• Journal of Information Technology Services
• /
• v.2 no.2
• /
• pp.97-109
• /
• 2003

As the importance and the need for network security is increased, many organization uses the various security systems. They enable to construct the consistent integrated security environment by sharing the vulnerable information among firewall, intrusion detection system, and vulnerable scanner. And Policy-based network provides a means by which the management process can be simplified and largely automated. In this article we build a foundation of policy-based network modeling environment. The procedure and structure for policy rule induction from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Based) is conducted. It also transforms the policy rules into PCIM (Policy Core Information Model).

• Journal of Industrial Technology
• /
• v.31 no.A
• /
• pp.113-118
• /
• 2011

Federal Information Security Management Act emphasizes the importance of information security to the economic and national security interests of the United States. This paper provides a brief review on FISMA which is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002, and predicts the possible problems which might be caused from domestic introduction of FISMA. The domestic introduction of FISMA could improve the average level of information security of government agencies. Whereas, the government agencies and the government officials might face with many problems such as the increased government budget, lack of social awareness and security professionals, and the effectiveness of penalty on non-compliance.

• The Transactions of the Korean Institute of Electrical Engineers A
• /
• v.54 no.12
• /
• pp.597-602
• /
• 2005

The introduction of competition in electricity market emphasizes the importance of sufficient transmission capacities to guarantee various electricity transactions. Therefore, when dispatch scheduling, transmission security constraints should be considered for the economic and stable electric power system operation. In this paper, we propose an optimal dispatch scheduling algorithm incorporating transmission security constraints. For solving these constraints, the dispatch scheduling problem is decomposed into a master problem to calculate a general optimal power flow (OPF) without transmission security constraints and several subproblems to inspect the feasibility of OPF solution under various transmission line contingencies. If a dispatch schedule given by the master problem violates transmission security constraints, then an additional constraint is imposed to the master problem. Through these iteration processes between the master problem and subproblems, an optimal dispatch schedule reflecting the post-contingency rescheduling is derived. Moreover, since interruptible loads can positively participate as generators in the competitive electricity market, we consider these interruptible loads active control variables. Numerical example demonstrates efficiency of the proposed algorithm.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.587-590
• /
• 2017

In this paper, we investigate the current status and problems of information security in government - funded research institutes, where the frequency of cyber - infringement threats is increasing, and emphasize the importance of information security. do. To this end, we will contribute to the establishment of a stable information security infrastructure for government-funded research institutes in the future by identifying problems and proposing improvement measures based on data related to information security such as information security policies, organizations, and budgets of government-funded research institutes.

• International Journal of Computer Science & Network Security
• /
• v.21 no.4
• /
• pp.249-254
• /
• 2021

Our society is depending on mobile devices that play a major role in our lives. Utilizing these devices is possible due to their speed power and efficiency in performing basic as well as sophisticated operations that can be found in traditional computers like desktop workstations. The challenge with using mobile devices is that organizations are concerned with the interference between personal and corporate use due to Bring Your Own Device (BYOD) trend. This paper highlights the importance of mobile devices in our daily tasks and the associated risks involved with using these devices. Several technologies and countermeasures are reviewed in this paper to secure the mobile devices from different attempts of attacks. It is important to mention that this paper focuses on technical measures rather than considering different aspects of security measures as recommended by the cybersecurity community.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.7
• /
• pp.321-328
• /
• 2017

As the cyber threats become more sophisticated and intelligent, the cases of cyber-infringement accidents are rapidly increasing. As a result, awareness of the importance of cyber security professionals has led to many cyber security-related educational programs. These programs provided with education curriculum aimed because cyber security workforce and job-based cyber security education research are not properly done. In this study, we developed a new cyber security education curriculum that defines and reflects cyber security personnel and knowledge system. In this study is not composed solely of the education contents related to the defenses emphasized in the existing education curriculum, but developed education curriculum to train a professional and balanced cyber security manpower by adding education contents in the attack field.

• Korean Security Journal
• /
• no.3
• /
• pp.5-32
• /
• 2000

A differentiated training considered the individual traits of a security guard in order to achieve the self-realization as well as to fulfill the spiritual needs of a security guard is needed. To promote the development of security industry in the new millennium, new types of training methods should be introduced, and a planned elaborate training in consideration of the traits of individual security guards is needed. On the other hand, to cultivate occupational consciousness, and to increase training products, a specific kind of training based on the survey of demand should be carried out. In this study, I made an actual analysis current training contents derived from the questionnaires and interviews among the security guards who were employed at the security industry. From these analyses, I am going to suggest the following measures; 1) The improvement of circumstances in training should be preceded. 2) Training related to practical business in consideration of individual traits should be emphasized. 3) Producing excellent professionals and developing specific textbooks are needed. 4) To establish professional education institutes is urgently needed. 5) Systematic training methods sponsored by government authorities and security society should be established. 6) The deep concern of security industry employers about the importance of training is needed.

• Maritime Security
• /
• v.6 no.1
• /
• pp.57-81
• /
• 2023

This study aims to review Russia's annexation of Crimea from a maritime security perspective. Based on a comprehensive analysis of Russia's national security perception, this study analyzed Russia's maritime security strategy and the security importance of the Black Sea and the Sea of Azov, and reviewed the annexation of Crimea from a maritime security perspective. The main argument of this study is as follows. Russia's annexation of Crimea was necessary for the successful fulfillment of Russia's maritime security strategy in the Black and Azov Seas. Russia's annexation of Crimea guarantees the activities of the Black Sea Fleet militarily from a maritime security point of view, secures a passage to the Atlantic Ocean to counter NATO's expansion. From a economic security point of view, Russia's annexation of Crimea was based on the strategic considerations to secure influence within the Black Sea economic bloc which guarantees stable production and transportation of natural resources and shipping.

• Journal of Internet Technology
• /
• v.22 no.5
• /
• pp.1069-1082
• /
• 2021

The Internet of Things (IoT) is vulnerable to a wide range of security risks, which can be effectively mitigated by applying Cyber Threat Intelligence (CTI) sharing as a proactive mitigation approach. In realizing CTI sharing, it is of paramount importance to guarantee end-to-end protection of the shared information as unauthorized disclosure of CTI is disastrous for organizations using IoT. Furthermore, resource-constrained devices should be supported through lightweight operations. Unfortunately, the aforementioned are not satisfied by the Hypertext Transfer Protocol Secure (HTTPS), which state-of-the-art CTI sharing systems mainly depends on. As a promising alternative to HTTPS, Ephemeral Diffie-Hellman over COSE (EDHOC) can be considered because it meets the above requirements. However, EDHOC in its current version contains several security flaws, most notably due to the unprotected initial message. Consequently, we propose a lightweight end-to-end privacy-preserving security protocol that improves the existing draft EDHOC protocol by utilizing previously shared keys and keying materials while providing ticket-based optimized reauthentication. The proposed protocol is not only formally validated through BAN-logic and AVISPA, but also proved to fulfill essential security properties such as mutual authentication, secure key exchange, perfect forward secrecy, anonymity, confidentiality, and integrity. Also, comparing the protocol's performance to that of the EDHOC protocol reveals a substantial improvement with a single roundtrip to allow frequent CTI sharing.

• Information Systems Review
• /
• v.25 no.4
• /
• pp.233-248
• /
• 2023

The increasing integration of intelligent information technologies within organizational systems has amplified the risk to personal information security. This escalation, in turn, has fueled growing apprehension about an organization's capabilities in safeguarding user data. While Internet users adopt a multifaceted approach in assessing a company's information security, existing research on the multiple dimensions of information security is decidedly sparse. Moreover, there is a conspicuous gap in investigations exploring whether users' evaluations of organizational information security differ across industry types. With an aim to bridge these gaps, our study strives to identify which information security attributes users perceive as most critical and to delve deeper into potential variations in these attributes across different industry sectors. To this end, we conducted a structured survey involving 498 users and utilized the analytic hierarchy process (AHP) to determine the relative significance of various information security attributes. Our results indicate that users place the greatest importance on the technological dimension of information security, followed closely by transparency. In the technological arena, banks and domestic portal providers earned high ratings, while for transparency, banks and governmental agencies stood out. Contrarily, social media providers received the lowest evaluations in both domains. By introducing a multidimensional model of information security attributes and highlighting the relative importance of each in the realm of information security research, this study provides a significant theoretical contribution. Moreover, the practical implications are noteworthy: our findings serve as a foundational resource for Internet service companies to discern the security attributes that demand their attention, thereby facilitating an enhancement of their information security measures.