• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.4 no.4
• /
• pp.25-34
• /
• 1981

Recently there has been a marked increase in concern for security in computerized operations. The purposes of computer security controls are to protect against the unauthorized access to and modification of data processing resources, unauthorised access to and modification of data files and software, and the misuse of authorized activities. The controls relate to the physical security of the data processing department and of the areas within the data processing department : to the security of the data files, programs, and system software : and to the human interaction with the data files, programs, and system software. The controls that will be discussed in this paper include : I. Risk on the computer use. II. Methods of risk counter measure. III. Role of system auditing.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.67 no.12
• /
• pp.1577-1586
• /
• 2018

The emergence of the Smart Grid is an integrated solution for the next generation power system that combines IT technology in the power system to create optimal energy utilization and various services. However, these convergence technologies (power systems and information communications) are not only improving the related technologies but also producing various problems especially exposure to cyber risk. In particular, the intelligent power grid has security vulnerabilities through real-time information sharing among various organically linked systems, and it is more complicated than the cyber risk problem in the existing IT field and is directly connected to national disaster accidents. Therefore, in order to construct and operate a more stable smart grid, this paper analyzes the system of power system control system in Korea, and proposes a cyber security element definition and a countermeasure establishment method of power monitoring & control systems based on security standards of smart grid (No. SPS-SGSF-121-1-1).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1277-1286
• /
• 2013

Cloud computing's unique attributes such as elasticity, rapid provisioning and releasing, resource pooling, multi-tenancy, broad-network accessibility, and ubiquity bring many benefits to cloud adopters(company and organization), but also entails specific security risks associated with the type of adopted cloud and deployment mode. To minimize those types of risk, this paper proposed cloud computing security framework refered to strategic alliance model. The cloud computing security framework has main triangles that are cloud threat, security controls, cloud stakeholders and compose of three sides that are purposefulness, accountability, transparent responsibility. Main triangles define purpose of risk minimization, appointment of stakeholders, security activity for them and three sides of framework are principles of security control in the cloud computing, provide direction of deduction for seven service packages.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1994.11a
• /
• pp.316-323
• /
• 1994

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.395-410
• /
• 2015

This research defines the degree of the threat caused by the leakage of personal information in a quantitative way. The proposed definition classifies the individual items in a personal data, then assigns a risk value to each item. The proposed method considers the increase of the risk by the composition of the multiple items. We also deals with various attack scenarios, where the attackers seek different types of personal information. The concept of entropy applies to associate the degree of the personal information exposed with the total risk value. In our experiment, we measured the risk value of the Facebook users with their public profiles. The result of the experiment demonstrates that they are most vulnerable against stalker attacks among four possible attacks with the personal information.

• Journal of Navigation and Port Research
• /
• v.38 no.3
• /
• pp.317-325
• /
• 2014

The government of South Korea has introduced various security measures in the supply chain, such as CSI (including a 24-hour rule) and AEO (Authorized Economic Operator), in compliance with global security trends and the war on terror. However, many participants in the import and export process are still unfamiliar with the purposes and functions of CSI, the 24-hour rule, and AEO. As such, considering these risks as obstacles or as factors that interfere with the import and export process, this study suggests proper management schemes, which can identify, measure and evaluate these risks.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1154-1164
• /
• 2016

To prevent the use of one's smartphone by another user, the authentication checks the owner in several ways. However, whenever the owner does use his/her smartphone, this authentication requires an unnecessary action, and sometimes he/she finally decides not to use an authentication method. This can cause a fatal problem in the smartphone's security. We propose a sustainable android platform-based authentication mode to solve this security issue and to facilitate secure authentication. In the proposed model, a smartphone identifies the current situation and then performs the authentication. In order to define the risk of the situation, we conducted a survey and analyzed the survey results by age, location, behavior, etc. Finally, a demonstration program was implemented to show the relationship between risk and security authentication methods.

• Journal of Information Technology Applications and Management
• /
• v.26 no.6
• /
• pp.119-138
• /
• 2019

This work examines whether IT managers adopt of real options such as defer, expand, contract, and abandon in order to cope with ERP risks, which include technological risk, relationship risk with SW vendors, economic risk, and security risk. We collect data of logistics firms in Seoul and its suburbs in 2018 to empirically validate the effect of risks upon the adoption of real options. The results suggest that IT managers adopt all 4 options when facing economic risk and adopt contract and abandon options only when facing security risk. Additionally, we find that IT managers prefers expand option and avoid abandon option when they think ERP compatibility is high.

• The Research Journal of the Costume Culture
• /
• v.18 no.1
• /
• pp.118-132
• /
• 2010

The purpose of this study is to understand factors of risk perception and purchase obstruction by consumer characteristics and purchase experience of clothing in online. The collection of the research materials was progressed by online and offline. Out of 374 usable questionnaires used for examining this study, 278 questionnaires were collected from offline and 107 questionnaires were collected from online. Frequency analysis, factor analysis, reliability analysis, t-test, One-way ANOVA and multiple regression analysis using SPSS WIN 12.0 were conducted. Three factors of perceived risk were extracted: harmonic/image, quality/shopping process, payments. Based on these dimensions, ANOVA was conducted. The results indicated that the more purchasing experience people had, the less the extent of perceived risk they got, and quality/shopping process risk mostly among them. As the factors which obstruct purchasing decision, a security obstruction, a reliability obstruction, a convenient obstruction and an information insufficient obstruction are extracted. Also, the factors have got the result of same aspects as the perceived risk recognized by the Internet shopping experience. Meaningful differences between groups appear at security obstruction, reliability obstruction, and convenient obstruction. Perceived risk almost influenced on purchase obstruction when purchasing clothes in Internet shopping mall. When consumers perceiving harmony/image risk highly make decisions, they usually hesitate or abandon due to reliability obstruction, convenient obstruction. All the factors: including security obstruction, reliability obstruction, convenient obstruction and information insufficient obstruction made consumers perceiving quality/shopping process risk highly obstruct purchase decision.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.3
• /
• pp.179-187
• /
• 2003

This study investigate the reasons of organizational failure in detection and appropriate response to risk signal. The Crisis does not come true suddenly, there is some risk signals in crisis. If Organization detect the risk signals the crisis is come true opportunities, if not the crisis is come true disastrous outcome. This is use the system dynamics approach. System Dynamics assume the system as a collection of causal feedback loop, so we understand the dynamics around the problems. This investigate suggest that, the focus on growth is the a kind of promotional pressure and the pressure drive the organization to less attention the risk signal, so the risk is underestimate In proportion to real risk. Ultimate, the organization entrap the promotional climate and insensible to security. This study is a kind of hypothesis-discovering research, in the further study, the discovered hypothesis will be empirically tested.