information and infringement of privacy. We propose "a risk analysis framework of protecting personal information in IoT environments" consisting of asset (personal information-type and sensitivity) subject to risk, threats of infringement (device, network, and server points), and social impact caused from the privacy incident. To verify this proposed framework, we conducted risk analysis of IoT services (smart communication device, connected car, smart healthcare, smart home, and smart infra) using this framework. Based on the analysis results, we identified the level of risk to personal information in IoT services and suggested measures to protect personal information and appropriately use it.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.1-10
• /
• 2015

The main objective of this study was to identify the factors that can maximize the effect of preventing technology leakage by government support. Therefore we used the 2013 small business technology protection capabilities and level of research which is conducted by the Small and Medium Business Administration, and have analyzed the presence of small business technological assets leakage protection eand skills. Multiple logistic regression analysis was performed to identify 1,518 small companies (43 big companies are excluded) which are divided into 155 technological assets leaked small business and non-leaked 1363 small business. The most important factors associated with technology leakage were entrant control system, security audit, employee absence of security activities and important data protection measures. This result shows that if the government can support more for these details, technological asset leakage prevention effect is expected to be maximized.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.13-19
• /
• 2010

The flow of time, depending on the company's ongoing business link to guarantee the proportion of much greater importance, it in the organization as part of an enterprise-wide level, rather than acting on the information society has been considered as the topic of race. Information Security Governance, the integrity of the information, service continuity, the three kinds of information asset protection purpose begins. It is essential for corporate governance, transparency should be part, must be aligned with the IT framework. Existing information security governance framework that small businesses a wide range of governance issues and interests have never had. Therefore, we simplified the information security governance framework is proposed, and solve problems, and propose a framework for analysis of the safety and efficiency through the analysis of the effectiveness of the proposed method were discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1167-1177
• /
• 2019

In this paper, the improved security operation model based on the vulnerability database is studied. The proposed model consists of information protection equipment, vulnerability database, and a dashboard that visualizes and provides the results of interworking with detected logs. The evaluation of the model is analyzed by setting up a simulated attack scenario in a virtual infrastructure. In contrast to the traditional method, it is possible to respond quickly to threats of attacks specific to the security vulnerabilities that the asset has, and to find redundancy between detection rules with a secure agent, thereby creating an optimal detection rule.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.10a
• /
• pp.665-668
• /
• 2007

The location based service means the service using the location information and the service used based on the location information comes into the spotlight as the critical information of the future mode townsman ubiquitous-City construction. LBS settles down as the core element of ITS or the telematics as the cutting edge technology appearing according to the power generation of the mobile communication technology and recently gradually broadens a range to the public safety service including the distribution management, the asset management, a children and old and the weak protection means, the disaster preparation rescue service like the E-911 of U.S. In the national, the technical regulations about the ground wave LBS was established at November 2005 for the first time in the country. but it actually operated and problems were deduced. Therefore, in this paper, domestic and foreign LBS usage trend and technical standards case try to be analyzed for the revision of the technical regulations of the ground wave LBS serviced in the national and the national technical standards bill for the revision tries to be prepared based on this.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.7
• /
• pp.93-100
• /
• 2013

The ensuing disaster brought by the massive earthquake and tsunami in the northeastern region of Japan in 2011 placed Japan, one of the three most advanced economic powers in the world, in a defenseless state. With the rising interest in disaster recovery, Korea is also making efforts to provide technological support for barrier-free system operation 24 hours a day, 365 days a year. To protect intelligence assets efficiently, this study draws a job performance plan to prepare for disasters, which systemizes methodical coping capabilities into business plans when disasters occur. Moreover, this study systemizes the job performance plan to allow members easy access to information that will help them proceed without confusion in emergencies. This plant is intended to protect intelligence assets of an organization clearly and promptly.

• Korean Security Journal
• /
• no.24
• /
• pp.147-170
• /
• 2010

This study is to present a improvement directions for the protection of industrial key technology. For the purpose of the study, the survey was carried out on the administrative security activity of 68 enterprises including Large companies, small-midium companies and public corporations. survey result on the 10 items of security policy, 10 items of personal management and 7 items of the assets management are as follows; First, stable foundation for the efficient implement of security policy is needed. Carrying a security policy into practice and continuous upgrade should be fulfilled with drawing-up of the policy. Also for the vitalization of security activity, arrangement of security organization and security manager are needed with mutual assistance in the company. Periodic security inspection should be practiced for the improvement of security level and security understanding. Second, the increase of investment for security job is needed for security invigoration. Securing cooperation channel with professional security facility such as National Intelligence Service, Korea internet & security agency, Information security consulting company, security research institute is needed, also security outsourcing could be considered as the method of above investment. Especially small-midium company is very vulnerable compared with Large company and public corporation in security management, so increase of government's budget for security support system is necessary. Third, human resource management is important, because the main cause of leak of confidential information is person. Regular education rate for new employee and staff members is relatively high, but the vitalization of security oath for staff members and the third party who access to key technology is necessary. Also access right to key information should be changed whenever access right changes. Reinforcement of management of resigned person such as security oath, the elimination of access right to key information and the deletion of account. is needed. Forth, the control and management of important asset including patent and design should be tightened. Classification of importance of asset and periodic inspection are necessary with the effects evaluation of leak of asset.

• Journal of the Korea Furniture Society
• /
• v.27 no.1
• /
• pp.59-68
• /
• 2016

The Industrial/Technological Cultural Properties are being protected, the rest facing with demolition and damages. In order to better cope with such situation, Korea has officially introduced the Registered Cultural Properties System since 2001 and began acknowledging the historical values of industrial buildings as modern cultural properties. In the Nordrhein-Westfalen, Germany, there are approximately 3,500 industrial buildings under the cultural asset protection and management not only in the Ruhr-region but also state-wide. Among these, this case study focuses on the Hansa Coking Plant, a large-scale Revitalization project to rehabilitate the old industrial complexes and facility buildings that have been shut down on December 15, 1992. Purpose of this study is to analyze main project plans of each facility in the Hansa Coking Plant and to bring out the main features of the plans, so that they can be utilized to find suggestions for Industrial/Technological Cultural Properties Revitalization in Korea.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.8C
• /
• pp.838-848
• /
• 2005

Most of the national critical key infrastructure, such as power, piped gas and water supply facilities, or the high-speed railroad, is run on the SCADA system. Recently, concerns have been raised about the possibility of these facilities being attacked by cyber terrorists, hacking, or viruses. Thus, it is time to adopt the relevant security management techniques. This paper attempts to propose such security management techniques, including information protection measures and troubleshooting, based on a risk analysis process concerning assets, threats/vulnerability, and hazards, and to examine the security management status of critical key infrastructure in the U.S. and Japan.