• Knowledge Management Research
• /
• v.20 no.4
• /
• pp.39-55
• /
• 2019

Although Firms have been increasing their information security significantly to handle increased security risks, the effects of information security were not well understood. This study aims to investigate the market value of information security by employing the event study methodology. Our research also explores how market responses vary depending on the type of information security announcements. We collected 177 firm-level information security announcements between 2001 and 2017 in South Korea. For all samples, our results indicate that the stock market positively reacts to information security announcements. We also conducted subsample analysis and found that while information security certification announcement has a positive impact on the stock market, information security activities (e.g. award, information security system) announcement had no impact on the stock market. Our study adopted a novel approach (i.e. event study) for investigating the effects of information security and found that information security investment positively affects firm value. Our results allow managers to measure the effects of information security investment and help them make right decisions on information security investment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1237-1246
• /
• 2021

This paper is about Asynchronous Transfer Mode (ATM) cell security in which an Output Feedback (OFB) mode is applied to an AES block ciphers. ATM cells are divided into user data cells and maintenance cells, and each cell is 53 octets in size and consists of a header of 5 octets and a payload of 48 octets. In order to encrypt/decrypt ATM cells, the boundaries of cells must be detected, which is possible using the Header Error Control (HEC) field in the header. After detecting the boundary of the cell, the type of payload is detected using a payload type (PT) code to encrypt only the user cell. In this paper, a security method for ATM cells that satisfies the requirements of ISO 9160 is presented.

• Journal of Convergence for Information Technology
• /
• v.7 no.2
• /
• pp.77-82
• /
• 2017

In this paper, a new security algorithm to recognize the type of the vehicle with the vehicle image as a input image is suggested. The vehicle recognition security algorithm is composed of five core parts, such as the input image, background removal, edge areas extraction, pre-processing(binarization), and the vehicle recognition. Therefore, the final recognition rate of the security algorithm for vehicle type recognition can be affected by the function and efficiency of each step. After inputting image into a gray scale image and removing backgrounds, the binarization is performed by extracting only the edge region. After the pre-treatment process for making outlines clear, the type of vehicles is categorized into large vehicles, passenger cars and motorcycles through the ratio of height and width of the vehicle.

• Journal of Broadcast Engineering
• /
• v.13 no.2
• /
• pp.261-273
• /
• 2008

Multimedia service whose use is rapidly increasing supports effective services to convert and transmit multimedia data based on network speed, noise circumstance, terminal computation, and type of contents for satisfying QoS. For supporting information protection of multimedia service, it offers middle level of singular security service or security mechanism which is based on policy of service provider, depending on present terminal computation and type of contents. It can support security mechanism for more effective multimedia service, if we study security of application layer and network layer for supporting multimedia service. In this paper, we propose Multimedia security framework reflected on quantitative analysis of the WLAN(Wireless Local Area Network) mesh network security using the utility function in the level of the sorority, violation and addictive compensation model.

• The Journal of Society for e-Business Studies
• /
• v.23 no.3
• /
• pp.65-84
• /
• 2018

The government is continuously expanding its national R&D investment to actively respond to the advent of the $4^{th}$ industrial revolution era and to develop the national economy. The R&D structure is likely to be liberalized as the paradigm shifts from the pursuit type R&D to the leading type R&D, and R&D capacity enhancement that focuses on researchers' creativity is emphasized. Such changes in R&D environment will increase the risk of security accidents such as leakage of research information. In addition, security policy for protection of research result should be the Researcher-Centric Security and security policy should be changed. This study explored transforming the research security system into the Researcher-Centric Security system so that researchers can voluntarily implement necessary security measures in the course of conducting research.

• Journal of the Korea Society for Simulation
• /
• v.11 no.2
• /
• pp.1-16
• /
• 2002

The need for network security is being increasing due to the development of information communication and internet technology. In this paper, firewall models, operating system models and other network component models are constructed. Each model is defined by basic or compound model, referencing DEVS formalism. These models and the simulation environment are implemented with MODSIM III, a general purpose, modular, block-structured high-level programming language which provides direct support for object-oriented programming and discrete-event simulation. In this simulation environment with representative attacks, the following three attacks are generated, SYN flooding and Smurf attack as an attack type of denial of service, Mail bomb attack as an attack type of e-mail. The simulation is performed with the models that exploited various security policies against these attacks. The results of this study show that the modeling method of packet filtering system, proxy system, unix and windows NT operating system. In addition, the results of the simulation show that the analysis of security performance according to various security policies, and the analysis of correlation between availability and confidentiality according to security empowerment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.57-66
• /
• 2005

SHACAL-2 is a 256-bit block cipher with various key sizes based on the hash function SHA-2. Recently, it was recommended as one of the NESSIE selections. This paper presents differential-linear type attacks on SHACAL-2 with 512-bit keys up to 32 out of its 64 rounds. Our 32-round attack on the 512-bit keys variants is the best efficient attack on this cipher in published literatures.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.121-126
• /
• 2015

Exposure of personal information that is held by hacking accident near the company has led to severe water level. And, it has changed security threat elements generated according to businessenterprise. Therefore, in this paper, I looked at security threat elements and proposed the way of appropriate information security consulting according type of company. First, In the financial and insurance industries, and should not have been compromised by a worm virus infection due to lack of awareness inside of members, by collectively apply in the same way the internal security standards of the organization to members, the risk of customer information. It shall be provided in advance that the security accident occurs due to a higher job group. Therefore, information security consulting method based on people and information is applied. Secondly, in industry of company, to perform consulting information security based on the attributes of the case industry groups.

• Information Systems Review
• /
• v.12 no.1
• /
• pp.23-42
• /
• 2010

Although organizations are given various benefits with information technologies, they sometimes have suffered fatal damages due to information security incidents now such as computer virus, hacking, counterfeiting, plagiarizing, etc. The fundamentalcauses of information security incidents are closely related to individuals who do not comply with information security policy or rules. The spontaneous self-control of individuals and monitoring for individuals could be the most essential solution for the ongoing observance of information security policy. Thus, the purpose of this study is to analyze effects of punishment and ethics training on compliance of information security policy of individuals in organizations, to determine individual divide among security propensity depending on organization types, and to find the more fundamental solution which leads change of organizational members’ behaviors and self-control. Regardless of the type of organizations, the results of the study suggest that there exist positive effects of punishment and ethics training in all types of organization on compliance of information security rules or regulations. A member of unitary form organization has higher cognition of punishment than a member's cognition of the multi-divisional form organization, while relatively lower awareness of ethics training. Also, a member of public organization has higher awareness of ethics training than a member’s awareness of private organization, while lower cognition of punishment. Finally, the result shows that punishment and ethics training may be major factors which affect information security. It also suggests that organizational security managers have to understand and consider organization member’s propensity relying on organization form and organization characteristics for establishment and enforcement of information security policy.

• Journal of Industrial Convergence
• /
• v.13 no.3
• /
• pp.11-25
• /
• 2015

The purpose of this study is to find out the security guard of the destination and type of terrorism, surveillance, and identification / carried out in order to identify the recognition site the ability to respond to terrorism prevention measures, safety measures on terror. Analysis was conducted by the survey research through the literature for recognition of terrorism in order to derive the measured variables for the general recognition of the guards, pay security guard 300 patients.