• Journal of Korean Society of societal Security
• /
• v.1 no.4
• /
• pp.33-40
• /
• 2008

Personal information security has been as risk ever since the development of information technology increased its internet use. As personal information security is compromised there will be a rise in personal privacy conflicts and this will become an important social issue. The following research is a presentation of the warning map for risk monitoring on personal information security. First, the personal information security process is identified then defined. Second, in order to achieve the personal information security's objective, a survey was taken and the data was collected. Third, factor in the Fishbone Diagram's analysis and figure out the key indicators that include metric and threshold. Last, develop the warning map which has the matrix table composed of the process and the risk. It displays the warning based on the threshold and the value of key indicators related to risks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.637-644
• /
• 2012

In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.53-60
• /
• 2024

Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.4
• /
• pp.210-220
• /
• 2008

Insider threat is becoming a very serious issue in most organizations and management is responsible for security implementation. This study is to develop a personnel security management indicators in the areas of Personnel Assurance, Personnel Competence, and Security Environment and protection against insider threats. In this study, the information security management system and related papers are examined by reviewing the existing researches and cases. Proposed indicators are verified by pilot test, empirically analyzed to expose experts' perception and the validity, importance, and risk level of each indicators through a questionnaire. Result were encouraging, but additional study focused on personnel security management using factor analysis is needed in the future.

• Journal of Digital Convergence
• /
• v.15 no.8
• /
• pp.137-144
• /
• 2017

Recently, cyber resilience has emerged as an important concept, recognizing that there is no perfect security. However, domestic researches on cyber resilience are insufficient. In this study, the 22 indicators for cyber resilience assessment were initially developed by the literature survey and discussions with security experts. The developed indicators are reviewed using the Focus Group Interview method in terms of materiality and feasibility of the indicators. This study derived meaningful and useful indicators for the assessment of cyber resilience, and it is expected to be used as a foundation for the future cyber resilience studies. In order to generalize and apply the results of this study in practice, it is necessary to carry out quantitative researches in the future.

• Journal of Information Processing Systems
• /
• v.16 no.5
• /
• pp.1064-1073
• /
• 2020

The general situation of system composition and safety management of high-speed railway terminal is investigated and a comprehensive evaluation index system of operational security is established on the basis of railway laws and regulations and previous research results to evaluate the operational security management of the high-speed railway terminal objectively and scientifically. Index weight is determined by introducing interval eigenvalue method (IEM), which aims to reduce the dependence of judgment matrix on consistency test and improve judgment accuracy. Operational security status of a high-speed railway terminal in northwest China is analyzed using the traditional model of fuzzy comprehensive evaluation, and a general technique idea and references for the operational security evaluation of the high-speed railway terminal are provided. IEM is introduced to determine the weight of each index, overcomes shortcomings of traditional analytic hierarchy process (AHP) method, and improves the accuracy and scientificity of the comprehensive evaluation. Risk factors, such as terrorist attacks, bad weather, and building fires, are intentionally avoided in the selection of evaluation indicators due to the complexity of risk factors in the operation of high-speed railway passenger stations and limitation of the length of the paper. However, such risk factors should be considered in the follow-up studies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1179-1189
• /
• 2019

Cyber security evaluation is a series of processes that estimate the level of risk of assets and systems through asset analysis, threat analysis and vulnerability analysis and apply appropriate security measures. In order to prepare for increasing cyber attacks, systematic cyber security evaluation is required. Various indicators for measuring cyber security level such as CWSS and CVSS have been developed, but the quantitative method to apply appropriate security measures according to the risk priority through the standardized security evaluation result is insufficient. It is needed that an Scoring system taking into consideration the characteristics of the target assets, the applied environment, and the impact on the assets. In this paper, we propose a quantitative risk assessment model based on the analysis of existing cyber security scoring system and a method for quantification of assessment factors to apply to the established model. The level of qualitative attribute elements required for cyber security evaluation is expressed as a value through security requirement weight by AHP, threat influence, and vulnerability element applying probability. It is expected that the standardized cyber security evaluation system will be established by supplementing the limitations of the quantitative method of applying the statistical data through the proposed method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.10
• /
• pp.5260-5275
• /
• 2019

In the process of constructing the traditional offensive and defensive game theory model, these are some shortages for considering the dynamic change of security risk problem. By analysing the critical indicators of the incomplete information game theory model, incomplete information attack and defense game theory model and the mathematical engineering method for solving Bayes-Nash equilibrium, the risk-averse income function for information assets is summarized as the problem of maximising the return of the equilibrium point. To obtain the functional relationship between the optimal strategy combination of the offense and defense and the information asset security probability and risk probability. At the same time, the offensive and defensive examples are used to visually analyse and demonstrate the incomplete information game and the Harsanyi conversion method. First, the incomplete information game and the Harsanyi conversion problem is discussed through the attack and defense examples and using the game tree. Then the strategy expression of incomplete information static game and the engineering mathematics method of Bayes-Nash equilibrium are given. After that, it focuses on the offensive and defensive game problem of unsafe information network based on risk aversion. The problem of attack and defense is obtained by the issue of maximizing utility, and then the Bayes-Nash equilibrium of offense and defense game is carried out around the security risk of assets. Finally, the application model in network security penetration and defense is analyzed by designing a simulation example of attack and defense penetration. The analysis results show that the constructed income function model is feasible and practical.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.247-253
• /
• 2021

The outbreak of the deadly virus COVID-19 is said to infect 17.3Cr people around the globe since 2019. This outbreak is continuously affecting a lot of new people till this day and, most of it is said to under control. However, vaccines introduced around the world can help mitigate the risk of the virus. Apart from medical professionals, prediction models are also said to combinedly help predict the risk of infection based on given datasets. This paper is based on publication of a machine learning approach using regression models to predict the output based on dataset which have indictors grouped based on active, tested, recovered and critical cases along with regions and cities covering most of it from Dubai. Hence, the active cases are tested based on the other indicators and other attributes. The coefficient of the determination (r²) is 0.96, which is considered promising. This model can be used as an frame work, among others, to predict the resources related to the dangerous outbreak.

• Journal of the Society of Disaster Information
• /
• v.17 no.2
• /
• pp.319-328
• /
• 2021

Purpose: Recently, a large social disaster has called for the need to diagnose social disaster safety, and the Ministry of Public Administration and Security calculates and publishes regional safety ratings such as regional safety index and national safety diagnosis every year. The existing safety diagnosis system uses equal intervals or normal distribution to grade risk maps in a uniform manner. Method: However, the equidistant technique can objectively analyze risk ratings, but there is a limit to classifying risk ratings when the distribution is skewed to one side, and the z-score technique has a problem of losing credibility if the population does not follow a normal distribution. Because the distribution of statistical data varies from indicator to indicator, the most appropriate rating should be applied for each data distribution. Result: Therefore, in this paper, we analyze the data of disaster indicators and present a comparison and suitable method for traditional equidistant and natural brake techniques to proceed with optimized grading for each indicator. Conclusion: As a result, three of the six new indicators were applied differently from conventional grading techniques