• 디지털산업정보학회논문지
• /
• 제14권4호
• /
• pp.109-116
• /
• 2018

This research proposed management plan of internal lecturer who is in charge of job training of researchers working in administrative, researching and developing institutes or public institutions related to information security. The education and training department of the government or public institutions selects and manages lecturers in member of the staff. We applied to the management plan of internal lecturers who are in charge of information security job training by analyzing the way in which internal lecturers are operated by public organizations or corporations. We propose the management plan of internal lecturer according to the position, because the institute of information security is applying the researcher 's position(rank) system. By the proposed circulation management plan by the position, the internal lecturer position is determined according to the position of the employees to be trained and the internal lecturer is selected and operated only at the same position. The proposed management plan includes internal lecturer selection, responsibilities and duties, education, evaluation, and training support.

• Journal of Information Technology Applications and Management
• /
• 제11권1호
• /
• pp.39-51
• /
• 2004

Application systems outsourcing is an important part of IT outsourcing services. Application systems outsourcing costs is determined by service levels of outsourcers. Recent researches show there is a strong need to build industry-specific cost estimation models. In this study, an industry-specific application systems operation cost estimation model is suggested. We reviewed operation cost models of previous researches, and proposed a cost estimation model for security industry. Industry-specific service factors are defined and service levels are determined by Interviews with experts. The proposed model is tested and adjusted with empirical data. The new model shows more accurate prediction than previous general models. Future research will be needed to develop outsourcing cost estimation models for other industries and to refine cost models developed in this study.

• Journal of Communications and Networks
• /
• 제18권1호
• /
• pp.105-111
• /
• 2016

Trust models in the literature of MANETs commonly assume that packets have different security requirements. Before a node forwards a packet, if the recipient's trust level does not meet the packet's requirement level, then the recipient must perform certain security association procedures, such as re-authentication. We present in this paper an analysis of the epidemic broadcast delay in such context. The network, mobility and trust models presented in this paper are quite generic and allow us to obtain the delay component induced only by the security associations along a path. Numerical results obtained by simulations also confirm the accuracy of the analysis. In particular, we can observe from both simulation's and analysis results that, for large and sparsely connected networks, the delay caused by security associations is very small compared to the total delay of a packet. This also means that parameters like network density and nodes' velocity, rather than any trust model parameter, have more impact on the overall delay.

• 디지털산업정보학회논문지
• /
• 제8권2호
• /
• pp.59-65
• /
• 2012

Emergency medical information center performs role of medical direction about disease consult and pre-hospital emergency handling scheme work to people. Emergency medical information system plays a major role to be decreased mortality and disability of emergency patient by providing information of medical institution especially when emergency patient has appeared. But, various attacks as a hacking have been happened in Emergency medical information system recently. In this paper, we proposed security structure which can protect the system securely by detecting attacks from outside effectively. Intrusion detection was performed using rule based detection technique according to protocol for every packet to detect attack and intrusion was reported to control center if intrusion was detected also. Intrusion detection was performed again using decision tree for packet which intrusion detection was not done. We experimented effectiveness using attacks as TCP-SYN, UDP flooding and ICMP flooding for proposed security structure in this paper.

• 디지털산업정보학회논문지
• /
• 제14권3호
• /
• pp.11-20
• /
• 2018

Smart devices refer to various devices and control equipment such as health care devices, imaging devices, motor devices and wearable devices that use wireless network communication (e.g., Wi-fi, Bluetooth, LTE). Commercial services using such devices are found in a wide range of fields, including home networks, health care and medical services, entertainment and toys. Studies on smart devices have also been actively undertaken by academia and industry alike, as the penetration rate of smartphones grew and the technological progress made with the fourth industrial revolution bring about great convenience for users. While services offered through smart devices come with convenience, there is also various security threats that can lead to financial loss or even a loss of life in the case of terrorist attacks. As attacks that are committed through smart devices tend to pick up where attacks based on wireless internet left off, more research is needed on related security topics. As such, this paper seeks to design an access control method for reinforced security for smart devices. After registering and authenticating the smart device from the user's smart phone and service provider, a safe communication protocol is designed. Then to secure the integrity and confidentiality of the communication data, a management process such as for device renewal or cancellation is designed. Safety and security of the existing systems against attacks are also evaluated. In doing so, an improved efficiency by approximately 44% compared to the encryption processing speed of the existing system was verified.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권8호
• /
• pp.2083-2100
• /
• 2023

The rise of Industry 5.0 has led to a smarter and more digital way of doing business, but with it comes the issue of user privacy and security. Only when privacy and security issues are addressed, will users be able to transact online with greater peace of mind. Thus, to address the security and privacy problems associated with industry blockchain technology, we propose a privacy protection scheme for online financial transactions based on verifiable ring signatures and blockchain by comparing and combining the unconditional anonymity provided by ring signatures with the high integrity provided by blockchain technology. Firstly, we present an algorithm for verifying ring signature based on distributed key generation, which can ensure the integrity of transaction data. Secondly, by using the block chain technique, we choose the proxy node to send the plaintext message into the block chain, and guarantee the security of the asset transaction. On this basis, the designed scheme is subjected to a security analysis to verify that it is completely anonymous, verifiable and unerasable. The protection of user privacy can be achieved while enabling online transactions. Finally, it is shown that the proposed method is more effective and practical than other similar solutions in performance assessment and simulation. It is proved that the scheme is a safe and efficient online financial transaction ring signature scheme.

• 시큐리티연구
• /
• 제2호
• /
• pp.259-289
• /
• 1999

The Security Industry has dynamic working conditions. So this study intends to find the advisable direction for the reduction of accidents. To achieve the aim, the investigation of documents and the examinations of actual proofs have been done to figure the theoretical background and to see the basic knowledge of security industry. The questionnaire was composed of two question sheets to search real data and actual proofs, with making targets of pure security organization and personnel. The one consists of 9 questions to find the scale and extent of security organizations and the population and character of security personnel, and the other 25 questions in 3 major areas to analyze the causes, the frequency rates, the factors, and the condition of accidents. The period of survey was July 15th to October 15th in 1997 by mail/telephone/interview. The questionnaires were efficiently returned from 102 different organizations including the public security groups of Seoul Metropolitan Police Bureau and so on, with the information of 8,222 persons having worked for Korean Security Industry in 1996. So being based on the reality, some meaningful facts were found, and were compared with the national statistics of the Government. This study is made up of 5 chapters : in the 1st chapter the motivation, the object, the method, the direction and the limitation of the approach were presented ,in the 2nd chapter the theoretical background were inferred ; in the 3rd chapter the collected data of accidents in Korean Security Industry were analyzed and explained on the base of the questionnaires , in the 4th chapter the advisable facts connected with preventing accidents were mentioned ; in the last the conclusion were stated. With the replies of 102 different organizations including the information of 8,222 persons in 1996, the main facts found or analyzed through this study are as follows. Firstly, accident is an unpredictable and occasional event. It occurs to man and/or thing, but the frequency rate of accidents in Korean Government and other Institutes has been calculated and evaluated only in the point of the accident related with man. Secondly, the factors of accidents are firstly relevant to the way preventing accidents in Security Industry in Korea. However the frequency rate is academically calculated and evaluated by at once man(population) and hour(time). But the Government has done the rate only by man(population). This can be improper and inaccurate rates. Thirdly, the confused concept of security is used in Korean Government, academic society, corporation and so on. Therefore the detailed formation of the concept is needed for the development of Security Industry in Korea. Fourthly, security organizations can be classified into 'public security(public law enforcement)' and 'private security' according to its identification, and furthermore 'private security' can be divided into 'facilities-guard service', 'body-guard service', and 'patrol service' according to its major role. Fifthly, in the viewpoint of the number of both organization and population,'facilities-guard service' is centered in Korean 'private security'. According to the analyzed results of the questionnaires in this study, the frequency rate of accidents of Korean Security Industry is 0.43(%) totally in 1996 : 'facilities-guard service' 0.54(%), 'body-guard service' 0.12(%), and 'patrol service' 0.21(%) in 'private security', and 'public security' 0.20(%). With regard to the accident frequency rate of organization and population, 'facilities-guard service' is the highest. The accident frequency rate of population in 'facilities-guard service' organization ranges dispersively from 0.20(%) to 11.11(%). Sixthly, the accidented rate of workers having serviced for under one year is 57.6(%). This can mean that the main factor of accidents in Korean Security Industry is the lack of role-understanding and training/education. And another factor can be found on the time of accident occurrence. Many accidents have been occurred on the relaxed points like as just after lunch and morning rush-hour. Lastly, the major advisable facts related to preventing accidents are as follows : The workers who are over fifty years old in 'facilities-guard service' organization need to be educated for preventing accidents ; It is desirable that the training and education to prevent accidents should be practiced in the time of pre-service ; As the style of accidents and the age of the accidented are not same according to major service area('public security' and 'private security' : 'facilities-guard service', 'body-guard service', and 'patrol service'), the plans to prevent accidents must be different and various. However fracture and bruise are general accidents in Korean Security Industry ; Workers must care about traffic accident and violent fall ; It seems that the grouped working with other two persons will reduce accident occurrence possibility rather than individually single working.

• 한국컴퓨터정보학회논문지
• /
• 제29권4호
• /
• pp.73-82
• /
• 2024

2017년 UN에서는 전 세계적으로 60세 이상 인구는 모든 젊은 연령층보다 빠르게 증가하고 있으며, 2050년까지 60세 이상 인구는 아프리카를 제외한 전 세계 인구의 최소 25%를 구성할 것으로 예상하였다. 세계는 전반적으로 고령화로 인해 일을 할 수 있는 인구의 증가율이 감소하고 있으며, 청년층은 힘들고 어려운 직업을 선호하지 않고 있다. 이론적으로는 인공지능을 겸비한 AI가 모든 분야에서 사람을 대신할 수 있다고 하지만 윤리적인 판단 등 현실 세계의 정보보호 분야에서는 사람의 판단과 노하우가 절대적으로 필요하다. 이에, 본 논문에서는 IT 종사자 중 50대 이상 퇴직자 또는 전직을 희망하는 사람을 대상으로 재교육을 통해 현업으로 유입시키는 방법을 제안하고자 한다. 연구를 위해 수요 부분의 정부·공공기관 21곳과 공급 부분의 보안관제전문업체 9곳을 대상으로 설문하였으며 설문 결과 공급(78%)와 수요(90%) 모두가 절대적으로 필요하다는 데 의견을 모았다. 향후 이 연구 결과를 토대로 현장에 적용한다면 인구 저출산 100세 시대에 정보보호분야 시니어의 전략적 육성으로 대한민국 정보보호산업의 초석이 될 신규시장을 발굴할 수 있을 것이다.

• 한국엔터테인먼트산업학회논문지
• /
• 제14권3호
• /
• pp.75-82
• /
• 2020

본 연구는 국내 의료기관에서 시행된 의료정보보안 교육 효과를 확인하고 향후 이에 관한 교육프로그램 개발에 기초 자료를 제공하고자 시도되었다. 2010년 1월부터 2019년 7월까지 국내에서 발표된 논문을 체계적으로 고찰하여 총 4편을 최종 연구대상으로 선정 하였다. 선정된 4편의 논문을 메타 분석하여 효과크기를 확인한 결과, 의료정보보안 교육과 실천 간 상관관계에는 큰 효과크기가 있었다. 2010년 발행된 논문부터 대상으로 하여 의료정보보안 교육 효과 결과를 의료정보보안 실천만으로 제한했다는 한계점이 있지만 국내 의료정보보안 교육 효과를 확인한 점에서 의의가 있다. 본 연구 결과를 바탕으로 의료정보 유출을 예방할 수 있는 의료정보보안 교육 프로그램 개발에 기초자료로 사용될 수 있을 것이다.

• 정보보호학회논문지
• /
• 제28권6호
• /
• pp.1563-1583
• /
• 2018

전자금융 규제 완화와 함께 핀테크가 활성화되었다. 인공지능에 대한 논의가 금융업에서도 활발하다. 하지만 신기술의 이면에는 보안 위협의 증가라는 문제가 있다. 과거보다 연결이 되고, 금융업의 채널과 주체가 다양해지면서 보안 취약점이 증가했다. 보안에 대한 기술적, 정책적 논의가 있지만 결국 모든 논의의 본질은 인간이다. 금융의 기본은 신뢰와 보안이고, 이를 위해 인간적 요소에 대한 관심은 중요하다. 본 연구는 금융 보안을 위한 인간과 인공지능의 역할을 각각 제시한다. 나아가 인간과 인공지능이 서로의 한계를 보완한 협업 모델을 도출한다. 이를 뒷받침하기 위해 금융과 IT의 발전, 인공지능, 휴먼팩터, 그리고 금융 보안 위협에 대해 우선 논한다. 본 연구는 신기술의 시대에 보안 위협이 심화되지만 반대로 기계, 기술을 활용하여 이를 극복할 수 있다는 방향성을 제안한다.