• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.31-39
• /
• 2019

The 129 public institutions in Korea are subject to Information Security Management Condition Evaluation (ISMCE) as a part of the government management evaluation system by the Ministry of Economy and Finance. ISMCE is started in 2006 with the central government institutions, and applied to the all public institutions in 2009. This evaluation is annually conducted by the National Intelligence Service through the site visits, and the number of the evaluated institutions is increasing year by year. However, the process of ISMCE - identifying existing vulnerabilities in the information system - is conducted manually. To improve this inconvenience, this paper introduces the various evaluation system in the major countries, especially in the United States, and analyzes the Security Content Automation Protocol (SCAP) by NIST. SCAP is automation protocol for the system vulnerability management (in technical fields) and security policy compliance evaluation. Based on SCAP, this paper suggests an improvement plan for the ISMCE of Korea.

• Journal of Information Technology Services
• /
• v.20 no.6
• /
• pp.63-81
• /
• 2021

Joint financial network of Korea Financial Telecommunications and Clearings Institute, which is an essential facility with a natural monopoly, maintained its closedness as monopoly/public utility model, but it has evolved in the form of open banking in order to obtain domestic fintech competitiveness in the rapidly changing digital financial ecosystem such as the acceleration of Big Blur. In accordance with digital transformation strategy of financial institutions, various ICT companies are actively participating in the financial industries, which has been exclusive to banks, through the link technology called Open API. For this reason, there has been a significant change in the financial service supply chain in which ICT companies participate as users. The level of security in the financial service supply chain is determined based on the weakest part of the individual components according to the law of minimum. In addition, there is a perceived risk of personal information and financial information leakage among the main factors that affect users' intention to accept services, and appropriate protective measures against perceived security risks can be a catalyst, which increases the acceptance of open banking. Therefore, this is a study on factors affecting the introduction of open banking to achieve financial innovation by developing an open banking security control model for financial institutions, as a protective measures to user organizations, from the perspectives of cyber financial security and customer information protection, respectively, and surveying financial security experts. It is expected, from this study, that effective information protection measures will be derived to protect the rights and interests of financial customers and will help promote open banking.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1259-1277
• /
• 2018

This study analyzes cyber security strategies, laws, organizations, and the roles of the ministries in the US, Germany, UK, Japan, China, and Korea and draws implications for establishing a practical and efficient next generation national cyber security governance. Under this goal, this study analyzes cyber security strategies, laws, organizations, and the roles of the ministries in the US, Germany, UK, Japan, China, and Korea and draws implications for establishing a practical and efficient next generation national cyber security governance. Based on the results of this analysis, this study suggests suggestions and directions for improvement of domestic cyber security governance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.109-127
• /
• 2011

Mobile Office is a new type of working method in the workplace that can be used at any time or anywhere by connecting to the network with mobile devices. This allows people to do their jobs without their physical presence in their offices to use computers. The elements in mobile office environment are advancing. They include the widespread distribution of the smart phones, the network enhancing strategy in a ubiquitous environment and expansion of the wireless internet; however, there are not enough security guidelines or policies against these threats on the new environment, the mobile office, although there is the revitalization policy of smart work supported by the government. CERT and ISAC, the known security system as of now, could be used for the secure mobile office, In this paper, suggestions are to be provided for strengthening the security of smart mobile office by analysing the functions of CERT and ISAC.

• Journal of the Korea Convergence Society
• /
• v.11 no.9
• /
• pp.229-242
• /
• 2020

The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.11
• /
• pp.4184-4202
• /
• 2021

Text steganography combined with natural language generation has become increasingly popular. The existing methods usually embed secret information in the generated word by controlling the sampling in the process of text generation. A candidate pool will be constructed by greedy strategy, and only the words with high probability will be encoded, which damages the statistical law of the texts and seriously affects the security of steganography. In order to reduce the influence of the candidate pool on the statistical imperceptibility of steganography, we propose a steganography method based on a new sampling strategy. Instead of just consisting of words with high probability, we select words with relatively small difference from the actual sample of the language model to build a candidate pool, thus keeping consistency with the probability distribution of the language model. What's more, we encode the candidate words according to their probability similarity with the target word, which can further maintain the probability distribution. Experimental results show that the proposed method can outperform the state-of-the-art steganographic methods in terms of security performance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.2
• /
• pp.562-576
• /
• 2020

The power allocation optimization problem is investigated for improving the physical-layer security in two-way relaying networks, where a full-duplex relay based half-jamming protocol (HJP-FDR) is considered. Specially, by introducing a power splitter factor, HJP-FDR divides the relay's power into two parts: one for forwarding the sources' signals, the other for jamming. An optimization problem for power split factor is first developed, which is proved to be concave and closed-form solution is achieved. Moreover, we formulate a power allocation problem to determine the sources' power subject to the total power constraint. Applying the achieved closed-form solutions to the above-mentioned problems, a two-stage strategy is proposed to implement the overall power allocation. Simulation results highlight the effectiveness of our proposed algorithm and indicate the necessity of optimal power allocation.

• Journal of Information Technology Applications and Management
• /
• v.10 no.3
• /
• pp.93-108
• /
• 2003

As Electronic Commerce is popularized, crimes related to Electronic Commerce are also increasing, Electronic shopping malls and payment gateways focus their attention on network security of payment information or the sizes of encryption keys, In real world, however, the payment-related crimes in electronic shopping malls are not based on the security hole of encryption mechanism of the payment systems, but on the customers carelessness or the insecurity of server systems of merchants or financial institutes. So, this research analyzes the structure of current electronic payment systems, investigates the payment-related crimes, addresses the structural problems of the Korean electronic payment systems, and suggests an alternative general architecture for secure payment systems by incorporating the concept of separation of order information and payment information.

• Annual Conference of KIPS
• /
• 2010.11a
• /
• pp.1173-1176
• /
• 2010

최근 신재생 에너지 및 전기차 보급 등 저탄소 녹생성장에 대한 관심이 고조 되면서 기존의 전력망에 ICT 기술을 접목하여, 공급자와 소비자가 양방향으로 실시간 전력 정보를 교환함으로써 에너지 효율을 최적화하는 스마트그리드를 도입하기 위한 연구가 활발하게 진행되고 있다. 하지만 국내에서는 스마트그리드와 관련된 기반시설을 구축할 뿐 보안과 관련된 법, 제도는 미흡한 실정이다. 이에 본 논문에서는 미국에서 진행되고 있는 스마트그리드 보안 전략을 분석하여 한국형 스마트그리드에 대한 보안 전략을 도출한다.

• International Journal of Computer Science & Network Security
• /
• v.23 no.3
• /
• pp.17-30
• /
• 2023

The current research aims to reveal the impact of using some participatory e-learning strategies (participatory product - classroom web simulation) in developing cognitive achievement, electronic course design skills, and - skills list - Torrance test of innovative thinking). The tools of innovative thinking among a sample of Information Science students. To achieve the objectives of current research, the researcher designed an educational website to train students to produce electronic courses via the web, according to the two participatory e-learning strategies. The researcher used a set of tools represented in (achievement test research and experimental treatment were applied to a sample of the Faculty of Computer students at Umm Al-Qura University. The results found that both participatory product strategy and web simulation have an imact on developing learning aspects discussed in the research. As for which of the two strategies had a greater impact than the other, it turned out that the web simulation strategy had a greater impact than the participatory product strategy in developing these aspects.