• Title/Summary/Keyword: Information Security Strategic

Search Result 149, Processing Time 0.03 seconds

Strategic Decision Making Model Among Collective Intelligences Using The Game Theory in Cyber Attacks - Case study of KHNP Hacking - (사이버공격시 게임이론을 활용한 집단지성간 전략결정 모델 연구 - 한수원 해킹사건을 중심으로 -)

  • Park, Sang-min;Lee, Kyung-ho;Lim, Jong-in
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.237-246
    • /
    • 2016
  • Recently various types of cyber attacks have occurred. The strategic goals & tactical means of these have evolved. Especially KHNP cyber attack was the type of hacktivism combined hack and psychological warfare. The cyber attackers have forecd the nation to participate in the cyber warfare and the government to make strategic decisions to the releases of confidential information and the threats of stopping KHNP. In this paper, we would like to study the effective strategic decision-making model utilizing the game theory and including an attack intelligence on open policy Decision framework.

DDPG-SDPCR: A DDPG-based Software Defined Perimeter Components Redeployment

  • Zheng Zhang;Quan Ren;Jie Lu;Yuxiang Hu;Hongchang Chen
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.9
    • /
    • pp.2739-2763
    • /
    • 2024
  • In wide area SDP networks, the failure of SDP components caused by malicious attacks will be accompanied by different deployment locations, profoundly affecting network service latency. However, traditional deployment methods based on prior knowledge are no longer applicable to dynamic SDP networks. This article proposes a dynamic and dimensionally variable deployment mechanism DDPG-SDPCR for SDP components based on DDPG, which enhances the network's endogenous security capability and improves attack tolerance. Based on this, we constructed corresponding mathematical models for latency, load balancing, and attack tolerance. The DDPG-SDPCR mechanism dynamically deploys new SDP nodes to replace faulty nodes based on the real-time status of the network, thereby achieving imperceptible attack tolerance for users. We have implemented a wide area SDP prototype with endogenous security capabilities and evaluated it under different network topologies, traffic sizes, and network attacks. The evaluation results indicate that under high traffic conditions, our proposed redeployment mechanism outperforms the baseline by 36.42% in latency, and only increases by 19.24% compared to the non attacked situation.

Research on 5G Core Network Trust Model Based on NF Interaction Behavior

  • Zhu, Ying;Liu, Caixia;Zhang, Yiming;You, Wei
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.10
    • /
    • pp.3333-3354
    • /
    • 2022
  • The 5G Core Network (5GC) is an essential part of the mobile communication network, but its security protection strategy based on the boundary construction is difficult to ensure the security inside the network. For example, the Network Function (NF) mutual authentication mechanism that relies on the transport layer security mechanism and OAuth2.0's Client Credentials cannot identify the hijacked NF. To address this problem, this paper proposes a trust model for 5GC based on NF interaction behavior to identify malicious NFs and improve the inherent security of 5GC. First, based on the interaction behavior and context awareness of NF, the trust between NFs is quantified through the frequency ratio of interaction behavior and the success rate of interaction behavior. Second, introduce trust transmit to make NF comprehensively refer to the trust evaluation results of other NFs. Last, classify the possible malicious behavior of NF and define the corresponding punishment mechanism. The experimental results show that the trust value of NFs converges to stable values, and the proposed trust model can effectively evaluate the trustworthiness of NFs and quickly and accurately identify different types of malicious NFs.

A Study on E-trade Security Issue and Strategy in Ubiquitous Computing Environment (유비쿼터스 컴퓨팅 환경 하에서의 전자무역 보안 쟁점과 전략에 관한 소고)

  • Jung, Sung-Hoon;Kang, Jang-Mook;Lee, Chun-Su
    • International Commerce and Information Review
    • /
    • v.7 no.3
    • /
    • pp.135-156
    • /
    • 2005
  • The rapidly developed environment by ubiquitous computing make the paradigm from e-trade to u-trade. The purpose of the study is to find out issue and the strategic suggestions that could link together between the e-trade and ubiquitous computing in side of information security. The study include the contents as follows; firstly, the technical explanations under the ubiquitous computing, secondly, e-trade's risks in security technology and lastly, issue and strategic suggestions how link them together in integrated view.

  • PDF

Prioritize Security Strategy based on Enterprise Type Classification Using Pair Comparison (쌍대비교를 활용한 기업 유형 분류에 따른 보안 전략 우선순위 결정)

  • Kim, Hee-Ohl;Baek, Dong-Hyun
    • Journal of Korean Society of Industrial and Systems Engineering
    • /
    • v.39 no.4
    • /
    • pp.97-105
    • /
    • 2016
  • As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

Informational and Methodological Approach to Ensuring the Economic Security of the State in the Banking Sphere

  • Shemayeva, Luidmila;Hladkykh, Dmytro;Mihus, Iryna;Onofriichuk, Andrii;Onofriichuk, Vitalii
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12spc
    • /
    • pp.477-482
    • /
    • 2021
  • The existing approaches to ensuring the banking security of the state do not take into account the peculiarities of the banking system in the rapid development of the information economy (increasing uncertainty, imbalance and nonlinearity of processes in the banking system under the influence of innovation, institutions, information asymmetry, etc.). A methodological approach to determining the synergetic effect in the implementation of the regulatory influence of the state on the development of innovation processes related to informatization in the banking system, based on the use of differential equations and modelling the sensitivity of innovation processes related to informatization in the banking system, to the regulatory influence of the state to prevent the deployment of risks and threats to economic security of the state in this area has been suggested in the present article.

A Study on Improvement Plans of SMEs Support Policy for Information Security in Korea (국내 중소기업 정보보호 지원 정책 개선 방안에 관한 연구)

  • Jang, Sang-Soo
    • Journal of Convergence for Information Technology
    • /
    • v.10 no.11
    • /
    • pp.332-339
    • /
    • 2020
  • This study aims to analyze problems and deduce improvement plans for information security support policies for SMEs in Korea. To this end, an effective support policy necessary for reinforcing cyber safety nets to enhance the level of information security of domestic SMEs based on the analysis results by analyzing the status and problems of the previous research review and analysis, the current status of information security of SMEs and the information security support policies of major SMEs at home and abroad. I would like to suggest improvement measures. Reinforcement of awareness, legal basis, voluntary capacity building, joint response system, professional manpower and budget support, cyber security construction, untact era support, and regional strategic industry security internalization were suggested. This can be used as the government's information security support policy to raise the level of information security of SMEs in preparation for the post Covid19.

A Study on the Development of a Tool to Support Classification of Strategic Items Using Deep Learning (딥러닝을 활용한 전략물자 판정 지원도구 개발에 대한 연구)

  • Cho, Jae-Young;Yoon, Ji-Won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.967-973
    • /
    • 2020
  • As the implementation of export controls is spreading, the importance of classifying strategic items is increasing, but Korean export companies that are new to export controls are not able to understand the concept of strategic items, and it is difficult to classifying strategic items due to various criteria for controlling strategic items. In this paper, we propose a method that can easily approach the process of classification by lowering the barrier to entry for users who are new to export controls or users who are using classification of strategic items. If the user can confirm the decision result by providing a manual or a catalog for the procedure of classifying strategic items, it will be more convenient and easy to approach the method and procedure for classfying strategic items. In order to achieve the purpose of this study, it utilizes deep learning, which are being studied in image recognition and classification, and OCR(optical character reader) technology. And through the research and development of the support tool, we provide information that is helpful for the classification of strategic items to our companies.

QRIS as a Drivers of Product Distribution Flows in Indonesia: Factors of Consumer Purchasing Behavior in the Use of Fintech Payments

  • Ariani BAKHITAH;Ricardo INDRA;Wandy HALIM;Vicky FERBIAN;Zinggara HIDAYAT
    • Journal of Distribution Science
    • /
    • v.21 no.12
    • /
    • pp.59-69
    • /
    • 2023
  • Purpose: Consumers can experience better service for distribution of products with payment technology such as QRIS (Quick Response Code Indonesian Standard) compared to conventional purchase methods. This research aims to determine the experience of QRIS service users in Indonesia. Perceived Usefulness, Ease of Use, and Perceived Security were independent factors. Behavioral Intention to Use is the dependent variable. Furthermore, Word of Mouth Attitude is an intervening variable. Research Design, Data, and Methodology: Involving active QRIS users in a survey-based quantitative study in Indonesia. A survey sample of 400 people was taken from data records of 30.87 million QRIS users in Indonesia. Data were analyzed using SEM-PLS. Results: Show that Perceived Usefulness and Perceived Ease of Use significantly impact Attitudes Word of Mouth, and Behavioral Intention to Use. This research also found that Behavioral Intention to Use does not significantly impact Perceived Security. Conclusion: QRIS, as a revolutionary innovation, offers faster payments than previous methods, with a payment time of no more than one minute. QRIS is seen as valuable, simple, and safe, disseminating information to the public and continuing to use QRIS. The implications of this research are very significant in accelerating the flow of distribution of goods and services and facilitating transactions.

A strategic Approach for Establishing Korea's Cyber Terrorism Policy : Focusing on the UK's cyber terrorism policy (국내 사이버테러 정책수립을 위한 전략적 접근방안 : 영국의 사이버테러 정책을 중심으로)

  • Kim, Byung-Hwa
    • Korean Security Journal
    • /
    • no.51
    • /
    • pp.173-195
    • /
    • 2017
  • Recently, in South Korea, security management has been strengthened, but there have been an increasing number of cases where the main infrastructure of the country is hacked in the cyber space. South Korea is equipped with sophisticated information and communication technologies, such as Internet, but is threatened by cyber terrorism of North Korea and terrorist organizations. Nevertheless, there is a limit to how to develop a policy and strategic plan for the country, which is related to domestic terrorism and lacks legal and regulatory facilities, and therefore, in this study, proposed suggestions for building adaptive and efficient policy formulation. Based on the theoretical analysis framework of the Strategic Plan for achieving the objectives of the research, we compared the UK 's security strategy with the national security policy of the domestic government. As a result, several problems were derived: First, the domestic security strategy did not take into account the external environment. Secondly, lack of coordination with domestic cyber security goals setting and strategy is causing ambiguity and confusion. Third, the detailed plan of implementation of national security in each province is designed to ensure that there is a possibility that a mixed side effect between ministries and agencies will arise. Fourth, it was found that there was a limit to prepare the evaluation standards for the evaluation and return of domestic security policies in the country. Therefore, in order to establish a policy for the response of domestic cyber terrorism, we set up a vision from long-term perspectives and concrete targets based on the strategic approach of the security policy, It is necessary to present an assignment and formulate an efficient execution plan. It is necessary to maintain and improve the domestic safeguards in order to be able to complement the problems through evaluation and feedback.

  • PDF