• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.537-552
• /
• 2024

Domestic nuclear power plants operate under the establishment of the "Information System Security Regulations" in accordance with the Nuclear Safety Act, introducing and implementing a cybersecurity system that encompasses organizational structure as well as technical, operational, and managerial security measures for assets. Despite attempts such as phased approaches and alternative measures for physical protection systems, the reduction in managed items has not been achieved, leading to an increased burden on security capabilities due to limited manpower at the site. In the main text, an analysis is conducted on Type A1 assets performing nuclear safety functions using Maintenance Rules (MR) and EPRI Technical Assessment Methodology (TAM) from both a maintenance perspective and considering device characteristics. Through this analysis, approaches to re-evaluate the impact of cyber intrusions on asset functionality are proposed.

• Convergence Security Journal
• /
• v.14 no.6_2
• /
• pp.89-95
• /
• 2014

This study analyzed a correlation between crime and meteorological changes and discomfort index of Seoul and p resented a prediction expression through the regression analysis. For data used in this study, crime data from Januar y 2008 to December 2012 of Seoul Metropolitan Police Agency and meteorological records and discomfort index recor ded in the Meteorological Agency through the portal sites were used. Based on this data, SPSS 18.0 was used for the regression analysis and the analysis of correlation between crime and meteorological changes and discomfort index and a prediction expression was derived through the analysis and the risk index was shown in 5 steps depending on predicted values obtained through the prediction expression derived. The risk index of 5 steps classified like this is considered to be used as important data for crime prevention activities.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.8
• /
• pp.145-161
• /
• 2012

This study aims to explore how the degree of education related to information systems and the Internet literacy affect perceived security risk and how these three variables affect online transaction intention based on the Technology Acceptance Model (TAM). Since using smartphone to purchase necessary products is increasing, the study provided two different cases of using the existing Internet and smartphone to buy products. As a result of an empirical test, the degree of information system education, internet literacy, and perceived security risk had significant effects on online transaction intention mediating perceived usefulness and perceived ease of use. Unlike the expectation, the more people have education related to information systems, the more they have knowledge about hacking or cases of privacy infringement, leading to even more concerns about security, thereby believing the Internet transactions require much effort. The more the education about information system, the more we have concerns about security; therefore, perceived security risk have a positive(+) effect on perceived usefulness not a negative(-) effect. Lastly, while the degree of education related to information systems has relations with the recognition of the usefulness of the Internet transaction, the study showed that there are no relations of recognizing the usefulness and the ease of use of smartphone.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.449-452
• /
• 2014

구글 안드로이드 플랫폼은 여러 보안기능을 제공하는데 그 중 하나는 퍼미션(permission)이다. 만약 퍼미션이 오용 될 경우 보안상의 위험이 발생할 수 있다. 본 논문에서는 민감한 정보를 다루는 은행 앱에 대한 퍼미션 사용 현황과 안드로이드의 퍼미션 체계에 대한 문제점을 분석하며 이을 해결하기 위한 대응 방안을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.135-143
• /
• 2018

Sony has recently launched a remote play service that connects PC and PlayStation4 using the Internet. This service enables the network connection between the external network and PS4 network. After the service released, additional security threats may arise in remote environments with new services. Therefore, those threats should have been analyzed. In this paper, as applying threat modeling to remote play system, threats have been analyzed and identified. After cost-effective and usability analysis, finally, reasonable security measure of each threat has been suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1271-1284
• /
• 2014

This paper classifies technical, administrative and physical areas of defects and advices made by an external audit (ISO27001) and internal audit (performed by a security team) in a company which has the management system of information security. With the classified data it finds the correlation between the budget and investment of information security, and analyze the correlation. As a result of the analysis, it has been found that as time goes on there is a consistent correlation between a administrative area and technical area of security. Specially, it has been confirmed that the relation between the scale of the budget which is not executed and the number of the defects and advices made by the audit is in direct proportion. Therefore, in this paper, so as to provide a model that can be used for validating the effectiveness of the protective investment information by statistically calculating the similarity based on the results of correlation analysis. This research is intended to help that a company makes a precise decision when it establishes a policy of information security and systematic methodology of the investment in information security.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2004.11a
• /
• pp.343-348
• /
• 2004

Since the destruction of World Trade Center the attention of the united States and the wider international community has focussed upon the need to strengthen security and prevent terrorism. This paper suggests an analysis prior to risk factor and structure for anti-terrorism in the korean maritime society. For this, in this paper, maritime terror risk factor was extracted by type and case of terror using brainstorming method. Also, risk factor is structured by FSM method and analyzed for ranking of each risk factor by AHP. At the result, the evaluation of risk factor is especially over maximum factor for related external impact.

• Journal of Advanced Navigation Technology
• /
• v.18 no.5
• /
• pp.518-523
• /
• 2014

The development of Societal and Scientific technologies have increased risk of dysfunction caused by new technologies such as nuclear power, information technology. Also, urbanization and population density is increasing risk to high-rise building fires, traffic accidents, crime and etc. Implementation of wireless communication network on the societal security is very necessary for prevention, preparation and response against these risks. It always consists maintenance, management and the network must be maintained in an emergency. In this paper, we studied the societal security wireless communication network for prevention, preparation and response against complex disasters, and analyzed requirements(essential function, add-ons) for implementation network in the societal security wireless network.

• The KIPS Transactions:PartC
• /
• v.10C no.2
• /
• pp.125-132
• /
• 2003

In the paper, we can select the best safeguard as proposed the definite and systematical method and procedure on risk mitigation of risk management for information system. The practical risk mitigation methodology has a good fulfillment procedure and a definition to fulfill procedure on each phase. So, it is easy to fulfill and can apply to any risk management methodology. The practical risk mitigation is composed of 6 phases, which are the existing safeguard assessment, safeguard means selection, safeguard technique selection, risk admission assessment, cost-effective analysis and safeguard embodiment. The practical risk mitigation's advantages are as follow. Efficient selection of safeguards to apply to risk's features with safeguard's means and techniques before embodying safeguards. Prevention of redundant works and security budgets waste as re-using the existing excellent safeguards through the existing safeguard assessment. Reflection of organization's CEO opinions to require special safeguards for the most important information system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.129-145
• /
• 2017

This study proposes a methodology to estimate the financial damages by personal information breach of a company and to analyse risk systematically through a case study of a company which experiences private information breach. Using FAIR(Factor Analysis of Information Risk) model, estimate the loss amount and to analyse risk objectively of a company by personal information breach. This study estimates adequacy and importance of corresponding factors applying AHP(Analytic Hierarchy Process) on each factors for assessing loss amount. By adopting proposed methodology in this study, the person in charge of actual work can assess and prove the loss amount though the latest risk estimation methodology. In addition, the person in charge can select the proper parameters for the corresponding company and can obtain the objective quantitative estimation. Hence it can be reported to the management by accurately assessing loss amount caused by personal information breach.