• Information Systems Review
• /
• v.10 no.2
• /
• pp.253-267
• /
• 2008

As the importance of information security becomes a major concern, there has been growing effort to educate information security professionals. This study aims to analyze the level of required knowledge and skills for four information security skills groups: strategy and planning; research and development; system management and operation; and accident control. For this study, we selected 55 critical knowledge and skills for information security professionals by literature review and Delphi method, and we conducted a survey of information security knowledge and skills requirements for information security professionals to perform their jobs. As a result, we analyzed the current status of the information security professionals' knowledge and skills level and suggested some guidelines for establishing the demand-based curriculum for training information security professionals.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.4
• /
• pp.127-132
• /
• 2014

Some laws and regulations may require internet service providers to provide services based on the age of users. Age verification in the online environment should be used as a tool to provide service that is appropriate to child based on age. Using the minimum attribute information, processes on age verification provides the proper guidance to the internet services. However, there is a lack of a globally accepted trust framework for age verification process including evaluation factors for age verification information. In this paper the federation model of user attributes were described and evaluation factors for the age verification information were suggested. Also using the suggested evaluation factors, performance evaluation of federation model of user evaluation was performed. To meet the requirements of evaluation factors, framework of federation model should consider the unlinkability pseudonym support, eavesdropping protection and cloning protection.

• Asia pacific journal of information systems
• /
• v.27 no.3
• /
• pp.156-175
• /
• 2017

The proposed conceptual framework is based in the relationships among knowledge of personal information security, trust on the personal information security policies of parcel delivery service companies, privacy concern, trust in and risk of parcel delivery services, and user satisfaction with parcel delivery services. Drawing upon both cognitive theory of emotion and cognitive emotion theory that complement each other, we propose a research model and examine the relationships between cognitive and emotional factors and the usage of parcel delivery services. The proposed model is validated using data from customers who have previously used parcel delivery services. The results show a significant relationship between the cognitive and affective factors and the usage of parcel delivery services. This study enhances our understanding of parcel delivery services based on the consumers' psychological processes and presents useful implications on the importance of privacy and security in these services.

• 한국경영정보학회:학술대회논문집
• /
• 2007.06a
• /
• pp.699-704
• /
• 2007

In this study, we examine why there exist different legal systems in electronic commerce or online financial trading. When a fraud online transaction occurs and the online customer disputes the transaction, the online customer takes responsibility for the proof of her/his argument in many European countries while in the U.S., the burden of proof lays on the firm. This paper analyzes how these two different legal systems exist and how these can be applied to electronic commerce law. In particular, this paper intends to find the optimal level of e-commerce firms' investment on security and analyzes how security investments can be related to firm's profits and consumer's welfare depending on IT infrastructure and social trust environment. More on, this paper can be contributed to provide guidelines for regulatory framework on ecommerce online transactions and discuss social welfare implications.

• Proceedings of the KAIS Fall Conference
• /
• 2010.05b
• /
• pp.720-723
• /
• 2010

정보기술에 대한 투자규모는 날로 증가하고 있다. 국내 공공 부문의 경우에도 전자정부 구현 등을 위한 다양한 사업으로 인해 투자가 지속적으로 증가하고 있다. 이런 정보화 투자의 증대에도 불구하고 정보화의 효과에 대해서는 아직도 많은 의문이 제기되고 있다. 특히 S/W 취약성으로 인해 보안 침해사고가 발생하고, 정보화 관련 법제도 미흡으로 보안강화 노력이 강구되지 못하였으며 국가정보화의 새로운 틀이 마련되는 시점에서 법제도의 정비가 필요해졌다. 이러한 부분을 보완하고자 정보보호관리(Information Security Management : ISM)라는 제도를 분석한 프레임워크가 개발되었고, 본 논문은 이를 활용하여 국외 정보보호관리 제도 및 정책을 분석하고자 한다. ISM은 주체별로 역할과 책임을 명확하게 하고, 정보화의 목표를 조직목표에의 기여로 정하여 체계적으로 추진하되, 정보보호 보안 프로그램의 적합성과 구현 및 평가/개선을 하려는 핵심추진 노력이 필요하고, 아울러 이런 노력은 현재의 모습에 만족하지 말고 보다 나은 대안과 효과적 수단을 지속적으로 강구하려는 자세 등이 주요한 특징에 속한다. 본 논문을 통하여 분석된 국외 정보보호관리 제도 및 정책은 향후 우리나라의 정보보호관리 제도 및 정책에 상당한 영향을 미칠 것으로 기대된다.

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.2
• /
• pp.21-26
• /
• 2012

Disaster management standard has not been invigorated because it usually has documented qualities. Since its enactment and notification, there has been a lack of continual education and publicity that lead to poor awareness on disaster management. The purpose of this study investigates on activating the use of disaster management standards by disaster related agencies and organization during their work. It proposes details on how to distribute and promote disaster management standards, develop textbook, evaluation and feedback. Furthermore, it also developed an organizational structure and legal framework as measure for disaster management.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.37-47
• /
• 2014

This study applies Policy Streams and Expert Group Standing Change Framework (PSECF) proposed by SangJung Park and Chan KOH to analyze the Roh's Participatory government's decision making process on the wartime Operational Control (OPCON) transition. PSECF case study's results are as follows: Strong commitments of the former president Roh Moohyun and the progressive National Security Committee (NSC) were primary drivers in the policy developing process. But military expert groups such as the Ministry of National Defense (MND) and the Joint Chiefs of Staffs (JCS) were thoroughly excluded due to their passive role against the wartime OPCON transition. After the policy resolution, the standing of expert groups changed: the standing of advocate effects, the former progressive NSC who led the wartime OPCON transition in the Roh's Participatory government, went down but the conservatives such as ROK MND and JCS improve their standing because the conservative government kicks off 8 months later from the policy decision. In conclusion, the proposed PSECF through the Roh's Participatory government's case-study is worthy as an explanatory framework for high level national policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.115-129
• /
• 2007

The ubiquitous and autonomic computing environments is open and dynamic providing the universal wireless access through seamless integration of software and system architectures. The ubiquitous computing have to offer the user-centric pervasive services according to the wireless access. Therefore the roaming services with the predefined security associations among all of the mobile devices in various networks is especially complex and difficult. Furthermore, there has been little study of security coordination for realistic autonomic system capable of authenticating users with different kinds of user interfaces, efficient context modeling with user profiles on Smart Cards, and providing pervasive access service by setting roaming agreements with a variety of wireless network operators. This paper proposes a Roaming Coordinator-based security management framework that supports the capability of interoperator roaming with the pervasive security services among the push service based network domains. Compared to traditional mobile systems in which a Universal Subscriber Identity Module(USIM) is dedicated to one service domain only, our proposed system with Roaming Coordinator is more open, secure, and easy to update for security services throughout the different network domains such as public wireless local area networks(PWLANs), 3G cellular networks and wireless metropolitan area networks(WMANs).

• ETRI Journal
• /
• v.25 no.6
• /
• pp.423-436
• /
• 2003

This paper describes our design of a contents distribution framework that supports transparent distribution of digital contents on the Internet as well as copyright protection of participants in the contents distribution value chain. Copyright protection must ensure that participants in the distribution channel get the royalties due to them and that purchasers use the contents according to usage rules. It must also prevent illegal draining of digital contents. To design a contents distribution framework satisfying the above requirements, we first present four digital contents distribution models. On the basis of the suggested distribution models, we designed a contract system for distribution of royalties among participants in the contents distribution channel, a license mechanism for enforcement of contents usage to purchasers, and both a packaging mechanism and a secure client system for prevention of illegal draining of digital contents.

• Asia pacific journal of information systems
• /
• v.8 no.3
• /
• pp.147-163
• /
• 1998

Advances in information and telecommunications technology are producing unprecedented shifts in the way businesses conduct their business, Today, electronic commerce is becoming pervasive due to, in large part, the widespread use of Internet and Worldwide Web. One element that plays an important role in shaping the success of electronic commerce is the electronic payment system. Deficiency in its reliability and security may lead to unwanted outcomes, including economic losses and customer dissatisfaction. By far, numerous forms of electronic payment systems have been introduced in the virtual marketplace. However, there exists little research that has focused on the characteristics of the electronic payment systems such that they may be compared with one another. This article is aimed at providing a framework for comparative analysis of electronic payment systems, examining the characteristics of the individual payment systems, and suggesting a choice strategy which enables a firm to select an appropriate payment system suited to their business needs. The framework classifies electronic payment systems into four categories including electronic cash, electronic checks, credit cards, and smart cards, and it can be employed in planning for an electronic commerce system.