• Journal of Information Technology Applications and Management
• /
• 제22권2호
• /
• pp.171-199
• /
• 2015

This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

• 산업경영시스템학회지
• /
• 제37권4호
• /
• pp.202-211
• /
• 2014

Pairs trading is a type of arbitrage investment strategy that buys an underpriced security and simultaneously sells an overpriced security. Since the 1980s, investors have recognized pairs trading as a promising arbitrage strategy that pursues absolute returns rather than relative profits. Thus, individual and institutional traders, as well as hedge fund traders in the financial markets, have an interest in developing a pairs trading strategy. This study proposes pairs trading rules (PTRs) created from a price ratio between securities (i.e., stock index futures) using rough set analysis. The price ratio involves calculating the closing price of one security and dividing it by the closing price of another security and generating Buy or Sell signals according to whether the ratio is increasing or decreasing. In this empirical study, we generate PTRs through rough set analysis applied to various technical indicators derived from the price ratio between KOSPI 200 and S&P 500 index futures. The proposed trading rules for pairs trading indicate high profits in the futures market.

• 산업경영시스템학회지
• /
• 제33권4호
• /
• pp.145-152
• /
• 2010

Under limited resources such as budgets and experts, it is necessary to make decisions for promotion strategy of standardization work items in Information and Communication Technologies (ICTs). This paper focuses on a method of setting standardization promotion strategies for each item of personal information security standardization. As a decision making tool, the Importance Performance Anaysis (IPA) is applied and analyzed to the decision processes. The results are showed and illustrated for useful inputs to practical policy making in the field of standardization activities.

• 한국컴퓨터정보학회논문지
• /
• 제23권11호
• /
• pp.75-84
• /
• 2018

Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

• 디지털융복합연구
• /
• 제11권10호
• /
• pp.403-409
• /
• 2013

본 논문은 미국 정부의 빅데이터 정책과 보안 이슈에 관해 고찰하였다. 빅데이터 R&D 이니셔티브 전략과 계획, NITRD 프로그램, 정부기관의 빅데이터 전략을 소개하였고, 또한 미군에서 빅데이터 운용환경, 군사 작전에 사용되는 빅데이터 정보, 주요 연구기관과 주제, 보안가이드라인 등에 대해 살펴보았다.

• Journal of Information Technology Applications and Management
• /
• 제11권2호
• /
• pp.45-64
• /
• 2004

Many researchers have proved that information systems auditing is a very effective tool for improving information systems quality. However, information system auditing in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve information system auditing quality on security domain. First of all, we have looked at previous researches on information systems audit, especially on security audit. Based on this survey, we have come up with solutions to improve the evaluation efficiency on security audit. We have merged the security audit guidelines of NCA and KISA, and developed a quantified evaluation scheme. We have proved the validity of this model by interviews with experts and by case studies.

• 한국군사과학기술학회지
• /
• 제9권1호
• /
• pp.80-88
• /
• 2006

The purpose of this thesis is to research and propose a practical Information Security Technical Architecture on Primary Defense Information Infrastructure with regard to requirement of information security. The scope of this research is limited to national defense information master plan & security rule, and U.S. DoD's IATF is used to plan a detailed structure. The result of this research can be used as a guide book for providing security for Army IT infrastructure now and in the future as well as to devise a plan for research and development in information protection technology.

• International Journal of Computer Science & Network Security
• /
• 제21권8호
• /
• pp.187-195
• /
• 2021

The intensification of the processes of the digital economy development is leading to the transformation of the higher education system. Universities are forced to digitalize their own educational, research, international, marketing, financial and economic activities in order to maintain a competitive position in the global market of educational services. The purpose of the article is to study the role of information and communication technologies in the development of the higher education system and to ensure its adaptability to modern challenges of digital economy. To achieve this goal, methods of content analysis, logical generalization, systematization and a structural-functional method are used. In the article, the authors substantiate the urgency of forming a holistic strategy to ensure the adaptability of higher education to the challenges of digital economy. In the structure of this strategy, the information-technological block is singled out and described. The authors specified a set of positive synergetic effects from the introduction of modern information and communication technologies in the activities of universities. The main information threats to the digitalization of higher education related to the protection of personal data and university systems from cyberattacks and fraudulent schemes are identified. In conclusion, the authors detail the measures for the strategy implementation to ensure the adaptability of higher education to digital economy.

• 정보보호학회논문지
• /
• 제22권5호
• /
• pp.1191-1204
• /
• 2012

정보보안시스템을 무력화하는 공격이 나타남에 따라, 정보보안제품의 취약성을 분석하는 보안 테스팅에 대한 관심이 높아지고 있다. 보안제품 개발의 주요 단계인 침투 테스팅은, 공격자가 악용할 수 있는 취약성을 찾기 위해 컴퓨터 시스템을 실제적으로 테스팅하는 것이다. 침투 테스팅과 같은 보안 테스팅은 대상 시스템에 대한 정보 수집, 가능한 진입점 식별, 침입 시도, 결과 보고 등의 과정을 포함한다. 따라서 취약성 분석 및 보안 테스팅에서 일반성, 재사용성, 효율성을 극대화하는 것이 매우 중요하다. 본 논문에서는, 정보보호제품이 자신의 보안 기능을 무력화하거나 우회하는 공격에 대응할 수 있는 자체보호기능 및 우회불가성을 제공하는 가를 평가할 수 있는 위협분석 기반의 소프트웨어 보안 테스팅을 제안한다. 위협분석으로 취약성을 식별한 후, 보안 테스팅의 재사용성과 효율성을 개선하기 위해 소프트웨어 모듈과 보안 기능에 따라 테스팅 전략을 수립한다. 제안기법은 위협 분석 및 테스팅 분류, 적절한 보안테스팅 전략 선정, 보안 테스팅으로 구성된다. 사례연구와 보안테스팅을 통해 제안 기법이 보안 시스템을 체계적으로 평가할 수 있음을 보였다.

• Journal of Information Technology Applications and Management
• /
• 제27권6호
• /
• pp.89-99
• /
• 2020

Cloud computing is rapidly increasing for achieving comfortable computing. Cloud computing has essentially security vulnerability of software and hardware. For achieving secure cloud computing, the vulnerabilities of cloud computing could be analyzed in a various and systematic approach from perspective of the service designer, service operator, the designer of cloud security and certifiers of cloud systems. The paper investigates the vulnerabilities and security controls from the perspective of administration, and systems. For achieving the secure operation of cloud computing, this paper analyzes technological security vulnerability, operational weakness and the security issues in an enterprise. Based on analysis, the paper suggests secure establishments for cloud computing.