• Convergence Security Journal
• /
• v.24 no.3
• /
• pp.173-186
• /
• 2024

Recently, as security risks such as technology leaks continue to occur, the importance of research security is increasing. In particular, there is a lack of on-site focused guidelines for conducting practical security management activities for national research and development. Therefore, this study assigned grades to national research and development projects according to importance and designed research security management guidelines for each grade so that personnel related to the projects could perform research security activities efficiently and conveniently. First, the grading system of national research and development projects was divided into three stages according to importance and a candidate group of research security management guidelines was derived by simplifying them through an analysis of prior research on research security management items. Next, the validity of the grading system and management guideline candidates was verified through a focus group interview and research security management guidelines for each grade were prepared. This study is expected to contribute academically to future research security policies and to help establish an on-site research security management system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1329-1335
• /
• 2014

The importance of information security is increasing in the public and private organizations. The interruption of the information system might cause massive disorder. To protect information systems effectively, information systems would be categorized and managed in terms of degree of importance. In this study, we suggest a new evaluation method that categorizes information systems based on the three nature of security, confidentiality, integrity and availability. For validation of the method, we use a case study in a public sector. Through the validation of method, the availability of applying the method for categorization information systems to other domains could be suggested.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.747-763
• /
• 2018

Information Technology (IT) plays an increasingly important role for small and medium-sized enterprises. It has become fundamental for these companies to protect information and IT assets in relation to risks and threats that have grown in recent years. This study aims to understand the importance and structure of an information security policy, using a quantitative study that intends to identify the most important and least relevant elements of an information security policy document. The findings of this study reveal that the top three most important elements in the structure of a security policy are the asset management, security risk management and define the scope of the policy. On the other side, the three least relevant elements include the executive summary, contacts and manual inspection. Additionally, the study reveals that the importance given to each element of the security policy is slightly changed according to the sectors of activity. The elements that show the greatest variability are the review process, executive summary and penalties. On the other side, the purpose of the policy and the asset management present a stable importance for all sectors of activity.

• Journal of the Korea Convergence Society
• /
• v.9 no.9
• /
• pp.69-81
• /
• 2018

The ultimate intention of this research is to identify the factors that have a significant effect on the perceived importance of information security as the antecedent of intention to information security policy compliance. We found that the effectiveness of information security training program did not have statistically significant effect on the perceived cost of policy compliance. Second, the effectiveness of information security policy has significant influence on the perceived cost of policy compliance. Third, perceived vulnerability has a significant effect on the perceived cost of policy compliance. Fourth, perceived cost of policy compliance has a significant effect on perceived importance of information security. Fifth, supervisor's attitude toward information security silence has a significant effect on employee silent behavior towards information security. Sixth, communication opportunities towards information security has a significant influence on employee silent behavior towards information security. Finally, it was shown that employee silent behavior towards information security had a significant influence on the perceived importance of information security.

• The Journal of the Korea Contents Association
• /
• v.5 no.6
• /
• pp.360-367
• /
• 2005

Corporation's computerization developed by diffusion of internet, and dysfunction of Information is increasing greatly with virus, computing network infringement. Therefore, the today, corporation security is more and more emphasized. Security solution by that importance of security rises so is developing together Security solution is developing to ESM system in existing single system and important thing is function of each security solution and optimizing design of policy. Existent security policy taking a serious view security from external invasion but security of interior the importance rise the today. Accordingly, must construct ESM system of new structure for this. This paper proposes and embodied integration security administration system that solidify interior security utilizing IDS. Experiment external IP and ID access and analyzed the result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.639-653
• /
• 2013

Smart grid is a network of computers and power infrastructure that monitor and manage energy usage efficiently. Recently, the smart grid demonstration projects around the world, including the United States, Europe, Japan, and the technology being developed. The protection of the many components of the grid against cyber-threats has always been critical, but the recent Smart grid has been threatened by a variety of cyber and physical attacks. We model and analyze advanced metering infrastructure(AMI) in smart grid. Using attack countermeasure tree(ACT) we show qualitative and probabilistic security analysis of AMI. We implement using SHARPE(Symbolic Hierarchical Automated Reliability and Performance Evaluator) tool and calculate probability, ROA, ROI, Structure Importance, Birnbaum Importance.

• Asia pacific journal of information systems
• /
• v.9 no.4
• /
• pp.181-201
• /
• 1999

This study presents an information security level index and a quantification scheme. A comprehensive survey on previous researches in information security checklists has been performed. A candidate indicator list for information security level has been developed, Desirability of each indicator has been tested by 4 criteria, They are general validity, relative importance, probability of accident and impact of accident. 67 experts' opinion has been collected and analysed. The result shows that selected indicators are a very good candidate set for the determination of information security level. A factor analysis shows indicators are well structured. There exists strong correlation between validity and probability, validity and impact, and importance and probability. A quantification scheme of information security index has been developed by experts' judgement and statistical tests.

• Nuclear Engineering and Technology
• /
• v.51 no.1
• /
• pp.138-145
• /
• 2019

With the application of digital technology to safety-critical infrastructures, cyber-attacks have emerged as one of the new dangerous threats. In safety-critical infrastructures such as a nuclear power plant (NPP), a cyber-attack could have serious consequences by initiating dangerous events or rendering important safety systems unavailable. Since a cyber-attack is conducted intentionally, numerous possible cases should be considered for developing a cyber security system, such as the attack paths, methods, and potential target systems. Therefore, prior to developing a risk-informed cyber security strategy, the importance of cyber-attacks and significant critical digital assets (CDAs) should be analyzed. In this work, an importance analysis method for cyber-attacks on an NPP was proposed using the probabilistic safety assessment (PSA) method. To develop an importance analysis framework for cyber-attacks, possible cyber-attacks were identified with failure modes, and a PSA model for cyber-attacks was developed. For case studies, the quantitative evaluations of cyber-attack scenarios were performed using the proposed method. By using quantitative importance of cyber-attacks and identifying significant CDAs that must be defended against cyber-attacks, it is possible to develop an efficient and reliable defense strategy against cyber-attacks on NPPs.

• Annual Conference of KIPS
• /
• 2010.11a
• /
• pp.1279-1280
• /
• 2010

There are some cases when SOAP message, where WS-Security and WS-Policy elements are included, may consist of a sensitive and important data. In these cases, the message is highly recommended to be secured. The question exists of how to quickly identify that SOAP message satisfies security requirement and security level of a SOAP message. In this paper, we propose a technique called Bit-Stream which depends on the importance of SOAP elements to automatically identify the vulnerabilities and risks while offering advice for higher security.