• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.218-232
• /
• 2015

According to the development of information processing technology and mobile communication technology, the utilization of mobile banking systems is drastically increasing in banking system. In the foreseeable future, it is expected to increase rapidly the demands of mobile banking in bank systems with the prevalence of smart devices and technologies. However, the keeping 'security' is very important in banking systems that handles personal information and financial assets. But it is very difficult to improve the security of banking systems only with the vulnerabilities and faults analysis methods of information security. Hence, in this paper, we accomplish the analysis of security risk factor and security vulnerability that occur in mobile banking system. With analyzed results, we propose the information security control and management processes for assessing and improving security based on the mechanisms which composes mobile banking system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.19-25
• /
• 2018

With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.199-202
• /
• 2023

Carriage return (CR) and line feed (LF), also known as CRLF injection is a type of vulnerability that allows a hacker to enter special characters into a web application, altering its operation or confusing the administrator. Log poisoning and HTTP response splitting are two prominent harmful uses of this technique. Additionally, CRLF injection can be used by an attacker to exploit other vulnerabilities, such as cross-site scripting (XSS). Email injection, also known as email header injection, is another way that can be used to modify the behavior of emails. The Open Web Application Security Project (OWASP) is an organization that studies vulnerabilities and ranks them based on their level of risk. According to OWASP, CRLF vulnerabilities are among the top 10 vulnerabilities and are a type of injection attack. Automated testing can help to quickly identify CRLF vulnerabilities, and is particularly useful for companies to test their applications before releasing them. However, CRLF vulnerabilities can also lead to the discovery of other high-risk vulnerabilities, and it fosters a better approach to mitigate CRLF vulnerabilities in the early stage and help secure applications against known vulnerabilities. Although there has been a significant amount of research on other types of injection attacks, such as Structure Query Language Injection (SQL Injection). There has been less research on CRLF vulnerabilities and how to detect them with automated testing. There is room for further research to be done on this subject matter in order to develop creative solutions to problems. It will also help to reduce false positive alerts by checking the header response of each request. Security automation is an important issue for companies trying to protect themselves against security threats. Automated alerts from security systems can provide a quicker and more accurate understanding of potential vulnerabilities and can help to reduce false positive alerts. Despite the extensive research on various types of vulnerabilities in web applications, CRLF vulnerabilities have only recently been included in the research. Utilizing automated testing as a recurring task can assist companies in receiving consistent updates about their systems and enhance their security.

• International Journal of Computer Science & Network Security
• /
• v.22 no.1
• /
• pp.69-76
• /
• 2022

At the current stage of globalization and European integration of Ukraine, the aspects related to the effective fight against corruption in the system of economic security of our country are receiving more and more attention, as they become a prerequisite for continuing reforms based on international funding. In order to consider this issue and solve this problem, the necessary step is to develop and implement real mechanisms of the system for detecting and preventing corrupt behavior, which are based on international anti-corruption standards. The leading component of this system is the management of corruption risks in the system of economic security in order to identify them and implement measures to reduce them. This study analyzes the corruption perception index in Ukraine in recent years, which showed a positive, albeit somewhat slow dynamics of its growth, indicating a gradual increase in overcoming corruption through the introduction of a number of anti-corruption measures and changes. It is proved that the current stage of socio-economic development of the country contributes to strengthening the processes of combating corruption and preventing corruption risks, creating an effective and efficient anti-corruption system of the state. The concept of "corruption" was studied, it was found that in the field of public administration it is considered from different positions and is closely related to the concept of "corruption risks". The essence and features of corruption risks are studied, the preconditions of their occurrence are formulated, the relationship between the causes of corruption risks and economic security in the field of public authority has been established. The system of corruption risk management is considered and its components are characterized. It is proposed to increase the effectiveness of anticorruption policy through the implementation of measures aimed at investigating the causes of corruption risks, as well as developed effective and effective means of reducing corruption risks within the system of economic security

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2021.11a
• /
• pp.72-73
• /
• 2021

As discussions of the International Maritime Organization for the introduction of the Marine Autonomous Surface Ship (MASS) began in earnest, discussions were conducted to prioritize cybersecurity (Cyber Risk Management) when developing a system to support MASS operation at the 27th ENAV Committee Working Group (WG2). Korea launched a technology development project for autonomous ships in 2020, and has been promoting detailed tasks for cybersecurity technology development since 2021. MASS operation in a digital maritime communication system environment requires network security of various digital equipment that was not considered in the existing maritime communication environment. This study introduces the basic concept of network security equipment to support MASS operation in the detailed task of cybersecurity technology development, and defines the network security equipment interface for MASS ship application in the basic stage.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.8
• /
• pp.145-161
• /
• 2012

This study aims to explore how the degree of education related to information systems and the Internet literacy affect perceived security risk and how these three variables affect online transaction intention based on the Technology Acceptance Model (TAM). Since using smartphone to purchase necessary products is increasing, the study provided two different cases of using the existing Internet and smartphone to buy products. As a result of an empirical test, the degree of information system education, internet literacy, and perceived security risk had significant effects on online transaction intention mediating perceived usefulness and perceived ease of use. Unlike the expectation, the more people have education related to information systems, the more they have knowledge about hacking or cases of privacy infringement, leading to even more concerns about security, thereby believing the Internet transactions require much effort. The more the education about information system, the more we have concerns about security; therefore, perceived security risk have a positive(+) effect on perceived usefulness not a negative(-) effect. Lastly, while the degree of education related to information systems has relations with the recognition of the usefulness of the Internet transaction, the study showed that there are no relations of recognizing the usefulness and the ease of use of smartphone.

• KIPS Transactions on Software and Data Engineering
• /
• v.5 no.3
• /
• pp.139-144
• /
• 2016

When, Software is developed, Applying development methods considering security, it is generated the problem of additional cost. These additional costs are caused not consider security in many developing organization. Even though, proceeding the developments, considering security, lack of ways to get the cost of handling the vulnerability throughput within the given cost. In this paper, propose a method for calculating the vulnerability throughput for using a security vulnerability processed cost-effectively. In the proposed method focuses on the implementation phase of the software development phase, leveraging static analysis tools to find security vulnerabilities in CWE TOP25. The found vulnerabilities are define risk, transaction costs, risk costs and defines the processing priority. utilizing the information in the CWE, Calculating a consumed cost in a detected vulnerability processed through a defined priority, and controls the vulnerability throughput in the input cost. When applying the method, it is expected to handle the maximum risk of vulnerability in the input cost.

• Journal of Digital Contents Society
• /
• v.15 no.1
• /
• pp.121-128
• /
• 2014

SSE-CMM for security engineering, engineering, assurance, risk is divided into three elements of the process maturity assessment model and the level of information security presented. Maturity measurement of privacy, vulnerability diagnosis and risk analysis methodologies is used in practical field for present a comprehensive conclusion. The common cyber services are internet banking, mobile banking, telephone banking and the like. Transaction structure, a kind of cyber-banking system, information security maturity of the existing measurement methodologies for research purposes, vulnerability diagnosis and risk analysis methodologies to be used in practical field present a comprehensive conclusion. To ensure safety and convenience for the user, convenient to deal with cyber environment is the key to the activation of cyber trading. Particularly by measuring the maturity of cyber banking system to ensure the safety of the practice field much effects are expected as a result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1089-1097
• /
• 2019

An era of smart manufacturing is coming through the rapid development of information and communication technology. As a result, many companies have begun to utilize a variety of hardware and software for the efficient business of the manufacturing process. At this time, the hardware and software used are supplied through manufacturing and distribution processes. These supply processes are exposed to a variety of security threats. As the recent cases of supply chain attacks have increased, foreign countries are establishing supply chain management systems and managing supply chain risks. In Korea, on the other hand, there was research on supply chain risk management in some fields. In this paper, we emphasizes the necessity of supply chain risk management through supply chain attack cases. In addition, we analyze trends of foreign supply chain management system and explains the necessity of domestic supply chain security strategy.

• The Journal of the Korea Contents Association
• /
• v.11 no.6
• /
• pp.372-384
• /
• 2011

The purpose of this study is empirically analyzing the effects of external factors(user knowledge, service characteristics, security), perceived risk, trust, ease of use, and usefulness on continuous customer acceptance in Internet banking. To achieve the goal, we develop the extended Technology Acceptance Model(Ex-TAM) based in the theoretical backgrounds of the Technology Acceptance Model(TAM). To test the new model(Ex-TAM), path analysis is performed by AMOS 4.0 package as a statistical tool. The finding indicate that 4 factors(service characteristics, ease of use, usefulness, trust) are significant. However, 2 factors(security, perceived risk) are not significant, user knowledge is partly significant.