• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.847-857
• /
• 2019

Recently, various cyber threats such as Ransomware and APT attack are increasing by e-mail. The characteristic of such an attack is that it is important to take administrative measures by improving personal perception of security because it bypasses technological measures such as past pattern-based detection The purpose of this study is to investigate the human factors of employees who are vulnerable to spam mail attacks through field experiments and to establish future improvement plans. As a result of sending 7times spam mails to employees of a company and analyzing training report, It was confirmed that factors such as the number of training and the recipient 's gender, age, and workplace were related to the reading rate. Based on the results of this analysis, we suggest ways to improve the training and to improve the ability of each organization to carry out effective simulation training and improve the ability to respond to spam mail by awareness improvement.

• Journal of Digital Convergence
• /
• v.16 no.12
• /
• pp.33-39
• /
• 2018

Social enterprises are companies that provide jobs to the vulnerable and provide social services. However, sustainable management of social enterprises is very difficult in a rapidly changing market environment. Therefore, for the sustainable management of social enterprise, it is assumed that the duty efficiency of the members of the social enterprise is most important in the limited resource environment, and that the social entrepreneur can increase the efficiency of the work by giving delegation to the members. Therefore, this study investigates how social entrepreneurs influence on the job efficiency of members when giving psychological empowerment to members of social enterprise based on social entrepreneurship. When giving empowerment leadership to members, And it has a significant effect on job efficiency.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.234-237
• /
• 2014

The increasing of Cloud Computing technology among several companies has been a key strategy for IT services to provide desirable IT solutions to consumers of cloud services. More attention is concentrated to these core technologies that enable cloud services and more particularly to the virtualization aspect. The accessibility to a larger number of users is possible because of the usage of the data-intensive, data management and data integrity. Unfortunately, those useful services are vulnerable to kind of attacks by hackers, thus the security of personal information is in critical situation. To solve this to leakage vulnerability, and with the proliferation of cloud services, the cloud service providers adopt a security system with firewall, antivirus software and a large number of virtualized servers and Host. In this paper, a variety of virtualization technologies, threats and vulnerabilities are described with a complement of different security solutions as countermeasures.

• Journal of Industrial Convergence
• /
• v.19 no.6
• /
• pp.37-47
• /
• 2021

Today, people share information and communicate with others using various information and communication media such as e-mail, smartphones, SNS, etc. However, it is being used in malicious attacks to send a large amount of illegal spam or to use it for fraud by using illegally collected personal information and devices that are vulnerable to security. Illegal spam, smishing, and fraudulent mail(SCAM) cause a lot of direct and indirect damage to companies and users, including not only social costs such as mental fatigue, but also unnecessary consumption of IT infrastructure resources and economic losses. Although there are regulations related to spam, violators of the law are still on the rise by circumventing the law, and victims are constantly occurring, so it is necessary to review what the problem is. This study examined domestic and foreign spam-related regulations and spam-related response activities, identified problems, and suggested improvement countermeasures. Through this study, it was intended to suggest directions for improving spam-related systems in order to block illegal spam and prevent fraudulent damage.

• Journal of Software Assessment and Valuation
• /
• v.16 no.2
• /
• pp.9-23
• /
• 2020

Microsoft's Windows system is widely used as an operating system for the desktops and enterprise servers of companies or organizations, and is a major target of cyber attacks. Microsoft provides various protection technologies and strives for defending the attacks through periodic security patches, however the threats such as DLL injection and process injection still exist. In this paper, we analyze 12 types of injection techniques in Microsoft Windows, and perform injection attack experiments on four application programs. Through the results of the experiments, we identify the risk of injection techniques, and verify the effectiveness of the mitigation technology for defending injection attacks provided by Microsoft. As a result of the experiments, we have found that the current applications are vulnerable to several injection techniques. Finally, we have presented the mitigation techniques for these injection attacks and analyzed their effectiveness.

• Journal of Aerospace System Engineering
• /
• v.17 no.1
• /
• pp.33-41
• /
• 2023

As seen in the case of the Boeing 737 Max accident, the proportion of aircraft software is rapidly increasing. However, it is vulnerable to safety issues. In case of domestic aircraft software, to operate a Light Unmanned Aerial Vehicle (LUAV) less than an empty weight of 150 kg, safety certification is required for an Ultra-Light Vehicle (ULV). However, software certification procedure is not included. Since the use of LUAVs has increased recently, software verification is required. This paper proposed a checklist of LUAV software that could be applied to LUAV referring DO-178C, an aviation software certification standard. A case study of applying the proposed checklist to the Model-based Development-based Helicopter Flight Control Computer (FCC) project currently used by domestic and foreign advanced companies and institutions was conducted.

• KNOM Review
• /
• v.22 no.1
• /
• pp.11-19
• /
• 2019

As technology develops, the latest security threats on the network applied to users are increasing. By attacking industrial or corporate systems with malicious purposes, hackers cause many social problems such as confidential information leakage, cyber terrorism, infringement of information assets, and financial damage. Due to the complex and diversified threats, the current security personnel alone are not enough to detect and analyze all threats. In particular, the Supervisory Control And Data Acquisition (SCADA) used in industrial infrastructures that collect, analyze, and return static data 24 hours a day, 265 days a year, is very vulnerable to real-time security threats. This paper introduces security information and event management (SIEM), a powerful integrated security management system that can monitor the state of the system in real time and detect security threats. Next, we compare SIEM solutions from various companies with the open source SIEM (OSSIM) from AlienVault, which is distributed as an open source, and present cases using the OSSIM and how to utilize it.

• Korean Journal of Hazardous Materials
• /
• v.2 no.1
• /
• pp.12-17
• /
• 2014

With a rapid growth of domestic industry in korea, now about 25,000 kinds of chemicals are being distributed, and it has been known that just about 15% of them has toxic substances. Recently, South Koreans have an anxiety about the stability and accidents of chemicals because chemical accidents like Gumi hydrofluoric acid accident have occurred. The U.S. has adopted the systems like EPCRA (Emergency Planning and Community Right-to-Know Act), TRI (Toxic Release Inventory) and TSCA (Toxic Substances Control Act), and is also managing the hazardous chemicals by providing the information about them to its people and site workers. Japan's Ministry of Health, Labor and Welfare also has adopted J-CHECK system and is implementing it to let Japanese people know the information of safety of chemicals about REACH. However, the Korean government has a difficult situation to mediate the different idea with the Korean industry to make lower statute of Pre-legislation registration & evaluation of chemicals that will be implemented and Chemical Material Control Association that is being implemented. Especially city and country areas located in the industrial areas need political improvement focusing on vulnerable area through the check about current situation of hazardous chemicals of jurisdiction and management method, but the information about the management situation of small scale work places is insufficient. Therefore this study set up the urgent management area in Ansan Smart Hub through NFPA code according to the types of accident and dander characteristics of each chemical being used in the companies that have less than 50 workers and deal with chemicals located in Ansan Smart Hub in Gyeonggi-do.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.207-215
• /
• 2024

Cloud computing is now used by most companies, business centres and academic institutions to embrace new computer technology. Cloud Service Providers (CSPs) are limited to certain services, missing some of the assets requested by their customers, it means that different clouds need to interconnect to share resources and interoperate between them. The clouds may be interconnected in different characteristics and systems, and the network may be vulnerable to volatility or interference. While information technology and cloud computing are also advancing to accommodate the growing worldwide application, criminals use cyberspace to perform cybercrimes. Cloud services deployment is becoming highly prone to threats and intrusions. The unauthorised access or destruction of records yields significant catastrophic losses to organisations or agencies. Human intervention and Physical devices are not enough for protection and monitoring of cloud services; therefore, there is a need for more efficient design for cyber defence that is adaptable, flexible, robust and able to detect dangerous cybercrime such as a Denial of Service (DOS) and Distributed Denial of Service (DDOS) in heterogeneous cloud computing platforms and make essential real-time decisions for forensic investigation. This paper aims to develop a framework for digital forensic for the detection of cybercrime in a joined heterogeneous cloud setup. We developed a Digital Forensics model in this paper that can function in heterogeneous joint clouds. We used Unified Modeling Language (UML) specifically activity diagram in designing the proposed framework, then for deployment, we used an architectural modelling system in developing a framework. We developed an activity diagram that can accommodate the variability and complexities of the clouds when handling inter-cloud resources.

• Safety and Health at Work
• /
• v.15 no.1
• /
• pp.9-16
• /
• 2024

Background: E-waste workers in Hong Kong are handling an unprecedented amount of e-waste, which contains various neurotoxic chemicals. However, no study has been conducted to evaluate the neurological health status of e-waste workers in Hong Kong. This study aimed to evaluate the prevalence of neurobehavioral alterations and to identify the vulnerable groups among Hong Kong e-waste workers. Methods: We recruited 109 Hong Kong e-waste workers from June 2021 to September 2022. Participants completed standard questionnaires and wore a GENEActiv accelerometer for seven days. Pittsburgh Sleep Quality Index and Questionnaire 16/18 (Q16/18) were used to assess subjective neurobehavioral alterations. The GENEActiv data generated objective sleep and circadian rhythm variables. Workers were grouped based on job designation and entity type according to the presumed hazardous level. Unconditional logistic regression models measured the associations of occupational characteristics with neurobehavioral alterations after adjusting for confounders. Results: While dismantlers/repairers and the workers in entities not funded by the government were more likely to suffer from neurotoxic symptoms in Q18 (adjusted odds ratio: 3.18 [1.18-9.39] and 2.77 [1.10-7.46], respectively), the workers from self-sustained recycling facilities also have poor performances in circadian rhythm. Results also showed that the dismantlers/repairers working in entities not funded by the government had the highest risk of neurotoxic symptoms compared to the lowest-risk group (i.e., workers in government-funded companies with other job designations). Conclusion: This timely and valuable study emphasizes the importance of improving the working conditions for high-risk e-waste workers, especially the dismantlers or repairers working in facilities not funded by the government.