• Journal of Korean Society of societal Security
• /
• v.2 no.1
• /
• pp.57-64
• /
• 2009

With the increase in construction of long railway tunnel, social interest in the railway tunnel fire risk has also increased. However, quantitative fire risk research on this topic is still lacking, especially in terms of consideration of uncertainty of each variables used in risk analysis. Hence, in this study, to improve the overall performance of fire risk analysis technique for railway tunnel, Monte-Carlo simulation method is added to the traditional probabilistic risk analysis based on event tree approach and its validity is investigated by applying it to the real railway tunnel project.

• Journal of Korean Society of societal Security
• /
• v.2 no.1
• /
• pp.47-55
• /
• 2009

Organizations and customers lose if business activities are discontinued by an incident of information systems under the current business environment because they pursue real time enterprise and on demand enterprise. The loss includes the intangible decline in brand image, customer separation, and the tangible loss such as decrease in business profits. Thus, it is necessary to have preparedness in advance and mitigation for minimization of a loss due to the business discontinuity and IT risks. This paper described a IT risk assessment case about domestic construction company.

• Journal of the Society of Naval Architects of Korea
• /
• v.37 no.3
• /
• pp.69-77
• /
• 2000

This study was a part of FSA study which was initiated by IMO and was applied to hatchway watertight integrity of bulk carriers. Hazards which were involved in high risk level were identified as follows. Ship Operation out of Design Criteria(Hatch Coaming Damage) and Poor Maintenance & Inspection(Securing Arrangement Damage). The potential risk was calculated by risk analysis and risk control option was made to reduce potential risk. The potential risk was about U$60,000/ship-year and could be reduced to about U$30,000/ship-year by applying RCO 1(Advanced system directly related to Hatchway Security). In addition, effectiveness of RCOs was shown by cost benefit assessment.

• Journal of Navigation and Port Research
• /
• v.29 no.6 s.102
• /
• pp.487-493
• /
• 2005

Since the destruction of World Trade Center the attention of the United States and the wider international community has focussed upon the need to strengthen security and prevent terrorism This paper suggests an analysis prior to risk factor and structure for anti-terrorism in the korean maritime society. For this, in this paper, maritime terror risk factor was extracted by type and case of terror using brainstorming method. Also, risk factor is structured by FSM method and analyzed for ranking of each risk factor by AHP. At the result, the evaluation of risk factor is especially over maximum factor for related external impact.

• Journal of Korean Society of societal Security
• /
• v.1 no.1
• /
• pp.53-62
• /
• 2008

Recently, the potential risks of tank lorry transportation from the petrochemical plant have been increasing, so the research was performed to build up the evaluation criterion of the transportation safety, as well as aggressive risk+assessment of a variety of chemical materials. This research was applied to the Maximum Credible Accident Analysis technique and modeled on the risk management of chemical transportation using the following four steps for risk evaluation, firstly the comparison of representative fype and standard of hand ling chemical materials transported by tank vehicles secondly, specific classification of potential hazards thirdly, grasp and recognition of virtual accident scenario at last, the risk evaluation of virtual accident scenario(qualitative/quantitative - chemical release modeling).

• Korean Management Science Review
• /
• v.17 no.1
• /
• pp.145-158
• /
• 2000

The medical records of diagnostic and testing information include sensitive personal information that reveals some of the most intimate aspects of an individual's life. The hospital information system (HIS) operates in a state of high risk which may lead to the possible loss to the IS resources caused by various threats. This research addresses twofold : (1) to perform asset identification ad valuation and (2) to recommend countermeasures for secure HIS network using case studies This paper applied a risk management tool CRAMM (Central Computer and Tele-communications Agency's Risk Analysis and Management Method) to assess asset values and suggest countermeasures for the security of computerized medical information of two large hospitals in Korea. CRAMM countermeasures are recommended at the reference sites from the network security requirements of system utilized for the diagnosis and treatment of patients. The results of the study will enhance the awareness of IS risk management by IS managers.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.65-74
• /
• 1996

Risk analysis is time-consuming and expensive process〔1〕〔6〕. Automated risk analysis tools have been widely used in industry and government to support decision making process and reduce cost. However, difficulties in materializing impact of threats and fast-changing network environments make analysis process more complicated and less trusted since impacts are relative in network environments. HAWK system is developed to improve the accuracy of analysis result in network-oriented environment. It provides user-friendly environments and considers network environments as primary assets.

• Asia pacific journal of information systems
• /
• v.10 no.2
• /
• pp.149-176
• /
• 2000

As companies become more dependent upon information systems(IS), the potential losses of IS resources become critical. IS management must assume the increasing responsibility for protection of IS resources as the IS and business environments become more vulnerable to various threats. The major issues facing management, when attempting to manage risks, include the assessment of the impact of risks on business objectives and the design of security safeguards to reduce the unacceptable risks to an acceptable level. This paper provides a case study of the risk management for IS. A Korean credit card company which has the high sensitivity for customers security was selected as a case. The risk management procedure using a powerful tool, CRAMM(the Central Computer and Telecommunications Agencys Risk Analysis and Management Method) was applied for this company.

• Journal of Korea Multimedia Society
• /
• v.20 no.5
• /
• pp.827-834
• /
• 2017

Android's inter-application access enriches its application ecosystem. However, it exposes security vulnerabilities where end-user data can be exploited by attackers. While existing techniques have focused on minimizing the risks of inter-application access, they either suffer from inaccurate risk detection or are primarily available to expert users. This paper introduces a novel technique that automatically analyzes potential risks between a set of applications, aids end-users to effectively assess the identified risks by crowdsourcing assessments, and generates an access control policy which prevents unsafe inter-application access at runtime. Our evaluation demonstrated that our technique identifies potential risks between real-world applications with perfect accuracy, supports a scalable analysis on a large number of applications, and successfully aids end-users' risk assessments.

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1220-1227
• /
• 2011

According to the development of IT technology, life itself is becoming the change to Knowledge-based systems or information-based systems. However, the development of IT technology, the cyber attack techniques are improving. And DDoS a crisis occurs frequently, such as cyber terrorism has become a major data leakage. In addition, the various paths of attack from malicious code entering information in the system to work for your company for loss and damage to information assets is increasing. In this environment, the need to preserve the organization and users of information assets to perform ongoing inspections risk management processes within the organization should be established. Processes and managerial, technical, and physical systems by establishing an information security management system should be based. Also, we should be introduced information security product for protecting internal assets from the threat of malicious code incoming to inside except system and process establishment. Therefore we proposed enterprise and government information security enhancement scheme through the introduction of information security management system and information security product in this paper.