• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.8
• /
• pp.5349-5354
• /
• 2014

Climate change is one of the most important factors increasing a system's vulnerability. Therefore, various methods have been applied to evaluate the vulnerability to develop an appropriate adaptation policy to minimize the effects of climate change. On the other hand, it has barely been used to examine the suitability of the selected proxy variables to calculate the vulnerability. In this study, it was shown that the degree of disaster and safety education should be considered as one of the proxy variables in non-structural measures when the vulnerability is calculated using an expert survey. As a result, the degree of the contribution on the climate change vulnerability can be different according to the education target and the characteristics of various systems. The results might be useful for developing a climate change adaptation policy in a specific area.

• Journal of The Korean Society of Agricultural Engineers
• /
• v.57 no.1
• /
• pp.59-67
• /
• 2015

Because reservoirs that supply irrigation water play an important role in water resource management, it is necessary to evaluate the vulnerability of this particular water supply resource. The purpose of this study is to provide water supply risk maps of agricultural reservoirs in South Korea using irrigation vulnerability model and cluster analysis. To quantify water supply risk, irrigation vulnerability indices are estimated to evaluate the performance of the water supply on the agricultural reservoir system using a probability theory and reliability analysis. First, the irrigation vulnerability probabilities of 1,346 reservoirs managed by Korea Rural Community Corporation (KRC) were analyzed using meteorological data on 54 meteorological stations over the past 30 years (1981-2010). Second, using the K-mean method of non-hierarchical cluster analysis and pre-simulation approach, cluster analysis was applied to classify into three groups for characterizing irrigation vulnerability in reservoirs. The morphology index, watershed area, irrigated area, and ratio between watershed and irrigated area are selected as the clustering analysis parameters. It is suggested that the water supply risk map be utilized as a basis for the establishment of risk management measures, and could provide effective information for a reasonable decision making on drought risk mitigation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.87-109
• /
• 2016

This study intends to present an effective and efficient development plan about the information protection of medical institutions, by establishing the improvement plan about Personal Information Management System(PIMS) appropriate to the characteristics of medical information focusing on medical institutions generating and using domestic medical information, and doing an empirical study on medical information protection plan. For this, in view of the medical characteristics of the existing Information Security Management System(ISMS), the study presented a study model appropriated to medical institutions based on Personal Information Management Systems index specialized for personal information, and through this, presented the vulnerability diagnosis and vulnerability improvement plan. Based on ISMS index, it designed an improvement index of personal information protection management about each index. The study conducted a survey for executives and employees about PIMS. Accordingly, it presented vulnerability diagnosis items of the current management system indexes from the viewpoint of the people who establish and mange the personal information protection about patients' medical information targeting executives and employees who serve at hospitals and can access medical information.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.7
• /
• pp.85-92
• /
• 2020

Following the development of Internet of Things (IoT) technology, the scope of application of IoT technology is expanding to industrial safety areas that detect and prevent possible risks in outdoor environments in advance, away from improving the convenience of living in indoor environments. Although this expansion of IoT service provides many advantages, it also causes security problems such as data leakage and modulation, so research on security response strategies is being actively carried out. In this paper, the IoT-based road construction risk management system in outdoor environment is proposed as a research subject. As a result of investigating the security vulnerabilities of the low-power wide-area (LPWA, BLE) communication protocol applied to the research targets, the security vulnerabilities were identified in terms of confidentiality, integrity, and availability, which are the three major elements of information security, and countermeasures for each vulnerability were proposed. This study is meaningful in investigating and analyzing possible vulnerabilities in the operation of the IoT-based risk management system and proposing practical security guidelines for each vulnerability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.535-545
• /
• 2014

As the software industry has developed, the attacks making use of software vulnerability has become a big issue in society. In particular, because the attacks using the vulnerability of web browsers bypass Windows protection mechanism, web browsers can readily be attacked. To protect web browsers against security threat, research on fuzzing has constantly been conducted. However, most existing web browser fuzzing tools use a simple fuzzing technique which randomly mutates DOM tree. Therefore, this paper analyzed existing web browser fuzzing tools and the patterns of their already-known vulnerability to propose an event and command based fuzzing tool which can detect the latest web browser vulnerability more effectively. Three kinds of existing fuzzing tools were compared with the proposed tool. As a result, it was found that the event and command based fuzzing tool proposed was more effective.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.99-107
• /
• 2022

In the current technological society, where various technologies are converged into one and being transformed into new technologies, new cyber attacks are being made just as they keep pace with the changes in society. In particular, due to the convergence of various attacks into one, it is difficult to protect the system with only the existing security system. A lot of information is being generated to respond to such cyber attacks. However, recklessly generated vulnerability information can induce confusion by providing unnecessary information to administrators. Therefore, this paper proposes a mechanism to assist in the analysis of emerging cyberattack convergence technologies by providing differentiated vulnerability information to managers by learning documents using deep learning-based language learning models, extracting vulnerability information and classifying them according to the MITRE ATT&CK framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.281-293
• /
• 2023

Industrial control systems (ICS) are increasingly targeted by security incidents as attackers' knowledge of ICS characteristics grows and their connectivity to information technology expands. Vulnerabilities related to ICS are growing rapidly, but patching all vulnerabilities in a timely manner is challenging. The common vulnerability assessment system used to patch vulnerabilities has limitations as it does not consider weaponization after discovery. To address this, this study defines criteria for classifying attacker skill levels based on open information including operating technology and vulnerability information in ICS. The study also proposes a method to evaluate vulnerability severity that reflects actual risk and urgency by incorporating the corresponding attribute in the existing severity score calculation. Case studies based on actual accidents involving vulnerabilities were conducted to confirm the effectiveness of the evaluation method in the ICS environment.

• Journal of Electrical Engineering and Technology
• /
• v.13 no.3
• /
• pp.1052-1059
• /
• 2018

This paper deals with commutation failure of the line-commutated converter high voltage direct current (LCC HVDC) system caused by a three phase fault in the ac power system. An analytic calculation method is proposed to estimate the maximum permissible voltage drop at the LCC HVDC station on various operating point and to assess the area of vulnerability for commutation failure (AOV-CF) in the power system based on the residual phase voltage equation. The concept is extended to multi-infeed HVDC power system as the area of severity for simultaneous commutation failure (AOS-CF). In addition, this paper presents the implementation of a shunt compensator applying to the proposed method. An analysis and simulation have been performed with the IEEE 57 bus sample power system and the Jeju island power system in Korea.

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.2
• /
• pp.43-48
• /
• 2012

As the major information communication infrastructure had been getting more important, 'Act on the Protection of Information and Communications Infrastructure'(APICI) was legislated in Korea 2001. Consequently, the major information system, nationwide monitering service systems and government administration operation & management systems have been registered and managed under the APICI. The authorized organizations related to above service and system, perform vulnerability analysis and evaluation for chief communication infrastructures by themselves or registered agencies. In this research, we propose an advanced model for vulnerability analysis and evaluation and apply it to the main information and communication infrastructures through the case study. We hope each related organization could apply this model for analysis and evaluation of vulnerability in these infrastructures.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.13 no.6
• /
• pp.1106-1112
• /
• 2010

One of the considerations in weapon systems procurement is the objective of maximizing the current force. Also, offensive effects, rather than defense are valued in weapons system development and procurement. Especially, the survivability of a naval ship is equally important as the offensive effect of onboard weapons. In case of naval ships, development of attack tactics and research regarding damage minimization must be conducted through live fire exercise against actual targets in order to minimize damage from the enemy. However, it is difficult to conduct such adequate measures due to realistic limitations such as time and budget in order to verify and calculate a weapon system's attack and damage effects along with the lack of practical studies in this subject despite numerous interests. Research are being conducted utilizing M&S to estimate attack effects and study damages due to such reason, but the lack of authoritative data and development ability are limiting calculation of reliable results. Therefore, this study will propose a measure to increase survivability of a weapon system(ship/vessel) utilizing research of vulnerability from enemy attacks analysis method against a naval ship(Craft Air Cushion).