• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.763-773
• /
• 2017

In recent years, personal information leakage and technology leakage accidents are frequently occurring. According to the survey, the most important part of this spill is the 'insider' within the organization, and the leakage of technology by insiders is considered to be an increasingly important issue because it causes huge damage to the organization. In this paper, we try to learn the normal behavior of employees using machine learning to prevent insider threats, and to investigate how to detect abnormal behavior. Experiments on the detection of abnormal behavior by implementing an Autoencoder composed of Recurrent Neural Network suitable for learning time series data among the neural network models were conducted and the validity of this method was verified.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.267-279
• /
• 2017

This study emulated unscheduled phishing e-mails over a long period of time by imitating the manner in which external hackers attacked a group of employees in a company. We then measured and analyzed the recipient's ability to identify and respond to phishing e-mails as training progressed. In addition, we analyzed the changes in participants' response behavior when changing the external control condition between the training. As a result of the analysis, it was confirmed that the training duration had a positive (+) relationship with the employees' ability to identify phishing e-mails and the infection rate, and more employees read emails and infected with phishing attacks using social issues and seasonal events. It was also confirmed that reinforcement of internal control policy on infected persons affects positively (+) on the phishing attack response behavior of employees. Based on these results, we would like to suggest the right training method for each organization to enhance the ability of employees to cope with phishing attacks.

• Journal of Information Processing Systems
• /
• v.8 no.2
• /
• pp.347-358
• /
• 2012

Recently, security researches have been processed on the method to cover a broader range of hacking attacks at the low level in the perspective of hardware. This system security applies not only to individuals' computer systems but also to cloud environments. "Cloud" concerns operations on the web. Therefore it is exposed to a lot of risks and the security of its spaces where data is stored is vulnerable. Accordingly, in order to reduce threat factors to security, the TCG proposed a highly reliable platform based on a semiconductor-chip, the TPM. However, there have been no technologies up to date that enables a real-time visual monitoring of the security status of a PC that is operated based on the TPM. And the TPB has provided the function in a visual method to monitor system status and resources only for the system behavior of a single host. Therefore, this paper will propose a m-TMS (Mobile Trusted Monitoring System) that monitors the trusted state of a computing environment in which a TPM chip-based TPB is mounted and the current status of its system resources in a mobile device environment resulting from the development of network service technology. The m-TMS is provided to users so that system resources of CPU, RAM, and process, which are the monitoring objects in a computer system, may be monitored. Moreover, converting and detouring single entities like a PC or target addresses, which are attack pattern methods that pose a threat to the computer system security, are combined. The branch instruction trace function is monitored using a BiT Profiling tool through which processes attacked or those suspected of being attacked may be traced, thereby enabling users to actively respond.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.5
• /
• pp.463-474
• /
• 2023

Advances in technology have made it easier for organizations to share information and collaborate. However, collaboration systems where multiple entities share and access information are vulnerable to security. The concept of Software Bill Of Materials (SBOM) has emerged as a way to strengthen information security by identifying and transparently managing the components of software programs. To promote the adoption of SBOM in Korea, this study investigated the intention to use of collaboration system managers. This study was based on the theory of planned behavior and the integrated technology acceptance theory. The results of this study confirmed that performance expectations from SBOM adoption were an important variable for intention to use, and positive attitudes toward security also had an indirect effect through performance expectations. We found that SBOM adoption has an important causal relationship with performance due to the fact that it is targeted at enterprises, and that positive attitudes toward security and social climate can have a strong effect on intention to use.

• The Journal of Korean Association of Computer Education
• /
• v.23 no.1
• /
• pp.63-75
• /
• 2020

From the perspective of compliance with security policies by members of the organization, which is a major cause of security incidents, this study presented biased thinking as factors that affect compliance with security policies and verified the following: First, the impact of biased thinking on security policies on compliance with security policies is verified. Second, the participation of management, perceived risk, education and punishment of management will verify the adjustment effect of increasing or decreasing biased thinking. Finally, we have verified that compliance attitudes have a significant impact on compliance behavior. To this end, 157 people were surveyed, statistical analysis of research models and structural equations, and conformity analysis were conducted. Studies have shown that biased thinking has a negative effect on the attitude of compliance with information security. In addition, it was analyzed that the attitude of compliance with information security policy increases policy compliance behavior. On the other hand, the higher the perceived risk of information security, the lower the bias was the adjustment effect, but management's participation, education and punishment were found to have no adjustment effect.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.19-25
• /
• 2018

With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

• Asia pacific journal of information systems
• /
• v.30 no.2
• /
• pp.308-327
• /
• 2020

The importance of information security is increasing, and various efforts are being made to improve users' information security behaviors. Among these various efforts, information security education is mainly aimed at providing users with information security knowledge and improving information security awareness. This study classified the types of information security education into offline and online to examine the effects of each education method on attitudes toward information security (perceived severity, vulnerability, self-efficacy and response-efficacy) and information security behaviors. A survey was conducted for users with information security education experiences. The results obtained by comparing the differences in the path coefficients of personal information security behaviors according to information security education experiences showed that security behaviors were more significant in the online experience group than the offline group. In addition, gender differences were analyzed, and it was found that females had a greater impact on information security attitudes than males. This study also found that among Internet users with online information security education experience, females tend to have more information security behavior than males, but there were contrasting results among users with offline information security education experiences. The results of this study finally address the necessity of reflecting users' personalities in the systematic design of information security education in the future. Furthermore, the results of this study support the need for an appropriate education system that sufficiently understands education types to maximize the effects of information security education.

• Korean Journal of Child Studies
• /
• v.21 no.4
• /
• pp.81-103
• /
• 2000

Two sub-standies were conducted to analyze attachment related variables in infants and characteristics of maternal behavior. The first study investigated the relationships among attachment related variables in infants. The sample consisted of 58 pairs of 11- to 13- months-old infants and their mothers. A significant relationship was found among attachment security, infant temperament and maternal sensitivity. There were differences between security scores of the easy and difficult infants. Securely attached infants were rated as easier temperamentally than insecurely attached infants. The second study analyze maternal behavior characteristics. Subjects were this 30 mothers whose children were between the ages of 2 months and 24 months. The results identified four types of maternal behaviors. This study suggests different method of assessing subjective attributes of individuals by introducing Q-methods to the field of child development.

• Korean Security Journal
• /
• no.45
• /
• pp.65-86
• /
• 2015

The purpose of this study was aimed to identify the relationship between service quality and behavior by spectators participating security exhibition. The subject for this study was spectators who participating World Security Expo 2014 held three days from March 12 to 14 in 2014. 350 samples were selected by convenience sampling for subject of this study. 320 out of 350 surveys, excluded 30 unfaithful and defected surveys, were used for data analysis. Research tool was questionnaire which was based on and recomposed by previous researches home and abroad. The collected data were treated for analysis of frequency, reliability, factor analysis, correlation, and multitiple regression analysis by using SPSS statistic package version of 18.0 Through the above research method and procedure, the results were as followings. First, the relationship between service quality and behavior after participating exhibition appeared positively. It was found that there was high relationship between service quality and behavior. Second, analyzing relationship of factors between service quality and behaviors resulted to effect perceived environment, human services, and product on word of mouth. Third, analyzing relationship of factors between service quality and behaviors resulted to effect perceived environment, product, and price on re-participation.

• The Journal of Information Systems
• /
• v.17 no.1
• /
• pp.23-43
• /
• 2008

Nowadays, openness and accessibility of information systems increase security threats from inside and outside of organization. Appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. This study emphasizes on choosing passwords from perspective of information security and investigated user's security awareness affecting behavioral intention. The research model proposed in this study includes user's security belief which is influenced by risk awareness factors such as information assets, threats and vulnerability elements. The risk awareness factors ale derived from risk analysis methodologies for information security. User's risk awareness is a factor influencing the security belief, attitude toward security behavior, and security behavioral intention. According to the result of this study, while vulnerability is not related to the risk awareness, information assets and threats are related to the user's risk awareness. There is a significant relationship between risk awareness and security belief. Also, user's security behavioral intention is significantly affected by security attitude.