• International Commerce and Information Review
• /
• v.9 no.4
• /
• pp.241-261
• /
• 2007

9.11 terrors which happen in 2001 in the U.S. recognize importance about national security and Department of Commerce, country safety department, Federal Communication Commission(FCC) etc. are establishing RFID sticking plan in harbor exit and entrance container for this, and it is real condition that is preparing preparation of law and system that establishes harbor peace law(Safe Port Act) on October, 2006 and acts on for U.S. about container load cargo Europe and Asia each countries. These law and system is logistics security that strengthen search for import and export freight and security to main contents. To meet in these circumstance subsequent, this paper is to examine the following three themes. First, examined necessity of logistics security and logistics security strengthening tendency, and second, examined in achievement of logistics business and RFID, and third, presented logistics security process that utilize change of realization about logistics security and RFID's role for logistics security. Through upper investigation, this paper suggested the realization about logistics security raising, logistics security connection system construction by export step, real-time freight chase that use RFID, construction necessity of executive system and development of logistics security equipment required.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.89-96
• /
• 2016

Before an IT product is used, there is a sequence of the process such as the components supply-demand of the product, their assembly and production, their logistics and delivery, and then finally, the product can be used by a user. During this sequence of the process, there can be many security exposures and risks. In this paper, we show, by examining security cases of various IT products, that there are many security exposures in the process of IT products from their production to their delivery to end users and in their use, and also show how critical the security exposures are. Even though there are various security theories, technologies and security controls, there is still weak link from the production of an IT product to its use, and this weak link can lead to security vulnerabilities and risks. This paper tries to call attention to the importance of the execution of the security control and the control components. We examine the practical cases to find out how the security control is paralyzed, and to show how it is compromised by asymmetric security resources. Lastly, from the cases, we examine and review the possible domestic security issues and their countermeasures.

• The Journal of Information Systems
• /
• v.29 no.1
• /
• pp.93-111
• /
• 2020

Purpose The purpose of this paper is to observe the relative priorities of importances among the modified versions of Block chain system, being based on AHP decision support model which should be also proposed in this paper. Design/methodology/approach Four versions modified from the beginning of Block chain were divided into Public& Permissionless, Private&Permissionless, Public&Permissioned and Private&Permissioned types. Five criteria for evaluating the four versions whether the version were suitable for Medical information system were introduced from five factors of Technologies Accept Model, which were Security, Availability, Variety, Reliability and Economical efficiency. We designed Decision support model based on AHP which would select the best alternative version suitable for introducing the Block chain technology into the medical information systems. We established the objective of the AHP model into finding the best choice among the four modified versions. First low layer of the model contains the five factors which consisted of Security, Availability, Variety, Reliability and Economical efficiency. Second low layer of the model contains the four modified versions which consisted Public&Permissionless, Private&Permissionless, Public&Permissioned and Private& Permissioned types. The structural questionnaire based on the AHP decision support model was designed and used to survey experts of medical areas. The collected data by the question investigation was analyzed by AHP analysis technique. Findings The importance priority of Security was highest among five factors of Technologies Accept Mode in the first layer. The importance priority of Private&Permissioned type was highest among four modified versions of Block chain technologies in second low layer. The second importance priority was Private&Permissionless type. The strong point of Private&Permissioned type is to be able to protect personal information and have faster processing speeds. The advantage of Private& Permissionless type is to be also able to protect personal information as well as from forging and altering transaction data. We recognized that it should be necessary to develop new Block chain technologies that would enable to have faster processing speeds as well as from forging and altering transaction data.

• Journal of Information Technology Services
• /
• v.15 no.3
• /
• pp.51-69
• /
• 2016

Recently, many Korean firms have suffered financial losses and damaged firm's trust due to information security incidents. Hence, a lot of firms have realized the importance of the information security. In particular, the demand for information security certification has increased. This study examined the effect of information security certification using the event study methodology. Our research shows that the announcement of the information security certification significantly influences the market value of the corresponding firm. The certified firms rise, on average, o.4993% (-2 day), 0.5462% (+1 day) of their market value. Further, we found that the financial sector in our data showed a 1.4% higher abnormal returns than the nonfinancial sector. On the other hand, whether a firm first acquired the information security certification is not significant. Our paper presents that it is possible to analyze the effect of the information security certification using the event study. We are expected to be used in making a decision for the investment of information security. Also, our results indicate that the firm which have acquired the information security certification should actively announce that fact.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.59-68
• /
• 2016

Recently, many domestic and foreign industries is increasing gradually in the importance of security such as the emergence of a Convergence Information Technology(internet of things, cloud computing service, big data etc). Among these techniques, the industrial security market is expected to grow gradually and the evolution of security technologies, as well as vulnerabilities are also expected to increase. Therefore, an increase in physical vulnerability factors it is no exaggeration to standards that are determining the security of industrial security. In this paper will be analyzed to the physical security technology and case study, physical vulnerability factor. Thereby this is expected to be utilized as a basis for the countermeasure of physical corresponding infringement and attack in a future.

• The Journal of Information Systems
• /
• v.29 no.1
• /
• pp.23-50
• /
• 2020

Purpose As information management grows in importance around the world, organizations are investing in information security technology. However, the higher the level of information security technology in an organization, the higher the techno-stress of employees. The purpose of this study is to suggest stress factors related to information security technology that affect the reduction of employees' intention to comply with information security and to suggest ways to alleviate stress. Design/methodology/approach The research presented a model for mitigating technical stress related to information security based on technical stress theory and person-organization fit theory. 346 questionnaire data were analyzed from the members of the organization who applied the information security technology, and the research hypothesis was verified through the structural equation modeling. Findings The hypothesis test confirms that security-related techno-stress reduces the information security compliance intention of employees, organizational technical support mitigates technical stress, and person-organization fitness mitigates the negative relationship between techno-stress and compliance intention. The results of the study contribute to the organization's strategy for minimizing the reduction of the information security compliance intention of employees, and are meaningful in that the theoretical basis for mitigating techno-stress is provided in the field of information security.

• Journal of Institute of Control, Robotics and Systems
• /
• v.9 no.4
• /
• pp.310-319
• /
• 2003

As the importance and the need for network security are increased, many organizations use the various security systems. They enable to construct the consistent integrated security environment by sharing the network vulnerable information among IDS (Intrusion Detection System), firewall and vulnerable scanner. The multiple IDSes coordinate by sharing attacker's information for the effective detection of the intrusion is the effective method for improving the intrusion detection performance. The system which uses BBA (Blackboard Architecture) for the information sharing can be easily expanded by adding new agents and increasing the number of BB (Blackboard) levels. Moreover the subdivided levels of blackboard enhance the sensitivity of the intrusion detection. For the simulation, security models are constructed based on the DEVS (Discrete Event system Specification) formalism. The intrusion detection agent uses the ES (Expert System). The intrusion detection system detects the intrusions using the blackboard and the firewall responses to these detection information.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.21 no.9
• /
• pp.95-100
• /
• 2007

The importance of communication security is increased in the power industry. The representative communication network of power industry is the SCADA(Supervisory Control and Data Acquisition) systems. The SCADA system has been used for remote measurement and control in the power industry. Recently, many studies of SCADA network security have been carried out around the world. In this paper, we introduce recent security issues in the SCADA network and propose the application of a symmetric encryption method to the Korea SCADA network.

• Journal of Digital Convergence
• /
• v.9 no.5
• /
• pp.113-121
• /
• 2011

As the importance of information security grows, the demand of professionals in information security field is continuing to increase. In developing as information security professionals, however, there are practical problems to be solved in advance. This study defines the body of essential knowledge(EBK) for information security professional development; on the other hand, this study suggests a education program as a multidisciplinary major based on the EBK.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.57-66
• /
• 2011

We implemented the document DRM applying role based access control(RBAC) mechanism for preventing the information leakage of a document which is transmitted in network environment. It must prevent to access document not related to user role and duty, and must allow operation to document for improving security, considering user role and security level according to a document importance. We improved the security of document DRM by adding to the access control module applying RBAC for satisfying security requirements. Though the user access document, our system allows operation authorizations to document by the user's role & security level and the security attribute of RBAC. Our system prevents indiscriminate access to the documents by user who is not associated with the role, and prevents damage the confidentiality and integrity.