• Korean Security Journal
• /
• no.20
• /
• pp.291-311
• /
• 2009

Amid intensified global competition, securing high technologies is becoming a prerequisite towards achieving developed nation status. Korea has made tremendous efforts into developing technologies for decades and it has now obtained a leading position in many fields. As a result, however, Korea has become a major target of industrial espionage and not a few Korean businesses have already suffered from it. In order to effectively counter industrial espionage, this research explores the use of polygraph security screening as an internal control method through literature review, and discusses matters which need to be considered before the introduction of it into Korea, focusing on the accuracy of security screening. Since polygraph security screening generates deterrent effect by increasing certainty and celerity of punishment, it makes a valuable contribution to the control of industrial espionage. However, the most important problem with the use of the polygraph in security screening is errors of the examination. Thus, polygraph security screening should be used as a part of comprehensive security management program to reduce the possibility of errors. In addition, because factors such as countermeasures and examiner's experience are known to influence the accuracy of the examination, the issues surrounding them should also be addressed.

• Journal of Internet of Things and Convergence
• /
• v.9 no.2
• /
• pp.55-60
• /
• 2023

Recently, demand for cloud computing has increased and remote access due to home work and external work has increased. In addition, a new security paradigm is required in the current situation where the need to be vigilant against not only external attacker access but also internal access such as internal employee access to work increases and various attack techniques are sophisticated. As a result, the network security model applying Zero-Trust, which has the core principle of doubting everything and not trusting it, began to attract attention in the security industry. Zero Trust Security monitors all networks, requires authentication in order to be granted access, and increases security by granting minimum access rights to access requesters. In this paper, we explain zero trust and zero trust architecture, and propose a new cloud security system for strengthening access control that overcomes the limitations of existing security systems using zero trust and blockchain and can be used by various companies.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.2
• /
• pp.39-46
• /
• 2023

The rise in popularity of cloud services has brought about a heightened concern for security in the field of cloud computing. As a response, governments have implemented CSAP(Cloud Security Assurance Program) to ensure the security of these services. However, despite such measures, the emergence of various security vulnerabilities persists, resulting in incidents related to cloud security breaches. To address this, the utilization of Common Vulnerabilities and Exposures (CVE) has been proposed as a means to facilitate the sharing of vulnerability information across different domains. Nevertheless, the unique characteristics of cloud services present challenges in assigning CVE IDs to the diverse range of vulnerabilities within the cloud environment. In this study, we analyzed how CVE can be effectively employed to enhance cloud security. The assignment of a CVE ID is contingent upon the fulfillment of three rules in the Counting Decision and five rules in the Inclusion Decision. Notably, the third rule in the Inclusion Decision, INC3, clashes with the nature of cloud services, resulting in obstacles in assigning CVE IDs to various cloud vulnerabilities. To tackle this issue, we suggest the appointment of designated individuals who would be responsible for overseeing specific areas of cloud services, thereby enabling the issuance of CVE IDs. This proposed approach aims to overcome the challenges associated with the unique characteristics of cloud services and ensure the seamless sharing of vulnerability information. Information sharing regarding vulnerabilities is crucial in the field of security, and by incorporating cloud vulnerabilities into the CVE system, this method can contribute to enhancing the security of cloud services.

• Korean Security Journal
• /
• no.10
• /
• pp.355-385
• /
• 2005

As the system of autonomous police that has been debated for long time is fixed to be introduced by the program of participatory government, this treatise intends to analyze main contents and review controversial items in order to present supplementary measures. The program of participatory government to introduce autonomous police in Korea focuses on converting the autonomous police of Korea from centralized police administration in order to provide 'customized security service' that is appropriate to the regional environment. Thus, if relevant city, county or district considers that it is required to introduce the system autonomous police, the assembly may enforce the decision by enacting ordinance. For enforcement, organization in the unit of section will be established in the line of mayor, county headman and district office. The main role will be security service that is closely related to the life of inhabitants such as crime prevention, patrol, traffic crackdown, etc. as well as public health, sanitation and environmental control which are being performed by autonomous organization at present. However some expected controversial items may be summarized in the following 3 points on the premise of accepting the program of government. First, the point at issue related to the basic function of police. The basic function of police is generally understood as order keeping function such as anterior and preventive job and law enforcing function such as posterior and suppressing job. By the way, the program of government does not endow the autonomous police with investigation right for general crime, thereby raising the controversy that our autonomous police is nothing but the assistant of police. Furthermore, the present national police also expresses its dissatisfaction to the transfer of authority. Second, the issue of balance of security service between self-governing bodies may be raised. The security environment is different between self-governing bodies and thus demand of security is different. Therefore, the security service of autonomous police will reveal difference in qualitative aspect for each self-governing body. Moreover, it can be easily anticipated that the quality of security service may be different as per the financial independence degree. Third, the point at issue anticipated with the operation funded by the budget of self-governing body. As autonomous police is operated by the budget of self-governing body, the following problems may be raised; (1) since police administration is subordinated to general administration, the concentration may be weakened (2) the cooperation between policy agencies may be impeded (3) owing to the difficult in possessing spare police, the mobility of police may be somewhat reduced.

• Journal of Korean Society of societal Security
• /
• v.1 no.1
• /
• pp.63-67
• /
• 2008

This study focuses on assessing the security ri sk or the terrorism in chemical process industries. This research modifies conventional method for assessing the terrorism risk. The risk assessment method is developed and it is implemented as software to analyze the possibility of terrorism and sabotage. This program includes five steps; asset characterization, threat assessment, vulnerability analysis, risk assessment and new countermeasures. It is a systematic, risk based approach in which risk is a function of the severity of consequences of an undesired event, the likelihood of adversary attack, and the likelihood of adversary success in causing the undesired event. The reliability of the program is verified using a dock zone case. The case dock zone includes a storage farm, a manufacturing plant, an electrical supply utility, a hydrotreater unit, many containers, and administration buildings. This study represents chemical terrorism response technology, the prevention plan, and new countermeasure to mitigate by using risk assessment methods in the chemical industry and public sector. This study suggests an effective approach to the chemical terrorism response management.

• Journal of Korean society of Dental Hygiene
• /
• v.3 no.2
• /
• pp.117-125
• /
• 2003

This study was pursued for the sake of gathering fundamental information to implement school-based comprehensive oral health care program and for planning oral health care program in consideration of parents. The following results were obtained by investigation of consciousness and favor level of 215 parents, who have elementary school children, regarding school-based comprehensive oral health care program. 1. It appears that many parents are not knowledgeable about school-based comprehensive oral health care program. There were significant differences between recognition level of school-based comprehensive oral health care program and age(PE0.05). 2. The parents acquired information about school-based comprehensive oral health care program; 58.7% by their children, 11.2% by mass-media, 10.0% by dentists and 3.7% by dental hygienists. 3. Most parents are in favor of school-based comprehensive oral health care program (96.7%). 4. Many parents(63.7%) prefer that social security law should budget for oral health care program. There were significant differences by sex(PE0.05) and age(PE0.01) As most parents are not so conscious of school-based comprehensive oral health care program, appropriate education program for dentists, dental hygienists and parents should be developed urgently.

• Korean Security Journal
• /
• no.44
• /
• pp.199-223
• /
• 2015

The purpose of this study is to find the development of the personal protection business plan based on the problem that guards are now aware of personal protection service. In order to achieve the objectives of this study, we analyzed the data after expert survey and interview conducted by seven experts engaged in personal protection services more than 15 years. The guard who perform personal protection service proposed a development plan of personal protection services as follows. First, the current education system for new employees' training is required to improve the educational program of 40 hours in subjects related to personal protection duties by reorganization Second, the personal protection service training for guards also appropriate to switch to 8-hour training program for three months through an educational organization controlled by country. Third, the personal protection guards should be proceeding the practical programs required in the field and quality education in the different section by competent and professional instructors. Fourth, it should be revised Regulating that on the site of collective civil petition including in Events related to events across the board in the security services law. Fifth, there needs to be a change of recognition between police and private security firms, and to be set up the organization for supervision of management by police and private security firms jointly. Sixth, there needs to be organized a subcommittee which is consisting of experts in each task on Korea Security Association, and founded Korea Personal Protection Association for development associated with the personal protection service and to protect the rights of personal protection guards.

• Information Systems Review
• /
• v.18 no.4
• /
• pp.17-42
• /
• 2016

Information security incidents caused by authorized insiders are increasing in financial firms, and this increase is particularly increased by outsourced contractors. With the increase in outsourcing in financial firms, outsourced contractors having authorized right has become a threat and could violate an organization's information security policy. This study aims to analyze the differences between own employees and outsourced contractors and to determine the factors affecting the violation of information security policy to mitigate information security incidents. This study examines the factors driving employees to violate information security policy in financial firms based on the theory of planned behavior, general deterrence theory, and information security awareness, and the moderating effects of employee type between own employees and outsourced contractors. We used 363 samples that were collected through both online and offline surveys and conducted partial least square-structural equation modeling and multiple group analysis to determine the differences between own employees (246 samples, 68%) and outsourced contractors (117 samples, 32%). We found that the perceived sanction and information security awareness support the information security policy violation attitude and subjective norm, and the perceived sanction does not support the information security policy behavior control. The moderating effects of employee type in the research model were also supported. According to the t-test result between own employees and outsourced contractors, outsourced contractors' behavior control supported information security violation intention but not subject norms. The academic implications of this study is expected to be the basis for future research on outsourced contractors' violation of information security policy and a guide to develop information security awareness programs for outsourced contractors to control these incidents. Financial firms need to develop an information security awareness program for outsourced contractors to increase the knowledge and understanding of information security policy. Moreover, this program is effective for outsourced contractors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.181-192
• /
• 2013

There have been various techniques to detect and control document leakage; however, most techniques concentrate on document leakage by outsiders. There are rare techniques to detect and monitor document leakage by insiders. In this study, we observe user's document reading behavior to detect and control document leakage by insiders. We make each user's document reading patterns from attributes gathered by a logger program running on Microsoft Word, and then we apply the proposed system to help determine whether a current user who is reading a document matches the true user. We expect that our system based on document reading behavior can effectively prevent document leakage.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.867-875
• /
• 2019

Security awareness and training are becoming more important as cyber security incidents tend to increase in industrial control systems, including nuclear power plants. For effective cyber security awareness and training for the personnel who manage and operate the target facility, a TEST-BED is required that can analyze the impact of cyber attacks from the sensor level to the operation status of the nuclear power plant. In this paper, we have developed an HIL system for nuclear power plant cyber security training. It includes nuclear power plant status simulations and specific system status simulation together with physical devices. This research result will be used for the specialized cyber security training program for Korean nuclear facilities.