• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.3-13
• /
• 2020

Organizations are facing a new, diverse security threat as ICT based industrial environment arises. As a way of effective countermeasure for security threat, organizations are making an effort to establish internalization of security culture, targeting a organizational members. However, members' awareness toward security receptiveness is low as inconvenience exists in business process and existing security culture focuses on controlling and regulating. Accordingly, this research desires to develop a participatory security culture which can higher the efficiency of security work process and induce members' voluntary participation. A comparative analysis on security culture related prior researches is conducted and based on a drawn components, statistical verification is accomplished. It is expected to contribute on future research on measuring a security culture level.

• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.113-124
• /
• 2019

Today many companies are offering IoT-enabled products and place emphasis on security from the planning stage to protect their products and user information from external threats. The present security levels, however, remain low because the time and resources invested in developing security requirements for each device are far from enough to meet the needs of a wide range of IoT products. Nevertheless, vulnerabilities of IoT devices have been reported continuously, which calls for more detailed security requirements for home IoT devices. In this context, this research identified threats of home IoT systems by using Microsoft Threat Modeling Tool. It then suggested measures to enhance the security of home IoT devices by developing security assessment items through comparative analysis of the identified threats, domestic and global vulnerability assessment standards and related research. It also verified the effectiveness of the developed security requirements by testing them against the existing ones, and the results revealed the security requirements developed in this research proved to be more effective in identifying vulnerabilities.

• Journal of Convergence for Information Technology
• /
• v.11 no.7
• /
• pp.7-13
• /
• 2021

Recently, due to the many features and advantages of cloud computing, cloud service is being introduced to countless industries around the world at an unbelievably rapid pace. With the rapid increase in the introduction of multi-cloud based services, security vulnerabilities are increasing, and the risk of data leakage from cloud computing services are also expected to increase. Therefore, this study will propose an AWS Well-Architected based security architecture configuration method such as AWS standard security architecture, AWS shared security architecture model that can be applied for personal information security including cost effective of cloud services for better security in AWS cloud service. The AWS security architecture proposed in this study are expected to help many businesses and institutions that are hoping to establish a safe and reliable AWS cloud system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.135-149
• /
• 2006

Securing wireless Ad hoc network including the secure mechanism design and implementation is generally more difficult for vulnerability of channels and nodes, the absence of infrastructure, topology that change dynamically, and etc, than ire network. The efforts of early researches are based on the adaptation of securing methods for the wire network to wireless ad hoc network. However, wireless ad hoc network could not get effective study finding because network has essential problems. This paper proposes that some new problems are being came to light over the survivability and availability of the network itself, that are caused by the massive packet attack of more than one or two nodes, and proves the consequence of this phenomenon. Also, we propose an effective prevention mechanism of masquerade attacks for survivability reinforcement that escape standard of the early way by survivability of wireless Ad hoc network and approaches for performance elevation and reflect special quality of wireless Ad hoc network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.551-558
• /
• 2016

The recent convergence in ICT industry has created new businesses as well as other opportunities. However, it entails new convergence threat accompanied by security risks. Even though there are security professionals who are dealing with the situation, there is not enough human resource in risk management. Moreover, the amount of research that studies quality of education and training security personnel is not sufficient. This paper explores the curriculum of information security education in the private sector and reasons out fifteen standard curriculums in four professional fields categorized by job classification. In addition, it provides a weighted score table based on the evaluation indicator for the effective security education certificates in the private sector.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.51-59
• /
• 2016

An internal and external threat against an information system has increased, and to reduce it, organization has spent a great deal of money and manpower. However, in spite of such investment, security threat and trouble have happened continuously. Organization has conducted information security activity through various policies. The study classified such activities into prevention-oriented activity and control-oriented activity, and researched how information security activity of organization affects members of an organization and obeys information security policy by using health belief model. As a result of the study, prevention-oriented activity has a meaningful impact on seriousness, and this seriousness affects compliance intention for information security. Control-oriented activity has a meaningful impact on benefits, and the benefits have an effect on compliance intention. When an organization conducts prior activities such as education, PR, and monitoring, this organization should emphasize negative results that can happened because of deviation. In addition, in case of exposure and punishment through post activities such as inspection and punishment, if the organization emphasizes the positive effects of exposure and punishment rather than emphasis of negative parts, information security activity will be more effective.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.41-53
• /
• 2014

In order to achieve efficient and effective organizational information security objectives, for the level of information security to accurately evaluation and direction for improving that performance evaluation index and method of measurement for information security outcomes are needed. For information security activities of domestic companies to measure the performance or effectiveness, that standard method of measuring and the available evaluation Index are insufficient. company is difficult to investment for information security budget. Therefore, the purpose of this study was developing of performance evaluation index and method of measurement for information security outcomes applying BSC available in the company. The results of this study that companies can determine the level of information security itself. Analysis of the information security status and the strategy establishment of the information security investment can be applied.

• Convergence Security Journal
• /
• v.10 no.1
• /
• pp.9-17
• /
• 2010

Internet network routing system is used to prevent spread and distribution of malicious data traffic. The penetration of malicious code and the function of security blocking are performed on the same course of traffic pathway. The security architecture is the concept to distinguish the architecture from the group handling with the traffic on the structure of network which is performed with the function of penetration and security. The security architecture could be different from the criterion of its realm and function, which requires the development and the application of security mechanism for every architecture. For the establishment of security architecture it is needed to show what criterion of net work should be set up. This study is based on analysis of diagnostic weakness structure in the network security architecture and research the criterion for topology factor, security architecture structure map selection, and blocking location and disinfection net. It is shown to increase the effective rate blocking the virus with the proposed method in this paper rather than the traditional network architecture.

• Journal of the Korea Convergence Society
• /
• v.11 no.9
• /
• pp.229-242
• /
• 2020

The purpose of this study is to present the environmental factors of positive and negative aspects that affect the information security compliance intention, and reveals the relationship of the individual's the security compliance intention. The subjects of this study are employees of organizations that apply information security policies and technologies, and effective samples were obtained through surveys. In the process of analysis, the study model was verified through structural equation modeling. The measurement variables consisted of security policy, security system, technical support, work impediment, security non-visibility, compliance intention and organizational commitment and used for analysis. The results confirmed that security compliance factors such as policy, system, technical support, and non-compliance factors, work impediment, respectively, had an impact on organizational commitment, leading to compliance intention. The verification result of the research model suggests the direction of establishing a security compliance strategy for employees to improve the level of information security compliance of the organization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.705-715
• /
• 2017

Today, the world is evolving into a huge community that can communicate with real-time information sharing and communication based on the rapid advancement of scientific technology and information. Behind this information, the adverse effects of information assets, such as hacking, viruses, information assets, and unauthorized disclosure of information assets, are continually increasing as a serious social problem. Each time an infringement of the invasion and personal information leaks occur, many regulatory policies have been announced, including stricter regulations for protecting the privacy of the government and establishing comprehensive countermeasures. Also, companies are making various efforts to increase awareness of the importance of information security. Nevertheless, information security accidents like the leaks of industrial secrets are continuously occurring and the frequency is not lessening. In this thesis, I proposed a customized security policy methodology that supports users with various business circumstances and service and also enables them to respond to the security threats more confidently and effectively through not a monotonous and technical but user-centered security policy.