• Industrial Engineering and Management Systems
• /
• v.13 no.1
• /
• pp.87-100
• /
• 2014

Risk management is recognized as a significant element in Information Security Management while the failure mode and effects analysis (FMEA) is widely used in risk analysis in manufacturing industry. This paper aims to present the development work of the Information Security FMEA Circle (InfoSec FMEA Circle) which is used to support the risk management framework by modifying traditional FMEA methodologies. In order to demonstrate the "appropriateness" of the InfoSec FMEA Circle for the purposes of assessing information security, a case study at Hong Kong Science and Technology Parks Corporation (HKSTP) is employed. The "InfoSec FMEA Circle" is found to be an effective risk assessment methodology that has a significant contribution to providing a stepwise risk management implementation model for information security management.

• Journal of Multimedia Information System
• /
• v.7 no.1
• /
• pp.45-54
• /
• 2020

This paper presented a brief introduction along with various wireless standards which provide an interactive way of interaction among the vehicles and provides effective communication in VANET. Security issues such as confidentiality, authenticity, integrity, availability and non-repudiation, which aims to secure communication between vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I). A detailed discussion and analysis of various possible attacks based on security services are also presented that address security and privacy concern in VANETs. Finally a general analysis of possible challenges is mentioned. This paper can serve as a source and reference in building the new technique for VANETs.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.2
• /
• pp.199-208
• /
• 2004

In this paper, we propose and implement SIA System for filtering redundant alert messages and dividing them into four statuses. Also, we confirm that our system can find and analyze vulnerability types of network intrusion by attackers in a managed network, so that it provides very effective means for security managers to cope with security threats in real time.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.13 no.3
• /
• pp.110-116
• /
• 2005

TSA needs to be more transparent with the new passenger screening system and its functioning to build the citizen trust. The system is needed to be not only effective but supported by Congress and the general public. Until this occurs, skepticism will underlie any discussion about its effectiveness in balancing the protection from terrorism with respect to individual liberties. CAPPS II can be a viable system if it is developed appropriately. The objectives of the study are to introduce the security program in the U.S. aviation security policy and to discuss privacy problems when it applies. Korea also needs to study a harmonious plan with the basis of global approach mind in the case of considering the transferring of passenger information from other states for the purpose of security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4177-4190
• /
• 2015

Current research on Internet of Things (IoT) has primarily addressed the means to enhancing smart resource allocation, automatic network operation, and secure service provisioning. In particular, providing satisfactory security service in IoT systems is indispensable to its mission critical applications. However, limited resources prevent full security coverage at all times. Therefore, these limited resources must be deployed intelligently by considering differences in priorities of targets that require security coverage. In this study, we have developed a new application of Cognitive Radio (CR) technology for IoT systems and provide an appropriate security solution that will enable IoT to be more affordable and applicable than it is currently. To resolve the security-related resource allocation problem, game theory is a suitable and effective tool. Based on the Blotto game model, we propose a new strategic power allocation scheme to ensure secure CR communications. A simulation shows that our proposed scheme can effectively respond to current system conditions and perform more effectively than other existing schemes in dynamically changeable IoT environments.

• Journal of Information Processing Systems
• /
• v.6 no.1
• /
• pp.91-106
• /
• 2010

The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals. This study demonstrates that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. The goal of this study is to provide developers with an Integrated Security Development Framework (ISDF) that can assist them in building more secure software.

• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.201-206
• /
• 2022

The main purpose of the study is to analyze the features of innovation and project management in the system of improving the performance of personnel as a factor in ensuring competitiveness and investment security. For the successful operation of enterprises, regardless of their form of ownership and field of activity, in order to carry out effective activities, they turn to innovative methods related to the formation of the potential of the workforce, and increasing the level of education and qualifications of staff and establishing their potential ability to make independent decisions. Based on the results of the study, the key features of innovation and project management in the system of improving the performance of personnel as a factor in ensuring competitiveness and investment security are characterized.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.4
• /
• pp.3-10
• /
• 1999

More concerns are concentrated in finite fields arithmetic as finite fields being applied for Elliptic curve cryptosystem coding theory and etc. Finite fields arithmetic is affected in represen -tation of those. Optimal normal basis is effective in hardware implementation and polynomial field which is effective in the basis conversion with optimal normal basis and show that the arithmetic of finite field with the basis is effective in software implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.575-584
• /
• 2012

A established military security tast based on existing manual and off-line needs the change and development to support effective and systematic task performance according to environment change of informational and scientific project in the military. Therefore this study suggests to set up the standard model of the defense integrated security system to automate and informationize major defense security task based on actual and problem in the area of major defense of security task and case analysis of these in America, England and other countries. The standard model consist of unit systems were made up integrated security system, security management system, man entrance system, vehicle entrance system, high-tech guard system, terror prevention system and the security accident analysis system, and this suggested model based on possible technology and system. If this model is apply to each real military unit, we will expect the development of defense security.

• The Journal of the Korea Contents Association
• /
• v.21 no.2
• /
• pp.499-506
• /
• 2021

Hackers' cyber attack techniques are becoming more sophisticated and diversified, with a form of attack that has never been seen before. In terms of information security vulnerability standard code (CVE), about 90,000 new codes were registered from 2015 to 2020. This indicates that security threats are increasing rapidly. When new security vulnerabilities occur, damage should be minimized by preparing countermeasures for them, but in many cases, companies are insufficient to cover the security management level and response system with a limited security IT budget. The reason is that it takes about a month for analysts to discover vulnerabilities through manual analysis, prepare countermeasures through security equipment, and patch security vulnerabilities. In the case of the public sector, the National Cyber Safety Center distributes and manages security operation policies in a batch. However, it is not easy to accept the security policy according to the characteristics of the manufacturer, and it takes about 3 weeks or more to verify the traffic for each section. In addition, when abnormal traffic inflow occurs, countermeasures such as detection and detection of infringement attacks through vulnerability analysis must be prepared, but there are limitations in response due to the absence of specialized security experts. In this paper, we proposed a method of using the security policy information sharing site "snort.org" to prepare effective countermeasures against new security vulnerability attacks.