• Journal of the Korea Safety Management & Science
• /
• v.23 no.2
• /
• pp.53-63
• /
• 2021

Small and medium-sized enterprises(SMEs) continue to adopt ICT to gain an edge in organizational innovation and competition. This has a management advantage, but it also brings vulnerabilities as to cyber security. Therefore, the purpose of this study is to conduct an exploratory study on the cyber security situation of SMEs. A survey was conducted on Korean SMEs to determine how well they are connected to ICT and how much they are exposed to cyber security threats. The results suggest two things. First, Korean SMEs are well connected to ICT, but there is a gap between the actual adoption and human recognition of its importance. Second, security threats and breaches affect the majority of SMEs, but several problems including costs have not been properly evaluated. The results of this study are expected to help improve the cyber security management system of Korean SMEs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.580-599
• /
• 2021

Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

• KNOM Review
• /
• v.22 no.1
• /
• pp.11-19
• /
• 2019

As technology develops, the latest security threats on the network applied to users are increasing. By attacking industrial or corporate systems with malicious purposes, hackers cause many social problems such as confidential information leakage, cyber terrorism, infringement of information assets, and financial damage. Due to the complex and diversified threats, the current security personnel alone are not enough to detect and analyze all threats. In particular, the Supervisory Control And Data Acquisition (SCADA) used in industrial infrastructures that collect, analyze, and return static data 24 hours a day, 265 days a year, is very vulnerable to real-time security threats. This paper introduces security information and event management (SIEM), a powerful integrated security management system that can monitor the state of the system in real time and detect security threats. Next, we compare SIEM solutions from various companies with the open source SIEM (OSSIM) from AlienVault, which is distributed as an open source, and present cases using the OSSIM and how to utilize it.

• The Journal of Information Systems
• /
• v.17 no.1
• /
• pp.23-43
• /
• 2008

Nowadays, openness and accessibility of information systems increase security threats from inside and outside of organization. Appropriate password is supposed to bring out security effects such as preventing misuses and banning illegal users. This study emphasizes on choosing passwords from perspective of information security and investigated user's security awareness affecting behavioral intention. The research model proposed in this study includes user's security belief which is influenced by risk awareness factors such as information assets, threats and vulnerability elements. The risk awareness factors ale derived from risk analysis methodologies for information security. User's risk awareness is a factor influencing the security belief, attitude toward security behavior, and security behavioral intention. According to the result of this study, while vulnerability is not related to the risk awareness, information assets and threats are related to the user's risk awareness. There is a significant relationship between risk awareness and security belief. Also, user's security behavioral intention is significantly affected by security attitude.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.693-696
• /
• 2013

Information protection system (Information protection system)-based IT environment built popularity in public agencies and businesses take advantage of the resources for the integration of the information system one essential environment began to recognize, cloud systems (Cloud System), cloud security (Cloud Security), big data (Big Data), big data security (Big Data Security), industrial security (Security Industry), as well as the issue. Due to the influence of these information protection system (Information protection system) in response to my external security threats based on the analysis plan. In this paper, data protection systems (Information protection system), resulting in the introduction, there are a number of security threats and particularly industrial security aspects and internal and external security threats in response by lighting about aspects of the plan is based on knowledge.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.187-196
• /
• 2020

In order to manage information security risk, various information security level evaluation and information security management system certification have been conducted on a larger scale than ever. However, there are continuous cases of infringement of information protection for companies with excellent information security evaluation and companies with excellent information security management system certification. The existing information security risk management methodology identifies and analyzes risks by identifying information assets inside the information system. Existing information security risk management methodology lacks a review of where cyber threats come from and whether security devices are properly operated for each route. In order to improve the current risk management plan, it is necessary to look at where cyber threats come from and improve the containment level for each inflow section to absolutely reduce unnecessary cyber threats. In addition, it is essential to measure and improve the appropriate configuration and operational level of security equipment that is currently overlooked in the risk management methodology. It is necessary to block and enter cyber threats as much as possible, and to detect and respond to cyber threats that inevitably pass through open niches and use security devices. Therefore, this paper proposes additional evaluation items for evaluating the containment level against cyber threats in the ISMS-P authentication items and vulnerability analysis and evaluation items for major information and communication infrastructures, and evaluates the level of security equipment configuration for each inflow.

• Korean Security Journal
• /
• no.31
• /
• pp.157-185
• /
• 2012

Today, the emergence of cyberspace and advancement of globalization caused not only the transformation of our productive and conventional life but also the revolutionary transition of use of destructive violence such as crime and warfare. This transition of environmental condition connects various security threats which separatedly existed in individual, local, national, and global levels in the past, and transformed the mechanical sum of all levels of security threats into the organic sum of multi-dimensional security threats. This article proposes that the sum of multi-dimensional security threats is caused by the interconnectivity of various different levels of security threats and the integrated interdisciplinary perspective is essential to properly understand the fundamental existence of today's security problem and the reality of fear that we face today. The holistic security, the concept proposed here, is to suggest the mode of networked response to multi-dimensional security threats. The holistic security is suggested to overcome the conventional divisional approach based on the principle of "division of labor" and bureaucratic principles, which means more concretely that national security and criminal justice are divided and intelligence, military, police, prosecution, fire-fighting, private security, and etc. are strictly separated into its own expertise and turf. Also, this article introduces integrated security approaches tried by international organization and major countries overseas with the respect of the holistic security. The author have spent some substantial experience of participant observation, meetings, seminar, conference, and expert interviews regarding the issues discussed in the article in various countries including the United States, Russia, Austria, Germany, Canada, Mexico, Israel, and Uzbekistan for the last ten years. Intelligence and information on various levels of security threats and security approaches introduced in this paper is obtained from such opportunities.

• Strategy21
• /
• s.30
• /
• pp.63-98
• /
• 2012

Northeast Asia has a multi-layered security structure within which major economic and military powers both confront one another and cooperate at the same time. Major regional powers maintain mutually cooperative activities in the economic sphere while competing one another in order to secure a dominant position in the politico-military arena. The multifarious threats, posed by the North Korea's nuclear development, territorial disputes, and maritime demarcation line issues demonstrate that Northeast Asia suffers more from military conflicts and strifes than any other region in the world. Specifically, major maritime security threats include North Korea's nuclear proliferation and missile launching problems as well as military provocations nearby the Northern Limit Line(NLL) as witnessed in the Cheonan naval ship and Yeonpyong incidents. The ROK Navy has been supplementing its firm military readiness posture in consideration of North Korea's threats on the NLL. It has performed superb roles in defending the nation and establishing the Navy advanced and best picked. It also has been conducive to defend the nation from external military threats and invasion, secure the sea lanes of communications, and establish regional stability and world peace. In order to effectively cope with the strategic environment and future warfares, the ROK Navy needs to shift its military structure to one that is more information and technology intensive. In addition, it should consolidate the ROK-US alliance and extend military cooperative measures with neighboring countries in the Asia-Pacific region. Evolved steadily for the last 60 years, the ROK-US alliance format has contributed to peace and security on the Korean peninsula and in the Northeast Asian region. In conclusion, this manuscript contends that the ROK Navy should strive for the establishment of the following: (1) Construction of Jeju Naval Base; (2) Strategic Navy Equipped with War Deterrence Capabilities; (3) Korean-type of System of Systems; (4) Structure, Budget and Human Resources of the Naval Forces Similar to the Advanced Countries; and (5) Strategic Maritime Alliance and Alignment System as well as Domestic Governance Network for the Naval Families.

• Journal of Platform Technology
• /
• v.11 no.5
• /
• pp.126-135
• /
• 2023

Demand for NFT is expanding along with Blockchain. And cyber security threats are also increasing. Therefore, this study derives security level inspection items by analyzing status related to NFT security such as NFT features, security threats, and compliance for the purpose of strengthening NFT security. Based on this, the relative importance was confirmed by applying it to the AHP model. As a result of the empirical analysis, the priority order of importance was found in the order of Security management system establishment and operation, encryption, and risk management, etc. The significance of this study is to reduce NFT security incidents and improve the NFT security management level of related companies by deriving NFT-related security level check items and demonstrating the research model. And If you perform considering relative importance of the NFT check items, the security level can be identified early.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.4
• /
• pp.47-56
• /
• 2018

We analyzed security threats and suggested countermeasures about the block chain technologies which has emerged as a core technology of the fourth industrial revolution. We know that increasing the security leads to slow down program processing rate in the block chain systems. The block chain system which is currently an early stage of technological development, to become an economic and social infrastructure, development of technology and active policy implementation will be necessary. We studied on the security threats and countermeasures of the Bit Coin based on block chain. Further research should be undertaken on the possibility that future studies could have a real adverse effect on the integrity of the data.