• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.31 no.4
• /
• pp.72-81
• /
• 2023

The use of EFB (Electronic Flight Bag) has expanded, providing convenience to flight crews by minimizing paper usage within aircraft and offering the latest information, operability, and convenience related to aircraft operations. EFBs provide flight-sensitive information such as aircraft performance calculations, airport diagrams, routes, and approach procedures. For these information, EFBs connect to the cyber environment through Wi-Fi or self-contained data communication, allowing access to cloud-based systems for information updates, with administrators uploading the latest information for retrieval. However, in contrast to the evolving aviation technology, there is currently no legislation or security policy in place to maintain the security of EFBs, leaving them exposed to potential cyber threats. Therefore, improvements such as revising relevant laws to address potential cyber threats targeting EFBs and establishing and implementing EFB management systems are necessary. This paper aims to present the necessity for amending laws related to EFB security in response to cyber threats and suggests methods for enhancement.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.173-179
• /
• 2023

The 4th Industrial Revolution technology has emerged as a solution to build a hyper-connected, super-intelligent network-oriented operational environment, overcoming the obstacles of reducing troops and defense budgets facing the current military. However, the overall risk management, including the increase in complexity of the latest inform ation technology and the verification of the impact with the existing information system, is insufficient, leading to serious threats to system integrity and availability, or negatively affecting interoperability between systems. It can be inhibited. In this paper, we suggest cyber threat response strategies for our military to prepare for cyber threats by examining information security risk management in the United States in order to protect military information assets from cyber threats that may arise due to the advancement of information technology.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.353-371
• /
• 2014

We already have seen many studies and articles about the methodology responding the security risks and threats. But we still have some controversial subjects to be settled. Now, we are living in the era that we should focus on how to use the security systems instead of how to make it. In this point of view, a company need to find out the answer for these questions, which security risks have to be handled in a corporate, which system is better for responding the security threats, and how we can build necessary security architecture in case of developing systems. In this article, we'd like to study on-site scenarios threatening the corporate assets, the limit on dealing with these threats, and how to consolidate the security events and information from enormous assets. Also, we'd like to search for the direction form the actual cases which have shown the desired effect from converging the assets and network informations.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.197-208
• /
• 2020

Based on the network infrastructure advanced in the information knowledge society, the structure of computer net work is operated by establishing the composition of network in various forms that have secured the security. In case of computer network of national/public organizations, it is necessary to establish the technical and managerial securit y environment even considering the characteristics of each organization and connected organizations. For this, the im portance of basic researches for cyber training by analyzing the technical/managerial vulnerability and cyber threats based on the classification and map of cyber threats according to the characteristics of each organization is rising. T hus, this study aims to analyze each type of external/internal cyber threats to computer network of national/public o rganizations established based on the dualistic infrastructure network of internet and national information network, a nd also to present the cyber threat framework for drawing the elements of cyber security training, by drawing and analyzing the actual elements of cyber threats through the case-based scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.187-194
• /
• 2019

Ever since the world's largest Bitcoin Echange, (Mt. Gox), was closed in March 2014 due to the series of hacking, still many other Exchages incl. recent Coinale in Korea have been attacked. Those hacking attempts never stopped and have caused significant threats to the overall industry of Crypto Currency and resulted in the loss of individual investors' asset. The DEX (Decentralized Exchange) has been proposed as a solution to fix the security problem at the Exchange, but still it is far away to resolve all issues. Therefore, this paper firstly analyzes security threats against existing Crypto Currency Exchanges and secondly derives security requirements for them. To do that it proposes a secure and distributed Crypto Currency Transaction Model through Personal Security devices as a solution. The paper also proves this new attempt by demonstrating its unique modelling; ultimately by adopting this modeling into Crypto Exchange is to avoid potential security threats.

• International Journal of Computer Science & Network Security
• /
• v.21 no.3
• /
• pp.191-197
• /
• 2021

Ensuring the economic security of agro-industrial complexes of Ukrainian regions has become a top-priority task of state regional policy, as their stable functioning is an essential element of economic security of the whole country. It is overcoming threats to the development of the agro-industrial complex that ensures its further effective functioning and has a significant impact on the economic security of our state. Methods: logical method; methods of system analysis; synthesis; economic and statistical method; method of expert assessment; SWOT analysis; economic and mathematical modelling and planning. Results. Characteristic features of economic security have been given. The essence and significance of the agro-industrial complex in improving the economic security of the state have been determined. It has been noted that in recent years, the agro-industrial complex, which acts as a driver of the domestic economy and has a direct impact on the development of the country, has been growing (in 2019 the cereal and legume harvest exceeded 75 million tons, 20,269 thousand tons of potatoes were dug, more than 15 million tons of sunflower, 9,688 thousand tons of vegetables and 2,119 thousand tons of fruits and berries were harvested, meat and egg production increased by 137.5 thousand tons (or 5.8%) and 545.5 million pieces (or 3.4%), respectively, the number of employed population in agriculture increased by 139.8 thousand people (or 4.9%), the labour productivity in crop production increased by UAH 294.4 thousand (or 44.6%), in livestock production - by UAH 311.3 thousand (or 61.8%)). Based on the system of production and economic indicators, the analysis of the state of the agro-industrial complex has been carried out. Taking into account the results of the obtained data and using SWOT-analysis, the major threats to the development of the agro-industrial complex have been identified. Ways of overcoming threats enhancing the economic security of Ukraine have been proposed.

• The Journal of Information Systems
• /
• v.25 no.2
• /
• pp.51-77
• /
• 2016

Purpose Organizations invest significant portions of their budgets in fortifying information security. Nevertheless, the security threats by employees are still at large. We discuss methods to reduce security threats that are posed by employees in organization. This study finds antecedent factors that increases or decreases employee's compliance intention. Also, the study suggests organizations' security environmental factors which influences the antecedent factors of compliance intention. Design/methodology/approach The structural equation model is then applied in order to verify this research model and hypothesis. Data were collected on 415 employees working in organizations with an implemented information security policy in South Korea. We analyzed the fitness and validity of the research model via confirmatory factor analysis in order to verify the research hypothesis, then we analyzed structural model, and derived the result. Findings The result shows that organizational commitment and peer behavior increase security compliance intention of employees, while security system anxiety decreases compliance intention. And, organization's physical security system and security communication both have influence on antecedent factors for information security compliance of employees. Our findings help organizations to establish information security strategies that enhance employee security compliance intention.

• Nuclear Engineering and Technology
• /
• v.54 no.7
• /
• pp.2467-2474
• /
• 2022

Nuclear Power Plants (NPPs) are the most protected facilities among all critical infrastructures (CIs). In addition to physical security, cyber security becomes a significant concern for NPPs since swift digitalization and overreliance on computer-based systems in the facility operations transformed NPPs into targets for cyber/physical attacks. Despite technical competencies, humans are still the central component of a resilient NPP to develop an effective nuclear security culture. Turkey is one of the newcomers in the nuclear energy industry, and Turkish Akkuyu NPP has a unique model owned by an international consortium. Since Turkey has limited experience in nuclear energy industry, specific multinational and multicultural characteristics of Turkish Akkuyu NPP also requires further research in terms of the Facility's prospective nuclear security. Yet, the link between "national cultures" and "nuclear security" is underestimated in nuclear security studies. By relying on Hofstede's national culture framework, our research aims to address this gap and explore possible implications of cross-national cultural differences on nuclear security. To cope with security challenges in the age of hybrid threats, we propose a security management model which addresses the need for cyber-physical security integration to cultivate a robust nuclear security culture in a multicultural working environment.

• Electronics and Telecommunications Trends
• /
• v.33 no.1
• /
• pp.78-88
• /
• 2018

As the traffic environment gradually changes to autonomous driving and intelligent transport systems, vehicles are becoming increasingly complicated and intelligent, and their connectivity is greatly expandinged. As a result, attack vectors of such vehicles increasing, and security threats further expanding. Currently, various solutions for vehicle security are being developed and applied, but the damage caused by cyber attacks is still increasing. In recent years, vehicles such as the Tesla Model S and Mitsubishi Outlander have been hacked and remotely controlled by an attacker. Therefore, there is a need for advanced security technologies to cope with increasingly intelligent and sophisticated automotive cyber attacks. In this article, we introduce the latest trends of autonomous vehicles and their security threats, as well as the current status and issues of security technologies to cope with them.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.3
• /
• pp.1408-1416
• /
• 2011

Cloud computing provides not only cost savings and efficiencies for computing resources, but the ability to expend and enhance services. However, cloud service users(enterprisers) are very concerned about the risks created by the characteristics of cloud computing. In this paper, we discuss major concerns about cloud computing environments including concerns regarding security. We also analyze the security concerns specifically, identify threats to cloud computing, and propose general countermeasures to reduce the security risks.