• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.115-128
• /
• 2017

The methods of electronic financial fraud continue to evolve. Various research and countermeasures have been proposed to counter this problem, but it is difficult to eradicate it. The purpose of this study is to analyze the risk of electronic financial fraud through MS Threat Risk Modeling and to propose the countermeasures against the electronic financial fraud. As a result of the analysis, it is confirmed that despite the difference of authentication methods, there is a high risk of pharming, and it is difficult to prevent attack by using only additional authentication means, device security or user authentication based security system. Therefore, this study suggests the introduction of preventive measures such as readjustment of transaction limit by security means, account authentication, and additional physical security measures. It also suggests the establishment and implementation of a comprehensive electronic financial fraud prevention policy through linkage of electronic fraud prevention system and improvement of public relations and user awareness.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.1-13
• /
• 2013

Every big online security breach seems to end in a big lecture. Thus, although a predominant weakness in properly securing information assets is the individual user within an organization, much of the focus of extant security research is on technical issues. The purpose of this study is to explain why insiders breach security policy by applying the moral disengagement theory. There are no consistent, widely accepted theories or theoretical frameworks in the literatures as to why insiders breach of information security, and therefore no clear, effective guidance on what to do to prevent employees from violating information security policy in organization. To do this, we theorize that moral disengagement may play a mediating role connecting stable individual differences to intention to breach security policy, because of some of the individual differences. We found that policy awareness and perceived punishment have a negatively significant effect on moral disengagement. However, negative affectivity has a positively significant influence on moral disengagement. Furthermore, moral disengagement has a positive effect on intention to breach security policy. Conclusions and implications are discussed.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.13-16
• /
• 2023

This study aims to explore the status of e-learning in the public sector institutes of the Sukkur region in Pakistan. A survey was conducted to collect data from students and teachers regarding their awareness, access, and use of e-learning resources. The results showed that although there is a widespread use of the internet and mobile devices for accessing information, there is a lack of awareness and access to e-learning resources. Barriers to accessing e-learning content and a lack of familiarity with e-learning content development technologies were also identified. The study concludes that there is a need for improved e-learning facilities and curriculum in the public sector institutes of the Sukkur region in Pakistan. Recommendations are provided for developing a correctness-centered e-learning based curriculum that is tailored to the specific needs of the students in the region. It is hoped that the findings of this study will inform efforts to improve the teaching and learning process in the region and provide students with greater flexibility and access to study materials.

• Journal of Internet Computing and Services
• /
• v.17 no.1
• /
• pp.91-99
• /
• 2016

A security system in Android OS adopts sandbox and an permission model. In particular, the permission model operates the confirmation of installation time and all-or-nothing policy. Accordingly, the Android OS requires a user agreement for permission when installing an application, however there is very low level of user awareness for the permission. In this paper, the current status of permission requirement within mobile apps will be discovered, and the key inspection list with an appropriate method, when a mobile service provider autonomously inspects the violation of least privilege around financial companies, and its usefulness will be explored.

• Convergence Security Journal
• /
• v.14 no.1
• /
• pp.77-83
• /
• 2014

In times past, the awareness of security held good on the physical aspect, but it has been expanded to the aspect of information security and management security owing to the development of information and communication technology, therefore an effort is being made to meet multidimensional security needs. These realities are currently changing the viewpoint of consumers from manned guarding to machine-aided guarding. The change to the machine-aided guarding caused the profitability problem of manned guarding companies, and brought about a reverse side effect that prompt and correct countermeasure was inferior to that of manned-guarding. Therefore, this study proposes a 'smart time & attendance management system' that can be applied to various types of work and can minimize position information.

• Journal of the Korea Convergence Society
• /
• v.5 no.4
• /
• pp.81-86
• /
• 2014

The development in IT technology has brought about various services that are on offer based on a new service model. But such new services have increased security risks. The government is operating a program to foster experts in information security to protect assets from the threat of such risks, too. Society's awareness on the importance of information security has also grown, leading to various courses to train such personnel, including membership clubs for the fostering of such specialists. This study seeks to suggest a method that efficiently manages the convergence of running a curriculum on ISMS(information security management systems) and a club that focuses on information protection. Such converged information security courses are expected to contribute to a safer IT-based society.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.492-501
• /
• 2019

To use the system safely in cyberspace, you need to use a security solution that is appropriate for your situation. In order to strengthen cyber security, it is necessary to accurately understand the flow of security from past to present and to prepare for various future threats. In this study, information security words of security/hacking news of Naver News which is reliable by using text mining were collected and analyzed. First, we checked the number of security news articles for the past seven years and analyzed the trends. Second, after confirming the security/hacking word rankings, we identified major concerns each year. Third, we analyzed the word of each security solution to see which security group is interested. Fourth, after separating the title and the body of the security news, security related words were extracted and analyzed. The fifth confirms trends and trends by detailed security solutions. Lastly, annual revenue and security word frequencies were analyzed. Through this big data news analysis, we will conduct an overall awareness survey on security solutions and analyze many unstructured data to analyze current market trends and provide information that can predict the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.107-117
• /
• 2009

Network administrator recognizes the abnormal phenomenon in the managed network by using the alert messages generated in the security devices including the intrusion detection system, intrusion prevention system, firewall, and etc. And then the series of task, which searches for the traffic related to the alert message and analyzes the traffic data, are required to determine where the abnormal phenomenon is the real network security threat or not. There are many alert messages to have to inspect in order to determine the network security situation. Also the much times are needed so that the network administrator can analyze the security condition using existing methods. Therefore, in this paper, we proposed an efficient method for analyzing network security situation using visualization. The proposed method monitors anomalies occurred in the entire IP address's space and displays the detail information of a security event. In addition, it represents the physical locations of the attackers or victims by linking GIS information and IP address. Therefore, it is helpful for network administrator to rapidly analyze the security status of managed network.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.4
• /
• pp.582-590
• /
• 2022

As security threats caused by cyber attacks continue, security control is mainly operated in the form of a service business with expertise for rapid detection and response. Accordingly, a number of studies have been conducted on the operation of security control services. However, due to the research on the resulting management, indicators, and measurements, the work process has not been studied in detail, causing confusion in the field, making it difficult to respond to security accidents. This paper presents ISMS-P-based service management methods and proposes an easy outsourcing service management method for client by checklisting each item derived from the mapping of 64 items of ISMS-P protection requirements through business relevance analysis. In addition, it is expected to help implement periodic security compliance and acquire and renew ISMS-P in the mid- to long-term, and to contribute to enhancing security awareness of related personnel.

• The Journal of Society for e-Business Studies
• /
• v.20 no.1
• /
• pp.1-22
• /
• 2015

Due to recent growth in IT industry along with the expansion of smartphone, we came to connect to the Internet wherever and whenever we are. However, this causes negative side effects, though. One of them is a rapid increase of the financial crimes such as the Phishing and the SMishing. There have been many on-going researches about crimes such as Phishing and SMishing to protect users. However, the study about sharing knowledge on SNS to prevent such a crime can be hardly found. Based on social identity theory, we conduct the research about factors on SNS users' intention to share the information security knowledge on SNS. As a result, we found that knowledge provision self-efficacy has a significant impact on self-expression. In addition, it also found out self-expression, awareness about information security and the sense of belonging have a significant impact respectively on the intention to share the information security knowledge on SNS. On the other hand, the altruism didn't have a significant impact to the intention to share information security knowledge on SNS. With this research as a starting point, it seems necessary to expand its range to all types of online community in the future for the generalization of the hypotheses.