• Journal of Information Technology Services
• /
• v.19 no.1
• /
• pp.173-185
• /
• 2020

It is very important to evaluate training because it can systematically grasp the current status of training. Evaluation includes getting ongoing feedback from the learner, trainer and learner's supervisor, to improve the quality of the training and identify if the learner achieved the goals of the training. It also provides a justification for the implementation of training. Nonetheless, there is a lack of studies that attempt to evaluate information security training programs. In this study, we utilize the Philips model to evaluate the public training programs for the people who are in charge of the information security duties in the public sector and propose the training improvement plans. Research result has shown that it is necessary to evaluate the level of the trainees in advance and conduct training programs according to the information security skill level. In addition, it needs to conduct training according to duties such as information security management, information security operate and maintain. The limitation of this study is that each education program was not assessed individually because this study had developed an evaluation tool that could be used comprehensively.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.1
• /
• pp.43-51
• /
• 2019

This research proposed the necessary capability of cyber security professional personnel for cyber security education and training. Cyber security professional personnel were required specialized capability because the curriculum of cyber security education and training is structured around practice and training. Based on the knowledge, skills, and attitudes of professors, we derive candidate capabilities and index through the results of precedent research. As a result, we derived capability such the candidate capability group as teaching qualification, expert knowledge, practical ability, lecture ability, and research ability, and detailed capability index was derived accordingly. Finally, based on the questionnaire results of the professors related to the information security, it was determined that the capability required for the cyber security education and training professional personnel were expert knowledge, practical ability, and lecture ability. Among the capabilities, executive ability means that they have to fulfil abundant executive experience due to the high proportion of practical training due to the characteristics of cyber security education and training.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.11
• /
• pp.75-84
• /
• 2018

Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

• Journal of Information Technology Applications and Management
• /
• v.27 no.2
• /
• pp.1-21
• /
• 2020

The purpose of this study is to investigate the behavioral factors affecting the security attitude and intention to use biometrics password based on the protection motivation theory. This study also investigates security awareness training to understand trust, privacy, and security vulnerability regarding biometric authentication password. This empirical analysis reveals security awareness training boosts the protection motivational factors that affect on the behavior and intention of using biometric authentication passwords. This study also indicates that biometric authentication passwords can be used when the overall belief in a biometric system is present. After all, security awareness training enhances the belief of biometric passwords and increase the motivation to protect security threats. The study will provide insights into protecting security vulnerability with security awareness training.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.12
• /
• pp.3725-3730
• /
• 2009

A serious disturbance of the 7.7 DDoS hacking gets a chance of raised awareness for importance of response countermeasure with current status of information security. The critical factor out of countermeasure of information security is the supply of information human power. In this paper, we review program of information security of domestic and foreign, from major courses of domestic university, and category of government about information security, and analyze security education training awareness program of human power in the information security area.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.145-151
• /
• 2017

The Cyberspace of the Republic of Korea Army is continuously threatened by enemies. Means for responding to such cyber threats are ultimately Military information security professional personnel. Currently, however, there are only a handful of advanced information security professional persons in Republic of Korea Army, and a lack of systematic training is inadequate. Therefore, in this thesis, we surveyed the information security professional human resource policies of USA, UK, Israel, and Japan. In addition, the policy to train professional human resources specialized in defense cyber security, we proposed training of specialist talent of 4 steps and medium and long term plan, step-by-step training system sizing, introduction of certification system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.59-69
• /
• 2016

We proposed a specialized model of performance measurement to measure the training performance of the trainees in cyber practical training. Cyber security professionals are cultivating their expertise, skills, and competencies through cyber practical training in specialized education and training institutions. The our proposed process of trainee evaluation is consisted of an evaluation component discovery, evaluation item selection, evaluation index catalog, ratings and criteria decision, and calculation formula. The trainee evaluation is consisted of a formative evaluation during the training and an overall evaluation after finished training. Formative evaluation includes progress evaluation and participation evaluation, and overall evaluation includes practice evaluation and learning evaluation. The evaluation is weighted according to the importance of evaluation type. Because it is evaluated actual skills and abilities, competencies are assigned a high weight, while knowledge and attitudes are assigned a low weight. If cyber security trainees are evaluated by the proposed evaluation model, cyber security professionals can be cultivated by each skill and knowledge level and can be deployed by importance of security task.

• Journal of the Society of Disaster Information
• /
• v.2 no.1
• /
• pp.3-18
• /
• 2006

Recently the demand for civil bodyguards and security guards shows rapid growth by the social development and improve the quality of life. However the supply and training system have some limitations in spite of the high demand guard-secretary. The main role of secretaries has been to accompany superiors in order to maintain their dignity or trait. But the secretaries are required to play additional roles of safety managers such as a security manager, a protocol manager, an intelligence manager and a protective driver in order to overcome the domestic and the international safety environment and to elevate the quality of service as a competitive work. So, the purpose of this article is to analyse current situation of civil body and security guard training industry and to seek an educational model. For it, the following questions will be examined. First, Do the professional training organizations meet social demand for the body and security guards? Second, What kind of training has to be provide for the body and security guards? and what the qualifications of the trainers? Then, what are the differences in training courses between private organizations and universities? Is there differences in the job placement among the trainers of private organizations and universities? etc.. In summary to meet the social demand common curriculum for the body and security guard will be drawn from the analyses of diverse training organizations with different training courses in contents, training periods, educational value, and social aim.

• Journal of Information Technology Applications and Management
• /
• v.25 no.4
• /
• pp.67-77
• /
• 2018

With the types and targets of cyber attacks expanding and with personal information leaks increasing, the quantitative demand for information security specialists has increased. The base for training the workforce has expanded accordingly, but joblessness and job-seeking still coexist. To resolve the gap between labor demand and supply, education and training systems that can supply demand quickly are needed. It takes a considerable amount of time for information security education and new manpower supply through universities and graduate schools to be reflected in the market. However, if information security retraining is carried out in terms of career development of information security and related workforce, the problem of lack of experts could be solved in a relatively short period. This paper investigates and analyzes the information security work of the information security workforce, the degree of skill level, the need for retraining, and the workplace migration experience; it also discusses the direction of career development retraining.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.197-212
• /
• 2020

With the advent of virtual currency and electronic wallets creating a way to make financial gains based on anonymity, malicious code dissemination using malicious mail has continued to increase. In order to minimize the damage, the human factors, security awareness and the ability to respond, which are technical factors, should be improved evenly, which can be improved through malicious mail training. This study presented a model considering the performance of malicious mail training, such as practice. It was classified as a training for enhancing awareness of security for employees and detection and response to improve their ability to respond to malicious mail. A training system suitable for the purpose, the core functions of malware training, implementation and camouflage skills, and bypass techniques were described. Based on the above model, the training data conducted over three years were collected and the effectiveness of the training was studied through analysis of the results according to the number of training sessions, training themes and camouflage techniques.