• Journal of Information Technology Services
• /
• v.10 no.2
• /
• pp.293-308
• /
• 2011

The preliminary security assessment is an information security process to analyze security weaknesses before beginning of services. Discovering security weakness through preliminary security assessment is highly required because it costs much when security incident occur in the middle of service operation. However, this assessment is not widely spread in the online game service domain yet. In this paper, we summarize the security risk existed in the online game service, and we classify the security requirements related to the each risk. Also, through the case study, we evaluated the effectiveness of preliminary security assessment in this domain. In addition, we suggest checklists that should be reviewed once in game-client side, network-side and game-server side for the purpose of security enhancement.

• International journal of advanced smart convergence
• /
• v.11 no.3
• /
• pp.7-16
• /
• 2022

The targets of cyber-attacks are not limited to the websites and internal IT systems of shipping agencies. Ships and ports have become important targets for cyber attackers. This paper examines the current state of ship network security, introduces the International Maritime Organization's resolution on ship network security management, and summarizing the cyber-attacks in maritime so the readers can have a general understanding of maritime environment.

• Journal of Information Processing Systems
• /
• v.10 no.1
• /
• pp.132-144
• /
• 2014

Information always comes with security and risk problems. There is the saying that, "The tall tree catches much wind," and the risks from cloud services will absolutely be more varied and more severe. Nowadays, handling these risks is no longer just a technology problem. So far, a good deal of literature that focuses on risk or security management and frameworks in information systems has already been submitted. This paper analyzes the causal risk factors in cloud environments through critical success factors, from a business perspective. We then integrated these critical success factors into a business model for information security by mapping out 10 principles related to cloud risks. Thus, we were able to figure out which aspects should be given more consideration in the actual transactions of cloud services, and were able to make a business-level and general-risk control model for cloud computing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.87-96
• /
• 2023

As the number of security vulnerabilities increases yearly, security threats continue to occur, and the vulnerability risk is also important. We devise a security threat score calculation reflecting trends to determine the risk of security vulnerabilities. The three stages considered key elements such as attack type, supplier, vulnerability trend, and current attack methods and techniques. First, it reflects the results of checking the relevance of the attack type, supplier, and CVE. Secondly, it considers the characteristics of the topic group and CVE identified through the LDA algorithm by the Jaccard similarity technique. Third, the latest version of the MITER ATT&CK framework attack method, technology trend, and relevance between CVE are considered. We used the data within overseas sites provide reliable security information to review the usability of the proposed final formula CTRS. The scoring formula makes it possible to fast patch and respond to related information by identifying vulnerabilities with high relevance and risk only with some particular phrase.

• Convergence Security Journal
• /
• v.3 no.3
• /
• pp.81-90
• /
• 2003

Risk analysis and internal control evaluation are key security management activities for securing organizational assets. Risk analysis is used to identify areas that need safeguarding while internal control evaluation is used to check whether the current control system is effective with a reasonable degree of assurance. Risk analysis usually focuses on unauthorised activities of unauthorised people and has not paid much attention to threats that could be committed by authorized users. As attention to fraud increases, these threats should be appropriately treated within organizations. This paper compares the difference between these two approaches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1183-1192
• /
• 2022

Information and Information processing systems must maintain a certain level of security during the total life cycle of Information. To maintain a certain level of security, security management processes are applied to software, automobile development, and the U.S. federal government information system over a life cycle, but theme of no similar security management process in Korea. This paper proposes a Korean-style security risk management framework to maintain a certain level of security in the total life cycle of information and information processing system in the defense sector. By applied to the defense field, we intend to present the direction of defense security work in the future and induce an shift in security paradigm.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.51-58
• /
• 1995

The importance of the risk analysis tool has been recognized and its use also has been emphasized by a number of researchers recently The methodology were examined but neither algorithms nor practical applications have been implemented or practiced in Korea. In this paper, the architecture of the Buddy System, one of the automated risk assessment tools. is analyzed in depth to provide the algorithmic understanding and to promote the development of the risk analysis methodology. The Buddy System mainly uses three main factors of vulnerability, threat and countermeasures as a nucleus of the qualatative analysis with the modified loss expectancy value. These factors are identified and assessed by the separation of duties between the end user and security analyst. The Buddy System uses five axioms as its bases of assessment algorithm and the assessed vulnerability level is strictly within these axioms. Since the In-place countermeasures reduce the vulnerability level up to a certain level. the security analyst may use "what if " model to examine the impact of additional countermeasures by proposing each to reduce the vulnerability level further to within the acceptable range. The emphasis on the qualitative approach on vulnerability leveling is very well balanced with the quantitative analysis that the system performance is prominent.prominent.

• Korean Security Journal
• /
• no.38
• /
• pp.109-136
• /
• 2014

Korea domestic casino industry has been experienced an explosive growth marking the highest quantity and quality with rapid growth of domestic economy since the 1960s. However there are really lack of study about presenting guideline for establishing risk management planning reflected characteristics of casino industry. Therefore, we analyzed previous studies about concept of the risk and criteria and drew dimension of safety supervision reflecting characteristics of casino industry. we, also, identified detailed safety management factors as well as classified three dimensions of environment, human and facility on the dimension of safety supervision. This study was designed to examine effect relationship between risk management factors and performance of security management organization focused on The mediation effect of atmosphere of organization We used two different tools for data analysis: SPSS 18.0 for the descriptive statistics and PLS 3.0 to validate the integrity of the research model and proposed hypotheses that is main effects from risk management factors to security management organization and mediation effects of atmosphere of organization. The data analysis confirmed the importance of risk management factors to enhanced performance of security management organization. The mediation effect of atmosphere of organization, also, supported relationship between risk management factors and performance of security management organization. It provided theoretical and practical implication for building risk management strategy well suited casino company and conducting security management.

• The Journal of Information Systems
• /
• v.14 no.2
• /
• pp.1-23
• /
• 2005

Theoretically, both of fund transfer and balance inquiry which are typical Internet banking services are influenced by the beliefs on the use of Internet banking such as perceived risk and convenience, which have been shown as in the other studies. However, the use of fund transfer can be more sensitive than that of balance inquiry by the beliefs on Internet banking use since the former is not only more risk involved but also more complicated in using than the latter. The objective of this study is to analyze the relationship between the use of two Internet banking services-fund transfer and balance inquiry-and the beliefs on Internet banking use-security risk, convenience and social Influence. For this purpose, we provide the research model for explaining the difference between balance inquiry and fund transfer in the degree of influencing by security risk, convenience and social influence and test it empirically by collecting data from surveying for 206 internet banking users. In result, we show validity of the suggested model by Partial Least Square(PLS) approach.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1233-1245
• /
• 2017

Cyber risk is rapidly increasing due to the hyperconnectivity of the IoT in the intelligent information society. Therefore cyber insurance has been attracting attention as a new risk management countermeasure by transferring cyber risk. However, cyber insurance is still a new concept in South Korea. The purpose of this study is to propose the concept of cyber insurance suitable for domestic demand by deriving the priority of cyber insurance coverage. Research results suggest that the most requisite cyber insurance types are business interruption and liability.