• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.6
• /
• pp.1320-1326
• /
• 2011

National institutions on the importance of information security is being recognized, information security laws are being discussed in Congress 3.4 DDoS incident and Nonghyup hacking, etc. However, National Assembly Secretariat when the results of the Information Security Consulting has been assessed very low 61.2 points, evaluation of hardware and software in secure areas were vulnerable. This paper, the legislative support agencies National Assembly and National Assembly Secretariat on the network and computer systems, and managerial, technical and physical security elements are analyzed for the status. And network should have the legislative support agencies and system for the physical network separation, DDoS attack response, Virus attack response, hacking attacks response, and Cyber Emergency Response Team/Coordination Center for Cyber infringing design and research through the confidentiality, integrity, availability, access control, authentication and security analysis is based on the evaluation criteria. Through this study, the legislative support agencies to strengthen the security of data and security laws enacted to provide the basis for.

• Journal of Digital Convergence
• /
• v.14 no.4
• /
• pp.209-220
• /
• 2016

Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees' information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model's factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual's information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members' expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members' information security behavior, and will be able to provide measures to establish organization's information security policy and increase members' compliance behavior.

• Journal of Korea Society of Industrial Information Systems
• /
• v.24 no.4
• /
• pp.79-98
• /
• 2019

In this paper, the security behaviors and attitudes related with the personal information of teenagers were investigated using empirical data based on rational behavior theory and protection motivation theory. An experiment for teenagers was conducted on Excel and the statistical packages (i.e., SPSS 21.0 and SmartPLS2.0.M3) to see how self-efficiency, security attitude, security intention and individual innovation affect their security behaviors. The experimental results showed that the security behaviors and attitudes of teenagers between internet and information devices are closely related, and the social influences can affect personal self-efficacy and security attitudes. Finally, we can know that teenagers should recognize the importance of security and protect their personal information safely through continuous education and training so that they can be linked to security behaviors.

• The Journal of Society for e-Business Studies
• /
• v.27 no.1
• /
• pp.111-126
• /
• 2022

As the technology hegemony war between the United States and China develops and the importance of R&D increases, countries around the world are increasing their R&D investment. In Korea, the size of R&D investment by the government and companies has steadily increased every year, and cutting-edge technologies are being developed in various fields as it shifts to the direction of creative technology development. However, the number of cases in which high-tech core technologies in Korea, which have invested a lot of budget, time, and effort, are illegally leaked overseas is also steadily increasing. Research security is an activity to safely protect protected objects in the research environment from risk factors such as leakage and deodorization, and laws and systems for research security are being reorganized not only in Korea but also in the United States and other countries around the world. In this paper we aims to derive Korea's research security policy direction, focusing on US research security cases which ranks first in R&D expenses around the world to improve the R&D system and actively discusses R&D policies and laws.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.961-973
• /
• 2023

With the changes in the modern computing landscape, securing containerized workloads and addressing the complexities of container networking have become critical issues. In particular, the complexity of network policy settings and the lack of cloud security architecture cause various security issues. This paper focuses on the importance of network security and efficiency in containerized environments, and analyzes the security features and performance of various container network interface plugins. In particular, the features and functions of Cilium, Calico, Weave Net, and Kube-router were compared and evaluated, and the Layer 3/4 and Layer 7 network policies and performance features provided by each plugin were analyzed. We found that Cilium and Calico provide a wide range of security features, including Layer 7 protocols, while Weave Net and Kube-router focus on Layer 3/4. We also found a decrease in throughput when applying Layer 3/4 policies and an increase in latency due to complex processing when applying Layer 7 policies. Through this analysis, we expect to improve our understanding of network policy and security configuration and contribute to building a safer and more efficient container networking environment in the future.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.9-17
• /
• 2024

This paper examines the security threats to enterprise Generative Artificial Intelligence systems and proposes countermeasures. As AI systems handle vast amounts of data to gain a competitive edge, security threats targeting AI systems are rapidly increasing. Since AI security threats have distinct characteristics compared to traditional human-oriented cybersecurity threats, establishing an AI-specific response system is urgent. This study analyzes the importance of AI system security, identifies key threat factors, and suggests technical and managerial countermeasures. Firstly, it proposes strengthening the security of IT infrastructure where AI systems operate and enhancing AI model robustness by utilizing defensive techniques such as adversarial learning and model quantization. Additionally, it presents an AI security system design that detects anomalies in AI query-response processes to identify insider threats. Furthermore, it emphasizes the establishment of change control and audit frameworks to prevent AI model leakage by adopting the cyber kill chain concept. As AI technology evolves rapidly, by focusing on AI model and data security, insider threat detection, and professional workforce development, companies can improve their digital competitiveness through secure and reliable AI utilization.

• Information Systems Review
• /
• v.10 no.2
• /
• pp.253-267
• /
• 2008

As the importance of information security becomes a major concern, there has been growing effort to educate information security professionals. This study aims to analyze the level of required knowledge and skills for four information security skills groups: strategy and planning; research and development; system management and operation; and accident control. For this study, we selected 55 critical knowledge and skills for information security professionals by literature review and Delphi method, and we conducted a survey of information security knowledge and skills requirements for information security professionals to perform their jobs. As a result, we analyzed the current status of the information security professionals' knowledge and skills level and suggested some guidelines for establishing the demand-based curriculum for training information security professionals.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.11-18
• /
• 2013

In order to prevent tampering and reverse engineering of executive code, this paper propose a new tamper resistant software mechanism. This paper presents a cryptographic MAC function and a relationship which has its security level derived by the importance of code block instead of by merely getting the encryption and decryption key from the previous block. In this paper, we propose a cryptographic MAC function which generates a dynamic MAC function key instead of the hash function as written in many other papers. In addition, we also propose a relationships having high, medium and low security levels. If any block is determined to have a high security level then that block will be encrypted by the key generated by the related medium security level block. The low security block will be untouched due to efficiency considerations. The MAC function having this dynamic key and block relationship will make analyzing executive code more difficult.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.69-78
• /
• 2004

During the last decade, security models have been defined for two- and three-parity key exchange protocols. Currently there is a growing research interest in security models for group key management schemes. While various security models and provably secure protocols have been proposed for distributed group key exchange schemes, no results are hewn for centralized group key distribution schemes in spite of their theoretical and practical importance. We describe security requirements and a formal security model for centralized group key distribution scheme: we define the model on the channel controlled by adversaries with the ability of strong user corruption. In the security model, we propose a conversion module which can transform centralized tree-based group key distribution schemes in the literature to provably secure centralized tree-based group key distribution schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.237-249
• /
• 2010

If one analyzes recent cyber incidents including personal information infringement cases, it seems like actual attack is targeting Internet service providers but actually they are targeting Internet service users. For many users, all the services were not provided to them as they have signed for in the contract or personal informations, which users have provided to service providers when signing contracts, were disclosed to public without users' consent causing aftereffect. As a result, importance of S-SLA indexes, which is to be included in the SLA to be signed between a user and a service provider, is ever more increasing. Especially, if there is a S-SLA indexes for anti-virus services, service providers have to provide a high quality of service as they have signed in the SLA. However, there wasn't any researches in the S-SLA area domestically and there are only limited SLA indexes related to system or service maintenances at the moment. Therefore, this paper analyses security functions in anti-virus services and proposes S-SLA indexes for different security level.