• 한국IT서비스학회지
• /
• 제19권6호
• /
• pp.119-130
• /
• 2020

This work investigates how domestic or foreign ERP affects the relationship between risks associated ERP implementation and intention to adopt risk-mitigating options. We propose three risks such as ERP vendor risk, economic risk, and security risk should affect positively the intention to adopt the risk-mitigating options. To validate the impact of risks and to examine the difference between domestic and foreign ERP, we collected data from IT managers in small and medium sized logistics companies in South Korea using survey questionnaires. We validate the difference between domestic ERP and foreign ERP using multiple regression analyses. We find that IT managers using domestic ERP are willing to adopt risk-mitigating options for economic and security risk. In contrast, we find that IT managers using foreign ERP are willing to adopt risk-mitigating options for ERP-vendor risk. This work may provide IT managers in logistics industry a practical guideline of choosing either domestic or foreign ERP based on their risk preferences.

• Journal of Electrical Engineering and Technology
• /
• 제12권2호
• /
• pp.495-501
• /
• 2017

The introduction of smart grid, which is an innovative application of digital processing and communications to the power grid, might lead to more and more cyber threats originated from IT systems. In other words, The Energy Management System (EMS) and other communication networks interact with the power system on a real time basis, so it is important to understand the interaction between two layers to protect the power system from potential cyber threats. This paper aims to identify and clarify the cyber security risks and their interaction with the power system in Smart Grid. In this study, the optimal power flow (OPF) and Power Flow Tracing are used to assess the interaction between the EMS and the power system. Through OPF and Power Flow Tracing based analysis, the physical and economic impacts from potential cyber threats are assessed, and thereby the quantitative risks are measured in a monetary unit.

• 정보보호학회논문지
• /
• 제34권1호
• /
• pp.53-60
• /
• 2024

안전한 네트워크를 위해 보안 평가는 필수불가결한 과정으로, 위험을 관리하기 위해서는 적절한 성능지표가 있어야 한다. 가장 널리 사용하고 있는 정량적 지표로는 CVSS가 있다. CVSS는 주관성과 해석의 복잡성, 보안 위험의 관점에서 맥락을 고려하지 못한다는 문제가 있다. 이러한 문제를 보완하기 위해 ISO/IEC 15408 문서의 보안 개념 및 관계도를 바탕으로 공격자, 위협, 대응, 자산의 4가지를 항목화하고 수치화 하는 지표를 제안한다. 네트워크 스캐닝을 통해 발견된 취약점은 약점, 공격패턴의 연결관계에 의해 MITRE ATT&CK의 기술과 매핑시킬 수 있다. 우리는 MITRE ATT&CK 의 Groups, Tactic, Mitigations을 이용하여 일관성을 가지며 직관적인 점수를 산출한다. 이에 따라 보안 평가 관리자가 다양한 관점의 보안지표 중 선택할 수 있는 폭을 넓히고, 사이버 네트워크의 보안을 강화하는데 긍정적인 영향을 기대한다.

• The Journal of Asian Finance, Economics and Business
• /
• 제7권6호
• /
• pp.221-231
• /
• 2020

This research investigates the relationship among product risk, financial risk, security risk, privacy risk, perceived satisfaction, and purchase intention. Validated measurements were identified from a literature review. The measurement model and the conceptual model depicting hypothesized relationships were evaluated based on responses from 306 customers using confirmatory factor analysis and structural equation modeling. The results showed that product risk, financial risk, security risk, and privacy risk impacted on perceived satisfaction. Besides, product risk, privacy risk, and perceived satisfaction influenced purchase intentions. Thus, this study focused on the influences of product risk, financial risk, security risk, and privacy risk on their cognitive attitudes toward websites. That means the more consumer perceive security, the more they avoid shopping online. The study is important to show how perceived risk affects online shopping behaviors, and it invites marketers to make necessary adjustments to prevent perceived risks to increase and online shopping to decrease. The findings of this study suggest the creation of a framework on the effect of perceived risk types on online shopping. Managers need to take perceived risks into account when designing their electronic marketing channels. In addition, shopping websites should strengthen their transaction security by appropriately using various available resources and new information technologies.

• 제어로봇시스템학회:학술대회논문집
• /
• 제어로봇시스템학회 2005년도 ICCAS
• /
• pp.1590-1593
• /
• 2005

Security defects occurring within corporate networks and the Internet may be abused by internal or external malicious attackers. Such abuses cause a financial toll through expenditures on additional human resources, the impact of down-time as problems are fixed, as well as damage from divulging corporate informational assets. Hence, through the precise analysis of the possible defects in network security and the identification of risks, preventative policy should be established to ensure maximum security. This report reviews methodologies that calculate and analyze levels of network security in order to resolve these problems, and generates appropriate test steps, test methods, and test items.

• 한국컴퓨터정보학회논문지
• /
• 제24권9호
• /
• pp.35-42
• /
• 2019

In this paper, we propose an approach to apply network-based moving target defense into Internet of Things (IoT) networks. The IoT is a technology that provides the high interconnectivity of things like electronic devices. However, cyber security risks are expected to increase as the interconnectivity of such devices increases. One recent study demonstrated a man-in-the-middle attack in the statically configured IoT network. In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. The approach continuously changes system's attack surface to prevent attacks. After analyzing IPv4 / IPv6-based moving target defense schemes and IoT network-related technologies, we present our approach in terms of addressing systems, address mutation techniques, communication models, network configuration, and node mobility. In addition, we summarize the direction of future research in relation to the proposed approach.

• 시큐리티연구
• /
• 제51호
• /
• pp.11-35
• /
• 2017

누구도 예상 할 수 없는 기술 혁명을 통해 이제 정보화 및 공장 자동화로 일컬어지는 3차 산업혁명에서 기술이 융합되고 데이터가 힘을 갖는 초지능 초연결의 시대인 4차 산업 혁명 사회로 나아가고 있다. 이러한 제4차 산업혁명의 시대에 무엇보다도 가장 중요한 자원은 정보나 데이터라고 볼 수 있다. 과거 3차 산업혁명 때보다도 더욱 방대한 양의 정보가 실시간으로 활용, 공유 그리고 전달되면서 이러한 정보의 관리 및 보안의 중요성이 커지고 있다고 볼 수 있다. 이처럼 4차 산업혁명의 가장 핵심이 되는 정보자산의 관리와 보안의 중요성은 증대해 가고 있는 동시에 위협요인 또한 증가해서 많은 정보 침해 사고와 유출사례들이 늘어나고 있다. 이러한 정보 침해와 유출 사고로 인해 조직체나 회사는 금전적으로나 대외적으로 큰 손해를 볼 수 있는데 이에 대한 철저한 해결 방안을 마련하는 것이 필요하다고 볼 수 있다. 따라서 본 논문에서는 위협요인과 관련해 데이터 사고나 유출에 대한 전반적인 추이를 알아보고 구체적으로 어떤 산업분야에서 가장 많은 피해를 입었는지도 알아보고자 한다. 다음으로 이러한 데이터 사고나 유출을 일으키는 요인들과 9가지 공격패턴을 각각의 특징에 따라 설명하고 이러한 위협요인과 공격에 어떻게 대응해 나갈지도 논의해 보기로 한다.

• 한국항해항만학회지
• /
• 제36권3호
• /
• pp.261-271
• /
• 2012

본 연구의 목적은 항만기업 종사자들의 정보보안인식정도와 지각된 정보보안위험 정도에 영향을 미치는 요인들이 어떤 것들이 있는지를 실증 분석하는 것이다. 특히, 지각된 정보보안위험에 영향을 미치는 요인을 파악하기 위하여 위험분석방법론을 토대로 자산, 위협, 취약성과의 관계를 분석하였다. 252개의 유효설문을 대상으로 AMOS를 이용한 구조방정식 모형 분석을 하였다. 연구결과를 보면, 첫째, 항만기업 종사자의 경우 정보자산은 지각된 정보보안위험에 유의하지 않은 결과로 분석되었다. 둘째, 위협, 취약성은 지각된 정보보안위험에 유의한 영향을 미치는 것으로 나타났다. 마지막으로, 정보보안인식과 정보보안교육, 정보보안인식과 정보보안의도와의 관계는 유의하게 분석되었다. 그러나 정보보안관심도는 정보보안인식에 유의하지 않은 것으로 분석되었다.

• International Journal of Computer Science & Network Security
• /
• 제24권4호
• /
• pp.1-10
• /
• 2024

In the era of big data, the growth of e-commerce transactions brings forth both opportunities and risks, including the threat of data theft and fraud. To address these challenges, an automated real-time fraud detection system leveraging machine learning was developed. Four algorithms (Decision Tree, Naïve Bayes, XGBoost, and Neural Network) underwent comparison using a dataset from a clothing website that encompassed both legitimate and fraudulent transactions. The dataset exhibited an imbalance, with 9.3% representing fraud and 90.07% legitimate transactions. Performance evaluation metrics, including Recall, Precision, F1 Score, and AUC ROC, were employed to assess the effectiveness of each algorithm. XGBoost emerged as the top-performing model, achieving an impressive accuracy score of 95.85%. The proposed system proves to be a robust defense mechanism against fraudulent activities in e-commerce, thereby enhancing security and instilling trust in online transactions.

• International Journal of Computer Science & Network Security
• /
• 제21권12spc호
• /
• pp.477-482
• /
• 2021

The existing approaches to ensuring the banking security of the state do not take into account the peculiarities of the banking system in the rapid development of the information economy (increasing uncertainty, imbalance and nonlinearity of processes in the banking system under the influence of innovation, institutions, information asymmetry, etc.). A methodological approach to determining the synergetic effect in the implementation of the regulatory influence of the state on the development of innovation processes related to informatization in the banking system, based on the use of differential equations and modelling the sensitivity of innovation processes related to informatization in the banking system, to the regulatory influence of the state to prevent the deployment of risks and threats to economic security of the state in this area has been suggested in the present article.