• Asia pacific journal of information systems
• /
• 제24권3호
• /
• pp.299-323
• /
• 2014

The reason location based service is drawing attention recently is because smart phones are being supplied increasingly. Smart phone, basically equipped with GPS that can identify location information, has the advantage that it can provide contents and services suitable for the user by identifying user location accurately. Offering such diverse advantages, location based services are increasingly used. In addition, for use of location based services, release of user's personal information and location data is essentially required. Regarding personal information and location data, in addition to IT companies, general companies also are conducting various profitable businesses and sales activities based on personal information, and in particular, personal location data, comprehending high value of use among personal information, are drawing high attentions. Increase in demand of personal information is raising the risk of personal information infringement, and infringements of personal location data also are increasing in frequency and degree. Therefore, infringements of personal information should be minimized through user's action and efforts to reinforce security along with Act on the Protection of Personal Information and Act on the Protection of Location Information. This study aimed to improve the importance of personal information privacy by empirically analyzing the effect of perceived values on the intention to strengthen location information security and continuously use location information for users who received location-based services (LBS) in mobile environments with the privacy calculation model of benefits and risks as a theoretical background. This study regarded situation-based provision, the benefit which users perceived while using location-based services, and the risk related to personal location information, a risk which occurs while using services, as independent variables and investigated the perceived values of the two variables. It also examined whether there were efforts to reduce risks related to personal location information according to the values of location- based services, which consumers perceived through the intention to strengthen security. Furthermore, it presented a study model which intended to investigate the effect of perceived values and intention of strengthening security on the continuous use of location-based services. A survey was conducted for three hundred ten users who had received location-based services via their smartphones to verify study hypotheses. Three hundred four questionnaires except problematic ones were collected. The hypotheses were verified, using a statistical method and a logical basis was presented. An empirical analysis was made on the data collected through the survey with SPSS 12.0 and SmartPLS 2.0 to verify respondents' demographic characteristics, an exploratory factor analysis and the appropriateness of the study model. As a result, it was shown that the users who had received location-based services were significantly influenced by the perceived value of their benefits, but risk related to location information did not have an effect on consumers' perceived values. Even though users perceived the risk related to personal location information while using services, it was viewed that users' perceived value had nothing to do with the use of location-based services. However, it was shown that users significantly responded to the intention of strengthening security in relation to location information risks and tended to use services continuously, strengthening positive efforts for security when their perceived values were high.

• Asia pacific journal of information systems
• /
• 제33권4호
• /
• pp.863-898
• /
• 2023

Previous studies have shown that insiders pose risks to the security of organisations' secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations' best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel's behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.

• 정보보호학회논문지
• /
• 제26권3호
• /
• pp.679-691
• /
• 2016

자동차에 여러 종류의 통신기기가 장착되고 운전자는 통신기기를 이용해 다양한 정보를 자동차에서 수집할 수 있게 되었다. 최근 운전자는 스마트폰을 이용하여 자동차의 상태정보를 실시간으로 획득하고 원격으로 자동차를 제어할 수 있다. 그러나 안드로이드 기반 앱은 변조와 재배포가 쉽다. 운전자는 임의의 공격자가 변조하여 배포한 악성 앱을 사용하게 되면 자동차에서 발생하는 다양한 정보의 유출위협과 운전자의 의도와 다른 제어로 사고를 유발하는 위협에 노출될 수 있다. 더욱이 자동차 내부 네트워크에는 보안기법이 적용되어 있지 않아 보안 위협으로부터 쉽게 노출되어 사고발생 시 인명과 재산상의 큰 피해를 야기할 수 있다. 본 논문에서는 안드로이드 공식 앱 마켓인 구글 플레이에 배포된 다양한 자동차 진단용 앱의 취약점을 분석한다. 분석된 취약점을 통해 배포된 자동차 진단용 앱에서 발생 가능한 공격모델을 알아본다. 그리고 실제 자동차에서 실험으로 공격모델에 대한 위험성을 검증한다. 마지막으로 자동차 진단용 앱 리패키징을 사용한 공격자의 악성행위로부터 안전한 보호기법을 제안한다.

• 한국정보통신학회논문지
• /
• 제15권11호
• /
• pp.2399-2403
• /
• 2011

RFID 는 유비쿼터스 환경하에서 필수불가결한 기술이 되도 있다. 그러나 RFID 의 본질적인 단점으로 인하여 프라이버시와 같은 보안적인 취약점을 기자고 있다. 따라서 본 논문에서는 RFID 시스템의 관점하에서 태그에서의 보안적인 취약점 및 이럴 해결하기 위한 여러 가지의 프로토콜에서의 문제점을 분석하였다. 최근에는 반도체 공정 기술의 발전과 경량화프로토콜의 발전으로 인하여 태그에서의 보안성이 향상되고 있는 중이다.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2009년도 추계학술대회
• /
• pp.892-895
• /
• 2009

Medical records must be well protected because they are needed to care for the health of patients. For that reason, user authentication and medical data encryption are essential for the security of both wired and wireless Healthcare Information Systems (HIS). The main focus of this paper is on the analysis of the numerous possible attacks and the countermeasures to overcome these attacks in Mobile Healthcare Environment (MHE) with an appropriate security protocols. To draw a conclusion, this will propose why a healthcare architecture should establish a multi-layered defense against the risks.

• 인터넷정보학회논문지
• /
• 제7권3호
• /
• pp.93-105
• /
• 2006

인터넷 메신저는 개인적인 용도 이외에도 기업환경에서 실시간의 의사소통과 인터넷 상의 자료 전송 등을 통해서 기업의 생산성 향상에 큰 기여를 하고 있다. 그러나, 인터넷 메신저가 기업 내부에서 사용되면서 보안상의 많은 문제점이 지적되고 있다. 본 연구에서는 위험관리 방법론을 통해서 인터넷 메신저에 대한 위험을 분석하고 이에 대한 통제요소를 제시한다. 인터넷 메신저의 다양한 효과를 생각할 때 기업내부에서 인터넷 메신저를 완전히 차단하는 것은 어려운 일이다. 따라서, 본 논문에서 제시한 보안 통제 수단들을 통해서 인터넷 메신저가 지닌 잠재적 위험요소에 적절히 대응하며 이를 기업의 정보인프라로 활용해야 할 것이다.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2010년도 추계학술발표대회
• /
• pp.1279-1280
• /
• 2010

There are some cases when SOAP message, where WS-Security and WS-Policy elements are included, may consist of a sensitive and important data. In these cases, the message is highly recommended to be secured. The question exists of how to quickly identify that SOAP message satisfies security requirement and security level of a SOAP message. In this paper, we propose a technique called Bit-Stream which depends on the importance of SOAP elements to automatically identify the vulnerabilities and risks while offering advice for higher security.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2008년도 추계종합학술대회 B
• /
• pp.261-264
• /
• 2008

IPv6 has been proposed and deployed to cater the shortage of IPv4 addresses. It is expected to foresee mobile phones, pocket PCs, home devices and any other kind of network capable devices to be connected to the Internet with the introduction and deployment of IPv6. This scenario will bring in more challenges to the existing network infrastructure especially in the network security area. Firewalls are the simplest and the most basic form of protection to ensure network security. Nowadays, firewalls' usage has been extended from not only to protect the whole network but also appear as software firewalls to protect each network devices. IPv6 and IPv4 are not interoperable as there are separate networking stacks for each protocol. Therefore, the existing states of the art in firewalling need to be reengineered. In our context here, we pay attention only to the IPv6 firewalls configuration anomalies without considering other factors. Pre-evaluation of security risk is important in any organization especially a large scale network deployment where an add on rules to the firewall may affect the up and running network. We proposed a new probabilistic based model to evaluate the security risks based on examining the existing firewall rules. Hence, the network administrators can pre-evaluate the possible risk incurred in their current network security implementation in the IPv6 network. The outcome from our proposed pre-evaluation model will be the possibilities in percentage that the IPv6 firewall is configured wrongly or insecurely where known attacks such as DoS attack, Probation attack, Renumbering attack and etc can be launched easily. Besides that, we suggest and recommend few important rules set that should be included in configuring IPv6 firewall rules.

• International Journal of Computer Science & Network Security
• /
• 제22권5호
• /
• pp.204-214
• /
• 2022

Speedy development has been witnessed in communication technologies and the adoption of the Internet across the world. Information dissemination is the primary goal of these technologies. One of the rapidly developing nations in the Middle East is Saudi Arabia, where the use of communication technologies, including mobile and Internet, has drastically risen in recent times. These advancements are relatively new to the region when contrasted to developed nations. Thus, offenses arising from the adoption of these technologies may be new to Saudi Arabians. This study examines cyber security awareness among Saudi Arabian citizens in distinct settings. A comparison is made between the cybersecurity policy guidelines adopted in Saudi Arabia and three other nations. This review will explore distinct essential elements and approaches to mitigating cybercrimes in the United States, Singapore, and India. Following an analysis of the current cybersecurity framework in Saudi Arabia, suggestions for improvement are determined from the overall findings. A key objective is enhancing the nationwide focus on efficient safety and security systems. While the participants display a clear knowledge of IT, the surveyed literature shows limited awareness of the risks related to cyber security practices and the role of government in promoting data safety across the Internet. As the findings indicate, proper frameworks regarding cyber security need to be considered to ensure that associated threats are mitigated as Saudi Arabia aspires to become an efficient smart nation.

• 한국전자거래학회지
• /
• 제19권3호
• /
• pp.1-21
• /
• 2014

개인정보는 금융거래의 성립조건이며 금융회사의 핵심자산이다. 그러나 정보사회의 부작용으로써 나타난 개인정보 침해사고는 중대한 사회적 위험이 되고 있으며, 이러한 위험은 개인과 회사의 실제적 피해로써 현실화되고 있다. 본 연구는 소비자의 손실 측면에서 개인정보 침해 사고로 인해 금융 분야에서 발생한 금전적, 정신적 손해 현황을 분석하고, 이러한 실제 손해를 최소화하기 위한 위험전가의 수단으로써 보험의 유용성을 제시하였다. 그리고 개인 정보 침해 사고 보상보험의 구성요소와 보험료의 산정원리를 검토하고 최종적으로 이러한 보험 제도를 활성화하기 위한 정책을 제안하였다. 위험관리의 한 방법으로써 보험은 소비자 보호와 회사의 재무적 건전성을 동시에 확보할 수 있는 유용한 수단이며, IT 리스크의 계량적 측정을 위한 기반을 제공할 수 있다.