• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.309-327
• /
• 2022

As ICT convergence is progressing in all industrial fields and creating the global ecosystem of the supply chain is accelerating, supply chain risk related with cyber area are also increasing. In particular. the supply chain of ICT products is very complex in terms of technical and environmental factors to be managed, so it is vert difficult to transparently manage the entire life cycle. Accordingly, the US, UK, and EU, etc. are conducting and establishing cyber supply chainsecurity-related research and policies for ICT product supply chains. Korea also has the plan to establish management system to secure the supply chain of major ICT equipment as a task in the basic plan of the national cybersecurity strategy announced in 2019, but there is no concrete policy yet. So, In this paper, we review the cyber supply chain security management system in the United States and present a supplementary way to the National Information Security Manual in Korea from the perspective of cyber supply chain security. It is expected that this will serve as a reference material for cyber supply chain measures that can be introduced in domestic information security field.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.153-160
• /
• 2006

The control system is accomplishing very important role in our life currently as the national critical Infrastructure and large scale industry plant. We manage SCADA system to manage generally the control system interconnected with the information system. The operating system of SCADA is changing also to the well-known OS like Windows or UNIX for offer various convenience and facility to the user. We offered the reason why such change of the system makes so that it is exposed to cyber terror. In the traditional SCADA system is managed safely by an isolated network system physically. It is the trend to increase gradually though a cyber terror possibility is thinner on a control system than a information system but the cyber terror gives a nation or community wide damage influence of large scale if it happens. Therefore this paper presents a security safeguard plan about SCADA system and helps prepare systematic security strategy and enhance the security level implement.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.4
• /
• pp.145-156
• /
• 2022

To strengthen the security of autonomous vehicles, this study derived checklists through the analysis of the status of autonomous vehicle security. The analyzed statuses include autonomous vehicle characteristics, security threats, and domestic and foreign security standards. The derived checklists are then applied to the AHP(Analytic Hierarchy Process) model to find their relative importance. Relative importance was ranked as one of cyber security management system establishment and implementation, encryption, risk assessment, etc. The significance of this study is to reduce cyber security incidents that cause human casualties as well improve the level of security management of autonomous vehicles in related companies by deriving the autonomous vehicle security level checklists and demonstrating the model. If the inspection is performed considering the relative importance of the checklists, the security level can be identified early.

• Knowledge Management Research
• /
• v.23 no.4
• /
• pp.43-67
• /
• 2022

One of the dark sides of the development of information and communication technology is the significant increase in cybercrime. In particular, investigators in charge of cyber sexual crime are repeatedly exposed to video data of illegal sexual violence; hence, they are at high risk of post-traumatic stress disorder (PTSD) and experiencing vicarious trauma. Notwithstanding, few studies have focused on these investigators' PTSD, and, to the best of our knowledge, no study has been conducted on the vicarious trauma of cyber sexual crime investigators. Therefore, this study identifies investigators' mental health status (trauma-related, especially) and examines their perception of the currently operating psychological support programs. Further, by reviewing the psychological support system of overseas institutions, we would suggest psychological support and policies necessary for domestic cyber sexual crime units to manage investigators' work stress and prevent mental illness under domestic circumstances.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.27-34
• /
• 2020

Recently, the fourth industrial revolution technology has not only changed everyday life greatly through technological development, but has also become a major keyword in the establishment of defense policy. In particular, Internet of Things, cloud, big data, mobile and cybersecurity technologies, called ICBMS, were selected as core leading technologies in defense information policy along with artificial intelligence. Amid the growing importance of the fourth industrial revolution technology, research is being carried out to develop the C4I system, which is currently operated separately by the Joint Chiefs of Staff and each military, including the KJCCS, ATCIS, KNCCS and AFCCS, into an integrated system in preparation for future warfare. This is to solve the problem of reduced interoperability for joint operations, such as information exchange, by operating the C4I system for each domain. In addition, systems such as the establishment of an integrated C4I system and the U.S. military's Risk Management Framework (RMF) are essential for efficient control and safe operation of weapons systems as they are being developed into super-connected and super-intelligent systems. Therefore, in this paper, the intelligent cyber threat detection, management of users' access to information, and intelligent management and visualization of cyber threat are presented in the future C4I system based on big data/cloud.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.3
• /
• pp.19-26
• /
• 2023

The impact of environmental, social and governance (ESG) performance on investors' decision-making is growing. Investors' focus on the financial performance of firms in the past is expanding to the non-financial performance of the interests of stakeholders surrounding firms. Against this backdrop, this study conducted a panel regression analysis on firms evaluated by Korea Corporate Governance Service to analyze the impact of ESG performance, a firm's non-financial performance, on firm risk. According to the analysis, ESG performance has a negative (-) effect on all three firm risks (systematic risk, unsystematic risk, and total risk), indicating that the stakeholder theory and risk management theory are supported. The implications of this study are: First, ESG reduces not only unsystematic risk but also broad and indiscriminate systematic risk; Second, investors can reduce the risk of their investment portfolio by executing ESG investments; Third, companies can achieve stable financial performance even in adverse circumstances by utilizing the insurance function of ESG management; Lastly, the government can enhance the stability of the financial market while improving the financial soundness of firms through reasonable ESG-related regulations.

• Journal of Internet Computing and Services
• /
• v.22 no.1
• /
• pp.41-50
• /
• 2021

Cyber Kill Chain is derived from Kill chain of traditional military terms. Kill chain means "a continuous and cyclical process from detection to destruction of military targets requiring destruction, or dividing it into several distinct actions." The kill chain has evolved the existing operational procedures to effectively deal with time-limited emergency targets that require immediate response due to changes in location and increased risk, such as nuclear weapons and missiles. It began with the military concept of incapacitating the attacker's intended purpose by preventing it from functioning at any one stage of the process of reaching it. Thus the basic concept of the cyber kill chain is that the attack performed by a cyber attacker consists of each stage, and the cyber attacker can achieve the attack goal only when each stage is successfully performed, and from a defense point of view, each stage is detailed. It is believed that if a response procedure is prepared and responded, the chain of attacks is broken, and the attack of the attacker can be neutralized or delayed. Also, from the point of view of an attack, if a specific response procedure is prepared at each stage, the chain of attacks can be successful and the target of the attack can be neutralized. The cyber command and control system is a system that is applied to both defense and attack, and should present defensive countermeasures and offensive countermeasures to neutralize the enemy's kill chain during defense, and each step-by-step procedure to neutralize the enemy when attacking. Therefore, thist paper proposed a cyber kill chain model from the perspective of defense and attack of the cyber command and control system, and also researched and presented the threat classification/analysis/prediction framework of the cyber command and control system from the defense aspect

• Journal of Information Technology Services
• /
• v.12 no.4
• /
• pp.205-218
• /
• 2013

Recently, due to the proliferation of smartphones, users of mobile banking services which are based in wireless Internet without constraint of the time and places are significantly increased. In the study, considering the characteristics of mobile banking services based on the smartphone and the user behavior. we analyse the factors which have an effect on the behavioral intention to use mobile banking services based on the smartphone. For this purpose, we use the model which is based on Technology Acceptance Model (TAM) and add two constructs:the perceived enjoyment and the perceived risk. A survey data for 194 students at the K cyber university is used for statistical analysis. As a result, the perceived ease of use affects the perceived usefulness and the perceived enjoyment, and the perceived ease of use. And the perceived usefulness and perceived enjoyment affect continuous intention to use. On the other hand, the hypothesis which the perceived risk would affect adversely the continuous intention to use is rejected. Through this study, we expect to provide the useful implications for the smartphone banking services and contribute to the development of strategy for them.

• Journal of Information Technology Services
• /
• v.12 no.2
• /
• pp.243-256
• /
• 2013

Recently, due to the proliferation of smartphones, users of mobile multimedia services which are based on wireless internet without constraint of the time and places are significantly increased. In this study, considering the characteristics of mobile multimedia and the user behavior, we analyse the factors which have an effect on the behavioral intention to use the mobile multimedia services. For this purpose, we use the model which is based on Technology Accepted Model (TAM) and add two constructs; the perceived enjoyment and the perceived risk. A survey data for 280 students at the K cyber university is used for statistical analysis As a result, the perceived ease of use affects the perceived usefulness and the perceived enjoyment, and the perceived ease of use. And the perceived usefulness and perceived enjoyment affect continuous intention to use. On the other hand, the hypothesis which the perceived risk would affect adversely the continuous intention to use is rejected. Through this study, we expect to provide the useful implications for the mobile multimedia services and contribute to the development of strategy for them.

• International Journal of Human Ecology
• /
• v.11 no.2
• /
• pp.51-61
• /
• 2010

Using data from the 2007 SCF, this study examined the use of information source for investment decisions of elderly consumers. The results indicated that many elderly consumers (about 88%) involved savings /investment decisions. The elderly used 'Experts' (39.48%) as a major information source for their investment decisions, followed by 'Friends' (24.18%). The results of the multinomial logit analysis suggested that the perceived value, the cost for search, knowledge, risk and some of the demographic factors were significantly related to the choice of the information sources for investments by elderly consumers.