• Journal of the Korea Computer Industry Society
• /
• v.3 no.9
• /
• pp.1315-1328
• /
• 2002

Recently there has been increasing demand on developing methodologies and tools for measuring the information security level of organizations for the efficient security management, as the growth of security incidents. However, most methodologies from foreign countries are not realistic in constructing the checklists, moreover their tools provide neither the ease of use nor the inexpensiveness, and most domestic works are not properly considering the characteristics of the organizations. In this study, based on the recently developed standard for information security management, an information security levelling tool is designed and implemented which can be used before building an information security management system while considering the characteristics of organizations more efficiently. The efficiency comes from applying multiple variable weights for security levelling according to the characteristics of organizations.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.3 no.1 s.4
• /
• pp.1-12
• /
• 2004

Recently, the Korea Highway Company is replacing their prepaid plastic cards with a smart card, called $Hipass^{PLUS}$ Card. In order to use $Hipass^{PLUS}$Card in the prepaid payment system, LSAM, which is to store the value into $Hipass^{PLUS}$ Card is needed. LSAM is also responsible to store or retrieve the value from PPSAM. For the safety of Korea Highway electronic payment system, the functionality and security of LSAM should be faultless. This paper developed a test module including the test method, the test checklist, and the test procedure. The test module examines the functionality and security of loading the value from PPSAM to LSAM, retrieving the value from LSAM to PPSAM, and loading the value from LSAM to $Hipass^{PLUS}$ Card. The test module contains the method and the procedure to test the standard items by the test checklists. The test items and test checklists of LSAM was selected under the provision of the specification of Korea Highway Company and ISO standard. The test module evaluates the functionality, the security and the compatibility of LSAM. After the evaluation test of LSAM using the test module, LSAM satisfied the characteristics of the functionality, security, and compatibility.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.49-58
• /
• 2018

As the demand for Internet of Things(IoT) increases, the need for the security of IoT devices is increasing steadily. It is difficult to apply the conventional security theory to IoT devices because IoT devices are subject to be constrained by some factors such as hardware, processor, and energy. Nowadays we have several security guidelines and related documents on IoT device. Most of them, however, do not consider the characteristics of specific IoT devices. Since they describes the security issues comprehensively, it is not easy to explain the specific security level reflecting each characteristics of IoT devices. In addition, most existing guidelines and related documents are described in view of developers and service proposers, and thus ordinary users are not able to assess whether a specific IoT device can protect their information securely or not. We propose an security evaluation model, based on the existing guidelines and related documents, for more specific IoT devices and prove that this approach is more convenient to ordinary users by creating checklists for the smart watch.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.113-127
• /
• 2014

The use of mobile devices offers a variety of services to the individuals and companies. On the other hand, security threats and new mobile security threats that exist in IT infrastructure to build the environment for mobile services are present at the same time. Services such as mobile and vaccine management services, such as MDM (Mobile Device Management) has attracted a great deal of interest in order to minimize the threat of security in mobile environment. These solutions can not protect an application that was developed for the mobile service from the threat of vulnerability of mobile application itself. Under these circumstances, in this paper, we proposed mobile application security checklists based on application security review items in order to prevent security accidents that can occur in a mobile service environment. We collected and analyzed Android applications, we performed a total inspection of the applications for verification of the effectiveness of the check items. And we checked that the check items through a survey of experts suitability was verified.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.2
• /
• pp.634-645
• /
• 2014

VoIP (Voice over Internet Protocol) is a technology of transmitting and receiving voice and data over the Internet network. As the telecommunication industry is moving toward All-IP environment with growth of broadband Internet, the technology is becoming more important. Although the early VoIP services failed to gain popularity because of problems such as low QoS (Quality of Service) and inability to receive calls as the phone number could not be assigned, they are currently established as the alternative service to the conventional wired telephone due to low costs and active marketing by carriers. However, VoIP is vulnerable to eavesdropping and DDoS (Distributed Denial of Service) attack due to its nature of using the Internet. To counter the VoIP security threats efficiently, it is necessary to develop the criterion or the model for estimating the information security level of VoIP service providers. In this study, we developed reasonable security indicators through questionnaire study and statistical approach. To achieve this, we made use of 50 items from VoIP security checklists and verified the suitability and validity of the assessed items through Multiple Regression Analysis (MRA) using SPSS 18.0. As a result, we drew 23 indicators and calculate the weight of each indicators using Analytic Hierarchy Process (AHP). The proposed indicators in this study will provide feasible and reliable data to the individual and enterprise VoIP users as well as the reference data for VoIP service providers to establish the information security policy.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.3
• /
• pp.428-434
• /
• 2020

Recently, due to the development of ICT technology, changes to the convergence service platform of information systems are accelerating. Convergence services expanded to cyber systems with 5G communication, IoT, AI, and cloud are being reflected in the real world. However, the field of cybersecurity audit for responding to cyber attacks and security threats and strengthening security technology is insufficient. In this paper, we analyze the international standard analysis of information security management system, security audit analysis and security of related systems according to the expansion of 5G communication, IoT, AI, Cloud based information system security. In addition, we design and study cybersecurity audit checklists and contents for expanding security according to cyber attack and security threat of information system. This study will be used as the basic data for audit methods and audit contents for coping with cyber attacks and security threats by expanding convergence services of 5G, IoT, AI, and Cloud based systems.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.2 no.2 s.3
• /
• pp.73-84
• /
• 2003

Due to the problems of existing prepaid plastic card issued by Korea Highway Company, the prepaid electronic payment system using a smart card, called HipassPLUS Card, was developed to overcome the Problems. PSAM is one of the main component of the systea which can retrieve the value from HipassPLUS card, transmit the transaction data to CSAM, and store the accumulated account lists. For the safety of the elecoonic payment system, the functions of PSAM should be faultless. This paper developed a test module including the test method, the test checklist, and the test procedure. The test module examines the functionality and security of the payment mechanism to insure that the value stored in HipassPLUS card can be raid to PSAM by the merchants and the standardized SAM. The test module also inspects the transmission mechanism to send and store the transaction data kom PShM to CSAM correctly and safely. Ihe module is designed to test the standard items using the test checklists for PSAM. The test items and the test checklists of PShM was selected under the provision of the specification of Korea Highway Company and ISO standard. Ihe evaluation on PSAM using the test module indicates that PSAM satisfies the evaluation criteria on the quality characteristics of the functionality, security, and compatibility.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.144-150
• /
• 2021

The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.

• Korean Journal of Air-Conditioning and Refrigeration Engineering
• /
• v.24 no.7
• /
• pp.567-577
• /
• 2012

This study examines the spatial compositions of children's reading rooms, furniture characteristics, and users' satisfaction levels for the furniture in public libraries. Field measurements and surveys were performed in 5 public libraries. Results imply that the spatial compositions of reading rooms in libraries were classified into three categories according to the locations of bookshelves and reading space. Management areas should not be located at the edge of reading rooms but be located at the center of reading rooms to avoid clerks' narrow viewing angle toward young kids and to ensure security for the kids. The evaluation for bookshelves according to evaluation checklists was acceptable, but users were not always satisfied with the bookshelves due to the inappropriate positions of books in shelves. The evaluation for desks was generally acceptable according to the checklists and users were satisfied with them. In general, the desk with higher scores by the checklist provided better satisfaction to users. However, the score by checklist for chair and user satisfaction were not always similar each other. Convenience areas in reading rooms were not enough compared to bookshelf, reading and management area. Computer tables that were designed in a way that users sit down and use the computers were highly preferred.