• Journal of Digital Convergence
• /
• v.16 no.2
• /
• pp.117-126
• /
• 2018

The threat to information security is growing globally. To this, organizations are increasing the weight of adapting and operating the more specialized information security policy and system. Information security requires participation from the employees who execute the security system and policy, and to increase the level of organization's internal security, requires organization's systematic support to improve employees' information security compliance intention. This research finds the mechanism for improving employee's information security compliance intention by applying justice theory and goal setting theory in information security. We use structural equation modeling to verify the research hypothesis, and conducted a survey on the employees of organization with information security policy. In other words, this research performs verification of the research model based hypothesis which claims that security policy goal setting has positive influence on employee's level of security related justice recognition, and claims that justice has positive influence on compliance intention. The object of study is the employees of the organization that adapts information security policy, and 383 valid samples were collected via survey. Structural equation modeling was performed to verify the research hypothesis. The result shows that security policy goal factor (goal difficulty, goal specificity) improves employee's security related justice recognition, and that security related justice (distribution, process, and information justice) has positive influence on compliance intention. The result suggests the strategic approach directions for improving employees' compliance intention on organization's security policy.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.113-120
• /
• 2006

C4I system is the centerpiece of the military force. The system is an information based system which facilitates information grid, collection of data and dissemination of the information. The C4I system seeks to assure information dominance by linking warfighting elements in the battlespace to information network which enables sharing of battlespace information and awareness; thereby shifting concept of warfare from platform-centric paradigm to Network Centric Warfare. Although, it is evident that C4I system is a constant target from the adversaries, the issues of vulnerability via cyberspace from attack still remains. Therefore, the protection of C4I system is critical. The roadmap I have constructed in this paper will guide through the direction to protect the system during peace and war time. Moreover, it will propose vision, objectives and necessary supporting framework to secure the system from the threat. In order to fulfill these tasks, enhanced investments and plans from the Joint chief of Staff and Defense of Acquisition and Program Administration (DAPA) is critical; thereby enabling the establishment of rapid and efficient security system.

• Aerospace Engineering and Technology
• /
• v.7 no.1
• /
• pp.210-215
• /
• 2008

Most of technology information obtained from KSLV-I program have been managed by Program Life-Cycle Management System(PLMS). As involving technologies in the program require high level of confidentiality as those may be dealt with entities in international cooperation, the enforcement of strict security policy is inevitable. Therefore, a document security system has been developed to enhance protection in document management. This paper describes the overview and development status of the security system, integrated with PLMS, which aims at preventing illegal access and inadvertant leakage of the technology information.

• Annual Conference of KIPS
• /
• 2002.11b
• /
• pp.1087-1090
• /
• 2002

인터넷 사용량의 증가, 전자상거래의 활성화 그리고 저장장치의 발전과 더불어 많은 사람들이 디지털 정보를 편리하게 이용할 수 있게 되었다. 이에 따라 저장장치에 대한 의존도 보안성 그리고 생존성에 대한 요구사항 또한 매우 높아져가고 있는 실정이다. 따라서, 본 논문에서는 분산정보저장 시스템의 생존성을 높이기 위해 필수적으로 필요한 행렬의 고유값과 고유벡터를 이용한 새로운 데이터 분산/암호화기법을 제안하고, 제안된 기법의 가용성을 평가한다. 제안된 기법은 데이터의 분할과 암호화를 동시에 허락하여 보안성을 높임과 동시에 기존의 기법과 비교하여 15%정도의 가용성 향상을 보인다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.3
• /
• pp.1063-1075
• /
• 2022

In recent years, container techniques have been broadly applied to cloud computing systems to maximize their efficiency, flexibility, and economic feasibility. Concurrently, studies have also been conducted to ensure the security of cloud computing. Among these studies, moving-target defense techniques using the high agility and flexibility of cloud-computing systems are gaining attention. Moving-target defense (MTD) is a technique that prevents various security threats in advance by proactively changing the main attributes of the protected target to confuse the attacker. However, an analysis of existing MTD techniques revealed that, although they are capable of deceiving attackers, MTD techniques have practical limitations when applied to an actual cloud-computing system. These limitations include resource wastage, management complexity caused by additional function implementation and system introduction, and a potential increase in attack complexity. Accordingly, this paper proposes a software-defined MTD system that can flexibly apply and manage existing and future MTD techniques. The proposed software-defined MTD system is designed to correctly define a valid mutation range and cycle for each moving-target technique and monitor system-resource status in a software-defined manner. Consequently, the proposed method can flexibly reflect the requirements of each MTD technique without any additional hardware by using a software-defined approach. Moreover, the increased attack complexity can be resolved by applying multiple MTD techniques.

• KEPCO Journal on Electric Power and Energy
• /
• v.6 no.4
• /
• pp.399-404
• /
• 2020

There are many attempts to apply AI technology to diagnose facilities or improve the work efficiency of the power industry. The emergence of new machine learning technologies, such as deep learning, is accelerating the digital transformation of the power sector. The problem is that traditional power systems face security risks when adopting state-of-the-art AI systems. This adoption has convergence characteristics and reveals new cybersecurity threats and vulnerabilities to the power system. This paper deals with the security measures and implementations of the power system using machine learning. Through building a commercial facility operations forecasting system using machine learning technology utilizing power big data, this paper identifies and addresses security vulnerabilities that must compensated to protect customer information and power system safety. Furthermore, it provides security guidelines by generalizing security measures to be considered when applying AI.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1834-1839
• /
• 2005

Database security is essential to protect their data in most organization such as hospitals, central or local governments, banks which manage the private, sensitive and important data. Because the duty of the department recently became more various and complicated, the changes of security requirement are needed more frequently. Therefore, easily changeable, flexible security policy and efficient security management with preserving the integrity of security policy are very important. In this paper, we implemented a flexible database security system in the specimen and clinical information management system of leukemic research center using IRH(Improved Role Hierarchy). Data is protected by MAC and we propose a flexible access control and effective administration by using the IRH that is an improved role hierarchy of RBAC. If security policy is needed for changes, this system can do it easily by simply modifying the IRH with the decentralized administration. The modified security policy can be applied flexibly after alteration because the security level of the subject is not fixed but can be derived automatically from the IRH when user connects the system.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.141-144
• /
• 2004

The Common Criteria (CC) philosophy is to provide assurance based upon an evaluation of the IT product or system that is to be trusted. Evaluation has been the traditional means of providing assurance. It is essential that not only the customer' srequirements for software functionality should be satisfied but also the security requirements imposed on the software development should be effectively analyzed and implemented in contributing to the security objectives of customer's requirements. Unless suitable requirements are established at the start of the software development process, the resulting end product, however well engineered, may not meet the objectives of its anticipated consumers. By the security evaluation, customer can sure about the quality of the products or systems they will buy and operate. In this paper, we propose a selection guide for If products by showing relationship between security engineering and security evaluation and make help user and customer select appropriate products or system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.123-133
• /
• 2008

Information securiry is considered important due to the side effect generated from the expansion of information system and rapid increase of the use of internet. Nevertheless, we are getting unconscious of the importance of information security. The purpose of this research is to empirically analyze that the effects of security policies, security awareness and individual characteristics on password security effectiveness. Based on the analysis of research model using structural equation modeling technique, security policies were influencing individual characteristics and improving user's security awareness. Also individual characteristics and security awareness had positive impact on security effectiveness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.157-169
• /
• 2010

As the information society changes into the ubiquitous computing society, the importance of information security has increased. Governments and enterprises are carrying out various information security activities to operate their information asset effectively. Since 2006, the Korean government has implemented 'Advance Diagnosis' policy to analyze the vulnerability of the information security from the early stage of the information system development to secure the information stability. This study proposes an analyzing framework for the economic effects of Advance Diagnosis for Information Security and presents an illustrative application em a real Advance Diagnosis case. The results of this study can be applied to secure the economic justification of government policies for the security of information systems.