• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.557-559
• /
• 2022

The use of open source has the advantage that the development environment is convenient and maintenance is easier, but there is a limitation in that it is easy to be exposed to vulnerabilities from a security point of view. In this regard, the LOG4J vulnerability, which is an open source logging library widely used in Apache, was recently discovered. Currently, the risk of this vulnerability is at the 'highest' level, and developers are using it in many systems without being aware of such a problem, so there is a risk that hacking accidents due to the LOG4J vulnerability will continue to occur in the future. In this paper, we analyze the LOG4J vulnerability in detail and propose a SNORT detection policy technology that can detect vulnerabilities more quickly and accurately in the security control system. Through this, it is expected that in the future, security-related beginners, security officers, and companies will be able to efficiently monitor and respond quickly and proactively in preparation for the LOG4J vulnerability.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.151-163
• /
• 2019

As smart devices and communication technologies have developed rapidly, the healthcare industry in the globe is seeing remarkable issues on medical security. At the same time, personal medical records are being shared in the network, which would raise the risk of information security. This thesis aims to develop the curriculum to raise the awareness of information security among workers in medical institutions by referring to NCS(National Competency Standards) International standards, medical institutions' requirements and educational institutions' curriculums on information security based on proven results from medical devices and systems introduced in the public health centers, territorial branches, community health posts and primary, secondary, tertiary hospitals. Thus, this thesis offers the method to improve information security in healthcare institutions through validation testing conducted by medical practitioners and ICT experts.

• Journal of information and communication convergence engineering
• /
• v.21 no.1
• /
• pp.32-44
• /
• 2023

Information security breach is a major risk in e-learning. This study presents the potential information security disruptions in Learning Management Systems (LMS) from the perspective of users. We use the Technology Acceptance Model approach as a user perception model of information security, and the results of a questionnaire comprising 44 questions for instructors and students across Indonesia to verify the model. The results of the data analysis and model testing reveals that lecturers and students perceive the level of information security in the LMS differently. In general, the information security aspects of LMSs affect the perceptions of trust of student users, whereas such a correlation is not found among lecturers. In addition, lecturers perceive information security aspect on Moodle is and Google Classroom differently. Based on this finding, we recommend that institutions make more intense efforts to increase awareness of information security and to run different information security programs.

• Nuclear Engineering and Technology
• /
• v.56 no.2
• /
• pp.426-436
• /
• 2024

Nuclear security has been emphasized to ensure the safety of the environment and humans, as well as to protect nuclear materials and facilities from malicious attacks. With increasing utilization of nuclear energy and emerging potential threats, there has been a renewed focus on nuclear security. Korea has made efforts to enhance the regulatory oversight processes, both for general and specific legislative systems. While Korea has demonstrated effective nuclear security activities, continuous efforts are necessary to maintain a high level of security and to improve regulatory efficiency in alignment with international standards. In this study, the comprehensive regulatory oversight framework for the security of Korean nuclear facilities has been investigated. For reference, the U.S. regulatory oversight frameworks for nuclear facilities, with a focus on nuclear security, and the motivations of changes in regulatory oversight framework have been identified. By comparing these regulatory programs and frameworks, insights and considerations for enhancing nuclear security regulations have been identified. A comprehensive security inspection program tailored for the Korean regulatory oversight framework has been proposed, and has been preliminarily applied to hypothetical conditions for further discussion.

• Journal of muscle and joint health
• /
• v.21 no.1
• /
• pp.36-45
• /
• 2014

Purpose: The purpose of this study was to investigate the factors increasing fall risk in the residential environment risk and the perceived fall risk among the older adults who received home care services to provide information for developing a comprehensive falls intervention program. Methods: The subjects were 227 community-dwelling elderly aged 65 years and over who were taken care of by home-visiting nurses of the national health centers. The data were collected from July to August in 2012 using the Choi's residential environmental risk scale (2010) and the Hong's fall risk scale (2011). Results: Requires an assistive devices to walk, modified residential environment, health security, approval certificate of LTC, residential safety perception, residential environment risk, and perception of fall risk were statistically significant risk factors. A multiple logistic regression analysis showed that room & kitchen, physical perception, medication & ADL perception, floor-related environmental perception, and daily living tool-related perception were statistically significant predictors of fall. Conclusion: The results showed that the residential environment and the perceived fall risk were associated with fall experiences among the elderly. It is necessary to develope multifactorial intervention programs considering both environmental and perceived risk factors as well as physical risk factors to reduce and prevent falls among the elderly.

• Information Systems Review
• /
• v.14 no.2
• /
• pp.21-46
• /
• 2012

Organizations that make widely use of information technologies can be more efficient. But, the dependence of information technologies leads to an increase in threat of security. This is the reason why organizations are investing in security risk management (SRM) which is designed to protect of information assets. Noting a lack of empirical research in SRM, we investigate the key factors having a direct effect on performance of SRM. Particularly, this study focused on identifying factors influencing awareness of SRM and Intention to develop SRM in Organization. Based on relevant literature review, six motivating factors, including Behavior for Security Management, Compliance with Security Policy, perceived Benefits, Perceived Sacrifice, Social Pressure, Experience of Security Risks, were initially identified. The results indicated that most perception factors were positively related to Organization's intention to develop SRM and awareness of SRM, which then had positive impact on performance of SRM. But Perceived Sacrifice was not significantly related to two variables which is Organization's intention to develop SRM and awareness of SRM.

• Convergence Security Journal
• /
• v.9 no.4
• /
• pp.1-6
• /
• 2009

Current paradigm of industrial security is changing into the effective operation and management from simple establishment of security equipments. If the physical security system(entry control system, video security system, etc.) and the IT integrated security control system are conversed, it makes us possible to prevent, disrupt and track afterwards the insider's information leakage through the risk and security management of enterprise. That is, Without the additional expansion of the existing physical security and IT security manpower, the establishment of systematic conversion security management process in a short time is possible and can be expected the effective operation of professional organization system at all times. Now it is needed to build up integrated security management system as an individual technique including the security event collection and integrated management, the post connected tracking management in the case of security accident, the pattern definition and real time observation of information leakage and security violation, the rapid judgement and response/measure to the attempt of information leakage and security violation, the establishment of security policy by stages and systematically and conversion security.

• Information Systems Review
• /
• v.22 no.2
• /
• pp.101-120
• /
• 2020

This study investigates the effects of privacy psychological characteristics of B2C logistics services users on their willingness to comply with their logistics companies' information protection policy. Using cognitive valence theory as a theoretical framework, this study proposes a research model to examine the relationships between users' logistics security knowledge, privacy trust, privacy risk, privacy concern, and their willingness of information protection policy compliance. To test the proposed model, we conducted a survey from actual users of logistics services and collected valid 151 samples. We analyzed the data using a structural equation modeling software. The empirical results show that logistics security knowledge positively affects privacy trust; privacy concern positively influences privacy risk; privacy trust, privacy risk, and privacy concern positively influence behavioral willingness of compliance. However, logistics security knowledge does not affect behavioral willingness of compliance. The results of the study provide several contributions to the literature of B2C logistics services domain and managerial implications to logistics services companies.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.4
• /
• pp.210-220
• /
• 2008

Insider threat is becoming a very serious issue in most organizations and management is responsible for security implementation. This study is to develop a personnel security management indicators in the areas of Personnel Assurance, Personnel Competence, and Security Environment and protection against insider threats. In this study, the information security management system and related papers are examined by reviewing the existing researches and cases. Proposed indicators are verified by pilot test, empirically analyzed to expose experts' perception and the validity, importance, and risk level of each indicators through a questionnaire. Result were encouraging, but additional study focused on personnel security management using factor analysis is needed in the future.

• International Commerce and Information Review
• /
• v.10 no.1
• /
• pp.217-236
• /
• 2008

The purpose of this paper is to discuss the impact of the New Container Security Initiatives of U.S., CSI(Container Security Initiative) and C-TPAT(Customs-Trade Partnership against Terrorism). The CSI which aims to pre-screen high-risk containers in ports of loading. It is a unilateral effort that seeks to develop bi-lateral agreements between the United States and foreign countries with significant container trade volumes into the U.S. C-TPAT is a voluntary initiative to develop cooperative security relationships between the U.S. government and U.S. firms in the global supply chain. Government and Industry have already responded with proposals to create more confidence in supply chain security. These proposals call for heightened inspection and scrutiny of the goods flowing through a supply chain, increased information exchange among participants of supply chain. While government and the private sector are working together to launch new initiative to create more secure and reliable supply chains, industry is rapidly exploring the potential of new technologies such as RFID. The security recommendations will eventually become the requirements to be complied with by importers and their supplier extending to the carriers. It is needed that Korean shippers involved in US importer's supply chain should pay attention to the requirements and start implementing the security measures.