• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.85-100
• /
• 2004

All information system is information security system that enforced security function. To improve qualify of information security system, suity requirement analysis and specification must be Performed by consistently and typically at early requirement analysis step. In this paper, we propose a security requirements analysis and specification model and process by using Misuse Case Model that extends UML's Use Case Model. And, we propose a cost-effective security product selection algorithm that security product is sufficient of all constructed security functional requirements. It may raise quality of information security system that developed through proposed model and process.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.9
• /
• pp.4588-4608
• /
• 2017

The measurement of information security levels is a very important but difficult task. So far, various measurement methods have studied the development of new indices. Note, however, that researches have focused on the problem of attaining a certain level but largely neglecting research focused on the issue of how different types of possible flaws in security controls affect each other and which flaws are more critical because of these effects. Furthermore, applying the same weight across the board to these flaws has made it difficult to identify the relative importance. In this paper, the interrelationships among security flaws that occurred in the security controls of K-ISMS were analyzed, and the relative impact of each security control was measured. Additionally, a case-control study was applied using empirical data to eliminate subjective bias as a shortcoming of expert surveys and comparative studies. The security controls were divided into 2 groups depending on whether or not a security flaw occurs. The experimental results show the impact relationship and the severity among security flaws. We expect these results to be applied as good reference indices when making decisions on the removal of security flaws in an enterprise.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.31 no.3
• /
• pp.172-177
• /
• 2023

The main purpose of the research was to review the global trends of airport's smart security technologies. Moreover, using the case studies of airport using smart security, this paper tried to propose the implication how the findings through the case studies may be important for airport policy and will impact the future research of airport operation. It is expected in the future the aviation security technology with biometric information evolves from single identification to multiple identification technology which has combined application of iris, vein and others. Facing post COVID-19 era, the number of passengers traveling through airports continues increase dramatically and the risks as well, the role of AI becomes even more crucial. With AI based automated security robotics airport operators could effectively handle the growing passenger and cargo volume and address the associated issues Smart CCTV analysis with A.I. and IoT applying solutions could also provide significant support for airport security.

• Asia pacific journal of information systems
• /
• v.21 no.4
• /
• pp.27-43
• /
• 2011

This article explores economic models that show the optimal level of information security investment in the presence of interdependent security risks, Using particular functional forms, the analysis shows that the relationship between the levels of security vulnerability and the levels of optimal security investments is affected by externalities caused by agents' correlated security risks. This article further illustrates that, compared to security investments in the situation of independent security risks, in order to maximize the expected benefits from security investments, an agent should invest a larger fraction of the expected loss from a security breach in the case of negative externalities, while an agent should spend a smaller fraction of the expected loss in the case of negative externalities.

• Asia pacific journal of information systems
• /
• v.8 no.2
• /
• pp.105-119
• /
• 1998

As the first step to information security, the security policy and organizational control need to be established. The purpose of this study is to investigate the policy and management of information security of five major Korean business groups. The results of case study on five giant groups can be summarized as follows. There exists a basic policy for information security. But it is outdated and not realistic in the present. The security audit and education need to be upgraded. It is also necessary to use security tools actively. The security level is low in companies which do not have independent information security divisions. Therefore, it is desirable to build information security teams. The number of security personnel is not enough for the task although there exist an information security team in the company. It is important to check if the team has the ability of perform information security task. The interview with security managers reveals that the total security management should be integrated with physical and computer security. It is suggested that an Information Security Center play the major role for information security. The study on the information security management for industry level is expected to be performed in the future.

• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.1
• /
• pp.23-32
• /
• 2023

Since NFTs can be used like certificates due to the nature of blockchain, their use in various digital asset trading markets is expanding. This is because NFTs are expected to be actively used as a core technology of the metaverse virtual economy as non-transferable NFTs are developed. However, concerns about NFT security threats are also growing. Therefore, the purpose of this study is to investigate and analyze NFT-related infringement cases and to clearly understand the current security status and risks. As a research method, we determined NFT security areas based on previous studies and analyzed infringement cases and threat types for each area. The analysis results were systematically mapped in the form of domain, case, and threat, and the meaning of the comprehensive results was presented. As a result of the research, we want to help researchers clearly understand the current state of NFT security and seek the right research direction.

• Korean Security Journal
• /
• no.16
• /
• pp.161-187
• /
• 2008

The purpose of this study is to suggest a development method of current Korean security system by analyzing the problems shown in the performance of security work in relation to the terrorism, which is enlarging in the word, from various aspects. In order to perform the study, the researcher considered the basic theory concerned to current Korean law concerned to security, principle and methodology of security, terror and new terrorism. The researcher performed the study by selecting qualitative case study focused on Park Geun-Hye case. Through the study, the methods to develop Korean security system are as follows. First, from the legal aspect, it is necessary to establish the law concerned to terrorism prevention and important person security. Moreover, it is necessary to search for the development of private security by revising Security Industry Act, which is a legal ground of private security. Second, it is necessary to improve and reinforce education & training program, which is not still divided in detail from the aspect of private security cultivation. Moreover, it is necessary to activate personal protection work and enlarge market through Security Industry Act and make an effort to change social recognition over security, which is devaluated in the society. From the viewpoint, national license about private security shall be adopted. The department of president security, which is a representative of official security, shall transfer the advanced technology to private security organization. Third, from the aspect of operation, the operation of security based on SCE principle, human shield principle, the nearest person's protection principle, body extension principle, linear protection principle and evacuation priority principle is required. Therefore, the priority shall be given to preventive security and thorough security plan shall be made for the operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.157-169
• /
• 2010

As the information society changes into the ubiquitous computing society, the importance of information security has increased. Governments and enterprises are carrying out various information security activities to operate their information asset effectively. Since 2006, the Korean government has implemented 'Advance Diagnosis' policy to analyze the vulnerability of the information security from the early stage of the information system development to secure the information stability. This study proposes an analyzing framework for the economic effects of Advance Diagnosis for Information Security and presents an illustrative application em a real Advance Diagnosis case. The results of this study can be applied to secure the economic justification of government policies for the security of information systems.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.39-48
• /
• 2010

In a complex, secure IT system environment there will be groups of data that be segregated from one another, yet reside on the same system. Users of the system will have varying degrees of access to specific data. The Configuration Management(CM) of the information architecture, the physical architecture, user privileges and application security policies increases the complexity for operations, maintenance and security staff. This pager describes(current work to merge the capabilities of a network CM toll with those of a Computer Aided System Engineering(CASE) tool. The rigour of Systems Engineering(SE) modelling techniques can be used to deal with the complexities of multi-level information security. The SE logical and physical models of the same system are readily tailorable to document the critical components of both the information architecture and physical architecture that needs to be managed. Linking a user-friendly, physical CM tool with the extended capabilities of a CASE tool provide the basis for improved configuration management of secure IT systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.135-141
• /
• 2008

The risk enlargement of cyber infringement and hacking is one of the latest hot issues. To solve the problem, the research for Security Risk Analysis, one of Information Security Technique, has been activating. However, the evaluation for Security Risk Analysis has many burdens; evaluation cost, long period of the performing time, participants’ working delay, countermeasure cost, Security Management cost, etc. In addition, pre-existing methods have only treated Analyzing Standard and Analyzing Method, even though their scale is so large that seems like a project. the Analyzing Method have no option but to include assessors’ projective opinion due to the mixture using that both qualitative and quantitative method are used for. Consequently, in this paper, we propose the Security Risk Analysis Methodology which manage the quantitative evaluation as a project and use Case-Based Reasoning Algorithm for define the period of the performing time and for select participants.