• Journal of Intelligence and Information Systems
• /
• v.26 no.3
• /
• pp.37-50
• /
• 2020

Information security has become an important issue in the world. Various information and communication technologies, such as the Internet of Things, big data, cloud, and artificial intelligence, are developing, and the need for information security is increasing. Although the necessity of information security is expanding according to the development of information and communication technology, interest in information security investment is insufficient. In general, measuring the effect of information security investment is difficult, so appropriate investment is not being practice, and organizations are decreasing their information security investment. In addition, since the types and specification of information security measures are diverse, it is difficult to compare and evaluate the information security countermeasures objectively, and there is a lack of decision-making methods about information security investment. To develop the organization, policies and decisions related to information security are essential, and measuring the effect of information security investment is necessary. Therefore, this study proposes a method of constructing an investment portfolio for information security measures using game theory and derives an optimal defence probability. Using the two-person game model, the information security manager and the attacker are assumed to be the game players, and the information security countermeasures and information security threats are assumed as the strategy of the players, respectively. A zero-sum game that the sum of the players' payoffs is zero is assumed, and we derive a solution of a mixed strategy game in which a strategy is selected according to probability distribution among strategies. In the real world, there are various types of information security threats exist, so multiple information security measures should be considered to maintain the appropriate information security level of information systems. We assume that the defence ratio of the information security countermeasures is known, and we derive the optimal solution of the mixed strategy game using linear programming. The contributions of this study are as follows. First, we conduct analysis using real performance data of information security measures. Information security managers of organizations can use the methodology suggested in this study to make practical decisions when establishing investment portfolio for information security countermeasures. Second, the investment weight of information security countermeasures is derived. Since we derive the weight of each information security measure, not just whether or not information security measures have been invested, it is easy to construct an information security investment portfolio in a situation where investment decisions need to be made in consideration of a number of information security countermeasures. Finally, it is possible to find the optimal defence probability after constructing an investment portfolio of information security countermeasures. The information security managers of organizations can measure the specific investment effect by drawing out information security countermeasures that fit the organization's information security investment budget. Also, numerical examples are presented and computational results are analyzed. Based on the performance of various information security countermeasures: Firewall, IPS, and Antivirus, data related to information security measures are collected to construct a portfolio of information security countermeasures. The defence ratio of the information security countermeasures is created using a uniform distribution, and a coverage of performance is derived based on the report of each information security countermeasure. According to numerical examples that considered Firewall, IPS, and Antivirus as information security countermeasures, the investment weights of Firewall, IPS, and Antivirus are optimized to 60.74%, 39.26%, and 0%, respectively. The result shows that the defence probability of the organization is maximized to 83.87%. When the methodology and examples of this study are used in practice, information security managers can consider various types of information security measures, and the appropriate investment level of each measure can be reflected in the organization's budget.

• Korean Security Journal
• /
• no.25
• /
• pp.131-146
• /
• 2010

Purpose of this research about reduction the scholastic systematic triangular position of the security guard martial art which repeats a development is insufficient with demand of the while society to recognize and for the philosophic value research of security guard martial art composition principle puts out with the one method and from the reporter to search the aesthetics which appears does. In order to attain the goal of the research which sees the literature which relates with an security guard martial art widly, was an investigation and observed the aesthetics from concept and martial art of aesthetics and this the technical free use ability from actual site of the technical find which leads the practice voluntary repetition practice of security guard martial art with character and the body guard aesthetic integral part experience possibly did, there being will be able to acquire an aesthetic inspiration, confirmed. So the security guard martial art follows the composition principle of maximization central attitude and shock point breath control and mental intensive etc. of reinforcement of direction shock of relativity redundancy mental moral culture body agreement characteristic force and relaxation force and is completed and will be able to embody an aesthetic value with aesthetic elements of technical polishing process inside goes about reduction.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.31-40
• /
• 2019

Today, information security (INFOSEC) as a discipline is gaining more and more importance according to the emergence and extension of the cyberspace. Originated from Joint Doctrine for Information Operation (Joint Pub 3-13) by the U.S. Department of Defense, 'information assurance (IA)' is the concept widely used in the relevant field. Grown from the practice of information security, it encompasses broader and more proactive protection that includes countermeasures and repair, security management throughout an information system (IS)'s life-cycle, and trustworthiness of an IS in the process of risk analysis. In Korea, many industry professionals tend to misunderstand IA, remaining unaware of the conceptual differences between IA and INFOSEC. On this account, the current study attempted to provide a combined definition of IA by reviewing relevant literature. This study showed the validity of the wordings used in the proposed definition phrase by phrase.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.30 no.4
• /
• pp.117-131
• /
• 2022

Human rights education is to acquire understanding and knowledge about human rights, to develop values, attitudes and character that respect human rights, to develop the ability to overcome human rights violations and discriminatory acts, and to protect and promote the human rights of others. In order to prevent human rights violations of the transportation vulnerable, such as the disabled, it is necessary to develop specialized human rights education plans for aviation security personnel to practice human rights perspectives. Therefore, in accordance with the 「National Civil Aviation Security Education and Training Guidelines」, specialized human rights education should be included in the initial aviation security education and regular education courses. The point is that there is a need to reexamine the aviation security education program for aviation security personnel based on the essential knowledge and educational contents for aviation security personnel to perform security screening tasks in the aviation security education course. When this happens, various efforts must be made to improve the human rights of the transportation vulnerable, such as the disabled, during the security screening process, so that human rights violations will be significantly reduced. In particular, it is necessary to enhance the ability to detect dangerous terrorist items such as weapons or explosives that can be used for illegal sabotage through practical security screening training. For aviation security and aircraft safety, efforts to improve the quality of aviation security personnel training, such as human rights training, must be continuously made while thoroughly preparing for terrorism in advance.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.172-180
• /
• 2024

Since the beginning of 2015, corporate social responsibility (CSR) models have been changing in connection with the trend towards the transition of joint value creation of corporate activities and consideration of stakeholders' interests. The purpose of the academic paper lies in empirically studying the current practice of social responsibility of transnational corporations (TNCs). The research methodology has combined the method of qualitative analysis, the method of cases of agricultural holdings in emerging markets within the framework of resource theory, institutional theory and stakeholders' theory. The results show that the practice of CSR is integrated into the strategy of sustainable development of TNCs, which determine the methods, techniques and forms of communication, as well as areas of stakeholders' responsibility. The internal practice of CSR is aimed at developing norms and standards of moral behaviour with stakeholders in order to maximize economic and social goals. Economic goals are focused not only on making a profit, but also on minimizing costs due to the potential risks of corruption, fraud, conflict of interest. The system of corporate social responsibility of modern TNCs is clearly regulated by internal documents that define the list of interested parties and stakeholders, their areas of responsibility, greatly simplifying the processes of cooperation and responsibility. As a result, corporations form their own internal institutional environment. Ethical norms help to avoid the risks of opportunistic behaviour of personnel, conflicts of interest, cases of bribery, corruption, and fraud. The theoretical value of the research lies in supplementing the theory of CSR in the context of the importance of a complex, systematic approach to integrating the theory of resources, institutional theory, theory of stakeholders in the development of strategies for sustainable development of TNCs, the practice of corporate governance and social responsibility.

• Journal of Information Science Theory and Practice
• /
• v.4 no.3
• /
• pp.6-27
• /
• 2016

There has been a growing interest and enthusiasm for the application of virtual worlds in learning and training. This research proposes a design framework of a virtual world-based learning environment that integrates two unique features of the virtual world technology, immersion and interactivity, with an instructional strategy that promotes self-regulatory learning. We demonstrate the usefulness and assess the effectiveness of our design in the context of information security learning. In particular, the information security learning module implemented in Second Life was incorporated into an Introduction to Information Security course. Data from pre- and post- learning surveys were used to evaluate the effectiveness of the learning module. Overall, the results strongly suggest that the virtual world-based learning environment enhances information security learning, thus supporting the effectiveness of the proposed design framework. Additional results suggest that learner traits have an important influence on learning outcomes through perceived enjoyment. The study offers useful design and implementation guidelines for organizations and universities to develop a virtual world-based learning environment. It also represents an initial step towards the design and explanation theories of virtual world-based learning environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1055-1062
• /
• 2021

As face-to-face education becomes difficult due to the spread of COVID-19, the use of e-learning content and virtual training is increasing. In the case of information security education, practice to learn response techniques is important, so simulation hacking and vulnerability analysis activities have been supported as virtual training for a long time. In order to increase the educational effect, contents should be designed similar to real situation, and learning activities to achieve the learning goals should be designed. In addition, excellent functions and scalability of the system supporting learning activities are required. The researcher developed an LMS evaluation index that supports non-face-to-face education by considering the key elements of non-face-to-face education and training. The developed evaluation index was applied to the information security education platform to verify its practical utility.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.21-29
• /
• 2011

This study is to investigate how security organizational mentoring type and mentoring function affects organizatio nal commitment. This study had selected security from 5 different security organizations of 2010 which are located i n capital area. Using judgment sampling method, 198 security were drawn for the final study. The survey used in th is study is composed of 37 questions. To practice frequency analysis, factorial analysis, reliability analysis and regre ssion, a program called SPSSWIN 18.0 was used. The value of Cronbach's ${\alpha}$, which shows the reliability of the stud y, appeared to be over .622. The result is: First, security organizational mentoring type affects mentoring function. T hat is, when a systematic mentoring is activated, friendship protecting function, career managing function and sociopsychological function are promoted. Second, security organizational mentoring type affects organizational commitmen t. That is, when a systematic mentoring is activated, organizational commitment is promoted. Third, security organiz ational mentoring function affects organizational commitment. That is, increased friendship protecting function, career managing function, socio-psychological function and role model function results in increased organizational commitment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1001-1010
• /
• 2021

Smart factories are complex systems which combine latest information technology (IT) with operation technology (OT). A smart factory aims to provide manufacturing capacity improvement, customized production, and resource reduction with these complex technologies. Although the smart factory is able to increase the efficiency through the technologies, the security level of the whole factory is low due to the vulnerability transfer from IT. In addition, the response and restoration of the business continuity plan are insufficient in case of damage due to the absence of factory security experts. The cope with the such problems, we propose an information security practice content for analyzing the damage by generating ransomware attacks in a digital twin-based smart factory similar to the real world. In our information security content, we introduce our conversion technique of physical devices into virtual machines or simulation models to build a practical environment for the digital twin. This content generates two types of the ransomware attacks according to a defined scenario in the digital twin. When the two generated attacks are successfully completed, at least 8 and 5 of the 23 virtual elements are take damage, respectively. Thus, our proposed content directly identifies the damage caused by the generation of two types of ransomware in the virtual world' smart factory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.1-15
• /
• 2020

As differential computation analysis attack(DCA) which is context of side-channel analysis on white-box cryptography is proposed, masking white-box cryptography based on table encoding has been proposed by Lee et al. to counter DCA. Existing higher-order DCA for the masked white box cryptography did not consider the masking implementation structure based on table encoding, so it is impossible to apply this attack on the countermeasure suggested by Lee et al. In this paper, we propose a new higher-order DCA method that can be applied to the implementation of masking based on table encoding, and prove its effectiveness by finding secret key information of masking white-box cryptography suggested by Lee et al. in practice.