• Information Systems Review
• /
• v.17 no.3
• /
• pp.39-64
• /
• 2015

As information and information technology become more important in competitive corporate environments, the risk of information security breaches has increased accordingly. Although organizations establish security measures to manage information security risks, members of organizations do not comply with them well, and their information security behavior intention is unclear. Therefore, to understand the information security risk management intention of the members of organizations, the present study developed a research model using Protection Motivation Theory, Supervisory Authority Pressure, and Background factors. This study presents empirical research findings based on the analysis of survey data from 201 members of financial institutions. Perceived Severity, Self-efficacy, and Supervisory Authority Pressure had a positive effect on intention; however, Perceived Vulnerability and Response Efficacy did not affect intention. Security Avoidance Habit, which was considered a background factor, had a negative effect on all parameters, and did not have an effect on intention. Security Awareness Training, another background factor, had a positive effect on information security risk management intention and perceived vulnerability, self-efficacy, response efficacy, and supervisory authority pressure, and had no effect on perceived severity. This study used supervisory authority pressure and background factors in the field of information security, and provided a basis to use supervisory authority pressure in future studies on behavior of organizations and members of an organization. In addition, the use of various background factors presented the groundwork for the expansion of protection motivation theory. Furthermore, practitioners can use the study findings as a foundation for organization's security activities, and to improve regulations.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.7
• /
• pp.1447-1454
• /
• 2012

Recently P2P is the most popular network service on Internet and is applied various areas such as streaming, file sharing and software distribution, but there are many security threats depending on vulnerabilities by P2P network environments. Conceptually P2P network is a overlay network based on Internet, and it has security concerns of itself as well as those of Internet environments. In this paper, we analyze the vulnerabilities and threats for domestic P2P services through various experiments and describe their risk analysis. We expect that this work contributes to new domestic P2P services in consideration of service qualities and security vulnerabilities.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1213-1235
• /
• 2013

In this paper, we investigated the factors affecting the intention to use smartphone banking with a research model based on the Technology Acceptance Model (TAM) extended to include security risk, trust, and self-efficacy. With analysis after controlling factors such as age, gender, and previous experience of smartphone banking that may have effects, we conclude that perceived usefulness, perceived ease of use, security risk, and trust have direct effect on the intention to use smartphone banking, and self-efficacy has indirect effect on the intention to use through mediation of perceived ease of use. We performed a study to check the validity of TAM in the context of smartphone banking, and confirmed that perceived ease of use has both direct and indirect effect on the intention to use.

• Journal of Korean Society of Disaster and Security
• /
• v.10 no.1
• /
• pp.29-34
• /
• 2017

This Analyzed case study of measuring displacement, implemented laboratory investigation, and in-situ testing in order to interpret ground subsidence risk rating by excavation work. Since geological features of each country are different, it is necessary to objectify or classify quantitatively ground subsidence risk evaluation in accordance with Korean ground character. Induced main factor that could be evaluated and used to predicted ground subsidence risk through literature investigation and analysis study on research trend related to the ground subsidence. Major factors of ground subsidence might be classified by geological features as overburden, boundary surface of ground, soil, rock and water. These factors affect each other differently in accordance with type of ground that's classified soil, rock, or complex. Then rock could be classified including limestone element or not, also in case of the latter it might be classified whether brittle shear zone or not.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.637-659
• /
• 2021

Since the creation of the first Bitcoin blockchain in 2009, the number of cryptocurrency users has steadily increased. However, the number of hacking attacks targeting assets stored in these users' cryptocurrency wallets is also increasing. Therefore, we evaluate the security of the wallets currently on the market to ensure that they are safe. We first conduct threat modeling to identify threats to cryptocurrency wallets and identify the security requirements. Second, based on the derived security requirements, we utilize attack trees and Bayesian network analysis to quantitatively measure the risks inherent in each wallet and compare them. According to the results, the average total risk in software wallets is 1.22 times greater than that in hardware wallets. In the comparison of different hardware wallets, we found that the total risk inherent to the Trezor One wallet, which has a general-purpose MCU, is 1.11 times greater than that of the Ledger Nano S wallet, which has a secure element. However, use of a secure element in a cryptocurrency wallet has been shown to be less effective at reducing risks.

• Journal of Navigation and Port Research
• /
• v.47 no.2
• /
• pp.93-99
• /
• 2023

This study aimed to determine relationships among risk factors influencing container port operation using Bayesian network. Risk factors identified from prior studies were classified into five groups: human error, machinery error, environmental risk, security risk, and natural disasters. P anel experts discussed identified risk factors to fulfil conditional probability tables of the interdependence model. The interdependence model was also validated by sensitivity analysis and provided an interrelation of factors influencing the direction of each other. Results of the interdependence model were partially in line with results from prior studies while practices in the global port industry confirmed interrelationships of risk factors. In addition, the relationship between top-ranked risk factors can provide a schematic drawing of the model. Accordingly, results of this study can expand the prior research in the Korean port industry, which may help port authorities improve risk management and reduce losses from the risk.

• KIPS Transactions on Software and Data Engineering
• /
• v.5 no.3
• /
• pp.139-144
• /
• 2016

When, Software is developed, Applying development methods considering security, it is generated the problem of additional cost. These additional costs are caused not consider security in many developing organization. Even though, proceeding the developments, considering security, lack of ways to get the cost of handling the vulnerability throughput within the given cost. In this paper, propose a method for calculating the vulnerability throughput for using a security vulnerability processed cost-effectively. In the proposed method focuses on the implementation phase of the software development phase, leveraging static analysis tools to find security vulnerabilities in CWE TOP25. The found vulnerabilities are define risk, transaction costs, risk costs and defines the processing priority. utilizing the information in the CWE, Calculating a consumed cost in a detected vulnerability processed through a defined priority, and controls the vulnerability throughput in the input cost. When applying the method, it is expected to handle the maximum risk of vulnerability in the input cost.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1154-1164
• /
• 2016

To prevent the use of one's smartphone by another user, the authentication checks the owner in several ways. However, whenever the owner does use his/her smartphone, this authentication requires an unnecessary action, and sometimes he/she finally decides not to use an authentication method. This can cause a fatal problem in the smartphone's security. We propose a sustainable android platform-based authentication mode to solve this security issue and to facilitate secure authentication. In the proposed model, a smartphone identifies the current situation and then performs the authentication. In order to define the risk of the situation, we conducted a survey and analyzed the survey results by age, location, behavior, etc. Finally, a demonstration program was implemented to show the relationship between risk and security authentication methods.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.144-150
• /
• 2021

The purpose of this paper is to review the direction of the slicing security policy, which is a major consideration in the context of standardization in 5G communication network security, to derive security vulnerability diagnosis items, and to present about analyzing and presenting the issues of discussion for 5G communication network virtualization. As for the research method, the direction of virtualization security policy of 5G communication network of ENISA (European Union Agency for Cybersecurity), a European core security research institute, and research contents such as virtualization security policy and vulnerability analysis of 5G communication network from related journals were used for analysis. In the research result of this paper, the security structure in virtualization security of 5G communication network is arranged, and security threats and risk management factors are derived. In addition, vulnerability diagnosis items were derived for each security service in the risk management area. The contribution of this study is to summarize the security threat items in 5G communication network virtualization security that is still being discussed, to be able to gain insights of the direction of European 5G communication network cybersecurity, and to derive vulnerabilities diagnosis items to be considered for virtualization security of 5G communication network. In addition, the results of this study can be used as basic data to develop vulnerability diagnosis items for virtualization security of domestic 5G communication networks. In the future, it is necessary to study the detailed diagnosis process for the vulnerability diagnosis items of 5G communication network virtualization security.