• Journal of Intelligence and Information Systems
• /
• v.26 no.3
• /
• pp.37-50
• /
• 2020

Information security has become an important issue in the world. Various information and communication technologies, such as the Internet of Things, big data, cloud, and artificial intelligence, are developing, and the need for information security is increasing. Although the necessity of information security is expanding according to the development of information and communication technology, interest in information security investment is insufficient. In general, measuring the effect of information security investment is difficult, so appropriate investment is not being practice, and organizations are decreasing their information security investment. In addition, since the types and specification of information security measures are diverse, it is difficult to compare and evaluate the information security countermeasures objectively, and there is a lack of decision-making methods about information security investment. To develop the organization, policies and decisions related to information security are essential, and measuring the effect of information security investment is necessary. Therefore, this study proposes a method of constructing an investment portfolio for information security measures using game theory and derives an optimal defence probability. Using the two-person game model, the information security manager and the attacker are assumed to be the game players, and the information security countermeasures and information security threats are assumed as the strategy of the players, respectively. A zero-sum game that the sum of the players' payoffs is zero is assumed, and we derive a solution of a mixed strategy game in which a strategy is selected according to probability distribution among strategies. In the real world, there are various types of information security threats exist, so multiple information security measures should be considered to maintain the appropriate information security level of information systems. We assume that the defence ratio of the information security countermeasures is known, and we derive the optimal solution of the mixed strategy game using linear programming. The contributions of this study are as follows. First, we conduct analysis using real performance data of information security measures. Information security managers of organizations can use the methodology suggested in this study to make practical decisions when establishing investment portfolio for information security countermeasures. Second, the investment weight of information security countermeasures is derived. Since we derive the weight of each information security measure, not just whether or not information security measures have been invested, it is easy to construct an information security investment portfolio in a situation where investment decisions need to be made in consideration of a number of information security countermeasures. Finally, it is possible to find the optimal defence probability after constructing an investment portfolio of information security countermeasures. The information security managers of organizations can measure the specific investment effect by drawing out information security countermeasures that fit the organization's information security investment budget. Also, numerical examples are presented and computational results are analyzed. Based on the performance of various information security countermeasures: Firewall, IPS, and Antivirus, data related to information security measures are collected to construct a portfolio of information security countermeasures. The defence ratio of the information security countermeasures is created using a uniform distribution, and a coverage of performance is derived based on the report of each information security countermeasure. According to numerical examples that considered Firewall, IPS, and Antivirus as information security countermeasures, the investment weights of Firewall, IPS, and Antivirus are optimized to 60.74%, 39.26%, and 0%, respectively. The result shows that the defence probability of the organization is maximized to 83.87%. When the methodology and examples of this study are used in practice, information security managers can consider various types of information security measures, and the appropriate investment level of each measure can be reflected in the organization's budget.

• Journal of Digital Contents Society
• /
• v.18 no.6
• /
• pp.1135-1142
• /
• 2017

In this paper, we propose IoT based smart CCTV security service to prevent crime in blind spot and prevent unexpected fire or danger. In the proposed method, a RC (Radio Control) car is made using Raspberry pie, and a camera and various modules are installed in an RC car. It was then implemented using Raspbian O / S, Apache Web Server, Shell script, Python, PHP, HTML, CSS, Javascript. The RC car provides a security service that informs the manager of the situation by judging the risk of the scene with modules such as video, voice and temperature. Experimental results show that the transmission time of video and audio information is less than 0.1 second. In addition, real-time status transmission was possible in AVG, emergency, and manual mode. It is expected that the proposed method will be applied to the development of smart city by applying it to unmanned vehicles, drones and the like.

• The Journal of the Korea Contents Association
• /
• v.12 no.3
• /
• pp.421-433
• /
• 2012

AMGA service, which is one of the EMI gLite middleware components, is widely used for analysis of distributed large scale experiments data as metadata repository by scientific and technological researchers and the use of AMGA is extended farther to include general industries needing metadata Catalogue as well. However AMGA, based unix and Grid UI, has the weakness of being absence of general-purpose user interfaces in comparison to other commercial database systems and that's why it's difficult to use and diffuse it although it has the superiority of the functionality. In this paper, we developed AMGA GUI toolkit to provide work convenience using object-oriented modeling language(UML). Currently, AMGA has been used as the main component among many user communities such as Belle II, WISDOM, MDM, and so on, but we expect that this development can not only lower the barrier to entry for AMGA beginners to use it, but lead to expand the use of AMGA service over more communities.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.73-80
• /
• 2011

In this study, software products developed in the course of testing, software managers in the process of testing software and tools for effective learning effects perspective has been studied using the NHPP software. The delayed software S-shaped reliability model applied to distribution was based on finite failure NHPP. Software error detection techniques known in advance, but influencing factors for considering the errors found automatically and learning factors, by prior experience, to find precisely the error factor setting up the testing manager are presented comparing the problem. As a result, the learning factor is greater than automatic error that is generally efficient model could be confirmed. This paper, numerical example of applying using time between failures and parameter estimation using maximum likelihood estimation method, after the efficiency of the data through trend analysis model selection were efficient using the mean square error and $R^2$(coefficient of determination).

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2113-2116
• /
• 2003

이 논문에서는 리눅스 기반VDPM(Virus Detection Protection Management)시스템을 제안하고 개발한 응용SW로 감지, 차단 및 관리 방법을 제시한다. 제안된 LVPM시스템은 첫째특정탐색 및 전체탐색 알고리듬에 의하여 개발된 VDPM시스템은 신종 바이러스까지 탐지하는 모든 종류의 바이러스 탐지(VDPM_hawkeye) 모듈, Virus첵크하는 감시 및 Virus첵크후 친정, 제거하는 방지(VDPM_medic)모듈, DB를 update하는 기능을 가지는 관리(VDPM_manager)모듈과 원격 DB관리 및 Virus결과 보고 기능 (VDPM_reporter) 모듈로 되어 있으며 지능적인 Virus방지 시스템, 둘째 네트워크 패킷을 분석하여 네트워크를 통한 침 바이러스 탐지 및 대응 시스템과 셋째 네트워크 패킷을 분석하여 네트워치를 통한 네트워크형 악성 소프트웨어 대응 시스템을 포함한 바이러스 보호 통합 시스템을 구현하였다. 더불어 호스트와 네트웍기반의 통합적인 IDS가 방화벽(Firewall)시스템과 연동하여 IDS 단독 차단이 불가능한 공격을 차단하는 소프트웨어 시스템을 개발하는 것이며 관리자가 사용하기 쉬운 GUI환경으로 구현하였고 대규모 분산 네트워크 환경에서 효율적인 리눅스기반 침입탐지방지관리 솔루션을 제시한다.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.12
• /
• pp.145-151
• /
• 2018

While commercialization of IoT technologies in the safety management sector is being promoted in terms of industrial safety of large indoor businesses, implementing a system for risk management of small outdoor work sites with frequent site movements is not actively implemented. In this paper, we propose an efficient dynamic workload balancing strategy which combined low-power, wide-bandwidth (LPWA) communication and low-power Bluetooth (BLE) communication technologies to support customized risk management alarm systems for each individual (driver/operator/manager). This study was designed to enable long-term low-power collection and transmission of traffic information in outdoor environment, as well as to implement an integrated real-time safety management system that notifies a whole field worker who does not carry a separate smart device in advance. Performance assessments of the system, including risk alerts to drivers and workers via Bluetooth communication, the speed at which critical text messages are received, and the operation of warning/lighting lamps are all well suited to field application.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.131-138
• /
• 2008

This paper designed an Internet Convention e-Portal Information System through an experience and knowledges accumulated in case of information utilization regarding international meeting and conventions in knowledge information societies. Established the Non-stop Cluster system that was the H/W side, L4 and the applied system which was the 3-tier structure and Firewall, VPN, IDS/IPS security control system, S/W side, that utilized the WAS MVC architecture used WAS and a SOA architecture. an ASP EAI function. A user and a manager, designs and constructor, the user efficiency who were an evaluation basis of a Verification commissioner, Ubiquitous evaluated system stability. Information security anger, and evaluated former system and comparison. Therefore is evaluated to the excellent Convention e-Portal Systems that a performance 25.9% improvement consisted of compare with the existing Convention e-Portal Systems, and will contribute so as to be able to carry out-driven enemy role in development of the industrial our country Convention Ubiquitous Internet IT information Industry and International Society Conventions.

• Journal of Practical Agriculture & Fisheries Research
• /
• v.9 no.1
• /
• pp.105-117
• /
• 2007

This study was carried to analyze the demonstrational cultivation process of selenium supplemented P. linteus and G. lucidum from 2005 to 2006 and ifs effect at Hochimin Agricultural Technology College(HATC) in Vietnam, according to the mutual contract between the Yunjung-nongwon, a fanning company in Korea and HATC. As a result of the demonstrational cultivation of selenium supplemented P. linteus and G. lucidum, the external aspect, such as size, thickness and color of the P. linteus and G. lucidum were very much high qualified comparing to the same strain P. linteus and G. lucidum generally cultivated in Korea. The major contribution factors to this high qualified mushroom product could be drawn as followings; keeping growing condition of the mushroom with precise data collection of Vietnam climate and weather, involvement of the various professors of Korea National Agricultural College(KNAC), maintenance of bio-technical security through the strain cultivation on the oak log in Korea, the Yunjung-nongwon manager's endeavor being consulted by the various professors of KNAC even to be a student of the agricultural chief executive officer(CEO) training course in KNAC and the HATC's constant cooperation to the mushroom demonstrational cultivation instead of the orchid which was originally contracted item.

• Journal of Korean Society for Quality Management
• /
• v.51 no.4
• /
• pp.607-618
• /
• 2023

Purpose: In this study, we proposed a plan to establish and implement a safety and health management system by utilizing corporate resources so that manufacturing companies can effectively respond to the Serious Accident Punishment Act. Methods: We identified critical factors and response strategies necessary for manufacturing companies to respond to the Severe Accident Punishment Act effectively and surveyed employees working at the company regarding their importance and performance. Results: In this study, we presented a method of strategically constructing the response strategies (20) shown in previous studies by matching them with the company's resources (leadership, organization, budget, education, and awareness). In particular, leadership refers to the ability of managers who can prevent serious accidents by carrying out safety and health security obligations to avoid safety and health hazards or risks to employees in the business or workplace that is controlled, operated, and managed. Conclusion: Based on the manager's firm leadership, the system's purpose and direction must be accurately set and sufficiently communicated to members. In addition, for companies to identify and improve risk factors on their own, a Process approach must be established to improve execution by referring to legal standards together with field managers and supervisors.

• Journal of Korean Society of Disaster and Security
• /
• v.6 no.1
• /
• pp.9-17
• /
• 2013

Government ministries operate various system dealing with filed civil appeals. There are representative systems such as Safety Monitoring System of the Ministry of Public Administration and Security (MOPAS), Disaster Premonitory Information System of the National Emergency Management Agency (NEMA), Facilities Hazard Information System of the Ministry of Land, Transportation and Maritime Affairs (MLTM), Environmantal Monitoring System of the Ministry of Environment (ME). The purpose managing these systems is to reduce casualties and to improve safety by preventing disasters and accidents in local communities. This study suggests the method to effectively operate a safety monitoring system which fits to local situations based on the statistical analysis performed on filed complaint cases in Gangdong-gu as a sample region. The cases has been collected since 2012 through the voluntary safety monitoring activity of a specialist who had finished the Emergency and Safety maneger's master course.