• 지역사회간호학회지
• /
• 제23권3호
• /
• pp.296-306
• /
• 2012

Purpose: This study was conducted to measure the relationships between ecological factors and Navy personnel's physical activity (PA) based on McLeroy's Ecological model. Methods: A cross-sectional survey was conducted with a convenience sample of 184 Navy personnel working in 10 Navyships. A self-reporting questionnaire consisted of measures of intrapersonal, interpersonal, organizational and community factors related to Navy personnel` s PA. Data were analyzed by descriptive statistics, $x^2$-test, t-test, analysis of variance, and hierarchical multiple regression using SPSS/WIN 17.0 programs. Results: Their mean PA level was $2,848.1{\pm}3,344.5$ MET-min/week, and mostly moderate level (50.5%). Hierarchical multiple regression analysis showed that religion, working department, working type, perceived health status and community environment were significant PA correlates. Conclusion: Community environmental factors as well as intrapersonal factors were significantly associated with Navy personnel's PA, indicating that community health nurses should expand an approach for individual-level behavioral change to incorporate Navy personnel specific community environmental barriers into PA interventions.

• Journal of Information Technology Applications and Management
• /
• 제13권2호
• /
• pp.127-143
• /
• 2006

As the number of Internet users increases, online shopping malls are gradually flourishing and sales are continuously growing. However, since consumers are not able to check what they purchase when buying products on the Internet, they are bound to have higher risk perception than buying directly from off-line stores. Especially, sporting goods require a special attention because a preliminary test is important. Therefore, the risk perception is much higher when people purchase sporting goods online. This study first identifies the multi-dimensionality of risk perception. Then, it investigates whether online purchasing experience of sporting goods makes differences in the level of risk perception. In addition, it examines whether the risk perception by those who had an experience in purchasing sporting goods online affects the customer satisfaction. This study has identified five dimensions in the concept of risk perception, such as financial risk, performance risk, security risk, delivery risk, and psychological/physical risk. A statistical analysis shows that people without an experience in purchasing sporting goods online have perceived significantly higher performance risk, security risk, and psychological/physical risk than those with online purchasing experiences. Finally, this study has found that delivery risk, financial risk, and psychological/physical risk have significant negative influences on the customer satisfaction.

• 대한방사선기술학회지:방사선기술과학
• /
• 제31권4호
• /
• pp.347-353
• /
• 2008

본 연구는 의료기관 PACS 운영 및 영상정보관리 과정에서의 개인정보보호와 보안 관리에 대한 보안평가 기준 및 보안평가에 따른 등급기준을 마련하고자 하였다. 보안평가기준과 보안평가 등급기준의 지표를 도출하기 위해 ISO17799(BS 7799), HIPPA(Health Insurance and Portability and Accountability Act of 1996), 국내 의료법 등을 참조하여 정책적 보안, 기술적 보안, 데이터관리 보안, 물리적 보안 등 4가지 항목을 대분류로 선정 후 10개의 세부 평가항목을 선정하여 점수화 하였다. 도출된 보안평가기준과 보안등급의 지표를 가지고 30곳의 의료기관에서 조사를 시행하였다. 대분류의 평가 요소 중 물리적 보안 항목의 전체 의료기관평균 점수는 20점 만점기준 18.5점(93%)으로 가장 우수한 점수를 나타내었으며, 정책보안항목 30점 기준18.5점(62%), 데이터관리 보안항목 20점 기준 12점(60%), 기술적 보안항목 30점 기준 17.5점(58%) 순임을 알 수 있었다. 30개 종합병원의 보안평가 점수는 평균 67점으로 4등급 수준을 나타내었다. PACS환경에서 취약한 개인정보보호 및 보안의식에 대한 관리기준 수립이 필요하다.

• 융합보안논문지
• /
• 제20권1호
• /
• pp.25-32
• /
• 2020

산업보안 전문인력양성에 대한 수요가 높아지는 가운데 산업현장 수요에 맞춰 대학 교육과정들이나 자격제도 체계를 표준화하고 연결하는 국가직무능력표준(NCS)에서의 산업보안 개발은 매우 시급하고 중요한 과제다. 본 연구에서는 현재 NCS 내에 있는 보안관련 직무와 보안능력을 요구하는 직무, 해당 직무에 요구되는 보안능력을 추출, 분류, 분석하였으며, 결과적으로 많은 직무들에서 이미 NCS 직무분류로 존재하는 IT보안, 물리보안 등과 다른 보안능력 요구들을 확인할 수 있었다. 이러한 산업보안능력 및 수준 등에 대한 산업현장의 요구가 이후 산업보안 NCS개발 과정에 반영되어 산업보안 직무 및 직무능력을 체계화하는 기초자료로 활용될 수 있기를 기대한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권10호
• /
• pp.2862-2882
• /
• 2023

With the development of networking technology, it has become common to use various types of network services to replace physical ones. Among all such services, electronic voting is one example that tends to be popularized in many countries. However, due to certain concerns regarding information security, traditional paper voting mechanisms are still widely adopted in large-scale elections. This study utilizes blockchain technology to design a novel electronic voting mechanism. Relying on the transparency, decentralization, and verifiability of the blockchain, it becomes possible to remove the reliance on trusted third parties and also to enhance the level of trust of voters in the mechanism. Besides, the mechanism of blind signature with its complexity as difficult as solving an elliptic curve discrete logarithmic problem is adopted to strengthen the features related to the security of electronic voting. Last but not least, the mechanism of self-certification is incorporated to substitute the centralized certificate authority. Therefore, the voters can generate the public/private keys by themselves to mitigate the possible risks of impersonation by the certificate authority (i.e., a trusted third party). The BAN logic analysis and the investigation for several key security features are conducted to verify that such a design is sufficiently secure. Since it is expected to raise the level of trust of voters in electronic voting, extra costs for re-verifying the results due to distrust will therefore be reduced.

• 정보보호학회논문지
• /
• 제26권3호
• /
• pp.661-666
• /
• 2016

사물인터넷은 다양한 기기들이 서로 연결되어 효율적인 에너지 소모와 높은 보안을 유지하기 위해 경량의 메시징 프로토콜인 MQTT와 암호화 프로토콜인 SSL/TLS를 사용한다. SSL/TLS의 cipher suite 협상 단계에서 기기에 고정된 cipher suites로부터 선호도가 가장 높은 cipher suite를 선택한다. 선택된 cipher suite는 해당 통신 중에 필수적으로 제공받아야 하는 무결성, 기밀성을 제공하지만 필요 이상으로 높은 강도의 보안성을 제공할 수 있다. 이러한 한계는 에너지를 필요 이상으로 소비하게 만들 수 있으므로 본 논문에서는 SSL/TLS를 사용한 기기들의 에너지 효율성을 향상시키는 퍼지 기반 cipher suite 결정 기법을 제안한다. 실험을 통해 제안 기법은 기존 기법보다 에너지 효율성이 평균 36.03% 향상되었다.

• 컴퓨터교육학회논문지
• /
• 제17권3호
• /
• pp.75-84
• /
• 2014

사이버 공간의 지능적 범죄 증가와 예상치 않은 인터넷 대형 보안사고로 많은 물적 피해가 해마다 늘고 있는 상황이다. 이에 대형보안 사고 후 컴퓨터 범죄 수사를 위해 디지털 포렌식 기술은 필수적인 보안 분야로 자리하고 있다. 그러나 실질적으로 국내 디지털 포렌식 기술을 완비한 보안 전문 수사 인력은 미비한 편이다. 본 논문에서는 인터넷 보안사고의 과학 수사를 위한 보안 인력 양성 방안 중 하나로 대학 내 디지털 포렌식 교과 과정의 단계별 교육 과정 내용 제시하였다. 효과적인 단계별 교육 과정 제안을 위해, 현직 전문가의 인터뷰와 포커스그룹 회의 및 관련 연구를 통해 디지털 포렌식 교과 과정을 선별한 후, 이와 관련 각 과목 별 실무 적합도 및 난이도에 관한 설문조사와 인터뷰를 현직 수사관과 보안전문가를 대상으로 실시하였다. 이를 분석하여 향후 실무적응력이 높은 인력 양성을 위한 단계별 디지털 포렌식 교과 과정 설계하고 발전적인 제언과 방안을 도출하였다.

• 융합보안논문지
• /
• 제23권4호
• /
• pp.33-41
• /
• 2023

최근 지능형 지속위협(APT) 공격조직은 국가핵심기술을 보유한 기업이나 기관을 대상으로 다양한 취약점 및 공격기법을 악용해서 랜섬웨어를 유포한 후 금전을 요구하거나 국가적으로 중요한 산업기밀 자료를 절취해서 암시장(다크웹)에 유통시키거나 제3국에 판매 또는 기술격차를 줄이는데 활용하는 등 국가차원의 보안대비가 필요하다. 이 논문에서는 Kimsuky, Lazarus 등 한국을 대상으로 APT 공격으로 산업기밀유출 피해를 입혔던 공격조직의 공격수법을 MITRE ATT&CK 프레임워크로 분석하고, 기업의 보안시스템이 추가적으로 갖추어야 할 사이버 보안관련 관리적, 물리적 및 기술적 보안요구사항 26개를 도출하였다. 또한, 보안 요구사항을 실제 보안업무에 활용할 수 있도록 보안 프레임워크 및 시스템 구성방안도 제안하였다. 이 논문에서 제시한 보안요구 사항은 보안시스템 개발 및 운영자들이 기업의 산업기밀 유출 방지를 위한 보안업무에 활용할 수 있도록 실질적인 방법 및 프레임워크를 제시했으며 향후 이 논문을 기반으로 다양한 APT 공격그룹의 고도화·지능화된 공격을 분석하고 관련 보안대책 연구가 추가적으로 필요하다.

• Asia pacific journal of information systems
• /
• 제22권1호
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• International Journal of Computer Science & Network Security
• /
• 제22권11호
• /
• pp.87-92
• /
• 2022

Today the system of higher education needs significant reforms. Intellectualization of the educational process in HEIs aims to improve the quality of educational services. Intellectual information technologies are information technologies that help a person to accelerate the analysis of the political, economic, social, and technical situation, as well as the synthesis of management decisions. The basis for their mastery is information and communication technologies. The purpose of the research work is to identify the relationship between the introduction of information and communication technologies and the increase in the level of intellectualization of higher education. The article substantiates the expediency of introducing information and communication technologies in order to improve the intellectualization of the educational process in higher education. An empirical study of the variables that characterize the level of intellectualization of higher education through the proposed techniques has been conducted. The tendencies characteristic of pedagogical conditions of implementation of information and communication model in the educational process were revealed. It is proved that the level of intellectualization of higher education depends on the implemented pedagogical conditions. The effectiveness of the proposed information and communication model is also confirmed. Given the data obtained during the study and the low constraints that may affect the results of further research on this issue should focus on the study of other variables that characterize the state of intellectualization of the educational process.