• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.5
• /
• pp.725-730
• /
• 2017

The use of general IT resources in the Instrumentation and Control system(I&C) for the safety of Nuclear Power Plants(NPPs) is increasing. As a result, potential security vulnerabilities of existing IT resources may cause cyber attack to NPPs, which may cause serious consequences not only to shutdown of NPPs but also to national disasters. In order to respond to this, domestic nuclear regulatory agencies are developing guidelines for regulating nuclear cyber security regulations and expanding the range of regulatory targets. However, it is necessary to take measures to cope with not only general security problems of NPPs but also attacks specific to NPPs. In this paper, we select 42 items related to the vulnerability inspection in the contents defined in R.G.5.71 and classify it into 5 types. If the vulnerability inspection tool is developed based on the proposed analysis, it will be possible to improve the inspection efficiency of the cyber security vulnerability of the NPPs.

• Journal of Labour Economics
• /
• v.34 no.3
• /
• pp.29-58
• /
• 2011

Using careful background research and methodology, we proposed a revised sectoral index of vulnerability that is directly applied to two central labor examples: working hours and minimum wages. The valued calculated by each specific index represent the degree of weakness in corresponding conditions at the level of workplace units. Our proposed vulnerability index promises to be applicable to all business units under labor spot inspection. Also, it can be easily updated as the business environment evolves. The index is useful in selecting certain groups of business units and in evaluating the effectiveness of each regional government office.

• The Korean Journal of Health Service Management
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2015

In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.39-49
• /
• 2014

Cyber threats on the Internet are tremendously increasing and their techniques are also evolving constantly. Intrusion Detection System (IDS) is one of the powerful solutions for detecting and analyzing the cyber attacks in realtime. Most organizations deploy it into their networks and operate it for security monitoring and response service. However, IDS has a fatal problem in that it raises a large number of alerts and most of them are false positives. In order to cope with this problem, many approaches have been proposed for the purpose of automatically identifying whether the IDS alerts are caused by real attacks or not. In this paper, we present an alert verification method based on correlation analysis between vulnerability inspection results for real systems that should be protected and the IDS alerts. In addition, we carry out practical experiments to demonstrate the effectiveness of the proposed verification method using two types of real data, i.e., the IDS alerts and the vulnerability inspection results.

• Journal of Software Engineering Society
• /
• v.28 no.1
• /
• pp.13-22
• /
• 2019

To enhance effective and efficient applications of automated security vulnerability checkers in highly competitive and fast-evolving IT industry, this paper studies a comprehensive set of security bug checkers in open-source static analysis frameworks and how they can be utilized for source code inspections according to the security vulnerability inspection guidelines by MOIS. This paper clarifies the relationship be tween all 42 inspection criteria in the MOIS guideline and total 323 security bug checkers in 4 popular open-source static analysis frameworks for Java web applications. Based on the result, this paper also discuss the current challenges and issues in the MOIS guideline, the comparison among the four security bug checker frameworks, and also the ideas to improve the security inspection methodologies using the MOIS guideline and open-source static security bug checkers.

• Journal of the Korean Institute of Gas
• /
• v.26 no.4
• /
• pp.18-26
• /
• 2022

The Korean government is conducting heat-using equipment(industrial boiler) inspection in accordance with the Energy Use Rationalization Act because of the heat-using equipment(industrial boiler)'s risks such as explosion and fire, and safe use and management. This paper aimed to setup the safe and performance vulnerabilities from database based on the inspection results for heat-using equipment(industrial boiler). This study surveyed the inspection results of 1,249 heat-using equipment(industrial boiler) which were failed inspection of heat-using equipment(industrial boiler) from january 2016 to december 2020. And the analysis method is to inform safety and performance vulnerability categories of heat-using equipment(industrial boiler) by statistically analyzing the failure reasons of boiler type and inspection type which are high variance in failure rate. The safety and performance vulnerability categories was abbreviated into 18 cases. And each catagory's main reason for failure was suggested by additional analyzing the opinions of inspectors. This paper would be the basic source and the comprehensive information dealing with the safety and performance vulnerability of heat-using equipment(industrial boiler).

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.7
• /
• pp.1-8
• /
• 2017

As the IT environment becomes more sophisticated, various threats and their associated serious risks are increasing. Threats such as DDoS attacks, malware, worms, and APT attacks can be a very serious risk to enterprises and must be efficiently managed in a timely manner. Therefore, the government has designated the important system as the main information communication infrastructure in consideration of the impact on the national security and the economic society according to the 'Information and Communication Infrastructure Protection Act', which, in particular, protects the main information communication infrastructure from cyber infringement. In addition, it conducts management supervision such as analysis and evaluation of vulnerability, establishment of protection measures, implementation of protection measures, and distribution of technology guides. Even now, security consulting is proceeding on the basis of 'Guidance for Evaluation of Technical Vulnerability Analysis of Major IT Infrastructure Facilities'. There are neglected inspection items in the applied items, and the vulnerability of APT attack, malicious code, and risk are present issues that are neglected. In order to eliminate the actual security risk, the security manager has arranged the inspection and ordered the special company. In other words, it is difficult to check against current hacking or vulnerability through current system vulnerability checking method. In this paper, we propose an efficient method for extracting diagnostic data regarding the necessity of upgrading system vulnerability check, a check item that does not reflect recent trends, a technical check case for latest intrusion technique, a related study on security threats and requirements. Based on this, we investigate the security vulnerability management system and vulnerability list of domestic and foreign countries, propose effective security vulnerability management system, and propose further study to improve overseas vulnerability diagnosis items so that they can be related to domestic vulnerability items.

• Earthquakes and Structures
• /
• v.22 no.4
• /
• pp.387-399
• /
• 2022

To study the seismic damage of masonry structures and understand the characteristics of the multi-intensity region, according to the Dujiang weir urbanization of China Wenchuan earthquake, the deterioration of 3991 masonry structures was summarized and statistically analysed. First, the seismic damage of multistory masonry structures in this area was investigated. The primary seismic damage of components was as follows: Damage of walls, openings, joints of longitudinal and transverse walls, windows (lower) walls, and tie columns. Many masonry structures with seismic designs were basically intact. Second, according to the main factors of construction, seismic intensity code levels survey, and influence on the seismic capacity, a vulnerability matrix calculation model was proposed to establish a vulnerability prediction matrix, and a comparative analysis was made based on the empirical seismic damage investigation matrix. The vulnerability prediction matrix was established using the proposed vulnerability matrix calculation model. The fitting relationship between the vulnerability prediction matrix and the actual seismic damage investigation matrix was compared and analysed. The relationship curves of the mean damage index for macrointensity and ground motion parameters were drawn through calculation and analysis, respectively. The numerical analysis was performed based on actual ground motion observation records, and fitting models of PGA, PGV, and MSDI were proposed.

• Smart Media Journal
• /
• v.11 no.11
• /
• pp.75-83
• /
• 2022

NIST in the United States has developed SCAP, a protocol that enables automated inspection and management of security vulnerability using existing standards such as CVE and CPE. SCAP operates by creating a checklist using the XCCDF and OVAL languages and running the prepared checklist with the SCAP tool such as the SCAP Workbench made by OpenSCAP to return the check result. SCAP checklist files for various operating systems are shared through the NCP community, and the checklist files include ID, title, description, and inspection method for each item. However, since the inspection items are simply listed in the order in which they are written, so it is necessary to classify and manage the items by type so that the security manager can systematically manage them using the SCAP checklist file. In this study, we propose a method of extracting the description of each inspection item from the SCAP checklist file written in OVAL language, classifying the categories through a machine learning model, and outputting the SCAP check results for each classified item.

• Structural Engineering and Mechanics
• /
• v.26 no.6
• /
• pp.617-634
• /
• 2007

Algeria is a country with a high seismic activity. During the last decade, many destructive earthquakes occurred, particularly in the northern part, causing enormous losses in human lives, buildings and equipments. In order to reduce this risk in the capital and avoid serious damages to the strategic existing buildings, the government decided to invest into seismic upgrade, strengthening and retrofitting of these buildings. In doing so, seismic vulnerability study of this category of buildings has been considered. Structural analysis is performed on the basis of site investigation (inspection of the building, collecting data, materials, general conditions of the building, etc), and existing drawings (architectural plans, structural design, etc). The aim of these seismic vulnerability studies is to develop guidelines and a methodology for rehabilitation of existing buildings. This paper will provide insight to the vulnerability assessment and strengthening of the telecommunication centre, according to the new code RPA 99/version 2003. Both, static equivalent method and non linear dynamic analysis are performed in this study.