• Management & Information Systems Review
• /
• v.27
• /
• pp.149-172
• /
• 2008

Since the 9/11 terror attack, the event which caused supply chain disruption, supply chain security has becomes more important than ever before. Furthermore, such company's logistics strategies conflicting supply chain security as increased global sourcing, JIT manufacturing are increasing supply chain vulnerability. It could burden for global companies to strengthen supply chain security because not only it requires additional investment cost but also changes of companiy's global logistics strategy. However, on the other hand, supply chain visibility and resilience can be improved through supply chain security. In addition, it allows companies to stabilize supply chain structure as well as rapid and flexible response to market demand. The key issue is balancing between efficiency and supply chain security. To do this, identifying risk elements under the supply chain and assessing vulnerability of each supply chain components should be performed before developing efficient supply chain security management system without obstructing supply chain efficiency.

• Journal of Information Technology Applications and Management
• /
• v.25 no.4
• /
• pp.67-77
• /
• 2018

With the types and targets of cyber attacks expanding and with personal information leaks increasing, the quantitative demand for information security specialists has increased. The base for training the workforce has expanded accordingly, but joblessness and job-seeking still coexist. To resolve the gap between labor demand and supply, education and training systems that can supply demand quickly are needed. It takes a considerable amount of time for information security education and new manpower supply through universities and graduate schools to be reflected in the market. However, if information security retraining is carried out in terms of career development of information security and related workforce, the problem of lack of experts could be solved in a relatively short period. This paper investigates and analyzes the information security work of the information security workforce, the degree of skill level, the need for retraining, and the workplace migration experience; it also discusses the direction of career development retraining.

• Journal of Information Technology Applications and Management
• /
• v.11 no.1
• /
• pp.39-51
• /
• 2004

Application systems outsourcing is an important part of IT outsourcing services. Application systems outsourcing costs is determined by service levels of outsourcers. Recent researches show there is a strong need to build industry-specific cost estimation models. In this study, an industry-specific application systems operation cost estimation model is suggested. We reviewed operation cost models of previous researches, and proposed a cost estimation model for security industry. Industry-specific service factors are defined and service levels are determined by Interviews with experts. The proposed model is tested and adjusted with empirical data. The new model shows more accurate prediction than previous general models. Future research will be needed to develop outsourcing cost estimation models for other industries and to refine cost models developed in this study.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.9
• /
• pp.3104-3123
• /
• 2022

The development of Vehicular Ad hoc Network (VANET) has greatly improved the efficiency and safety of social transportation, and the routing strategy for VANET has also received high attention from both academia and industry. However, studies on dynamic matching of routing policies with the message types of VANET are in short supply, which affects the operational efficiency and security of VANET to a certain extent. This paper studies the message types in VANET and fully considers the urgency and reliability requirements of message forwarding under various types. Based on the diversified types of messages to be transmitted, and taking the diversified message forwarding strategies suitable for VANET scenarios as behavioral candidates, an adaptive routing method for the VANET message types based on reinforcement learning (RL) is proposed. The key parameters of the method, such as state, action and reward, are reasonably designed. Simulation and analysis show that the proposed method could converge quickly, and the comprehensive performance of the proposed method is obviously better than the comparison methods in terms of timeliness and reliability.

• Journal of Information Technology Applications and Management
• /
• v.23 no.1
• /
• pp.119-128
• /
• 2016

Growing threats from environments and natural disasters cause information systems to suspend the operation of business. To assure the continuity of business, information systems should not halt in the emergency. This paper suggests an evaluation method for importance of information systems and verifies the method in a real organization. The results to the study can be utilized for establishing business continuity of organizations.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.33 no.4
• /
• pp.145-152
• /
• 2010

Under limited resources such as budgets and experts, it is necessary to make decisions for promotion strategy of standardization work items in Information and Communication Technologies (ICTs). This paper focuses on a method of setting standardization promotion strategies for each item of personal information security standardization. As a decision making tool, the Importance Performance Anaysis (IPA) is applied and analyzed to the decision processes. The results are showed and illustrated for useful inputs to practical policy making in the field of standardization activities.

• Journal of Information Technology Applications and Management
• /
• v.18 no.2
• /
• pp.91-108
• /
• 2011

Enormous losses of shareholders and consumers caused by the risks threatening today's business (e.g., accounting fraud and inside trading) have ignited the necessity of international regulations on corporate ethics and internal control, such as Basel II and SOX. Responding to these regulations, companies are establishing governance system, applying it consistently to the core competency of the company, and increasing the scope of the governance system. Recently occurred security related incidents require companies to take more strict accountability over information security. One of the results includes strengthening of legislation and regulations. For these reasons, introduction of information security governance is needed. Information security governance governs the general information security activities of the company (establishment of information security management system, implementation of information security solutions) in the corporate level. Recognizing that the information security is not restricted to IT domain, but is the issue of overall business, this study develops information security governance framework based on the existing frameworks and systems of IT governance. The information security governance framework proposed in the study include concept, objective, and principle schemes which will help clearly understand the concepts of the information security governance, and execution scheme which will help implement proper organization, process and tools needed for the execution of information security governance.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.341-342
• /
• 2017

Control and development systems such as air traffic control systems, road traffic systems, and Korea Hydro &Nuclear Power are the infrastructure facilities of the country, and if the malicious hacking attacks proceed, the damage is beyond imagination. In fact, Korea Hydro & Nuclear Power has been subjected to a hacking attack, causing internal information to leak and causing social problems. In this study, we analyze the environment of the development control system and analyze the status of the convergence security research, which is a recent issue, and propose a strategy system for stabilizing various power generation control systems and propose countermeasures. We propose a method to normalize and integrate data types from various physical security systems (facilities), IT security systems, access control systems, to control the whole system through convergence authentication, and to detect risks through fusion control.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.37 no.4
• /
• pp.202-211
• /
• 2014

Pairs trading is a type of arbitrage investment strategy that buys an underpriced security and simultaneously sells an overpriced security. Since the 1980s, investors have recognized pairs trading as a promising arbitrage strategy that pursues absolute returns rather than relative profits. Thus, individual and institutional traders, as well as hedge fund traders in the financial markets, have an interest in developing a pairs trading strategy. This study proposes pairs trading rules (PTRs) created from a price ratio between securities (i.e., stock index futures) using rough set analysis. The price ratio involves calculating the closing price of one security and dividing it by the closing price of another security and generating Buy or Sell signals according to whether the ratio is increasing or decreasing. In this empirical study, we generate PTRs through rough set analysis applied to various technical indicators derived from the price ratio between KOSPI 200 and S&P 500 index futures. The proposed trading rules for pairs trading indicate high profits in the futures market.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.5
• /
• pp.2723-2740
• /
• 2017

Steganographic schemes which are based on minimizing an additive distortion function defined the overall impacts after embedding as the sum of embedding costs for individual image element. However, mutual impacts during embedding are often ignored. In this paper, an adaptive JPEG steganographic method based on weight distribution for embedding costs is proposed. The method takes mutual impacts during embedding in consideration. Firstly, an analysis is made about the factors that affect embedding fluctuations among JPEG coefficients. Then the Distortion Update Strategy (DUS) of updating the distortion costs is proposed, enabling to dynamically update the embedding costs group by group. At last, a kind of adaptive JPEG steganographic algorithm is designed combining with the update strategy and well-known additive distortion function. The experimental result illustrates that the proposed algorithm gains a superior performance in the fight against the current state-of-the-art steganalyzers with high-dimensional features.