• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.63-72
• /
• 2016

Critical infrastructure has been operating in a closed environment with a completely separate information system and in the private area. However, with the current ICT environment changes due to convergence and open platforms it has increased the threats and risks to critical infrastructure. The importance of cyber security is increasing in the infrastructure control system, such as the outbreak of Ukraine blackout in 2015 by a malicious code called 'black energy'. This thesis aims to recognize the importance and necessity of protecting the critical infrastructure service, designing a security framework reflecting environmental and characteristic changes, and analyzing the management system suitable for a security framework. We also propose a theoretical basis for constructing a new security framework by comparing and analyzing seven international security management system standards, such as NIST 800-82 and IEC 62443-2-1, which are used in the control system. As a result, the environment surrounding critical infrastructure changes with the characteristics of connectivity, openness, and finality was studied, and as a response to this, many scholars and institutions present critical infrastructure security frameworks as cycle enhancement type structures, risk management structures, and management domain expansion structures. In response, the security framework encompassing these structures, CISF (Critical Infrastructure Security Framework), was designed. Additionally, through the security related international standard and criterion analysis, as a newly designed security standard suitable for CISF, IEC 62443-2-1 is reviewed and suggestions are made.

• International Journal of Computer Science & Network Security
• /
• v.21 no.7
• /
• pp.133-149
• /
• 2021

The purpose of this study is to explore the role of information systems in the implementation of knowledge management, at King Abdul-Aziz University (KAU) in Jeddah, by highlighting the importance of information systems and their implementation of the knowledge processes. The researcher used the case-study method to explore the importance of information systems in supporting the implementation of knowledge management at the university. Moreover, the study has used the questionnaire as a tool for collecting information and obtaining feedbacks from the administrators at the university, and a random sample was chosen to identify the study community. The study resulted that there is a statistical indication of the importance and degree of the use of electronic systems in the university by the administrators. The study sample members believe that the university is keen to provide information systems, where systems analyze data and convert them into knowledge information that benefits the senior management at the university. Members of the study sample emphasize the importance of electronic information systems at the university, which in turn saves time and effort in extracting information, reports, statistics and providing them easily to senior management. The study also concluded with some recommendations, such as emphasizing the importance of knowledge management as one of its top priorities, spreading the knowledge culture, instilling a vision of knowledge among individuals, and emphasizing the importance of information systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1407-1417
• /
• 2012

In order to protect a software system from security attacks, it is important to remove the software security weaknesses through the entire life cycle of software development. To remove the software weaknesses more effectively, software weaknesses are prioritized and sorted continuously. In this paper, we introduce the existing scoring systems for software weakness and software vulnerability, and propose a new quantitative standard for the scoring system, which helps evaluate the importance of software weakness objectively. We also demonstrate the practicability of the proposed standard by scoring 2011 CWE/SANS Top 25 list with the proposed standard and comparing it to the original score of MITRE.

• Information Systems Review
• /
• v.22 no.4
• /
• pp.185-203
• /
• 2020

With the advent of 4th industrial revolution, the manufacturing industry is converging with ICT and changing into the era of smart manufacturing. In the smart factory, all machines and facilities are connected based on ICT, and thus security should be further strengthened as it is exposed to complex security threats that were not previously recognized. To reduce the risk of security incidents and successfully implement smart factories, it is necessary to identify key security factors to be applied, taking into account the characteristics of the industrial environment of smart factories utilizing ICT. In this study, we propose a 'hierarchical classification model of security factors in smart factory' that includes terminal, network, platform/service categories and analyze the importance of security factors to be applied when developing smart factories. We conducted an assessment of importance of security factors to the groups of smart factories and security experts. In this study, the relative importance of security factors of smart factory was derived by using AHP technique, and the priority among the security factors is presented. Based on the results of this research, it contributes to building the smart factory more securely and establishing information security required in the era of smart manufacturing.

• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.155-164
• /
• 2019

With the emergence of new ICT technologies, information security threats are becoming more advanced, intelligent, and diverse. Even though the awareness of the importance of information security increases, the information security budget is not enough because of the lack of effectiveness measurement of the information security investment. Therefore, it is necessary to optimize the information security investment in each business environment to minimize the cost of operating the information security countermeasures and mitigate the damages occurred from the information security breaches. In this paper, using genetic algorithms we propose an investment optimization model for information security countermeasures with the limited budget. The optimal information security countermeasures were derived based on the actual information security investment status of SMEs. The optimal solution supports the decision on the appropriate investment level for each information security countermeasures.

• Convergence Security Journal
• /
• v.18 no.3
• /
• pp.19-25
• /
• 2018

Endpoint security is a method of ensuring network security by thoroughly protecting multiple individual devices connected to the network. In this study, we survey the functions and features of various commercial products of endpoint security. Also we emphasizes the importance of endpoint security to respond to the increasingly intelligent and sophisticated security threats against the cloud, mobile, artificial intelligence, and IoT based sur-connection era. and as a way to improve endpoint security, we suggest the ways to improve the life cycle of information security such as preemptive security policy implementation, real-time detection and filtering, detection and modification.

• Journal of Korea Society of Industrial Information Systems
• /
• v.21 no.6
• /
• pp.109-123
• /
• 2016

This study investigates the importance of government's support for logistics security assurance through certification programs. First, the study analyzed priorities among the requirements of logistics firms through Analytic Hierarchy Process(AHP) and Quality Function Deployment(QFD) approaches. For this process we invited 21 logistics experts to assess the relationships between logistic firms' requirements and government policies regarding logistics security using the house of quality, a set of matrices of QFD. The results of this phase of the study revealed the priorities of logistics firms' goals regarding the diffusion of the government security certification program as follows: integrated logistics security systems(40.3%), strengthening government support systems(32.4%), and operational effectiveness of logistics security certification(27.2%). Second, a relative weights applied QFD method based on AHP was applied to determined the expected outcome of the logistics security certification program. The results indicated as follows: productivity improvement(28.4%), improved level of service(26.7%), logistics cost reduction(21.6%), advanced information systems(19.7%), and improved environmental protection(3.6%). The results of this study provide new insights concerning logistics firms' requirements for supply chain security and the importance of government's support policies through logistics security certification programs.

• Korean Security Journal
• /
• no.2
• /
• pp.33-60
• /
• 1999

I Study on the security measures of the World Cup Korea and Japan jointly in 2002. The paper, purporting to consider security counterplans, comprise five chapters. Chapter I which sets out purpose, scope and method, is followed by chapter II, dealing largely with the legislations and importance on the security measures of the 17th FIFA World Cup in 2002. Chapter III concerns the security environment -internal environment, external environment- and the highlights accidents and events of history on the FIFA World Cup. Chapter IV consider security measures of the World Cup Korea in 2002. It is followed by concluding observation made in chapter V. To be operated security systems effectively, these need to be regulated according to a security measures organizations, security facilities and equipments, security plan and protective force, security operations and so forth.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.913-921
• /
• 2017

Mobile electronic commerce is rapidly growing up on the strength of popularization of smart devices such as smart phone followed by internet user increase. Concurrently with this, the anxiety on information security and personal information leakage of the user of mobile electronic commerce significantly built up in recent. In this respect, the information security and personal information protection should be become aware of their importance for the sustainable expansion and development of mobile commerce. Based on the demands as mentioned, this study analyzed the effects of the awareness of personal information security on recognized risk, recognized confidence and intent to use. The result of this study indicates that information security and personal information protection contribute to improvement in confidence by decreasing anxiety and uncertainty related to mobile commerce. Reduction of anxiety and uncertainty implies a crucial point that affects psychological mechanism making intent to use higher.

• Korean Security Journal
• /
• no.15
• /
• pp.129-146
• /
• 2008

When the primary function of private security is to protect lives and property of clients, emergency management should be included in the security service and many countermeasure services should be carried out for that purpose. In theses contexts, private security should develop and maintain a educational program to meet their responsibilities to provide the protection and safety of the clients. Conclusionally, private security industry employers in Korea has not concerned with the importance of training and education by lack of recognition and has been passive about qualified guards. And the authorities supervising and the administrating the guards has not recognized the importance of private security and has neglected the training of the guards. In theses contexts, private security should develop and maintain a educational program of emergency management to meet their responsibilities to provide the protection and safety of the clients.