• Korean Security Journal
• /
• no.36
• /
• pp.443-467
• /
• 2013

The purpose of this study is to introduce United States Coast Guard (USCG) in order to suggest a direction to advance the system of Korea Coast Guard. After the effect of United Nations on the Law of the Sea in 1994, the world is facing with new era of maritime age with emergence of new maritime border 'Exclusive Economic Zone(EEZ)'. Along with new maritime era, Korea also has been facing with the conflicts caused from EEZ. Also, there is a increasing concern about maritime safety and security since people looking for maritime tourism and leisure sports are dramatically increasing in Korea. Moreover, national security matters are a big issue in Korea due to the several incidents occurred in the sea such as the attack on Yeon-Pyung Island and the sinking of Cheonan naval vessel. Arising concern on these issues in maritime space requires Korea Coast Guard to handle these effectively. However, the systematical and structural limitation of Korea Coast Guard limits the effective management of recent issues. The United States Coast Guard which is considered as one of the military force in the United States has continuously reformed and developed its system and structure to better handle the maritime safety and security issues through developing project such as the Integrated Deep Water system. Also, maritime police system and structure in the United States is different with in Korea. This study expects to suggest a way to advance the system and structure of Korea Coast Guard through examination of United States Coast Guard and comparing maritime police system and structure between Korea and the United States in order to properly deal with the maritime safety and security issues arising recently.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.4
• /
• pp.285-296
• /
• 2018

Among many hacking attempts carried out in the past few years, the cyber-attacks that could have caused a national-level disaster were the attacks against nuclear facilities including nuclear power plants. The most typical one was the Stuxnet attack against Iranian nuclear facility and the cyber threat targeting one of the facilities operated by Korea Hydro and Nuclear Power Co., Ltd (Republic of Korea; ROK). Although the latter was just a threat, it made many Korean people anxious while the former showed that the operation of nuclear plant can be actually stopped by direct cyber-attacks. After these incidents, the possibility of cyber-attacks against industrial control systems has become a reality and the security for these systems has been tightened based on the idea that the operations by network-isolated systems are no longer safe from the cyber terrorism. The ROK government has established a realistic control systems defense concept and in the US, the relevant authorities have set up several security frameworks to prepare for the threats. This paper presented various cyber security attack cases and their scenarios against control systems, along with the analysis of countermeasures for them. Though this task, we attempt to identify the items that need to be considered when designing a domestic security framework to improve security and secure stability.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2023.11a
• /
• pp.64-65
• /
• 2023

The purpose of this study was to assess the current status of cyber security at the Busan Port container terminal and derive strengthening factors through exploratory research. In recent years, the maritime industry has actively adopted Fourth Industrial Revolution technologies, resulting in changes in the form of ports, such as automated and smart terminals. While these changes have brought positive improvements in port efficiency, they have also increased the potential for cyber security incidents and threats, including information leakage through cargo handling equipment and ransomware attacks leading to terminal operations disruption. Especially in the case of ports, cyber security threats can have not only local effects within the port but also physical damage and implications for national security. However, despite the growing cyber security threats within ports, research related to domestic port cyber security remains limited. Therefore, this study aimed to identify factors for enhancing cyber security in ports and derive future enhancement strategies. The study conducted an analysis focusing on the Busan Port container terminal, which is one of the leading ports in South Korea actively adopting Fourth Industrial Revolution technologies, and conducted a survey of stakeholders in the Busan Port container terminal. Subsequently, exploratory factor analysis was used to derive strengthening factors. This study holds significance in providing directions for enhancing cyber security in domestic container ports in the future.

• Korean Security Journal
• /
• no.19
• /
• pp.67-103
• /
• 2009

Objectives of this study is develop security services through determinants analysis on the efficiency of security works regarding security and guarding business in Korea because nowadays the modern society like Korea let alone all over the world faces the increase of dangerous factors in every security field of the human societies, and also it is the very present situation that an individual's life even the national security itself can be at the risk without guaranteeing the efficiency of the security services. For this purpose, this study reviewed related documents, surveyed and interviewed security personnels to identify what the potentially influential factors are in both the public and private security organizations regarding the efficiency of present security services and organizations, and what differences are. Also, comparing the public and private security sectors, this study intended to suggest policy agendas how to enhance the efficiency of security services in the future. This study surveyed the 177 agents and former agents of the Presidential Security Service(PSS) for the public security sector, and also surveyed, interviewed, and internet-based polled 821 randomly selected personnels for the private security sector. This research showed that regarding the efficiency of the security services number of independent variables which had positive responses in the public security sector was more than that in the private security sector. Among the 21 questions regarding this issue, there were all of 21 positive responses in the public security sector while there were 18 negative responses in the private security sector. As a result of synthesizing all the answers of the both sides, it is possible to understand that mostly the ratio of the positive response was much higher. In the public security service, statistically significant variables were budget support for events, prior access of information, an integrated teamwork training, organizational atmosphere, morale of organization personnel. However, practical training of the security service and mutual communication showed unexpectedly negative(-) signs. In the private security service, statistically significant variables were budget support for events, integrated teamwork training, socially friendly atmosphere, compensation for the personnels, bullet-proof equipments and vehicles, mood of organization, personnel recruit and disposition, unexpected incidents and basic attitude for security services. In sum, while organizational personnel variables and organizational management variables were significant in the public security service, some organizational management variables and all socio-environment variables were statistically significant at 5% significance level.

• KIISE Transactions on Computing Practices
• /
• v.22 no.7
• /
• pp.332-337
• /
• 2016

System administrator or security managers need to collect logs of computing device (desktop or server), which are used for the purpose of cause-analysis of security incident and discover if damage to system was either caused by hacking or computer virus. Furthermore, appropriate log maintenance helps preventing security breech incidents through identification of vulnerability. In addition, it can be utilized for prevention of data leakage through the insider. In the paper, we present log collection system developed using open source supported by commands and basic methods of Windows. Furthermore, we aim to collect log information to enable search and analysis from diverse perspectives and to propose a way to integrate with open source-based search engine system.

• Progress in Medical Physics
• /
• v.28 no.4
• /
• pp.197-206
• /
• 2017

We develop guidelines for the quality assurance of radiation treatment planning systems (TPS) by comparing and reviewing recommendations from major countries and organizations, as well as by analyzing the AAPM, ESTRO, and IAEA TPS quality assurance guidelines. We establish quality assurance items for acceptance testing, commissioning, periodic testing, system management, and security, and propose methods to perform each item within acceptable standards. Acceptance includes tests of hardware and network environments, data transmission, software, and benchmarking as specified by the system supplier, and apply the IAEA classification criteria. Commissioning includes dosimetric and non-dosimetric items for assessing TPS performance by applying the AAPM classification criteria and the latest technical items from the IAEA. Periodic quality assurance tests include daily, weekly, monthly, yearly, and occasional items by applying the AAPM classification criteria. System management and security items include the state and network connectivity of TPS, periodic data backup, and data access security. The guidelines for TPS quality assurance proposed in this study will help to improve the safety and quality of radiotherapy by preventing incidents related to radiotherapy.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.9
• /
• pp.5783-5789
• /
• 2014

Since 2002, many domestic companies have been certified for ISMS. On the other hand, certification, such as the need for ost-effectiveness evaluation, is not specifically enforced. Therefore, for more than 10 years, the ISMS implementation and certification system has been used for performance and cost effective business management. In this study, a model for analyzing the effect of certification organizations, ISMS development, and an analysis of the effect of a standardized system for the study was prepared. To this end, the existing maintenance organizations ISMS certification survey was conducted through an analysis of the economic effects. ISMS certification continues to expand or maintain the policy for improvement. The survey data collected by the analysis mechanism for the economic effects of CVM was analyzed.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.1
• /
• pp.1-8
• /
• 2016

The Nuclear Power Plants(: NPP) are being protected as national infrastructure, and instrumentation and control(: I&C) systems are one of the principle facilities of the NPP, which perform the protection, control, and monitoring function. The I&C systems are being evolved into digitalization based on computer and network technology from analog system. In addition, the I&C systems are mostly employ the specialized logic controllers which are dedicated for the NPP, but the usage of generalized IT resources are steadily increased. The cyber security issues for the NPP are being emerged due to cyber incidents by Stuxnet and various accidents in the NPP. In this paper, hybrid access control model is proposed which are applicable to I&C system by analyzing the access control requirements specified in regulatory guides. The safety of in-service and under construction of NPP are effectively increased by applying proposed hybrid model.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.57-63
• /
• 2016

In recent years, there is growing interest in 'Fin-tech' in the domestic and international financial sector. And a variety of services in such a situation has emerged. To ensure the safety of from hacking attacks, many new technologies have been developed. These leading technology is the Bio-authentication method that you consider applying to the financial sector. Bio authentication is using biometric information. Also it is known that can cope the threat of fabrication and modifying attacks with shared and stored. However, Recently, When you look at hacking incidents of biometric data(560 million cases) in the United States Office of Personnel Management and advent of the fingerprints counterfeit technology, We can be known that should be reconsidered about the safety of bio-certification. Especially, it should be provided with a response measures for the problem of embezzlement that biometric information already been leaked. Thereby In this paper, by investigating biometric technologies and practices applied and of the vulnerability factor in many industries, it expected to be utilized in the prepared threats countermeasures in accordance with the application of the biometric authentication technology in a future.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.2
• /
• pp.1-7
• /
• 2015

As recent smartphone is used around the world, all of the subscribers of the mobile communication is up to 47.7% about 24 million people. Smartphone has a vulnerability to security, and security-related incidents are increased in damage with the smartphone. However, precautions have been made, rather than analysis of the infection of most of the damage occurs after the damaged except for the case of the expert by way of conventional post-countermeasure. In this paper, we implement a mobile-based malware analysis systems apply a virtualization technology. It is designed to analyze the behavior through it. Virtualization is a technique that provides a logical resources to the guest by abstracting the physical characteristics of computing resources. The virtualization technology can improve the efficiency of resources by integrating with cloud computing services to servers, networks, storage, and computing resources to provide a flexible. In addition, we propose a system that can be prepared in advance to buy a security from a user perspective.