• Journal of Korea Multimedia Society
• /
• v.25 no.10
• /
• pp.1433-1447
• /
• 2022

Recently, as the demand for physical security technology to prevent leakage of technical and business information of companies and public institutions increases, the high tech companies are operating X-ray security checkpoints at building entrances to protect their intellectual property and technology. X-ray security checkpoints are operated to detect cameras and storage media that may store or leak important technologies in the bags of people entering and leaving the building. In this study, we propose an X-ray security checkpoint system that automatically detects a storage medium in an X-ray image using a deep learning based object detection method. The proposed system consists of an edge computing unit and a cloud-computing unit. We employ the RetinaNet for automatic storage media detection in the X-ray security checkpoint images. The proposed approach achieved mAP of 95.92% on private dataset.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.1
• /
• pp.122-127
• /
• 2009

In this paper, it is reviewed security architecture and proposed security model about secure aeronautical system, which is considering in the cynical research topics out of aeronautical traffic system. The reviewed contents is treated about security model fur domestic aeronautical system with international security technology trends in the basis of security technology related aeronautical services. In the security framework of aeronautical communication network, it is analyzed data link security technology between air and ground communication, and security architecture in according to aeronautical system, and presented security architecture of U information HUB model. The security architecture of U-information HUB includes the internetworking scope of airline, airport network, airplane network, and related government agency, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.19-32
• /
• 2013

As cyber stock trading grows rapidly, stock trading using Home Trading System have been brisk recently. Home Trading System is a heavy-weight in the stock market, and the system has shown 75% and 40% market shares for KOSPI and KOSDAQ, respectively. However, since Home Trading System focuses on the convenience and the availability, it has some security problems. In this paper, we found that the authentication information in memory remains during the stock trading and we proposed its countermeasure through two-channel authentication using a mobile device such as a cell phone.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.657-660
• /
• 2021

A video information processing system (CCTV) requires comprehensive administrative, physical, and technical security management to collect, transmit and store sensitive information. However, there are no regulations related to video information processing, certification methods for the technology used, and application standards suitable for security technology. In this paper, we propose a cryptography, certification, protection, system (CCPS) model that can protect the system by including encryption technology for application to the video information processing system and authentication measures for the technology used in the system configuration.

• Asia pacific journal of information systems
• /
• v.14 no.4
• /
• pp.71-85
• /
• 2004

Due to exponentially growing threats of cyber attacks, many organizations have begun to recognize the importance of information security. There is an explosion in demand for experienced ISMs(Information Security Managers) and ISSDs(Information Security System Developers). To educate ISMs and ISSDs, identifying the specific knowledge and skill for information security professional is critical. This paper identifies 15 items of knowledge and skill for ISMs and ISSDs using a simplified Delphi technique and categories them. The results of this paper could be used in determining what kinds of knowledge and skill should be included in the curriculum of information security programs.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• Journal of Information Technology Services
• /
• v.11 no.4
• /
• pp.107-121
• /
• 2012

The core infra-technology in the ubiquitous era, RFID which has taken action from the public institution with the pilot projects as well as the practical projects is gradually extending its spectrum to the private enterprises. Along with its expansion, the audit required on the RFID-based information system is also growing in the industry. Especially, since RFID-based information systems, especially compared to other information systems, are likely to be exposed to many threats, the security audit for them is being emphasized. This paper suggests security audit checking items for the RFID-based information system, which can be used to perform the efficient security audit. The security audit checking items consist of eight basic checking items, each of which consists of detailed review items and can be applied for each building steps of the system(analysis, design, implementation, testing, and development). Finally, this paper confirmed the efficiency of the security audit checking items proposed in this paper through survey by the experienced auditors and analysis of practical audit cases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.109-113
• /
• 2007

With increasing the mont of processed information over the network, the importance of database system increases rapidly. There are two types of security system for database, access control and data encryption. However, it is hard to evaluate security of database systems using the Common Criteria(CC) as there is no protection profile(PP) for these systems. In this paper, we propose a protection profile for secure database systems which can be used in formal evaluation using the Common Criteria. The proposed protection profile can be used by both developer and consumer to evaluate security of database systems.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.4
• /
• pp.75-82
• /
• 2017

While the internet has evolved in terms of information sharing and efficiency, it is still prone to security attacks and remains vulnerable even when equipped with a security mechanism. Repeated patching against hacks involves excessive wear of system equipment and high costs. Methods of improving network security include the introduction of security equipment and network partitions, but they have not been fully effective. A fundamental solution is the Operation Content Network (OCN), which enables the strengthening of authentication. In this paper, Instead of following the existing TCP/IP system, OCN establishes an immunity-based security system through content-centric communications. Data transmission occurs over a Content Centric Network (CCN), which is provided with a protocol verified by the CCNx group. Areas protected by OCN rely only on CCN for communication without using any IP. As such, it defends the system against unknown attacks, including zero-day attacks.

• Knowledge Management Research
• /
• v.20 no.4
• /
• pp.39-55
• /
• 2019

Although Firms have been increasing their information security significantly to handle increased security risks, the effects of information security were not well understood. This study aims to investigate the market value of information security by employing the event study methodology. Our research also explores how market responses vary depending on the type of information security announcements. We collected 177 firm-level information security announcements between 2001 and 2017 in South Korea. For all samples, our results indicate that the stock market positively reacts to information security announcements. We also conducted subsample analysis and found that while information security certification announcement has a positive impact on the stock market, information security activities (e.g. award, information security system) announcement had no impact on the stock market. Our study adopted a novel approach (i.e. event study) for investigating the effects of information security and found that information security investment positively affects firm value. Our results allow managers to measure the effects of information security investment and help them make right decisions on information security investment.