• Journal of the Korea Society of Computer and Information
• /
• v.25 no.9
• /
• pp.143-150
• /
• 2020

The purpose of this study is to investigate the human error of bodyguards caused in the process of performing access control activities between security missions, focusing on multiple risk cases, and to suggest countermeasures accordingly. To verify this, after arranging the sequence of events in a time series, the VTA technique and Why-Why analysis technique that can easily identify the problem centered on the variable node were used. In addition, environmental factors and personal factors that cause human errors were extracted through M-SHEL Metrix. As a result of analyzing multiple risk cases through such a method, the security environment factors that cause access control accidents include lack of time (impatience), prejudice against visitors, intensive work methods, lack of security management, unattended travel, and familiar atmosphere. (Relaxation), formal work activities, convenience provision, and underestimation were surveyed. In addition, human errors caused by personal security guards were investigated as low alertness, formal work, negligence of inspection, and comfortable coping.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.811-820
• /
• 2017

Software automatic technology research recently focuses not only on generating a single path test-case, but also on finding an optimized path to reach the vulnerability through various test-cases. Although Dynamic Symbolic Execution (DSE) technology is popular among these automatic technologies, most DSE technology researches apply only to Linux binaries or specific modules themselves. However, most software are vulnerable based on input files. Therefore, this paper proposes an input file based dynamic symbolic execution method for software vulnerability verification. As a result of applying it to three kinds of actual binary software, it was possible to create a test-case effectively reaching the corresponding point through the proposed method. This demonstrates that DSE technology can be used to automate the analysis of actual software.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.223-230
• /
• 2013

Recently, a large number of corporations are adopting cloud solution in order to reduce IT-related costs. By the way, Digital Trace should have admissibility to be accepted as digital evidence in court, and integrity is one of the factors for admissibility. In this context, this research implemented integrity verification test to VM Data which was collected by well-known private cloud solutions such as Citrix, VMware, and MS Hyper-V. This paper suggests the effective way to verify integrity of VM data collected in private cloud computing environment based on the experiment and introduces the error that EnCase fails to mount VHD (Virtual Hard Disk) files properly.

• The Journal of Asian Finance, Economics and Business
• /
• v.7 no.9
• /
• pp.467-475
• /
• 2020

The study aims to investigate factors affecting enterprise's satisfaction and loyalty toward the Social Security's online public services, looking at the case of Thanh Hoa province, Vietnam. This study employs samples with 216 enterprises that use online public system of Thanh Hoa province's Social Security. The research model is closely linked to the SERVQUAL model developed by Parasuraman, Zeithaml and Berry (1988). We propose 23 scales that constitute the quality of service, three scales that constitute Customer Satisfaction and three components that constitute Customer Loyalty. This study use the tool of Exploratory Factor Analysis (EFA), Cronbach's Alpha test, Confirm Factor Analysis (CFA) and Structural Equation Modeling (SEM) in order to address the question of satisfaction and loyalty. The result shows that the factor with the most impact is Reliability, next is Capacity of staffs, Tangibles, Attitude of staffs, and the least impacting factor is Empathy; moreover, the results also show that Satisfaction has a strong impact on Customer Loyalty. The findings of this study suggest that Thanh Hoa province's Social Security should: (i) strengthen the reliability of online service system; (ii) build capacity for staffs; (iii) develop the responsiveness of electronic transactions systems; and (iv) improve the empathy of staffs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.69-77
• /
• 2008

In the recent years, power attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate results in the algorithm computations(encryption, decryption, and key-schedule) are well-known. Applications of masking methods are able to vary in different block ciphers, therefore suitable masking methods about each ciphers have been researched. Existed methods of ARIA have many revisions of mask value. And because existed masking methods pay no regard for key schedule, secret information can be exposed. In the case of ARIA, this problem is more serious than different block ciphers. Therefore we proposes an efficient masking scheme of ARIA including the key-schedule. Our method reduces time-complexity of ARIA encryption, and solve table-size problem of the general ARIA masking scheme from 256*8 byte to 256*6 byte.

• Korean Security Journal
• /
• no.2
• /
• pp.193-210
• /
• 1999

Through the case study, this thesis suggests several methods to prevent the assassination attempt on V.I.P. by examining what makes assassin assassinate V.I.P. and analyzing various kinds of motive and type. The paper, aiming to prevent assassination on V.I.P. consists of four chapters. Chapter I, the introductory chapter of this thesis, describes regarding the V.I.P. protection environment surrounding our nation. Chapter II concerns various kinds of motive and type of assassination. Under the title 'Point and Provision of Assassination' , chapter III shows several example case studies on assassinations occurred in our nation and foreign countries and suggests it's points and the lesson these case studies give us. The fourth chapter concludes with a bibliography. The conclusion of this study can be summarized in a word as following proverb; 'Providing is Preventing'.

• Asia pacific journal of information systems
• /
• v.10 no.2
• /
• pp.149-176
• /
• 2000

As companies become more dependent upon information systems(IS), the potential losses of IS resources become critical. IS management must assume the increasing responsibility for protection of IS resources as the IS and business environments become more vulnerable to various threats. The major issues facing management, when attempting to manage risks, include the assessment of the impact of risks on business objectives and the design of security safeguards to reduce the unacceptable risks to an acceptable level. This paper provides a case study of the risk management for IS. A Korean credit card company which has the high sensitivity for customers security was selected as a case. The risk management procedure using a powerful tool, CRAMM(the Central Computer and Telecommunications Agencys Risk Analysis and Management Method) was applied for this company.

• Journal of Information Technology Services
• /
• v.14 no.4
• /
• pp.221-236
• /
• 2015

Application software is delivered to customers as a form of service at cloud environment. A cloud service provider is a marketplace between supply side (application providers) and demand side (customers). Cloud service providers have to validate applications to be included in their service portfolio. Not only performance, security, networking, compliances should be checked but also business contract, authentication should be provided. Organization customers are more sensitive to these validation criteria and process. We study the Internet2 NET+, which is a successful cloud marketplace of applications for research and education organizations. This case study shows us three things : (i) a cloud marketplace's application management process : selection, validation, transition to service, customization of applications (ii) what a cloud marketplace has for its infrastructure like authentication, security, access control etc. (iii) what a cloud marketplace has as its governance structure. This case study will provide informative analysis of Internet2 NET, a profit-making vertical and buyer's marketplace (education industry). And we will get some strategic implications for planning and implementing cloud marketplaces.

• Korean Security Journal
• /
• no.55
• /
• pp.143-167
• /
• 2018

According to the Security Services Industry Act security guards are not just workers but security-related service workers complementing the lack of police force and specializing in protecting of national important facilities, industrial facilities and apartment houses. Nevertheless, confusing or mixing the security service workers in "Security Services Industry Act" with the guards in the "Act on the Protection etc. of Temporary Agency Workers" lead to a constant debate about the scope of work of security guards. In the case of security service workers in "Security Services Industry Act" there is a strict limitations on security service worker's qualification such as strict reasons for disqualification, a need to pass training for new workers and qualification training, a need to report to the competent chief police officer if the security guard has placed or unplaced by the security service company. It distinguishes security service workers in "Security Services Industry Act" from the guards in the "Act on the Protection etc. of Temporary Agency Workers" and acknowledges the occupation of security service worker as a professional service worker. Therefore, security service workers in "Security Services Industry Act" shouldn't be obliged to do any other work than security work. If it is required to do other work than security work contract by the "Security Services Industry Act" doesn't apply but need to use a security guard according to "Act on the Protection etc. of Temporary Agency Workers" or hire a security guard on the employment contract. In this way, when security service workers in "Security Services Industry Act" are recognized as professional security related workers, the entire security industry can ultimately develop.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.51-59
• /
• 2016

An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.