• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.337-346
• /
• 2012

According to cloud computing service is increasing of using the Internet technology, it's increasing privacy security risks and out of control of security threats. However, the current cloud computing service providers does not provide to solutions of the privacy security management. This paper discusses the privacy security management issue of cloud computing service, and propose solutions to privacy information threats in cloud computing environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.353-371
• /
• 2014

We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

• Asia pacific journal of information systems
• /
• v.24 no.4
• /
• pp.531-557
• /
• 2014

Although the area of information security planning and management has gained an increased attention, not much discussion was available on the role and the impact of the board members towards a firm's security management and governance decisions. In this research, we draw on corporate governance and the organizational demography literature to conduct an exploratory empirical study on the association between the board structure of a firm and the possibility of information security breaches. Our results show that the board size, the average age/tenure and the heterogeneity of age could reduce the possibility of security breaches while the proportion of independent directors and the heterogeneity of tenure could increase it. Our findings shed lights on the important role played by the board when managing information security risks in organizations.

• Journal of Information Technology Applications and Management
• /
• v.18 no.2
• /
• pp.91-108
• /
• 2011

Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.797-808
• /
• 2012

In smart work environment, a company provides employees a flexible work environment for tele-working using mobile phone or portable devices. On the other hand, such environment are exposed to the risks which the attacker can intrude into computer systems or leak personal information of smart-workers' and gain a company's sensitive information. To reduce these risks, the security administrator needs to analyze the usage patterns of employees and detect abnormal behaviors by monitoring VPN(Virtual Private Network) access log. This paper proposes a decision support system that can notify the status by using visualization and similarity measure through clustering analysis. On average, 88.7% of abnormal event can be detected by this proposed method. With this proposed system, the security administrator can detect abnormal behaviors of the employees and prevent account theft.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.175-184
• /
• 2022

Voice over Internet Protocol (VoIP) has grown in popularity as a low-cost, flexible alternative to the classic public switched telephone network (PSTN) that offers advanced digital features. However, additional security vulnerabilities are introduced by the VoIP system's flexibility and the convergence of voice and data networks. These additional challenges add to the normal security challenges that a VoIP system's underlying IP data network infrastructure confront. As a result, the VoIP network adds to the complexity of the security assurance task faced by businesses that use this technology. It's time to start documenting the many security risks that a VoIP infrastructure can face, as well as analyzing the difficulties and solutions that could help guide future efforts in research & development. We discuss and investigate the challenges and requirements of VoIP security in this research. Following a thorough examination of security challenges, we concentrate on VoIP system threats, which are critical for present and future VoIP deployments. Then, towards the end of this paper, some future study directions are suggested. This article intends to guide future scholars and provide them with useful guidance.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.754-756
• /
• 2011

Most of the sources of security and privacy issues in RFID technology arise from the violation of the air interface between a tag and its reader. This paper will approach the security risk analysis is process from the perspective of the RFID tag life cycle, identify the tag usage processes, identify the associated vulnerability and threat to the confidentiality, integrity and availability of the information assets and its implications for privacy, and then mitigate the risks.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.7
• /
• pp.109-115
• /
• 2024

Overleaf is a cloud-based LaTeX editor, allowing users to easily create and collaborate on documents without the need for separate LaTeX installation or configuration. Thanks to this convenience, users from various fields worldwide are writing, editing, and collaborating on academic papers, reports, and more via web browsers. However, the caching that occurs during the process of converting documents written on Overleaf to PDF format poses risks of exposing sensitive information. This could potentially lead to the exposure of users' work to others, necessitating the implementation of security measures and vigilance to caution against such incidents. This paper delves into an in-depth analysis of Overleaf's security vulnerabilities and proposes various measures to enhance the protection of intellectual property.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.77-83
• /
• 2023

This research is conducted to minimize the potential security risks of conducting online exams to an acceptable level as vulnerabilities and threats to this type of exam are presented. This paper provides a general structure for the risk management process and some recommendations for increasing the level of security.

• Journal of Information Technology Applications and Management
• /
• v.26 no.6
• /
• pp.119-138
• /
• 2019

This work examines whether IT managers adopt of real options such as defer, expand, contract, and abandon in order to cope with ERP risks, which include technological risk, relationship risk with SW vendors, economic risk, and security risk. We collect data of logistics firms in Seoul and its suburbs in 2018 to empirically validate the effect of risks upon the adoption of real options. The results suggest that IT managers adopt all 4 options when facing economic risk and adopt contract and abandon options only when facing security risk. Additionally, we find that IT managers prefers expand option and avoid abandon option when they think ERP compatibility is high.