• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.167-175
• /
• 2010

Like most large organizations, there are business rules such as 'separation of duty' and 'delegation' which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer's authority range without the security officer's intervention.

• Journal of Korea Port Economic Association
• /
• v.28 no.1
• /
• pp.1-23
• /
• 2012

Advances in information technology has brought many benefits to businesses, but at the same time, businesses are facing serious problems caused by its use such as information leakage. In order to cope with problems, companies have established information security policies, demanding workers of a company to be compliant with the policies. This study proposes a research model that includes information security awareness, information security attitude, self-efficacy, standard belief and social influences as factors that affect the compliance of information security policy among the workers of shipping and port organization. The results of this study showed that there was a positive relationship not only between the information security awareness and the information security attitude, but also between the information security attitude and the information security policy among the workers of shipping and port organization. It was also found that there was a positive relationship between the self-efficacy and the compliance of information security policy, and between the social influence and the compliance of information security policy. However, there was no meaningful relationship between the standard belief and the compliance of information security policy. This study examined to what extent the workers of shipping and port organization that have a high possibility of the information leakage were compliant with the information security policy. The findings will contribute to organizations of shipping and port who attempt to establish strategies related to information security.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.33-51
• /
• 2011

This research derived the influencing factors for employees' compliance with the information security policy in organizations on the basis of Neutralization Theory, Theory of Planned Behavior and Protection Motivation Theory. To empirically analyze the research model and the hypotheses, data were collected by conducting web survey, 194 of 207 questionnaires were available. The test of causal model was conducted by PLS. Reliability, validity and model fit were found to be statistically significant. the results of hypotheses tests showed that seven ones of eight hypotheses could be accepted. The theoretical implications of this study are as follows : 1) this study is expected to play a role of baseline for future research about employee compliance with the information security policy, 2) this study attempted interdisciplinary approach through combining psychology and information system security research, and 3) it suggested concrete operational definitions of influencing factors for information security policy compliance through comprehensive theoretical review. Also, this study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for implement of information system security policies in organizations. Second, it is proved that the need for conducting education and training program suppressing employees. neutralization psychology to violate information security policy should be emphasized in the organizations.

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.235-241
• /
• 2012

To improve educational excellence and quality, academies carry forward integrative security model related to academic affairs including personal information. This paper proposes an integrative security model for academic affairs database, which guarantees DBMS access control, confidentiality, integrity, and security inspection. This proposed model considered that most academies can't make good use of data security product and suggests a detailed measure to realize the confidentiality based on the function of DBMS.

• Journal of Internet Computing and Services
• /
• v.8 no.1
• /
• pp.99-113
• /
• 2007

In the rapidly changing e-business environment, organizations need to share information, process business transactions, and enhance collaborations with relevant entities by taking advantage of the various technologies. However, there are always the security issues that need to be handled in order for the e-business operations to be run efficiently. In this research, we suggest the new security authorization model for safety flexible supporting the needs of e-business (e-marketplace) in an organization. This proposed model provides the scalable of access control policy among multi-domains, and preservation of flexible authorization management in distributed system environments. For servers to take the access control policy and enforcement decisions, we also describe the feasible authorization architecture is concerned with how they might seek advice and guideline from formal access control model.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2001.05a
• /
• pp.1-10
• /
• 2001

SNMPv3 provides the security services such as authentication and privacy of messages as well as a new flexible and extensible administration framework. Therefore, with the security services enabled by SNMPv3, network managers can monitor and control the operation of network components more secure way than before. But, due to the user-centric security management and the deficiency of policy-based security management facility, SNMPv3 might be inadequate network management solution for large-scaled networks. In this paper, we review the problems of the SNMPv3 security services, and propose a Role-based Security Management Model(RSM), which greatly reduces the complexity of permission management by specifying and enforcing a security management policy far entire network.

• Journal of Korea Trade
• /
• v.27 no.3
• /
• pp.65-86
• /
• 2023

Purpose - As globalization progresses, complexity also increases, and various factors that threaten port functions are emerging. Accordingly, the demand for port security to prevent the crisis and resilience that quickly recovers its original function after the crisis is also increasing in port operations. However, few studies have examined how to ensure the port security and how the resilience affects operation performance of port and sustainability performance as well. So the study aims to find out how port security affects port resilience and port operational performance, and consequently, this two factors affect socioeconomic and environmental sustainability performance respectively and synthetically. Design/methodology - Confirmatory Factor Analysis (CFA) was first performed to determine the validity of the factors of model and hypothesis test was performed using Structural Equation Model (SEM) to analyze the Port Performance Model, which show the perception logic among port security level, port resilience, operation performance, and sustainability performance. In order to empirically analyze this model, total 264 respondents from port security operators, shipping companies in South Korea were surveyed. Findings - As result of SEM, First, port security level positively affected the resilience (H1) and cargo operational performance (H2) but not in both of the sustainability performances (H3, H4). Second, resilience positively affected only cargo operational performance (H5) and socio-economic sustainability performance (H7). Last, cargo operation performance positively affects the both of sustainability performances (H8, H9). Originality/value - It was confirmed that port security could improve cargo operational performance through ensuring port resilience and eventually increase the socio-economic sustainability. Therefore the study implies that careful integration and management of port security, port resilience, and sustainability are required, along with compromise on sustainable development goals in the social, economic, and environmental area among all stakeholders.

• The Journal of Information Systems
• /
• v.25 no.2
• /
• pp.51-77
• /
• 2016

Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

• International Journal of Computer Science & Network Security
• /
• v.23 no.1
• /
• pp.153-163
• /
• 2023

This study is situated in the context of intelligent transport systems, where in-vehicle devices assist drivers to avoid accidents and therefore improve road safety. The vehicles present in a given area form an ad' hoc network of vehicles called vehicular ad' hoc network. In this type of network, the nodes are mobile vehicles and the messages exchanged are messages to warn about obstacles that may hinder the correct driving. Node mobilities make it impossible for inter-node communication to be end-to-end. Recognizing this characteristic has led to delay-tolerant vehicular networks. Embedded devices have small buffers (memory) to hold messages that a node needs to transmit when no other node is within its visibility range for transmission. The performance of a vehicular delay-tolerant network is closely tied to the successful management of the nodes' transit buffer. In this paper, we propose a message transit buffer management model for nodes in vehicular delay tolerant networks. This model consists in setting up, on the one hand, a policy of dropping messages from the buffer when the buffer is full and must receive a new message. This drop policy is based on the concept of intermediate node to destination, queues and priority class of service. It is also based on the properties of the message (size, weight, number of hops, number of replications, remaining time-to-live, etc.). On the other hand, the model defines the policy for selecting the message to be transmitted. The proposed model was evaluated with the ONE opportunistic network simulator based on a 4000m x 4000m area of downtown Bouaké in Côte d'Ivoire. The map data were imported using the Open Street Map tool. The results obtained show that our model improves the delivery ratio of security alert messages, reduces their delivery delay and network overload compared to the existing model. This improvement in communication within a network of vehicles can contribute to the improvement of road safety.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.673-685
• /
• 2017

STI(Social Trust Index) indicates levels of trustworthiness, honesty and reliability among people in a society. Since the STI varies in countries, security control on cyber space should be applied differently according to the STI so that companies can protect their assets efficiently and effectively. We compare STIs between Korea and United States using the Diamond Model and investigate how the STIs affect corporate security controls in those two countries. We finally present a formula using AHP (Analytic Hierarchy Process) to measure levels of corporate security controls in different countries.