• Journal of Information Technology Applications and Management
• /
• v.24 no.4
• /
• pp.117-131
• /
• 2017

We question whether Korean IT managers consider real options to reduce risks of cloud service implementation. This work investigates the impact of technology risk, relationship risk, economy risk, security risk upon the intention of IT managers to utilize abandon & expansion options. We also analyze moderation effect of centralization level of decision making between these risks and the utilization of real options. Using the survey questionnaire, we empirically find that technology risk, relationship risk and security risk have significant effect upon abandon option and technology risk, relationship risk, and economy upon expansion option. We also find the evidence that centralization level moderates some risks and the direction of moderation effect is to offset the effect of risks on intention to utilize real options.

• Journal of Korea Multimedia Society
• /
• v.20 no.5
• /
• pp.827-834
• /
• 2017

Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

• International Journal of Computer Science & Network Security
• /
• v.22 no.2
• /
• pp.175-184
• /
• 2022

Voice over Internet Protocol (VoIP) has grown in popularity as a low-cost, flexible alternative to the classic public switched telephone network (PSTN) that offers advanced digital features. However, additional security vulnerabilities are introduced by the VoIP system's flexibility and the convergence of voice and data networks. These additional challenges add to the normal security challenges that a VoIP system's underlying IP data network infrastructure confront. As a result, the VoIP network adds to the complexity of the security assurance task faced by businesses that use this technology. It's time to start documenting the many security risks that a VoIP infrastructure can face, as well as analyzing the difficulties and solutions that could help guide future efforts in research & development. We discuss and investigate the challenges and requirements of VoIP security in this research. Following a thorough examination of security challenges, we concentrate on VoIP system threats, which are critical for present and future VoIP deployments. Then, towards the end of this paper, some future study directions are suggested. This article intends to guide future scholars and provide them with useful guidance.

• Nuclear Engineering and Technology
• /
• v.55 no.6
• /
• pp.2034-2046
• /
• 2023

Industrial control systems in nuclear facilities are facing increasing cyber threats due to the widespread use of information and communication equipment. To implement cyber security programs effectively through the RG 5.71, it is necessary to quantitatively assess cyber risks. However, this can be challenging due to limited historical data on threats and customized Critical Digital Assets (CDAs) in nuclear facilities. Previous works have focused on identifying data flows, the assets where the data is stored and processed, which means that the methods are heavily biased towards information security concerns. Additionally, in nuclear facilities, cyber threats need to be analyzed from a safety perspective. In this study, we use the system theoretic process analysis to identify system-level threat scenarios that could violate safety constraints. Instead of quantifying the likelihood of exploiting vulnerabilities, we quantify Security Control Measures (SCMs) against the identified threat scenarios. We classify the system and CDAs into four consequence-based classes, as presented in NEI 13-10, to analyze the adversary impact on CDAs. This allows for the ranking of identified threat scenarios according to the quantified SCMs. The proposed framework enables stakeholders to more effectively and accurately rank cyber risks, as well as establish security and response strategies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.681-694
• /
• 2014

For the continuous financial incidents occurred in 2011, Korean government has announced the amendment on electronic finance supervision regulation including human resources, organization and budget. The major part of the regulation is mainly focused on human resources and budget. It states that company has to employ at least 5 percent of IT staff out of total staff, and at least 5 percent of security staff in IT staff employment number. Budget for security should be at least 7 percent of total IT budgets. This paper studies IT outsourcing policy based on operational risks of financial industries caused by amendment of regulation. This paper provides the policy decision procedure for resolving the 3rd party problems and suggests the effective operation policy to 3rd party for the program quality improvement and case studies at the IT task classification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.813-826
• /
• 2023

Organization members often use the Internet for non-work purposes during work hours, which is called cyberloafing. Certain types of cyberloafing (e.g., webhard, adult, and gambling sites access) can be a major cause of malware infection, which can ultimately generate significant damages to organizations. It therefore is important to examine the relationship between cyberloafing and cybersecurity risks of organizations. We analyzed log data from an internet filtering system of a financial institute and found that the more employees access to blacklist sites, the higher the possibility of malicious code infection. In other words, cyberloafing increases cybersecurity risks of organizations. We suggest that organizations need to monitor and control their members' internet use in an appropriate way.

• Korean Security Journal
• /
• no.29
• /
• pp.301-336
• /
• 2011

This exploratory study aims to review the risks and threats of social network services(SNSs), particularly focusing upon the policing perspective. This paper seeks to acknowledge the present risk/danger of SNSs and the very significance of establishing a strategic framework to effectively prevent and/or control criminal misuse of SNSs. This research thus advocates that proactive study on security issues and criminal aspects of SNSs and preventive countermeasures can play a significant role in policing the networked society in the time of digital/internet age. Social network sites have been increasingly attracting the attention of entrepreneurs, and academic researchers as well. In this exploratory article, the researcher tried to define concepts and features of SNSs and describe a variety of issues and threats posed by SNSs. After summarizing existing security risks, the researcher also investigated both the potential threats to privacy associated with SNSs, such as ID theft and fraud, and the very danger of SNSs in case of being utilized by terrorists and/or criminals, including cyber-criminals. In this study, the researcher primarily used literature reviews and empirical methods. The researcher thus conducted extensive case studies and literature reviews on SNSs. The literature reviews herein cover theoretical discussions on characteristics, usefulness, and/or potential danger/harm of SNSs. Through the literature review, the researcher also concentrated upon being able to identify a strategic framework for law enforcement to effectively prevent criminal misuse of SNSs The limitation of this study can be lack of statistical data and attempts to examine previously un-researched area in the field of SNS and its security risks and potential criminal misuse. Thus, to supplement this exploratory study, more objective theoretical models and/or statistical approaches would be needed to provide law enforcement with sustainable policing framework and contribute to suggesting policy implications.

• Journal of Information Technology Applications and Management
• /
• v.26 no.6
• /
• pp.119-138
• /
• 2019

This work examines whether IT managers adopt of real options such as defer, expand, contract, and abandon in order to cope with ERP risks, which include technological risk, relationship risk with SW vendors, economic risk, and security risk. We collect data of logistics firms in Seoul and its suburbs in 2018 to empirically validate the effect of risks upon the adoption of real options. The results suggest that IT managers adopt all 4 options when facing economic risk and adopt contract and abandon options only when facing security risk. Additionally, we find that IT managers prefers expand option and avoid abandon option when they think ERP compatibility is high.

• Asia pacific journal of information systems
• /
• v.10 no.2
• /
• pp.149-176
• /
• 2000

As companies become more dependent upon information systems(IS), the potential losses of IS resources become critical. IS management must assume the increasing responsibility for protection of IS resources as the IS and business environments become more vulnerable to various threats. The major issues facing management, when attempting to manage risks, include the assessment of the impact of risks on business objectives and the design of security safeguards to reduce the unacceptable risks to an acceptable level. This paper provides a case study of the risk management for IS. A Korean credit card company which has the high sensitivity for customers security was selected as a case. The risk management procedure using a powerful tool, CRAMM(the Central Computer and Telecommunications Agencys Risk Analysis and Management Method) was applied for this company.

• The Journal of the Convergence on Culture Technology
• /
• v.6 no.2
• /
• pp.327-331
• /
• 2020

In that this study is a subject and character of risk, emerging security covers non-military areas in addition to traditional military security: environmental security, human security, resource security, and cyber security. The rise of these risks is not only changing the phenomenon of the new expansion of security areas, but also the expansion of the number and scope of security entities and the aspect of security world politics. These risks are transnational security issues at the global level in terms of their nature and extent of the damage, as well as multi-layered ones that affect local and personal security issues at the regional and national levels. In addition to national actors, non-state actors such as international organizations, multinational corporations, and global civil society, and furthermore, technology and social systems themselves are causing risks. Therefore, to solve the new security problem, it is necessary to establish a middle-level and complex governance mechanism that is sought at the regional and global levels beyond the fragmented dimension of the occurrence of new security issues that have been overlooked in the existing frame of perception, and to predict and find ways to respond to new security paradigms that have been identified in a broader sense.