• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.115-127
• /
• 2021

With the development of science and technology around the world, the realm of cyberspace, following land, sea, air, and space, is also recognized as a battlefield area. Accordingly, it is necessary to design and establish various elements such as definitions, systems, procedures, and plans for not only physical operations in land, sea, air, and space but also cyber operations in cyberspace. In this research, the importance of cyber targets that can be considered when prioritizing the list of cyber targets selected through intermediate target development in the target development and prioritization stage of targeting processing of cyber operations was selected as a factor to be considered. We propose a method to calculate the score for the cyber target and use it as a part of the cyber target prioritization score. Accordingly, in the cyber target prioritization process, the cyber target importance category is set, and the cyber target importance concept and reference item are derived. We propose a TIR (Target Importance Rank) algorithm that synthesizes parameters such as Event Prioritization Framework based on PageRank algorithm for score calculation and synthesis for each derived standard item. And, by constructing the Stuxnet case-based network topology and scenario data, a cyber target importance score is derived with the proposed algorithm, and the cyber target is prioritized to verify the proposed algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.463-474
• /
• 2016

As IT environment has changed, paths of information security in financial environment which is based on IT have become more diverse and damage caused by information leakage has been more serious. Among security incidents, personal information leakage incident is liable to give the greatest damage. Personal information leakage incident is more serious than any other types of information leakage incidents in that it may lead to secondary damage. The purpose of this study is to find how much personal information leakage incident influences corporate value by analyzing 21 cases of personal information leakage incident for the last 15 years 1,899 listing firm through case research method and inferring investors' response of to personal information leakage incident surveying a change in transaction before and after personal information leakage incident. This study made a quantitative analysis of what influence personal information leakage incident has on outcome of investment by types of investors by classifying types of investors into foreign investors, private investors and institutional investors. This study is significant in that it helps improve awareness of importance of personal information security by providing data that personal information leakage incident can have a significant influence on outcome of investment as well as corporate value in Korea stock market.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.11
• /
• pp.537-544
• /
• 2016

National Competency Standards (NCS) need to be introduced to train newly hired staff and to gradually improve employees' work performance in the information security industry. In particular, the introduction of a new NCS curriculum for new hires is important in order to retain and efficiently manage professionals in the information security field. However, the legacy NCS is not clearly designed for the information security field. So a formal curriculum has been suggested for institutions training the information security workforce. Therefore, this study establishes a competency unit based on the types of personnel, their duties, and required knowledge. To select the competency unit, this study reviewed prior research to understand the required skills and work knowledge, and reviewed recruitment-based NCS that public agencies and public and private companies have carried out, including them in the study. The selected competency unit was classified into a required competency unit and an elective competency unit based on the importance of the duties and the demands of training. Through a verification process for the new, licensed career path model in the NCS information and communications field, this study suggests updated NCS competency units and required courses to provide an appropriate NCS curriculum for newly hired employees in the information security industry.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.12
• /
• pp.285-296
• /
• 2011

UN, OECD, ITU and other international organizations regularly announce ISI (Information Society Index) to utilize in establishing and evaluating information policies. ISI is utilized as important data for countries to evaluate their information policy performance and select future projects. As the advancement of information systems, the importance of information security has been emerged. Accordingly, NISI (National Information Security Index) has been required. NISI number is the most clearly figure to express the characteristics of a particular group's information security. It can be utilized in determining information security policies. Currently, questionnaire method has been used to calculate NISI number. But there is an absolute lack of statistical data, and the reliability of surveyed statistical data is problematic. The objective of this paper is to show how to collect precise micro data of each company's information security index numbers, and to develop an OLAP database system which calculating NISI numbers by using those micro data. In this process of the survey, we presented the technique to collect the data more systematically, and to analyze the data without using questionnaire method. OLAP architecture performs only well on the facts that are summarizable along each dimension, where all hierarchy schemas are distributive. Therefore we transformed the non-distributive hierarchy schema into the distributive hierarchy schema to implement OLAP database system. It is thought that this approach will be useful one from an implementation and schema design point of view.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.6
• /
• pp.63-70
• /
• 2013

In accordance with the advancement of IT, application systems with various and complex functions are being required. Such application systems are typically built based on database in order to manage data efficiently. But most object-oriented analysis design methodologies for developing web application systems have not been providing interconnections with the database. Since the requirements regarding the security issues increased, the importance of security has become emphasized. However, since the security is usually considered at the last step of development, it is difficult to apply the security during the whole process of system development, from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology for secure database design from the requirement analysis to implementation. This object-oriented analysis and design methodology for secure database design offers correlations with database that most existing object-oriented analysis and design methodologies could not provide. It also uses UMLsec, the modeling language, to apply security into database design. In addition, in order to implement security, RBAC (Role Based Access Control) of relational database is used.

• Journal of Energy Engineering
• /
• v.23 no.2
• /
• pp.93-101
• /
• 2014

How to determine the extent of national energy security? In this paper, we estimate it by comparative analysis of South Korea and other OECD countries in terms of energy diversity (fuel diversity). Energy security consists of 4 key factors such as availability, accessibility, acceptability, affordability. Especially the importance of accessibility can grow as local imbalance of supply and demand increases. As a proxy of the accessibility, fuel diversity can be a significant indicator to estimate a measure of energy security. In this paper, we use Shannon-Wiener index to measure energy diversity. If fuel diversity increases, the stability of energy security also should increase, because of the smoothing effect to lessen dependence on key energy sources. In 2012 Korean growth rate of H-index (energy diversity) is 18.38%, which is higher than other OECD countries. However, Korean H-index itself is 1.93, lesser than other countries. Shift from oil to coals/gas within fossil fuels has more impact on H-index than weight transition from fossil fuels to renewable energies in Korea. We conclude that more renewable energy is an effective solution to achieve higher energy diversity and ultimately higher energy security as the same as the German case.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.85-97
• /
• 2022

With the development of big data technology, data is rapidly entering a hyperconnected intelligent society that accelerates innovative growth in all industries. The convergence industry, which holds and utilizes various high-quality data, is becoming a new growth engine, and big data is fused to various traditional industries. In particular, in the medical field, structured data such as electronic medical record data and unstructured medical data such as CT and MRI are used together to increase the accuracy of disease prediction and diagnosis. Currently, the importance and size of unstructured data are increasing day by day in the medical industry, but conventional data security technologies and policies are structured data-oriented, and considerations for the security and utilization of unstructured data are insufficient. In order for medical treatment using big data to be activated in the future, data diversity and security must be internalized and organically linked at the stage of data construction, distribution, and utilization. In this paper, the current status of domestic and foreign data security systems and technologies is analyzed. After that, it is proposed to add unstructured data-centered de-identification technology to the guidelines for unstructured data and technology application cases in the industry so that unstructured data can be actively used in the medical field, and to establish standards for judging personal information for unstructured data. Furthermore, an object feature-based identification ID that can be used for unstructured data without infringing on personal information is proposed.

• Information Systems Review
• /
• v.20 no.1
• /
• pp.137-158
• /
• 2018

Online platforms recently expanded their connectivity through an authing service. The growth of authing services enabled consumers to enjoy easy log in access without exerting extra effort. However, multiple points of access increases the security vulnerability of platform ecosystems. Despite the importance of balancing authing service and security, only a few studies examined platform connectivity. This study examines the optimal level of authing service of a platform and how authing strategies impact participants in a platform ecosystem. We used a game-theoretic approach to analyze security problems associated with authing services provided by online platforms for consumers and other linked platforms. The main findings are as follows: 1) the decreased expected loss of consumers will increase the number of players who participate in the platform; 2) linked platforms offer strong benefits from consumers involved in an authing service; 3) the main platform will increase its effort level, which includes security cost and checking of linked platform's security if the expected loss of the consumers is low. Our study contributes to the literature on the relationship between technology convenience and security risk and provides guidelines on authing strategies to platform managers.

• Korean Journal of Environment and Ecology
• /
• v.36 no.3
• /
• pp.327-337
• /
• 2022

Ecological restoration is considered a good means to prevent biodiversity loss in terms of the ecosystem's health and sustainability. However, there are difficulties in putting it into practice as there is no comprehensive and objective standard for the selection of plant species, such as environmental, ecological factors, and restoration goal setting. Therefore, this study developed an evaluation index necessary for selecting plant species for restoration using the Delphi method that synthesizes the opinions of the expert group. A survey with 38 questionnaires was conducted twice for experts in ecological restoration, etc., and the importance and priority of evaluation indicators were analyzed by dividing the restoration targets into inland and island regions. The result of the importance analysis showed that "native plants" had the highest average of 4.9 among the evaluation indices in both inland and island regions, followed by "seed security", "propagation", and "root growth rate". In the inland region, the index priority was analyzed in the order of "native plants", "appearance frequency", "root growth rate", "distribution range", and "seed security" in the island region, it was analyzed in the order of "native plants", "root growth rate", "appearance frequency", "distribution range", and "tolerance", showing slight differences between the two indicators. As a result of the importance and priority indicator analysis, we set the mean importance and priority of 4.1 and 2.9, respectively, in the inland region and 4.2 and 2.9, respectively, in the island region. As for the criteria of selecting plant species for ecological restoration, the "native plants" had the highest importance and priority. "Seed securing", 'viability", "topography", "proliferation", "tolerance", "soil conditions", "growth characteristics", "early succession", "distribution range", "appearance frequency", and "germination rate" were classified into subgroups of low importance and priority. The lowest indicators were "final stage of succession", "transition period", 'transition stage", "root", "reproduction", "soil", "appearance", "technology", "landscape", "climate", and "germination rate". We expected that the findings through objective verification in this study would be used as evaluation indicators for selecting native plant species for ecological restoration.

• Korean Security Journal
• /
• no.36
• /
• pp.525-559
• /
• 2013

Modern society has been exposed to various dangers and crimes in the process of globalization, informationization, decentralization etc. along with the development of material civilization under rapid changing societal environment. These factors are exerting a lot of effects in public security environments, as result there are gradual interest about crime and crime prevention. Realization of responsibility who take charge of social safety, from public security to private security, appears important topic at the moment. The positive point of view which private security industry is responsible to cope with security spheres instead of public security has been emerged from the reason that the public security has limitation to solve security problems for themselves. It is the time to make effort to compromise the public security and the private security industry to forecast social change and prevent dangers in the advance. In Korea, there has been close cooperation between public security and private security for decades. Strongly emerging and interesting sphere is "Private Investigation(Private Detective)" in Korea at present. There has been some proposed legislations of private investigation for decreasing burden of public security and social sympathy about possibility of private investigation system is increasing now. In this study, we focused on the introduction of private investigation system through the analysis of bill proposals for last 14 years, for instance historical aspects, contents, the differences among bill proposals. Among these, a comparison on bill proposals of the 19th National Assembly's during 2012 - 2013 were analysed mainly. We examined the importance point at issue items for introduction of private investigation system. Suggestions for introduction of private investigation system is as follows. The necessity of independent bill for developmental private investigation system is needed and the main body should be a juristic person instead of a individual for the public interest and responsibility. For the good service of private investigation and to prevent the unqualified person become a private investigator, the recruiting system and examination of private investigator should be prepared well and take into consideration anticipated problems. Also the necessity of definite jurisdiction department's appointment to divide responsibility in operation.