• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.721-736
• /
• 2023

The Command and Control Framework was developed for penetration testing and education purposes, but threat actors such as cybercrime groups are abusing it. From a cyber threat hunting perspective, identifying Command and Control Framework servers as well as proactive responding such as blocking the server can contribute to risk management. Therefore, this paper proposes a methodology for tracking the Command and Control Framework in advance. The methodology consists of four steps: collecting a list of Command and Control Framework-related server, emulating staged delivery, extracting botnet configurations, and collecting certificates that feature is going to be extracted. Additionally, experiments are conducted by applying the proposed methodology to Cobalt Strike, a commercial Command and Control Framework. Collected beacons and certificate from the experiments are shared to establish a cyber threat response basis that could be caused from the Command and Control Framework.

• Ecology and Resilient Infrastructure
• /
• v.7 no.4
• /
• pp.388-395
• /
• 2020

Exotic species have been imported for economic purposes, but more recently, an increasing number of animals are imported as pets. With the increasing popularity of two species of turtles, Mauremys sinensis and Pseudemys concinna, the number of pet turtle owners has gradually increased since 2014. The number of turtles increased by 180 in 2017 and 281 in 2019. However, these turtle species have been abandoned to nature, owing to their long lifespans and the changes in conditions of pet owners. The two turtle species have been designated as invasive alien species (AIS) in Korea considering their ecological risks, and the Biological Diversity Act prohibits their release. The owners of Mauremys sinensis and Pseudemys concinna are required to submit the "Application for Approval of Breeding and Grace for AIS" document. In this study, the breeding conditions for the two turtle species were investigated by analyzing the information in the submitted applications for six months (e.g., the suitability of breeding facilities, number of turtles, breeding period, type of pet adoption, and local district of pet owner). A total of 614 cases were analyzed. Because only 58% of breeders provided suitable breeding conditions, breeding information and responsible pet ownership training should be offered to prevent abandonment in natural ecosystems. In addition, continuous monitoring is necessary to prepare for potential problems caused by the lack of information in many applications and the one-off licensing policy.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.3-8
• /
• 2011

Advanced Persistent Threat (APT), aims a specific business or political targets, is rapidly growing due to fast technological advancement in hacking, malicious code, and social engineering techniques. One of the most important characteristics of APT is persistence. Attackers constantly collect information by remaining inside of the targets. Enterprise Security Management (EMS) system can misidentify APT as normal pattern of an access or an entry of a normal user as an attack. In order to analyze this misidentification, a new system development and a research are required. This study suggests the way of forecasting APT and the effective countermeasures against APT attacks by categorizing misidentified data in data-mining through threshold ratings. This proposed technique can improve the detection of future APT attacks by categorizing the data of long-term attack attempts.

• Journal of the Korean Society for Aviation and Aeronautics
• /
• v.22 no.3
• /
• pp.15-23
• /
• 2014

There have been CFIT(Controlled Flight Into Terrain) accidents that can be prevented if the crew executed go-around. This study is to analyse the common factors of three typical CFIT accidents of Korea in TEM(threat and error management) frame, and the examples of go-around gate and the countermeasures of eight airlines through the survey facilitating go-around to prevent CFIT. The common factors found in three typical CFIT accidents occurred in Korea or by Korean carriers turned out to be in mountainous terrain, in bad weather while in non-precision approach or circling approach by captain as PF(Pilot Flying) when crew make monitoring errors and communication errors. It also turned out that the crew in all three typical tragic CFIT accidents did not execute go-around in unstabilized approaches. The captains did not respond immediately when first officers advised them to go-around until it is too late. Seven out of eight Airlines answered that they use stabilized approach height as 1,000 feet to be stabilized earlier to have more safety margin by enhancing go-around gate regardless of the weather to prevent CFIT in the survey.

• Journal of Korea Society of Industrial Information Systems
• /
• v.8 no.1
• /
• pp.62-74
• /
• 2003

Information security becomes a critical attribute to corporate information systems as increased strategic an operational reliance on information systems. Current proliferation of password requires more attention on information security because its nature of external connection with password user makes information systems more vulnerable from various threats are an important element of information systems management. This study focused on two issues : (1) the relationships between risk management factors(asset, threat, vulnerability) and risk level affected by threat, (2) the relationships between risk level and key password characteristics(length, composition, lifetime, selection method).

• Journal of the Korea Safety Management & Science
• /
• v.23 no.4
• /
• pp.1-9
• /
• 2021

This study examines the trends of domestic and foreign smart industries and discusses safety and security issues. Based on the actual situation survey and interview of the smart factory, we would like to examine the perspectives on risks and threats. We will examine safety and health issues related to new harmful and risk factors that may occur in smart factories and suggest institutional development directions for future safety and health. First, a safety and health-related work environment for smart factory workers is investigated and interviews are conducted. Second, we investigate new risk factors and threats to prevent industrial accidents for workers in smart factories. The purpose of this study is to examine what are the new risk factors in the smart factory. In addition, we will try to find reasonable improvement measures by finding out the risks and threats of smart factories through case studies in advanced countries, on-site interviews and surveys.

• Asia-Pacific Journal of Business
• /
• v.13 no.1
• /
• pp.301-315
• /
• 2022

Purpose - The main objective of this study was to investigate tourists behavior by applying protection motivation theory and health belief model during COVID-19 pandemic. Specifically, the study examined how risk perception of COVID-19 affects tourists' protection motivation and travel avoidance intention. Design/methodology/approach - The empirical data was collected by self-administered questionnaires to obtain perception and behavior regarding COVID-19 pandemic situation. A total of 486 questionnaires were used for data analysis and SEM analysis was applied in order to examine seven hypotheses. Findings-The results showed that COVID-19 risk perception is a significant antecedent of threat appraisal, coping appraisal, and cue to action (H1, H2, H6). Moreover, protection motivation is affected by threat appraisal and coping appraisal (H3, H4) and influences on travel avoidance intention (H5). However, cue to action does not affect protection motivation (H7). Research implications or Originality - This study provides insightful implications for tourism industry practitioners who will prepare the post-corona field and the results enrich knowledge of the tourist behavior during pandemic situation.

• Proceedings of the KAIS Fall Conference
• /
• 2009.12a
• /
• pp.578-581
• /
• 2009

본 논문에서는 통합보안관리 시스템에 대해서 주요 기능을 분석하고 시장동향을 조사하였으며, 기존의 소프트웨어 품질 평가 기술 및 표준화에 관한 연구를 추진하고, 통합보안관리 시스템의 보안성 품질 평가 모델을 개발하였다. 본 연구를 통하여 도출된 통합보안관리 시스템의 보안성 품질 평가 모델을 통하여 통합보안관리 시스템의 품질을 향상시키는데 중요한 역할을 할 것으로 본다.

• Journal of Navigation and Port Research
• /
• v.36 no.1
• /
• pp.9-14
• /
• 2012

Maritime security incidents by pirates and by terrorists increase, but maritime incidents investigation models are limited to figure out the maritime security incidents. This paper provides the analysis model for maritime security incidents. To develop this analysis model, this categorizes five threat factors, the ship, the cargo type, port system, human factor, information flow system, makes the risk assessment matrix to quantify the risk related to threat factors and classifies four priority categories of risk assessment matrix. Also, this model makes from the frameworks which include a variety of security initiatives implementing in stakeholder levels like international organizations, individual governments, shipping companies, and the ship. Therefore, this paper develops the Analysis for Maritime Security Management model based on various security initiatives responding to the stakeholder levels of maritime security management and top-bottom/bottom-up decision trees, and shows the validity through verifying the real maritime security incident of M/V Petro Ranger.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.773-777
• /
• 2007

Very various infusion by development of systems that is based on network is spread. Therefore, Evaluation Tool has been an active research area to reduce the risk from intrusion. On this thesis, during threat assesment, we have planned possible an equal-weight applied assesment and considering the characteristics of the organization an assesment which security factor's weight is variably applied to, and respective organizations to examine its security by itself in order to support the easy findings of the vulnerabilities on the management point of view, and to show the advices to practice.