• Journal of Information Processing Systems
• /
• v.5 no.4
• /
• pp.197-206
• /
• 2009

We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.1
• /
• pp.151-157
• /
• 2020

This study explored the moderating effects of security ability on the influence of privacy concerns on internet activity using Korea media panel survey data. To this end, we applied between-subjects factorial design between 2 (privacy concern high / low) × 2 (security ability high / low) groups and compared five types of internet activity among four groups by variance analysis. As a result, privacy concerns have a main effect on internet activity, and security ability have a moderating role in this relationship. Despite the privacy concerns, people do their internet activities in order to enjoy the benefit from the internet. This study have academic implication in that it focus on the issue of privacy paradox in terms of the type of internet activity. In addition, practical implications are that, in order to activate online activities of individuals in an internet-connected society, efforts for enhancing their security abilities are necessary.

• The Journal of Korean Association of Computer Education
• /
• v.14 no.1
• /
• pp.55-67
• /
• 2011

Due to recent various online problems, the necessity of information security education has increased. The information security education was strengthened thanks to the informatics curriculum of middle school in 2007, but the educational fields lacked detailed educational materials that could be utilized. Thus to give appropriate information security education for elementary and middle school students, this research developed an unplugged activity for them. The activity was designed by applying Lickona's integrated ethical model and design patterns of unplugged activities, and developed through expert's review and pilot tests targeted to elementary school students. Developed activity was applied to 21 middle school students and the usability was evaluated. As results, first, the activity showed similar expectations from the previous activities. Second, persistence was also similar or higher compared to the previous activities, so the activity developed from this research secured the minimum usability. The unplugged activity developed from this research would give implications in producing various educational contents for information security education.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.91-96
• /
• 2022

Article materials reflect the results of scientific research and generalization of experience concerning quality measurement of student's educational activities in the context of innovative development of the educational process, which is ensured by introducing educational innovations. The main point of monitoring of higher education students' activities and also phenomenon of education quality, particularly its results, are determined in the research. Guided by the scientific theory and personal experience of scientific and pedagogical activities, the attempt to single out the key components, important indicators and to introduce component indicator model of quality of higher education students' activities on the qualimetry base has been performed. Methodical solutions concerning the application of the developed model to determine the dynamics of pedagogical students' educational achievements by particular educational components in the process of innovative development of educational process are proposed. The advanced studies that relate to the development of methods for monitoring the quality of pedagogical higher education students' activities on the basis of systemic, competence and qualimetry approaches taking into account the levels of education and chosen specialties have been decided.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1133-1143
• /
• 2012

Currently, Many Cyber Security Centers(CSC) are established and being operated in our country. But, in the absence of indicators to evaluate activities of the Managed Security Service(MSS), We can't identify the CSC's level of overall job performance. Therefore, we can't derive strengths and weaknesses from the CSC. From these reasons, The purpose of this research is to develop an objective indicator to evaluate activities of the MSS. I studied both international and domestic Information Security Management System(ISMS) as related standards(ISO/IEC 27001, G-ISMS). Moreover, I analysed the NIST Computer Security Incident Handing Guide and the Incident Management Capability Metrics(IMCM) of Carnegie Mellon Software Engineering Institute(SEI). The implications for this analysis and domestic hands-on experience are reflected in the research. So I developed 10 evaluation domains and 62 detail evaluation items. This research will contribute to our understanding the level of the CSC's job performance.

• Proceedings of the KIEE Conference
• /
• 2003.07d
• /
• pp.2747-2749
• /
• 2003

Security is concerned with the protection of assets from threats, where threats are categorised as the potential for abuse of protected assets. All categories of threats should be considered, but in the domain of security greater attention is given to those threats that are related to malicious or other human activities ISO/IEC 15408 requires the TOE(Target of Evaluation) Security Environment section of a Protection Profile(PP) or Security Target(ST) to contain a list of threats about the TOE security environment or the intended usage of the TOE. This paper presents a specific physical threats should be considered in the smart card PP which developers of smart card PP must consider.

• Asia pacific journal of information systems
• /
• v.23 no.4
• /
• pp.129-149
• /
• 2013

According to the development of new Information Technologies, firms consistently invest a significant amount of money in IT activities, such as establishing internal and external information systems. However, several anti-Information activities-such as hacking, leakage of information and system destruction-are also rapidly increasing, thus many firms are exposed to direct and indirect threats. Therefore, firms try to establish information security systems and manage these systems more effectively via an enterprise perspective. However, stakeholders or some managers have negative opinions about information security systems. Therefore, in this research, we study the relationship between multibusiness firms' performance and information security systems. Information security indicates physical and logical correspondence of information system department against threats and disaster. Studies on information security systems suggested frameworks such as IT Governance Cube and COBIT Framework to identify information security systems. Thus, this study define that information security systems is a controlled system on enterprise IT process and resource on IT Governance perspective rather than independent domain of IT. Thus, Information Security Systems should be understood as a subordinate concept of IT and business processes. In addition, this study incorporates information capability to information security system literature to show the positive relationship between Information Security Systems and Corporate Performance. The concept of information capability suggested that an interaction of human, information, technical and an effect on corporate performance using three types of capability (IT Practice, Information Management Practice, Information Behaviors and Values). Information capability is about firms' capability to manage IT infrastructure and information as well as individual employees who use IT infrastructure and information. Thus, this study uses information capability as a mediating variable for the relationship between information security systems and firms' performance. To investigate the relationship between Information Security Systems and multibusiness firms' performance, this study extends the IT relatedness concept into Information Security Systems. IT relatedness provides understanding of how corporations cope with conflicts between headquarters and business units to create a synergy effect and achieve high performance using IT resources. Based on the previous literature, this study develops the IT Security Relatedness model. IT Security Relatedness is our main independent variable, while Information Capability and Information Security Performance are mediating variables. To control for the common method bias, we collect each multibusiness firm's financial performance and use it as our dependent variable. We find that Information Security Systems influence Information Capability and Information Security Performance positively, and these two variables consequently influence Corporate Performance positively. In addition, this result indirectly shows that corporations under a multibusiness environment can obtain synergy effects using the integrated Information Security Systems. This positive impact of Information Security Systems on multibusiness firms' performance has an important implication to various stakeholders. Therefore, multibusiness firms need to establish Information Security Systems to achieve better financial performance.

• Proceedings of the KIEE Conference
• /
• 2008.07a
• /
• pp.205-206
• /
• 2008

Electrical Power System is very important infrastructure in the country. The functions of control, monitoring and so on in the electrical power system are implemented by information technologies(IT) through cyber space. Recently, many activities for enhancing cyber security in the world. In this paper, we introduce the study tendency of cyber security in power IT areas.

• The Journal of Korea Robotics Society
• /
• v.10 no.1
• /
• pp.24-32
• /
• 2015

This paper introduces a graphical user interface design that is aimed to apply to the surveillance and security robot, which is the pilot program for the army unmanned light combat vehicle. It is essential to consider the activities of robot users under the changing security environment in order to design the efficient graphical user interface between user and robot to accomplish the designated mission. The proposed design approach firstly identifies the user activities to accomplish the mission in the standardized scenarios of military surveillance and security operation and then develops the hierarchy of the interface elements that are required to execute the tasks in the surveillance and security scenarios. The developed graphical user interface includes input control component, navigation component, information display component, and accordion and verified by the potential users from the various skilled levels with the military background. The assessment said that the newly developed user interface includes all the critical elements to execute the mission and is simpler and more intuitive compared to the legacy interface design that was more focused on the technical and functional information and informative to the system developing engineers rather than field users.

• Journal of The Korean Association of Information Education
• /
• v.20 no.3
• /
• pp.273-282
• /
• 2016

The new STEAM program suggested in this paper aims at helping students to have interest in information security engineering experts and to design their career creatively through the project on future promising career. The program was designed to help teachers and students understand the jobs and capabilities required for information security experts through direction and execution of the information security expert project. Teaching tools of information security through simulation hacking play activities based on hexagon cell is designed to provide students with the chance to indirectly experience the job of a computer security expert through an unplugged education. Because the content of cyber security is unfamiliar and difficult to understand, the program is designed to allow students to access the key principle of the job, rather than to describe the technical part. Using this program, students will be able to communicate with each other to solve the problems, to have interest in computer security experts, and to design their careers in a creative manner.