• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.7
• /
• pp.1447-1454
• /
• 2012

Recently P2P is the most popular network service on Internet and is applied various areas such as streaming, file sharing and software distribution, but there are many security threats depending on vulnerabilities by P2P network environments. Conceptually P2P network is a overlay network based on Internet, and it has security concerns of itself as well as those of Internet environments. In this paper, we analyze the vulnerabilities and threats for domestic P2P services through various experiments and describe their risk analysis. We expect that this work contributes to new domestic P2P services in consideration of service qualities and security vulnerabilities.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.15-25
• /
• 2008

In today's broadcasting and communication systems, many applications are converged information in a complicated manner by interworking with various networks such as satellite networks. Specifically, as broadcasting and communication systems have become more advanced in terms of technology and capacity, the increase in information assets has created new types of threats and vulnerabilities that we're not previously apparent. This paper has proposed the following methodologies for analyzing the risks and estimating the economical that could arise in broadcasting and communication convergence systems. First, the assets are prioritized by grading them according to confidentiality(copyrights), integrity, and availability. Based on such an analysis, this paper presents a model that can be used for verifying the risk variables caused by changing threats and vulnerabilities. Second, this paper presents a method for quantitatively estimating the economical caused by countermeasure costs for each time period.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.586-596
• /
• 2021

Software organisations follow different methodologies for the development of software. The software development methodologies are mainly divided into two categories, including plan-driven and agile development. To attain project success, it is very significant to consider risk management during whole project. Agile development is considered risk-driven, but many risks are unreported at the industrial level. The risks can be divided into three categories, including (i) development risks, (ii) organisations risks, and (iii) people-oriented risks. This paper deals with Development risks specifically. Several risks related to development are faced by people working in the industry while dealing with agile development. Their management among the industry is a big issue, so this paper emphasises ARMF based on development-related risks by following agile development. This research work will help software organisations to prevent different project-related risks during agile development. The risks are elicited at two-level, (i) literature-based and (ii) IT industry based. A systematic literature review was performed for eliciting the agile risks from the literature. Detailed case studies and survey research methods were applied for eliciting risks from IT industry. Finally, we merged the agile development risks from literature with standard industrial risks. Hence, we established an agile risk mitigation framework ARMF based on agile development and present a groundwork established in light of empirical examination for extending it in future research.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.323-333
• /
• 2024

Recently, Syntheic data has been in the spotlight as a technology that can protect personal information while maintaining the patterns and characteristics of actual data. Accordingly, technical and institutional research on synthetic data is actively being conducted, but it is difficult to actively use synthetic data due to the lack of clear standards and guidelines. This study is a preliminary study for quantifying the disclosure risk of synthetic data, and derives a privacy disclosure risk index through statistical methodology and suggests specific application measures to comply with the General Data Protection Regulation(GDPR). It is expected that the disclosure risk and the balance of data utility can be controlled through the privacy disclosure risk index of this study in an open data environment.

• Journal of the Korea Convergence Society
• /
• v.3 no.1
• /
• pp.7-11
• /
• 2012

Intellgent Vehles network capabilities can cause a lots of security issues such as data hacking, privacy violation, location tracking and so on. Some possibilities which raise a breakdown or accident by hacking vehicle operation data are on the increase. In this paper, we propose a security module which has user authentication and encryption functionalities and can be used for vehicle network system.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.464-465
• /
• 2014

Analysis of characteristics in software vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerability discovered. Being a new research area, the quantitative aspects of software vulnerabilities and risk assessments have not been fully investigated. However, further detailed studies are required related to the security risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers (Internet Explorer (IE), Firefox (FX), Chrome (CR) and Safari (SF)) with respect to the Common Vulnerability Scoring System (CVSS). The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems, and exploitation aftermath is getting worse.

• Journal of the Korean Home Economics Association
• /
• v.40 no.12
• /
• pp.49-61
• /
• 2002

The purpose of this study was to investigate the effect of clothing involvement on the perceived risk in internet shopping and store selection criteria. The subjects used for the study were 210 male and 338 female college students. The clothing involvement consisted of pleasure, symbolism, and selection difficulty factors. The perceived risk consisted of size/defect risk, social psychological risk, privacy risk, delivery risk, and price risk. The store selection criteria had security/service, entertainment/variety, price/convenience factors. The results showed that consumers were segmented by four groups based on clothing involvement factors: clothing pleasure group, symbolism group, confidence group, and low clothing involvement group. The four segmented groups differed in regard to the perceived risk, store selection criteria, and demographics. For example, clothing pleasure group perceived the size/defect risk and social psychological risk higher than did the other groups. Also, the clothing pleasure group considered entertainment/variety more important and had younger female consumers.

• Industrial Engineering and Management Systems
• /
• v.13 no.2
• /
• pp.154-162
• /
• 2014

Effects of food scandals on religious belief, human health and even on causes of death indicate that firms and consumers are vulnerable to integrity risks in the global supply chain. Mitigating the integrity risk and maintaining the credence quality products like halal food is very challenging, if not impossible. Our aim in this research is to show that supply chain integration can mitigate the halal food integrity risk. To illustrate this idea, we have conducted case studies and interviews in seven Malaysian chicken supply chain focal firms. We unpack the halal integrity risks along the supply chain, such as production risk, raw material risk, food security risk, outsourcing practices risk, service risk, and logistics risk. The research argues that supply chain integration, such as internal integration and external integration practices, could minimize the halal integrity risk. The advantages of supply chain integration in mitigating the halal integrity risk are also highlighted in this paper.

• Journal of Navigation and Port Research
• /
• v.47 no.2
• /
• pp.93-99
• /
• 2023

This study aimed to determine relationships among risk factors influencing container port operation using Bayesian network. Risk factors identified from prior studies were classified into five groups: human error, machinery error, environmental risk, security risk, and natural disasters. P anel experts discussed identified risk factors to fulfil conditional probability tables of the interdependence model. The interdependence model was also validated by sensitivity analysis and provided an interrelation of factors influencing the direction of each other. Results of the interdependence model were partially in line with results from prior studies while practices in the global port industry confirmed interrelationships of risk factors. In addition, the relationship between top-ranked risk factors can provide a schematic drawing of the model. Accordingly, results of this study can expand the prior research in the Korean port industry, which may help port authorities improve risk management and reduce losses from the risk.

• Convergence Security Journal
• /
• v.9 no.1
• /
• pp.39-44
• /
• 2009

To get legitimacy of a security investment, the analysis of ROI about the security investment is required. In this paper, we suggest a practical quantitative model with considering factors that do decision-making of optimized security investment difficult. This model makes use of the value of a residual risk to decide the best information security solution and considers a corelation of response techniques of the information security solution against each threat to do exact decision-making.