• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.18 no.5
• /
• pp.77-90
• /
• 2023

This study aims to investigate the potential of alternative credit assessment through Social Networking Sites (SNS) as a complementary tool to conventional loan review processes. It seeks to discern the impact of SNS usage characteristics and loan product attributes on credit loan repayment. To achieve this objective, we conducted a binomial logistic regression analysis examining the influence of SNS usage patterns, loan characteristics, and personal attributes on credit loan conditions, utilizing data from Company A's credit loan program, which integrates SNS data into its actual loan review processes. Our findings reveal several noteworthy insights. Firstly, with respect to profile photos that reflect users' personalities and individual characteristics, individuals who choose to upload photos directly connected to their personal lives, such as images of themselves, their private circles (e.g., family and friends), and photos depicting social activities like hobbies, which tend to be favored by individuals with extroverted tendencies, as well as character and humor-themed photos, which are typically favored by individuals with conscientious traits, demonstrate a higher propensity for diligently repaying credit loans. Conversely, the utilization of photos like landscapes or images concealing one's identity did not exhibit a statistically significant causal relationship with loan repayment. Furthermore, a positive correlation was observed between the extent of SNS usage and the likelihood of loan repayment. However, the level of SNS interaction did not exert a significant effect on the probability of loan repayment. This observation may be attributed to the passive nature of the interaction variable, which primarily involves expressing sympathy for other users' comments rather than generating original content. The study also unveiled the statistical significance of loan duration and the number of loans, representing key characteristics of loan portfolios, in influencing credit loan repayment. This underscores the importance of considering loan duration and the quantity of loans as crucial determinants in the design of microcredit products. Among the personal characteristic variables examined, only gender emerged as a significant factor. This implies that the loan program scrutinized in this analysis does not exhibit substantial discrimination based on age and credit scores, as its customer base predominantly consists of individuals in their twenties and thirties with low credit scores, who encounter challenges in securing loans from traditional financial institutions. This research stands out from prior studies by empirically exploring the relationship between SNS usage and credit loan repayment while incorporating variables not typically addressed in existing credit rating research, such as profile pictures. It underscores the significance of harnessing subjective, unstructured information from SNS for loan screening, offering the potential to mitigate the financial disadvantages faced by borrowers with low credit scores or those ensnared in short-term liquidity constraints due to limited credit history a group often referred to as "thin filers." By utilizing such information, these individuals can potentially reduce their credit costs, whereas they are supposed to accrue a more substantial financial history through credit transactions under conventional credit assessment system.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.19 no.2
• /
• pp.215-235
• /
• 2024

As artificial intelligence (AI) technology is recognized as a key technology that will determine future national competitiveness, competition for AI technology and industry promotion policies in major countries is intensifying. This study aims to present implications for domestic policy making by analyzing the policies of major countries on the start-up of AI companies, which are the basis of the AI industry ecosystem. The top four countries and the EU for the number of new investment attraction companies in the 2023 AI Index announced by the HAI Research Institute at Stanford University in the United States were selected, The United States enacted the National AI Initiative Act (NAIIA) in 2021. Through this law, The US Government is promoting continued leadership in the United States in AI R&D, developing reliable AI systems in the public and private sectors, building an AI system ecosystem across society, and strengthening DB management and access to AI policies conducted by all federal agencies. In the 14th Five-Year (2021-2025) Plan and 2035 Long-term Goals held in 2021, China has specified AI as the first of the seven strategic high-tech technologies, and is developing policies aimed at becoming the No. 1 AI global powerhouse by 2030. The UK is investing in innovative R&D companies through the 'Future Fund Breakthrough' in 2021, and is expanding related investments by preparing national strategies to leap forward as AI leaders, such as the implementation plan of the national AI strategy in 2022. Israel is supporting technology investment in start-up companies centered on the Innovation Agency, and the Innovation Agency is leading mid- to long-term investments of 2 to 15 years and regulatory reforms for new technologies. The EU is strengthening its digital innovation hub network and creating the InvestEU (European Strategic Investment Fund) and AI investment fund to support the use of AI by SMEs. This study aims to contribute to analyzing the policies of major foreign countries in making AI company start-up policies and providing a basis for Korea's strategy search. The limitations of the study are the limitations of the countries to be analyzed and the failure to attempt comparative analysis of the policy environments of the countries under the same conditions.