• Journal of the Korean Society of Safety
• /
• v.31 no.1
• /
• pp.139-147
• /
• 2016

Nuclear energy is considerably cheap and clean compared to other fossil fuels. Yet, there are rising safety concerns of nuclear power plants including the possibility of radiation releasing nuclear accidents. In light of the Fukushima nuclear crisis in 2011, Japan has been re-evaluating their existing energy policies and increasing the share of alternative energy. This paper first tracks the major historical changes of energy policy in Japan by time period. Next, energy security, reignited concerns and alternative energy are covered to examine Japan's energy security situation and its transition after the Fukushima disaster. Lastly, a short survey based on thematic analysis was conducted in South Korea and Japan to understand the public awareness of nuclear. This paper postulates that the case of Fukushima will contribute to establish and operate a safe-future nuclear program in South Korea, given that the country is not only geographically neighbouring Japan but also the world's fourth largest producer of nuclear energy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.809-820
• /
• 2016

The smart grid, a new open platform, is a core application for facilitating a creative economy in the era of the Internet of Things (IoT). Advanced Metering Infrastructure (AMI) is one of the components of the smart grid and a two-way communications infrastructure between the main utility operator and customer. The smart meter records consumption of electrical energy and communicates that information back to the utility for monitoring and billing. This paper investigates the impact of a cybersecurity attack on the smart meter. We analyze the cost to the smart grid in the case of a smart meter attack by authorized users based on a high risk scenario from NESCOR. Our findings could be used by policy makers and utility operators to create investment decision-making models for smart grid security.

• Knowledge Management Research
• /
• v.20 no.3
• /
• pp.91-106
• /
• 2019

In the era of the 4th Industrial Revolution, the importance of information protection is increasing day by day with the advent of the 'hyper-connection society', and related government financial investment is also increasing. The source of the government's fiscal investment projects is taxpayers' money. Therefore, the government needs to evaluate the effectiveness and feasibility of the project by comparing the public benefits created by the financial investment projects with the costs required for it. At present, preliminary feasibility study system which evaluates the feasibility of government financial investment projects in Korea has been implemented since 1994, but most of them have been actively carried out only in some fields such as large SOC projects. In this study, we discuss the feasibility evaluation of public projects for the purpose of information security. we introduce the case study of the personal information protection program of Korean public institutions and propose a cost-effectiveness analysis method that can be applied to the feasibility study of the information protection field. Finally, we presented the feasibility study and criteria applicable in the field of information security.

• International Journal of Computer Science & Network Security
• /
• v.23 no.9
• /
• pp.29-36
• /
• 2023

Blockchain is an emerging technology that is used to address ownership, centrality, and security issues in different fields. The blockchain technology has converted centralized applications into decentralized and distributed ones. In existing sharing economy applications, there are issues related to low efficiency and high complexity of services. However, blockchain technology can be adopted to overcome these issues by effectively opening up secure information channels of the sharing economy industry and other related parties, encouraging industry integration and improving the ability of sharing economy organizations to readily gain required information. This paper discusses blockchain technology to enhance the development of insurance services by proposing a five-layer decentralized model. The Najm for Insurance Services Company in Saudi Arabia was employed in a case study for applying the proposed model to effectively solve the issue of online underwriting, and to securely and efficiently enhance the verification and validation of transactions. The paper concludes with a review of the lessons learned and provides suggestions for blockchain application development process.

• The Journal of Korean Association of Computer Education
• /
• v.16 no.1
• /
• pp.73-80
• /
• 2013

Government promotes that the strategy of national R&D converts from catch-up R&D type to leading R&D type for the future growth and national competitiveness according to the recent paradigm shift in the research and development. So the many national researches about foundation, source and core technology are actively being made. As a result of these researches, the security has become an important part of success factor in R&D. And so various security diagnosis and evaluation is being conducted about national R&D program. Existing the research security evaluation models are classified domains in terms of security management and created evaluation indicators according to the domains. However the models are inappropriate in case of researchers doing self-diagnosis of research security. This paper set up the domains in aspect of research management and then proposed the evaluation indicator of research security according to the domains. The evaluation indicator model that is suggested can be utilized in self-diagnosis of research security effectively.

• Journal of the Society of Disaster Information
• /
• v.7 no.3
• /
• pp.181-189
• /
• 2011

Private Security company concentrated on the commerciality as a for-profit businesses. Even so, his role is concerned with public welfare and public security over personal gain. Establishing a company and the business activities are free and protected by the constitutional law and the commercial law such as natural rights. However, it would be restricted in case of need for the national security affairs, public security violation and public weal problems. On the other hand, even though private security law is a for-profit businesses, the natural rights of the text of the Constitution is ignored and distinct from the different apply the rules for the establishment standard and for the business activities. Also, over a certain size of place and capital are required to establish a private security company. Therefore, this paper will study the public interests and the profits of commerciality for the private security by constitutional law and commercial law which assure and conserve the natural rights and the business activities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.115-124
• /
• 2011

There has been significant research in security technology such as e-passport standards, as e-passports have been introduced internationally. E-passports combine the latest security technologies such as smart card, public key infrastructure, and biometric recognition, so that these technologies can prevent unauthorized copies and counterfeits. Biometric information stored in e-passports is the most sensitive personal information, and it is expected to bring the highest risk of damages in case of its forgery or duplication. The present e-passport standards cannot handle security features that verify whether its biometric information is copied or not. In this paper, we propose an e-passport security technology in which biometric watermarking is used to prevent the copy of biometric information in the e-passport. The proposed method, biometric watermarking, embeds the invisible date of acquisition into the original data during the e-passport issuing process so that the human visual system cannot perceive its invisibly watermarked information. Then the biometric sample, having its unauthorized copy, is retrieved at the moment of reading the e-passport from the issuing database. The previous e-passport security technology placed an emphasis on both access control readers and anti-cloning chip features, and it is expected that the proposed feature, copy protection of biometric information, will be demanded as the cases of biometric recognition to verify personal identity information has increased.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.141-153
• /
• 2012

In the recent years, various researches on the use cases of the cloud computing service have been achieved for its standardization. Notwithstanding, we need more additory effort to refine the operating mechanisms on the cloud computing environment. In this paper, we suggest an operating mechanism on IaaS cloud computing environment that is related to the integrated security management system. By using CloudStack 2.2.4 toolkit, we have built a test-bed for IaaS cloud computing service i.e., SWU-IaaS cloud computing environment. Through operating this hierarchical SWU-IaaS cloud computing environment, we have derived the attributes and the methods of its components. Its scenarios can be described in case of both normal state and abnormal state. At the end, a special scenario has been described when it receives a security event from the integrated security management system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.43-54
• /
• 2016

The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.507-522
• /
• 2014

Domestic CERTs are carrying out monitoring and response against cyber attacks using security devices(e.g., IDS, TMS, etc) based on signatures. Particularly, in case of public and research institutes, about 30 security monitoring and response centers are being operated under National Cyber Security Center(NCSC) of National Intelligence Service(NIS). They are mainly using Threat Management System(TMS) for providing security monitoring and response service. Since TMS raises a large amount of security events and most of them are not related to real cyber attacks, security analyst who carries out the security monitoring and response suffers from analyzing all the TMS events and finding out real cyber attacks from them. Also, since the security monitoring and response tasks depend on security analyst's know-how, there is a fatal problem in that they tend to focus on analyzing specific security events, so that it is unable to analyze and respond unknown cyber attacks. Therefore, we propose automated verification method of security events based on their empirical analysis to improve performance of security monitoring and response.