• Information Systems Review
• /
• v.12 no.1
• /
• pp.23-42
• /
• 2010

Although organizations are given various benefits with information technologies, they sometimes have suffered fatal damages due to information security incidents now such as computer virus, hacking, counterfeiting, plagiarizing, etc. The fundamentalcauses of information security incidents are closely related to individuals who do not comply with information security policy or rules. The spontaneous self-control of individuals and monitoring for individuals could be the most essential solution for the ongoing observance of information security policy. Thus, the purpose of this study is to analyze effects of punishment and ethics training on compliance of information security policy of individuals in organizations, to determine individual divide among security propensity depending on organization types, and to find the more fundamental solution which leads change of organizational members’ behaviors and self-control. Regardless of the type of organizations, the results of the study suggest that there exist positive effects of punishment and ethics training in all types of organization on compliance of information security rules or regulations. A member of unitary form organization has higher cognition of punishment than a member's cognition of the multi-divisional form organization, while relatively lower awareness of ethics training. Also, a member of public organization has higher awareness of ethics training than a member’s awareness of private organization, while lower cognition of punishment. Finally, the result shows that punishment and ethics training may be major factors which affect information security. It also suggests that organizational security managers have to understand and consider organization member’s propensity relying on organization form and organization characteristics for establishment and enforcement of information security policy.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.54
• /
• pp.235-260
• /
• 2012

The CMI Rules for Electronic Bills of Lading were based on sound principles that are now reflected in the provisions of the Rotterdam Rules, which provide for the use of electronic equivalents to bills of lading. Services involving bills of lading which exist in electronic form for at least part of their lives, and which use encryption to guarantee integrity and security of these electronic records, are already being offered by a number of carriers, among them APL. The relative success of APL's system demonstrates that the use of a system which embodies the basic ideas and processes underlying the CMI Rules could easily become a practical reality in the near future. The basic principles in the CMI Rules and the Rotterdam Rules adopt a minimum requirements approach and does not flesh out the details of procedures for the use of electronic bills. This is an improvement, as it allows adaptability to future technological developments. Successful electronic bill of lading systems can only be developed in response to customer demand, and carriers are in the best position to gauge this and design systems to cater for it. APL has demonstrated this by creating a system which is tailor-made to its customers' requirements. The CMI Rules were correct in their assumption that electronic bill of lading services should be provided by carriers. They also seem to have anticipated that the switch to the electronic medium would not be sudden and complete, but would require a gradual phasing out of paper documents over a long period of time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1043-1057
• /
• 2015

In order to recognize intelligent threats quickly and detect and respond to them actively, major public bodies and private institutions operate and administer an Intrusion Detection Systems (IDS), which plays a very important role in finding and detecting attacks. However, most IDS alerts have a problem that they generate false positives. In addition, in order to detect unknown malicious codes and recognize and respond to their threats in advance, APT response solutions or actions based systems are introduced and operated. These execute malicious codes directly using virtual technology and detect abnormal activities in virtual environments or unknown attacks with other methods. However, these, too, have weaknesses such as the avoidance of the virtual environments, the problem of performance about total inspection of traffic and errors in policy. Accordingly, for the effective detection of intrusion, it is very important to enhance security monitoring, consequentially. This study discusses a plan for the reduction of false positives as a plan for the enhancement of security monitoring. As a result of an experiment based on the empirical data of G, rules were drawn in three types and 11 kinds. As a result of a test following these rules, it was verified that the overall detection rate decreased by 30% to 50%, and the performance was improved by over 30%.

• Korea Trade Review
• /
• v.44 no.1
• /
• pp.177-191
• /
• 2019

Global trade protectionism has increased further and U.S. priorities and protectionism have strengthened since Trump took office in 2017. Trump administration is actively implementing tariff measures based on U.S. domestic trade laws rather than the WTO rules and regulations. In particular, the American government has recently been imposing high tariffs due to national security and imposing economic sanctions on other countries' imports. According to the U.S. Trade Expansion Act Section 232, the American government imposed additional tariffs on steel and aluminum imports to WTO member countries such as China, India, and EU etc. on march 15, 2018. Thus, this study aims to investigate whether the U.S. Trade Expansion Act Section 232 is consistent with GATT/WTO rules by comparing the legal basis of US / China / WTO regulations related to Section 232 of the U.S. Trade Expansion Act, and gives some suggestions for responding to the Section 232 measure. As the Section 232 measure exceeded the scope of GATT's Security Exceptions regulation and is very likely to be understood as a safeguard measure. If so, the American government is deemed to be in breach of WTO's regulations, such as the most-favored-nation treatment obligations and the duty reduction obligations. In addition, American government is deemed to be failed to meet the conditions of initiation of safeguard measure and violated the procedural requirements such as notification and consultation. In order to respond to these U.S. protection trade measures, all affected countries should actively use the WTO multilateral system to prevent unfair measures. Also, it is necessary to revise the standard jurisdiction of the dispute settlement body and to explore the balance of the WTO Exception clause so that it can be applied strictly. Finally, it would be necessary for Chinese exporters to take a counter-strategy under such trade pressure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.121-129
• /
• 2008

This paper presents vulnerability identification method based on meaning which is making use of the concept of atomic vulnerability. Also, we are making use of decomposition and specialization processes which were used in DEVS/SES to get identifiers. This vulnerability representation method is useful for managing and removing vulnerability in organized way. It is helpful to make a relation between vulnerability assessing and intrusion detection rules in lower level. The relation enables security manager to response more quickly and conveniently. Especially, this paper shows a mapping between Nessus plugins and Snort rules using meaning based vulnerability identification method and lists usages based on three goals that security officer keeps in mind about vulnerability. The contribution of this work is in suggestion of meaning based vulnerability identification method and showing the cases of its usage for the rule integration of vulnerability assessment and intrusion detection.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.103-111
• /
• 2017

Recently, new variants of Ransomware are becoming a new security issue. Ransomware continues to evolve to avoid network of security solutions and extort users' information to demand Bitcoin using social engineering technique. Ransomware is damaging to users not only in Korea but also in all around the world. In this thesis, it will present research solution to prevent and cope from damage by new variants Ransomware, by studying on the types and damage cases of Ransomware that cause social problems. Ransomware which introduced in this paper, is the most issued malicious code in 2016, so it will evolve to a new and more powerful Ransomware which security officers cannot predict to gain profit. In this thesis, it proposes 4 methods to prevent the damage from the new variants of Ransomware to minimize the damage and infection from Ransomware. Most importantly, if user infected from Ransomware, it is very hard to recover. Thus, it is important that users understand the basic security rules and effort to prevent them from infection.

• Journal of Korea Multimedia Society
• /
• v.14 no.12
• /
• pp.1583-1590
• /
• 2011

A Certificate Revocation List(CRL) should be distributed quickly to all the vehicles for vehicular communications to protect them from malicious users and malfunctioning equipment as well as to increase the overall security and safety of vehicular networks. Thus, a major challenge in vehicular networks is how to efficiently distribute CRLs. This paper proposes a Multimedia Object Transfer(MOT) protocol based on CRL distribution scheme over T-DMB infrastructure. To complete the proposed scheme, a handoff method, CRL encoding rules based on the MOT protocol, and relative comparison are presented. The scheme can broaden breadth of network coverage and can get real-time delivery with enhanced transmission reliability. Even if road side units are sparsely deployed or, even not deployed, vehicles can obtain recent CRLs from T-DMB infrastructure effectively.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.631-633
• /
• 2003

시스템의 안전성을 평가하기 위해 프롤로그 기반의 명세 언어인 SPSL을 사용하여 보안 모델을 정형적으로 설계하였다. 보안 모델은 시스템의 3가지 컴포넌트, 시스템 보안 상태(system security states), 접근 통제 규칙(access control rules), 그리고 보안 기준(security criteria)으로 구성된다. 본 논문에서는 NTFS의 다중 사용 권한에 대한 보안 모델을 만들어서 3가지 컴포넌트를 명세하고 안전성 문제 해결 도구인 SPR［1］을 이용하여 검증하였다.

• International Journal of Computer Science & Network Security
• /
• v.23 no.5
• /
• pp.47-52
• /
• 2023

In this paper a new fuzzy prediction is designed and developed to predict the type of delivery based on 7 factors. The developed system is highly needed to give a recommendation to the family excepting baby and at the same time provide an advisory system to the physician. The system has been developed using MATLAB and has been tested and verified using real data. The system shows high accuracy 95%. The results has been also checked one by one by a physician. The system shows perfect matching with the decision of the physician.