• International journal of advanced smart convergence
• /
• 제12권3호
• /
• pp.40-50
• /
• 2023

Blockchain is a technology designed to prevent tampering with digital documents or information, safeguarding transaction data and managing it in a structured manner. This proves beneficial in addressing issues of trust and data protection in B2B, B2C, and C2B transactions. Blockchain finds utility not only in financial transactions but also across diverse industrial sectors. This study outlines significant cases and responses that jeopardize the security of blockchain networks and cryptocurrency technology. Additionally, it analyzes safety and risk factors related to blockchain and proposes effective testing methods to preemptively counter these challenges. Furthermore, this study presents key security evaluation metrics for blockchain to ensure a balanced assessment. Additionally, it provides evaluation methods and various test case models for validating the security of blockchain and cryptocurrency transaction services, making them easily applicable to the testing process.

• 방사선산업학회지
• /
• 제12권4호
• /
• pp.303-310
• /
• 2018

Since Roentgen discovered X-rays, radiation sources have been utilized for many areas such as agriculture, industry, medicine and fundamental chemical research. As a result, human society has gained lots of benefits. However, if a radioactive material is used for the malicious purpose, it causes serious consequences to humanity and environment. Consequently, international organizations including International Atomic energy Agency (IAEA) have been emphasizing establishment and implementation of security management to prevent sabotage and illicit trafficking of radioactive materials. For this reason, the rule of technical standards of radiation safety management was revised and the public notice of security management regarding radioisotope was legislated in 2015 by Nuclear Safety and Security Commission (NSSC). Several radioactive sources which have to be regulated under the above rule and the public notice have been utilized in Advanced Radiation Technology Institute (ARTI) of Korea Atomic Energy Research Institute (KAERI). In order to control them properly, security management system such as access control and physical protection has been adapted since 2015. In this paper, we have analyzed the public notice of NSSC and its field application case. Based on the results, we are going to draw improvement on the public notice of NSSC and security system.

• 대한전기학회:학술대회논문집
• /
• 대한전기학회 2002년도 추계학술대회 논문집 전력기술부문
• /
• pp.381-383
• /
• 2002

This paper proposes a MATLAB program for solving security-constrained optimal power flow using linear programming. Security-constrained optimal power flow can find an optimal generation satisfying bus voltage limits, line flow limits, reactive generation limits, even if contingency occurs. Sensitivity matrixes are obtained based on power flow solutions with and without single line contingency. This program is tested for an IEEE 14bus system with 5 generators Results shows good ability of finding optimal solution in case of a single line contingency.

• 한국항행학회논문지
• /
• 제14권3호
• /
• pp.397-408
• /
• 2010

업무효율 향상을 위해 중소기업에서의 정보시스템 사용이 대중화 되면서 초기 대기업을 중심으로 사용된 DBMS 활용이 중소기업 경쟁력을 강화시키는 데 중요한 촉매제 역할을 하고 있다. 그러나 정보시스템 및 DBMS 확산에 따라 보안사고와 같은 역기능도 함께 대두되면서 대기업에 비해 상대적으로 경영자원이 부족한 중소기업은 보안 시스템에 대한 투자가 미흡하여 DB보안 시스템을 도입하는 데 어려움을 겪고 있다. 따라서 본 논문에서는 중소기업의 DBMS 사용에 따른 해킹 및 보안사고 위협들을 사전에 방지 할 수 있는 중소기업의 정보화 환경에 적합한 간략한 하드웨어 형태의 DB보안 어플라이언스를 설계하고자 한다.

• 산업공학
• /
• 제16권4호
• /
• pp.421-431
• /
• 2003

Due to the increasing complexity of the information systems environment, modern information systems are facing more difficult and various security risks than ever, there by calling for a higher level of security safeguard. In this paper, an information technology security risk management model, which modified by adopting the concept of business processes, is applied to client/server distributed systems. The results demonstrate a high level of risk-detecting performance of the model, by detecting various kinds of security risks. In addition, a practical and efficient security control safeguard to cope with the identified security risks are suggested. Namely, using the proposed model, the risks on the assets in both of the I/O stage(on client side) and the request/processing stage(on server side), which can cause serious problems on business processes, are identified and the levels of the risks are analyzed. The analysis results show that maintenance of management and access control to application systems are critical in the I/O stage, while managerial security activities including training are critical in the request/processing stage.

• 전기학회논문지
• /
• 제66권12호
• /
• pp.1879-1888
• /
• 2017

The Internet of Things (IoT) environment has been gradually approaching reality, and although it provides great convenience, security threats are increasing accordingly. For the IoT environment to settle safely, careful consideration of information security is necessary. Although many security measures in the design and development stages of IoT products have been studied thus far, apart from them, the establishment of systems and countermeasures for post management after the launch of IoT products is also very important. In the present paper, a technical and policy post-security management framework is proposed to provide secure IoT environments. The proposed framework defines the concrete response procedures of individual entities such as users, manufacturers, and competent authorities in the case of the occurrence of security flaws after launching IoT products, and performs appropriate measures such as software updates and recalls based on an assessment of the risk of security flaws.

• 정보보호학회논문지
• /
• 제29권2호
• /
• pp.451-463
• /
• 2019

본 연구의 목적은 정보보안 조직갈등의 단계와 유형이 정보보안 종사자의 직무이탈 의도에 미치는 영향을 파악하는데 있다. 폰디의 조직갈등이론을 적용하여 공기업 정보보안 종사자를 대상으로 한 설문자료를 분석하였으며 구조 방정식 모형을 사용하여 정보보안 종사자가 직무 활동에서 경험하는 갈등의 단계, 유형, 결과를 분석했다. 분석 결과, 정보보안 종사자가 조직갈등의 잠재요인을 감정적으로 받아들일수록 정보보안 종사자의 직무이탈의도가 높아지는 것으로 나타났다. 반면에, 인식메커니즘은 직무를 변경하여 조직을 이탈할 확률을 낮추는 조절 효과를 가진 것으로 나타났다. 조직 내 정보보안 종사자의 갈등에 관한 실증연구는 많지 않다. 본 연구의 분석 결과는 정보보호 조직의 관리자가 조직 내 갈등을 생산적인 방향으로 이끌어 가는데 활용할 수 있을 것이다.

• 한국항해항만학회지
• /
• 제36권3호
• /
• pp.261-271
• /
• 2012

본 연구의 목적은 항만기업 종사자들의 정보보안인식정도와 지각된 정보보안위험 정도에 영향을 미치는 요인들이 어떤 것들이 있는지를 실증 분석하는 것이다. 특히, 지각된 정보보안위험에 영향을 미치는 요인을 파악하기 위하여 위험분석방법론을 토대로 자산, 위협, 취약성과의 관계를 분석하였다. 252개의 유효설문을 대상으로 AMOS를 이용한 구조방정식 모형 분석을 하였다. 연구결과를 보면, 첫째, 항만기업 종사자의 경우 정보자산은 지각된 정보보안위험에 유의하지 않은 결과로 분석되었다. 둘째, 위협, 취약성은 지각된 정보보안위험에 유의한 영향을 미치는 것으로 나타났다. 마지막으로, 정보보안인식과 정보보안교육, 정보보안인식과 정보보안의도와의 관계는 유의하게 분석되었다. 그러나 정보보안관심도는 정보보안인식에 유의하지 않은 것으로 분석되었다.

• 한국IT서비스학회지
• /
• 제20권5호
• /
• pp.119-136
• /
• 2021

Since the global spread of COVID-19, social distancing and untact service implementation have spread rapidly. With the transition to a non-face-to-face environment such as telework and remote classes, cyber security threats have increased, and a lot of cyber compromises have also occurred. In this study, cyber-attacks and response cases related to COVID-19 are summarized in four aspects: cyber fraud, cyber-attacks on companies related to COVID-19 and healthcare sector, cyber-attacks on untact services such as telework, and preparation of untact services security for post-covid 19. After the outbreak of the COVID-19 pandemic, related events such as vaccination information and payment of national disaster aid continued to be used as bait for smishing and phishing. In the aspect of cyber-attacks on companies related to COVID-19 and healthcare sector, we can see that the damage was rapidly increasing as state-supported hackers attack those companies to obtain research results related to the COVID-19, and hackers chose medical institutions as targets with an efficient ransomware attack approach by changing 'spray and pray' strategy to 'big-game hunting'. Companies using untact services such as telework are experiencing cyber breaches due to insufficient security settings, non-installation of security patches, and vulnerabilities in systems constituting untact services such as VPN. In response to these cyber incidents, as a case of cyber fraud countermeasures, security notices to preventing cyber fraud damage to the public was announced, and security guidelines and ransomware countermeasures were provided to organizations related to COVID-19 and medical institutions. In addition, for companies that use and provide untact services, security vulnerability finding and system development environment security inspection service were provided by Government funding programs. We also looked at the differences in the role of the government and the target of security notices between domestic and overseas response cases. Lastly, considering the development of untact services by industry in preparation for post-COVID-19, supply chain security, cloud security, development security, and IoT security were suggested as common security reinforcement measures.

• Asia pacific journal of information systems
• /
• 제33권4호
• /
• pp.863-898
• /
• 2023

Previous studies have shown that insiders pose risks to the security of organisations' secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations' best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel's behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.