• Journal of the Korea Society of Computer and Information
• /
• v.23 no.10
• /
• pp.73-80
• /
• 2018

The shared economy began with the concept of sharing the physical and intellectual assets of individuals with others. Nowadays, the concept of shared economy is becoming one of the industries as an enterprise type. Especially, with the development of the Internet and smart devices, various forms of shared economy have been developed in accordance with the need of sharing of individual income. Digital content is also a shareable commodity and it is seeking to utilize it as an item of shared economy. Accordingly, when digital contents are used as a shared economy, there are various possible threats -security threats that may arise in the course of transactions, potential for theft, alteration and hacking of contents. In this paper, we propose transaction method and content protection method using block chain-ethereum technology to reduce security threats and transparent transactions that can occur in digital contents transactions. Through the proposed method, the trust of the consumer and the supplier can be measured and the encryption can be performed considering the characteristics of the data to be traded. Through this paper, it is possible to increase the transparency of smart transaction of digital contents and to reduce the risk of content distortion, hacking, etc.

• The Journal of Information Systems
• /
• v.25 no.2
• /
• pp.51-77
• /
• 2016

Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.2
• /
• pp.65-73
• /
• 2014

An overall responding security-centered framework is necessary required for infringement accidents, failures, and cyber threats. On the other hand, the correspondence structures of existing administrative, technical, physical security have weakness in a system responding to complex attacks because each step is performed independently. This study will recognize all internal and external users as a potentially threatening element. To perform connectivity analysis regarding an action, an intelligent convergence security framework and road map is suggested. A suggested convergence security framework was constructed to be independent of an automatic framework, such as the conventional single solution for the priority defense system of APT of the latest attack type, which makes continuous reputational attacks to achieve its goals. This study suggested the next generation convergence security framework to have preemptive responses, possibly against an APT attack, consisting of the following five hierarchical layers: domain security, domain connection, action visibility, action control, and convergence correspondence. In the domain, the connection layer suggests a security instruction and direction in the domains of administrative, physical and technical security. The domain security layer has consistency of status information among the security domain. A visibility layer of an intelligent attack action consists of data gathering, comparison and decision cycle. The action control layer is a layer that controls the visibility action. Finally, the convergence corresponding layer suggests a corresponding system of before and after an APT attack. The administrative security domain had a security design based on organization, rule, process, and paper information. The physical security domain is designed to separate into a control layer and facility according to the threats of the control impossible and control possible. Each domain action executes visible and control steps, and is designed to have flexibility regarding security environmental changes. In this study, the framework to address an APT attack and load map will be used as an infrastructure corresponding to the next generation security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.2
• /
• pp.35-43
• /
• 2020

Cloud computing integrates computing resources such as servers, storage, and networks with virtualization technology to provide suitable services according to user needs. Due to the structural characteristics of sharing physical resources based on virtualization technology, threats to availability can occur, so it is essential to respond to availability threats in cloud computing. Existing over-provisioning method is not suitable because it can generate idle resources and cause under-provisioning to degrade or disconnect service. System resources must be allocated in real-time according to the system load to guarantee the cloud system's availability. Through appropriate management measures, it is necessary to reduce the system load and increase the performance of the system. This paper analyzes the work response time according to the allocation or migration of virtual machines and discusses an efficient resource management method considering the system load.

• Journal of IKEEE
• /
• v.24 no.2
• /
• pp.669-672
• /
• 2020

In this paper, we analyzed the characteristics of cyber attacks and major threat scenarios that could occur around intelligent building management Systems(IBS) by cyber attack security threats against cyber physics systems. Generally determined that lowering the likelihood of aggression against predictable threats would be a more realistic approach to attack response. The countermeasures against this need to be applied to multi-layered defense systems, and three alternatives were proposed: preliminary cyber safety diagnosis for protection targets and the establishment of mobile security control systems.

• The Journal of Information Technology
• /
• v.1 no.1
• /
• pp.173-188
• /
• 1998

In this paper we discussed various types of electronic payment schemes that are emerging. Threats vary from malicious hackers attempting to crash a system, to threats to data or transaction integrity. An understanding of the various types of threats can assist a security manager in selecting appropriate cost-effective controls to protect valuable information resources. An overview of many of today's common threats presented in this paper will be useful to mangers studying their own threat environments with a view toward developing solutions specific to their organization. To ensure security on the Internet, several methods have been developed and deployed. They include authentication of users and servers, encryption, and data integrity. Transaction security is critical : without it, information transmitted over the Internet is susceptible to fraud and other misuse. So computer systems represents an Intermediary with the potential to access the flow of information between a user. Security is needed to ensure that intermediaries cannot eavesdrop on transactions, or copy/modify data. Online firms must take additional precautions to prevent security breaches. To protect consumer information, they must maintain physical security of their servers and control access to software passwords and private keys. Techniques such as secret and public-key encryption and digital signatures play a crucial role in developing consumer confidence in electronic commerce.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.45-51
• /
• 2018

As data utilization and importance becomes important, data-related accidents and damages are gradually increasing. Especially, insider threats are the most harmful threats. And these insider threats are difficult to detect by traditional security systems, so rule-based abnormal behavior detection method has been widely used. However, it has a lack of adapting flexibly to changes in new attacks and new environments. Therefore, in this paper, we propose an adaptive anomaly movement detection framework based on a statistical Markov model to detect insider threats in advance. This is designed to minimize false positive rate and false negative rate by adopting environment factors that directly influence the behavior, and learning data based on statistical Markov model. In the experimentation, the framework shows good performance with a high F2-score of 0.92 and suspicious behavior detection, which seen as a normal behavior usually. It is also extendable to detect various types of suspicious activities by applying multiple modeling algorithms based on statistical learning and environment factors.

• Journal of the Korean Society of Safety
• /
• v.24 no.5
• /
• pp.63-68
• /
• 2009

The urgent VAI method development is required since "The Act of Physical Protection and Radiological Emergency that is established in 2003" requires an evaluation of physical threats in nuclear facilities and an establishment of physical protection in Korea. The VAI methodology is developed to (1) make a sabotage model by reusing existing fire/flooding/pipe break PSA models, (2) calculate MCSs and TEPSs, (3) select the most cost-effective TEPS among many TEPSs, (4) determine the compartments in a selected TEPS as vital areas, and (5) provide protection measures to the vital areas. The developed VAI methodology contains four steps, (1) collecting the internal level 1 PSA model and information, (2) developing the fire/flood/pipe rupture model based on level 1 PSA model, (3) integrating the fire/flood/pipe rupture model into the sabotage model by JSTAR, and (4) calculating MCSs and TEPS. The VAT process is performed through the VIPEX that was developed in KAERI. This methodology serves as a guide to develop a sabotage model by using existing internal and external PSA models. When this methodology is used to identify the vital areas, it provides the most cost-effective method to save the VAI and physical protection costs.

• Journal of the Korean Society of Safety
• /
• v.26 no.4
• /
• pp.87-95
• /
• 2011

The urgent VAI(Vital Area Identification) method development is required since 'The Act of Physical Protection and Radiological Emergency' that is established in 2003 requires an evaluation of physical threats in nuclear facilities and an establishment of physical protection in Korea. The KAERI(Korea Atomic Energy Research Institute) has developed the VAI methodology and VAI software called as VIPEX(Vital area Identification Package EXpert) for identifying the vital areas. This study is to demonstrate the applicability of KAERI's VAI methodology to a hypothetical facility, and to identify the importance of information of cable and piping runs when identifying the vital areas. It is necessarily needed to consider cable and piping runs to determine the accurate and realistic TEPS(Top Event Prevention Set). If the information of cable and piping runs of a nuclear power plant is not considered when determining the TEPSs, it is absolutely impossible to acquire the complete TEPSs, and the results could be distorted by missing it. The VIPEX and FTREX(Fault Tree Reliability Evaluation eXpert) properly calculate MCSs and TEPSs using the fault tree model, and provide the most cost-effective method to save the VAI and physical protection costs.

• The Journal of the Korea Contents Association
• /
• v.16 no.9
• /
• pp.329-338
• /
• 2016

Internet of Things (IoTs) technology makes every things in physical world being digitalized and communicated with each other. The technology is emerging as a new paradigm and is expected to provide a convenient and effective life. However, for the successful realization of the IoT technologies, IoT security issues are an important prerequisite, and particularly the privacy protection is expected to become more important in view of object communication directively related with human. In this paper we describe for the security and privacy threats in IoT environment and introduce the shodan (a legitimate search engine that finds backdoor routers, switches, webcams, IoT devices connected to the Internet etc.) that can expose the security and privacy problems. Lastly, we compare the privacy threats through real-world case study of network cameras currently in use and finally derive the countermeasures for the threats.