• Knowledge Management Research
• /
• v.16 no.4
• /
• pp.35-45
• /
• 2015

Fintech, which means the convergence of finance and information technology, becomes a hot topic in the financial sector. Through innovative activities on financial services, ICT(Information and Communication Technology) is integrated into the overall financial industry, and a new form of financial services could be expected to improve the existing financial system. On the other hand, fintech services are relatively vulnerable to security issues. Due to the process simplication and the channel fusion, the leakage of personal and financial informations, authentication bypass, phishing, and pharming are getting more concerned. In this study we investigated the security risk of fintech services in the viewpoints of service provider, technology adoption, and security policy. The possible countermeasures to reduce those risks are suggested because security is an important criterion for selecting financial services. This study basically offers quantification of the potential security risks and step-by-step control measures about business processes in the fintech services. The suggested security model includes user authentication, terminal security, payment information protection, API(Application Programming Interface) security, and abnormal transaction monitoring. This study might contribute to an understanding of the security risks and some possible measures for mitigating those risks on the practical perspective.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.05a
• /
• pp.781-782
• /
• 2015

As growth engines such as cloud, social networks, big data that can affect the security market have been grown, the information security industry has has also rapidly evolved. Reviewing information security policies carried out in USA, UK and Japan, this paper examines trends on the IoT-related information protection law and regulations that are at issue around the major developed countries. Through this research, we can get the implication that measures be taken as soon as possible to apply the existing data protection laws in the Internet of Things.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.11
• /
• pp.537-544
• /
• 2016

National Competency Standards (NCS) need to be introduced to train newly hired staff and to gradually improve employees' work performance in the information security industry. In particular, the introduction of a new NCS curriculum for new hires is important in order to retain and efficiently manage professionals in the information security field. However, the legacy NCS is not clearly designed for the information security field. So a formal curriculum has been suggested for institutions training the information security workforce. Therefore, this study establishes a competency unit based on the types of personnel, their duties, and required knowledge. To select the competency unit, this study reviewed prior research to understand the required skills and work knowledge, and reviewed recruitment-based NCS that public agencies and public and private companies have carried out, including them in the study. The selected competency unit was classified into a required competency unit and an elective competency unit based on the importance of the duties and the demands of training. Through a verification process for the new, licensed career path model in the NCS information and communications field, this study suggests updated NCS competency units and required courses to provide an appropriate NCS curriculum for newly hired employees in the information security industry.

• Korean Security Journal
• /
• no.19
• /
• pp.1-21
• /
• 2009

Manpower demand forecasting in private security industry can be used for both policy and information function. At a time when police agencies have fewer resources to accomplish their goals, forming partnership with private security firms should be a viable means to choose. But without precise understanding of each other, their partnership could be superficial. At the same time, an important debate is coming out whether security industry will continue to expand in numbers of employees, or level-off in the near future. Such debates are especially important for young people considering careers in private security industry. Recently, ARIMA model has been widely used as a reliable instrument in the many field of industry for demand forecasting. An ARIMA model predicts a value in a response time series as a linear combination of its own past values, past errors, and current and past values of other time series. This study conducts a short-term forecast of manpower demand in private security industry using ARIMA model. After obtaining yearly data of private security officers from 1976 to 2008, this paper are forecasting future trends and proposing some policy orientations. The result shows that ARIMA(0, 2, 1) model is the most appropriate one and forecasts a minimum of 137,387 to maximum 190,124 private security officers will be needed in 2013. The conclusions discuss some implications and predictable changes in policing and coping strategies public police and private security can take.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3219-3237
• /
• 2019

The Cloud Computing is growing rapidly in the current IT industry. Cloud computing has become a buzzword in relation to Grid & Utility computing. It provides on demand services to customers and customers will pay for what they get. Various "Cloud Service Provider" such as Microsoft Azure, Google Web Services etc. enables the users to access the cloud in cost effective manner. However, security, privacy and integrity of data is a major concern. In this paper various security challenges have been identified and the survey briefs the comprehensive overview of various security issues in cloud computing. The classification of security issues in cloud computing have been studied. In this paper we have discussed security challenges in cloud computing and also list recommended methods available for addressing them in the literature.

• Journal of the Society of Disaster Information
• /
• v.5 no.1
• /
• pp.142-158
• /
• 2009

The increasing number of crimes in rapidly changing modern society is enhancing people's desire for safety. As of 2008, 2,900 private security businesses with 133,000 employees operated in the private security industry which emerged in response to growing demands from society and people. Of the employees, bodyguards (hereinafter referred to as "private security guard") accounted for about 10% or 13,000. Most private security guards were suffering from various occupational diseases. Especially as they needed to guard their clients many hours a day and worked in a standing position for a long time, private security guards often complained of low back pain. Under the pain, they were hardly expected to perform their tasks efficiently. There are several causes of low back pain. The most prevalent cause is muscle weakness and imbalance around low back. Especially because private security work often requires security guards to maintain a standing position for a long time, many of them are suffering from low back pain. This study pursued the following purposes. First, it tried to identify the pathogenesis of low back pain caused by muscle weakness and imbalance around low back. Second, it tried to provide private security guards, who can hardly have personal time at work, with an easy method to prevent and manage low back pain any time by researching an effective therapy for low back pain caused by muscle weakness and imbalance around low back.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.4
• /
• pp.183-188
• /
• 2020

This study is primarily aimed at providing a foundation for academic development and the leap forward of the Special Security Industry through the press report analysis on Korea's special security guard using big data. The research methods It was analyzed by the research methods in relation to keyword trends for 'special security guard' and 'special guards' using the Big Kinds program. According to the analysis based on the period of growth (quantitative and qualitative) of the special security industry, there were many press reports and exposure related to carrying firearms, national major facilities, and regular employees. Unlike the general security guards, the special security guards were released higher by media as a law was revised to allow them to carry or use firearms at important national facilities. There was a lot of media attention concerned about the side effects of misuse, and there were also high media reports on the transition of regular workers to improve poor treatment, such as the unstable status of special security guards and low wages. Therefore, the need for continuous development and improvement of professionalism and work efficiency of special security services are emphasized.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.873-883
• /
• 2017

As Ransomware spreads, the target of the attack shifted from a single personal to organizations which lead attackers to be more intelligent and systematic. Thus, Ransomware's threats to domestic infrastructure, including the financial industry, have grown to a level that cannot be ignored. As a measure against these security issues, organizations use ISMS, which is an information protection management system. However, it is difficult for management to make decisions on the loss done by the security issues since amount of the damage done can not be calculated with just ISMS. In this paper, through FAIR-based loss measurement model based on scenario's to identify the extent of damage and calculate the reasonable damages which has been considered to be the problem of the ISMS, we identified losses and risks of Ransomeware on the financial industry and method to reduce the loss by applying the current ISMS and ISO 27001 control items rather than modifying the ISMS.

• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.53-70
• /
• 2019

As information security becomes more important as the fourth industrial revolution gradually emerges, an efficient and effective way to find vulnerabilities in information systems is becoming an essential requirement of information security. As the point of the protection of current information and the protection of the future industry, the Korean government has paid attention to the bug bounty, which has been recognized for its efficiency and effectiveness and has implemented through the Korea Internet Security Agency's S/W vulnerability bug bounty program. However, there are growing problems about the S/W vulnerability bug bounty program of the Korea Internet Security Agency, which has been operating for about 7 years. The purpose of this study is to identify the problems in Korean bug bounty policies through the characteristics of the bug bounty program, and to suggest the direction of the government's policy to activate the bug bounty like changes in the government's approach utilizing the market.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.81-87
• /
• 2016

Cloud computing technologies are utilized and merged in various domains. Cloud computing technology-based personal cloud service technologies provide mobility and free access by using user centered storages and smart devices such like smart phones and table PCs. Therefore, we should overcome limits on the storage by solving the capacity problems of devices to provide security services in the personal cloud environments It can be addressable to provide the convenience of various security technologies. However, there are some security threats inherited from existing cloud environments and the possibilities of information leakage when devices are lost or stolen. Therefore, we designed a framework for providing secure cloud services by adding objects, such as user authorization, access tokens, set permissions by key generation, and key management assignments, for user management in personal cloud environments. We analyzed the stability of the proposed framework in terms of irreverent use and abuse, access to insiders, and data loss or leakage. And we evaluated the proposed framework in terms of the security with access control requirements in personal cloud environments.