• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.669-679
• /
• 2014

This study introduces server-side security-oriented framework for smart financial service. Most of domestic financial institutions providing e-banking services have employed server-side framework which implement service-oriented architecture. Because such architecture accommodates business and security requirements at the same time, institutions are struggling to cope with the security incidents efficiently. The thesis suggests that separating security areas from business areas in the frameworks makes users to be able to apply security policies in real time without considering how these policies may affect business transactions. Security-oriented frameworks support rapid and effective countermeasures against security threats. Furthermore, plans to avoid significant changes on existing system when institutions implement these frameworks are discussed in the report.

• Journal of Platform Technology
• /
• v.11 no.5
• /
• pp.126-135
• /
• 2023

Demand for NFT is expanding along with Blockchain. And cyber security threats are also increasing. Therefore, this study derives security level inspection items by analyzing status related to NFT security such as NFT features, security threats, and compliance for the purpose of strengthening NFT security. Based on this, the relative importance was confirmed by applying it to the AHP model. As a result of the empirical analysis, the priority order of importance was found in the order of Security management system establishment and operation, encryption, and risk management, etc. The significance of this study is to reduce NFT security incidents and improve the NFT security management level of related companies by deriving NFT-related security level check items and demonstrating the research model. And If you perform considering relative importance of the NFT check items, the security level can be identified early.

• The Journal of Information Systems
• /
• v.23 no.3
• /
• pp.99-125
• /
• 2014

Internet environment and innovative ICT(information and communication technology) have brought about big changes to our lifestyle and industrial structure. In spite of the convenience of Internet, various cyber incidents such as malicious code infection, personal information leakage, smishing(sms + phishing), and pharming have frequently occurred. Information security must be recognized as a key and compulsory element for surviving in a global economy. Strategic roles of information security have recently been increasing, but effective implementation of information security is still a major challenge to organizations. Our study examines the influencing factors of information security and investigates the causal relationship between information security maturity level and organizational performance through an empirical survey. According to the results of our study, personal, organizational, technical, and social factors affect organizations's information security maturity level altogether. This result suggests that when dealing with security issues, the holistic and multi-disciplinary approaches should be required. In addition, there is a causal relationship between information security maturity level and organizational performance, and organizations aim to establish the efficient and effective ways to enhance information security maturity level on the basis of the results of this study.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.771-772
• /
• 2015

사이버 침해사고 정보를 공유하는 체계가 전 세계적으로 확산되고 있는 추세이다. 상호 네트워크 통신을 위하여 필요한 인터넷기반정보와 사이버 침해사고 관련 정보를 획득하기 위한 채널 다양하게 존재하고 공공의 이익을 목적으로 공유되고 있으며 침해정보에 대한 세부적인 분석정보 또한 오픈소스 프로젝트를 통해 손쉽게 획득할 수 있다. 한국인터넷진흥원에서는 공인된 사용자 혹은 기관을 대상으로 침해사고에 활용된 악성정보를 공유하고 있다. 본 논문은 이러한 인터넷기반정와 침해사고와 관련된 연관정보를 활용한 사이버 침해정보 연관 그래프 구축방안에 대하여 논하며 그 활용방안이 어떠한 것이 있는지 제안한다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.17 no.4
• /
• pp.77-83
• /
• 2021

As Open Source Software(OSS) recently invigorates, many companies actively use the OSSes in their business software. With such OSS invigoration, our web application is developed in order to provide the safety in using the OSSes, and update the information on the new vulnerabilities and the patches at all times by crawling the web pages of the relevant OSS home pages and the managing organizations of the vulnerabilities. By providing the updated information, our application helps the OSS users and developers to be aware of such security issues, and gives them to work in the safer environment from security risks. In addition, our application can be used as a security platform to greatly contribute to preventing potential security incidents not only for companies but also for individual developers.

• Information Systems Review
• /
• v.18 no.4
• /
• pp.17-42
• /
• 2016

Information security incidents caused by authorized insiders are increasing in financial firms, and this increase is particularly increased by outsourced contractors. With the increase in outsourcing in financial firms, outsourced contractors having authorized right has become a threat and could violate an organization's information security policy. This study aims to analyze the differences between own employees and outsourced contractors and to determine the factors affecting the violation of information security policy to mitigate information security incidents. This study examines the factors driving employees to violate information security policy in financial firms based on the theory of planned behavior, general deterrence theory, and information security awareness, and the moderating effects of employee type between own employees and outsourced contractors. We used 363 samples that were collected through both online and offline surveys and conducted partial least square-structural equation modeling and multiple group analysis to determine the differences between own employees (246 samples, 68%) and outsourced contractors (117 samples, 32%). We found that the perceived sanction and information security awareness support the information security policy violation attitude and subjective norm, and the perceived sanction does not support the information security policy behavior control. The moderating effects of employee type in the research model were also supported. According to the t-test result between own employees and outsourced contractors, outsourced contractors' behavior control supported information security violation intention but not subject norms. The academic implications of this study is expected to be the basis for future research on outsourced contractors' violation of information security policy and a guide to develop information security awareness programs for outsourced contractors to control these incidents. Financial firms need to develop an information security awareness program for outsourced contractors to increase the knowledge and understanding of information security policy. Moreover, this program is effective for outsourced contractors.

• Journal of Information Technology Services
• /
• v.15 no.3
• /
• pp.51-69
• /
• 2016

Recently, many Korean firms have suffered financial losses and damaged firm's trust due to information security incidents. Hence, a lot of firms have realized the importance of the information security. In particular, the demand for information security certification has increased. This study examined the effect of information security certification using the event study methodology. Our research shows that the announcement of the information security certification significantly influences the market value of the corresponding firm. The certified firms rise, on average, o.4993% (-2 day), 0.5462% (+1 day) of their market value. Further, we found that the financial sector in our data showed a 1.4% higher abnormal returns than the nonfinancial sector. On the other hand, whether a firm first acquired the information security certification is not significant. Our paper presents that it is possible to analyze the effect of the information security certification using the event study. We are expected to be used in making a decision for the investment of information security. Also, our results indicate that the firm which have acquired the information security certification should actively announce that fact.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.113-119
• /
• 2009

In recent years, to provide visitors with the various and dynamic services, many ActiveX Controls are developed and distributed in most of the web sites such as e-Government Internet banking Portal in Korea. However, unsecure ActiveX Controls may be critical security threats on Internet User. Although hacking incidents increase sharply for these vulnerable ActiveX Controls, there are not enough national security actions or policies. Thus, in this paper we propose the technical method to design 'Security model for ActiveX Control Managemnet through Security Authentication' to be able safe and useful security management in three aspects of development distribution using.

• Safety and Health at Work
• /
• v.12 no.2
• /
• pp.249-254
• /
• 2021

Introduction: Workplace violence (WPV) is a major occupational and health hazard for nurses. It affects nurses' physical and psychological well-being and impacts health service delivery. We aimed to assess the prevalence and describe the consequences of WPV experienced by nurses working in an emergency department in Kenya. Methods: We conducted a descriptive cross-sectional study among emergency nurses at one of the largest tertiary hospitals in Kenya. We collected data using a structured questionnaire adapted from the 'WPV in the Health Sector, Country Case Studies Research Instruments' questionnaire. We described the prevalence and effects of WPV using frequencies and percentages. Results: Of the 82 participating nurses, 64.6% were female, 57.3% were married and 65.8% were college-educated (65.8%). Participants' mean age was 33.8 years (standard deviation: 6.8 years, range: 23-55). The overall lifetime prevalence of WPV was 81.7% (n = 67, 95% confidence interval [CI]: 71.6%-88.8%) and the 1-year prevalence was 73.2% (n = 63, 95% CI: 66.3-84.8%). The main WPV included verbal abuse, physical violence, and sexual harassment. Most incidents were perpetrated by patients and their relatives. No action was taken in 50% of the incidents, but 57.1% of physical violence incidents were reported to the hospital security and 28.6% to supervisors. Perpetrators of physical violence were verbally warned (42.9%) and reported to the hospital security (28.6%). Conclusion: Workplace violence is a significant problem affecting emergency nurses in Kenya. Hospitals should promote workplace safety with zero-tolerance to violence. Nurses should be sensitised on WPV to mitigate violence and supported when they experience WPV.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.2
• /
• pp.1-8
• /
• 2016

A convergence of finance and information technology brought a remarkable development in Fin-Tech industry. On the other hand, currently existing laws seemed inappropriate to address the liability of financial institutions, Fin-tech enterprises and consumers in case of financial accidents due to its ambiguity. The minimum insurance obligation by financial institutions specified under the Electronic Financial Transaction Act 2006 is not keeping with current reality, considering transaction volume, frequency of incidents, and security investments. This paper aims to lay stress on the need of cyber liability insurance by understanding the domestic financial incidents and management, and the limit of existing insurance policy.