• 한국데이타베이스학회:학술대회논문집
• /
• 한국데이타베이스학회 1999년도 국제컨퍼런스 디지털컨텐츠 활용을 통한 지식경영의 확산
• /
• pp.119-127
• /
• 1999

본 연구는 정보보안 수준을 효과적이고 효율적으로 측정할 수 있는 간편한 지표를 개발하는 목적으로 수행되었다. 기존 관련연구 및 지표를 분석하여 문제점을 도출하고 개선 방향을 설정한 후, 관련전문가들에게 예비조사를 실시하여 후보지표 항목을 선정하였다. 선정된 후보지표 항목에 대한 타당성 검증을 위해 보안 전문가 집단에게 설문조사를 실시하였다. 요소로서의 타당성, 상대적 중요성, 항목 결여시 보안사고 발생확률, 사고의 심각성 등 4가지 기준에 의한 설문조사 결과를 분석하여 각 후보 지표 항목에 대한 요소로서의 타당성을 도출하였다. 대부분의 후보 항목이 바람직한 항목인 것으로 나타났다. 향후 요인 분석과 상관 분석 등을 추가로 수행하고, 보안 수준을 계량화하는 연구로 발전시킬 필요가 있다.

• 한국데이타베이스학회:학술대회논문집
• /
• 한국데이타베이스학회 1999년도 국제컨퍼런스 디지털컨텐츠 활용을 통한 지식경영의 확산
• /
• pp.129-139
• /
• 1999

현재의 조직 환경에서 정보 보호 수준의 결정은 필수 불가결한 이슈가 되고 있지만 정보 보호 수준 구축을 위한 기준은 상대적으로 부족한 실정이다. 이에 본 논문에서는 정보 보호 수준 결정에 있어서 기준이 될 수 있는 중요한 요소인 위험에 대해서 기존의 위험 평가 프로세스를 분석하여 개선된 위험평가 프로세스를 제시하고 허용 가능한 위험을 결정하기 위한 중요 기준인 목표 잉여 위험의 결정 방법에 대해 논하고자 한다.

• Journal of Information Processing Systems
• /
• 제15권4호
• /
• pp.865-889
• /
• 2019

The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

• 한국전자거래학회지
• /
• 제22권3호
• /
• pp.43-55
• /
• 2017

세계의료관광 서비스의 시장 규모는 날로 커지고 있으며, 국내 의료관광 시장 또한 높은 성장세를 보이고 있다. 그러나 다양한 정보와 서비스가 정형화되어 있지 않고 정상적인 가격경쟁의 불가 등 의료 서비스 제공으로 인한 문제점이 대두되고 있는 실정이다. 이렇게 정형화 되지 않은 의료 서비스 제공으로 인한 문제점이 대두되고 있으며, 이를 개선하기 위해 본 논문에서는 의료 생태계 조사를 통하여 ICT 기반 한국형 의료관광 서비스 모델을 설계하였다. 우선적으로 국내외 의료 생태계 현황 분석을 진행하여 국내 시장에서의 의료관광 문제점을 파악하고 개선을 위한 주요한 방향성을 제시하여 전략을 수립하였다. 이를 반영하여 국내 실정에 맞으며 고객이 접근 가능하고 편리한 ICT 기반 의료관광 서비스 모델, 클라우드, O2O 서비스 기반 역경매 시스템, 빅데이터 기반 라이프사이클 관리 그리고 모바일 중심 헬퍼 서비스를 설계하였다. 본 논문에서 제안한 의료관광 서비스 모델은 고객에게 편리함을 제공하며 향후 한국 의료관광 문제점들을 해결하고 활성화에 기여하며 산업적으로도 파급력 있는 효과를 기대한다.

• 산업경영시스템학회지
• /
• 제38권4호
• /
• pp.30-38
• /
• 2015

IT security service provides customers with the capability of protecting the networked information asset and infrastructures, and the scope of security service is expanding from a technology-intensive task to a comprehensive protection system for IT environment. To improve the quality of this service, a research model which help assess the quality is required. Several research models have been proposed and used in various service areas, but few cases are found for IT security service. In this work, a research model for the IT security quality has been proposed, based on research models such as SERVQUAL and E-S-QUAL. With the proposed model, factors which affect the service quality and the best quality measure have been identified. And the feasibility of using quantitative measures for quality has been examined. For analysis, structural equation modeling and various statistical methods such as principal component analysis were used. The result shows that satisfaction is the most significant measure affected by the proposed quality factors. Two quality factors, fulfillment and empathy, are the main determinants of the service quality. This leads to a strategy of quality improvement based on factors of emotion and perception, not of technology. The quantitative measures are considered as promising alternative measures, when combined with other measures. In order to design reliable quantitative measures, more work should be done on target processing time and users' expectation. It is hoped that work of this research will provide efficient tools and methods to improve the quality of IT security service and help future research works for other IT service areas.

• Journal of Information Technology Applications and Management
• /
• 제20권1호
• /
• pp.149-171
• /
• 2013

The purpose of this study is to investigate factors influencing Chinese consumers' intention to adopt Smartphones. This paper examines Smartphone characteristics factors (situational dependence, diversity and security) and consumer personality characteristics (innovation, self-efficacy and familarity) based on the Technology Acceptance Model. The 320 sets of data are tested against the model using SEM (structural equation model). The research results reveal that diversity and security have significant influences on both perceived usefulness and perceived playfulness. According to the data analysis, self-efficacy affects only perceived easy of use, and familiarity positively affects perceived easy of use, usefulness and playfulness. This study finds that perceived easy of use and perceived usefulness have positive influences on behavioral intention to adopt Smartphones, and situational dependence and innovation directly affect the behavioral intention. The perceived cost has a negative impact on the behavioral intention. Research results are discussed, and limitations of the current study and future research are presented.

• Journal of Information Technology Applications and Management
• /
• 제26권6호
• /
• pp.119-138
• /
• 2019

This work examines whether IT managers adopt of real options such as defer, expand, contract, and abandon in order to cope with ERP risks, which include technological risk, relationship risk with SW vendors, economic risk, and security risk. We collect data of logistics firms in Seoul and its suburbs in 2018 to empirically validate the effect of risks upon the adoption of real options. The results suggest that IT managers adopt all 4 options when facing economic risk and adopt contract and abandon options only when facing security risk. Additionally, we find that IT managers prefers expand option and avoid abandon option when they think ERP compatibility is high.

• 정보기술과데이타베이스저널
• /
• 제7권1호
• /
• pp.67-82
• /
• 2000

In this paper we have developed a message transfer protocol, CMP, which improves MSP's message processing capability. The proposed method has taken into account document classification to improve the efficiency of message processing. The difference between the conventional MSP and CMP has been addressed. The CMP's performance has been shown by various experiments including number, alphabet, Korean letter, Chinese letter, music sound and compression file transmission. And security capability of both protocols has been compared based on the specification of FIPS 140-2. The CMP's overall performance is shown to be superior to that of MSP on the processing speed in the performance perspective and on the function of cryptographic module interface and cryptographic key management in the security perspective respectively.

• Journal of Information Technology Applications and Management
• /
• 제25권2호
• /
• pp.147-159
• /
• 2018

The changes of internet environment have made services through web application server (WAS) popular. Accordingly, technical difficulties in identifying users who access databases through WAS were incurred. In order to solve these problems, many companies adopt an agent-based approach for identifying users by installing additional software on WAS. However, this approach must submit to some disadvantages in terms of cost, maintenance, and development process. In this paper, we devise an non-agent based approach for identifying database users in 3-tier environments.

• International Journal of Computer Science & Network Security
• /
• 제21권4호
• /
• pp.19-27
• /
• 2021

Tasks scheduling have been gaining attention in both industry and research. The scheduling that ensures independent task execution is critical in real-time systems. While task scheduling has gained a lot of attention in recent years, there have been few works that have been implemented into real-time architecture. The efficiency of the classical scheduling strategy in real-time systems, in particular, is still understudied. To reduce total waiting time, we apply three scheduling approaches in this paper: First In/First Out (FIFO), Shortest Execution Time (SET), and Shortest-Longest Execution Time (SLET). Experimental results have demonstrated the efficacy of the SLET in comparison with the others in most cases in a wide range of configurations.