• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.647-656
• /
• 2020

Recently, there has been an increasing number of cases in which important data (personal information, technology, etc.) of national and public institutions are leaked to the outside world. Surveys show that the largest cause of such leakage accidents is "insiders." Insiders of organization with the most authority can cause more damage than technology leaks caused by external attacks due to the organization. This is due to the characteristics of insiders who have relatively easy access to the organization's major assets. This study aims to present an optimized property selection model for detecting such abnormalities through supervised learning algorithms among machine learning techniques using actual data such as CrossNet data transfer system transmission log, e-mail transmission log, and personnel information, which safely transmits data between separate areas (security area and non-security area) of the business network and the Internet network.

• Annual Conference of KIPS
• /
• 2017.11a
• /
• pp.1318-1321
• /
• 2017

스마트 그리드는 노후화된 전력망에 정보통신 기술을 융합하여 지능화시킴으로써, 전력 사용을 가능한 효율적으로 만들기 위한 기술이다. 대표적인 융합 기술이기 때문에, 시스템의 보안 취약점이 많아질 수 밖에 없다. 이러한 이유로 보안 기술에 대한 관심이 많아지고 있으며, 개별 어플리케이션 도메인에서 발생할 수 있는 사이버 보안 실패 시나리오에 대한 분석이 활발히 이루어지고 있다. 본 논문에서는 어플리케이션 도메인내 실패 시나리오의 공격 트리를 분석하여 공통적으로 발생하는 있는 8개의 공격 모델에 대한 공격 트리를 정리하고 이를 도식화한다.

• Journal of Information Technology Applications and Management
• /
• v.25 no.4
• /
• pp.67-77
• /
• 2018

With the types and targets of cyber attacks expanding and with personal information leaks increasing, the quantitative demand for information security specialists has increased. The base for training the workforce has expanded accordingly, but joblessness and job-seeking still coexist. To resolve the gap between labor demand and supply, education and training systems that can supply demand quickly are needed. It takes a considerable amount of time for information security education and new manpower supply through universities and graduate schools to be reflected in the market. However, if information security retraining is carried out in terms of career development of information security and related workforce, the problem of lack of experts could be solved in a relatively short period. This paper investigates and analyzes the information security work of the information security workforce, the degree of skill level, the need for retraining, and the workplace migration experience; it also discusses the direction of career development retraining.

• Nuclear Engineering and Technology
• /
• v.55 no.3
• /
• pp.801-813
• /
• 2023

The events at Three Mile Island in the United States brought about fundamental changes in the ways that simulation would be used in nuclear operations. The need for research simulators was identified to scientifically study human-centered risk and make recommendations for process control system designs. This paper documents the human factors research conducted at the Human Systems and Simulation Laboratory (HSSL) since its inception in 2010 at Idaho National Laboratory. The facility's primary purposes are to provide support to utilities for system upgrades and to validate modernized control room concepts. In the last decade, however, as nuclear industry needs have evolved, so too have the purposes of the HSSL. Thus, beyond control room modernization, human factors researchers have evaluated the security of nuclear infrastructure from cyber adversaries and evaluated human-in-the-loop simulations for joint operations with an integrated hydrogen generation plant. Lastly, our review presents research using human reliability analysis techniques with data collected from HSSL-based studies and concludes with potential future directions for the HSSL, including severe accident management and advanced control room technologies.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.31-34
• /
• 2021

The article considers the possibilities of increasing the accuracy of estimates of the parameters of the trajectory of the target with the provision of a given probability of stable support of the air object, in particular, during its maneuver. The aim of the work is to develop a filtration algorithm that provides a given probability of stable tracking of the air object by determining the regular components of filtration errors, in particular, when maneuvering the air object, and their compensation with appropriate correction of filter parameters and estimates of air object trajectory parameters.

• ETRI Journal
• /
• v.43 no.3
• /
• pp.549-560
• /
• 2021

Cyberattacks are often difficult to identify with traditional signature-based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI-based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based on the tokens and abstract syntax tree (AST) for feature selection. Here, tokens and AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield detection rates of 98% in both machine learning (ML) and deep learning (DL) experiments. Among them, the ML model with the 3-gram of selected five tokens and the DL model with experiments based on the AST 3-gram deliver the best performance.

• Electronics and Telecommunications Trends
• /
• v.39 no.5
• /
• pp.86-97
• /
• 2024

With the advancement of quantum computers and increasing importance of cybersecurity, quantum cryptography has become an essential technology in quantum world. The success of ground-to-satellite quantum communication in the range of 4,600 km has been reported, and intercountry quantum cryptography connecting the UK and Ireland has been demonstrated. In the European Union, OpenQKD has established 18 testbeds for quantum communication in 12 countries. Through the progress from experimental to pilot networks, quantum cryptography testbeds have begun to provide networks for commercial services, such as finance, healthcare, and government administration. Similarly, the Republic of Korea launched a quantum communication testbed project to accelerate the development of quantum communication devices and materials. The project also aims to support the relevant companies and services in the verification and certification of security functionalities operated by the National Intelligence Service. We review the status of quantum communication testbeds in 16 countries.

• Asia pacific journal of information systems
• /
• v.33 no.4
• /
• pp.1135-1155
• /
• 2023

Management of the workforce in the early career stage who enter information security work after graduating from college or university so that they can continue to develop their information security careers without leaving the organization can be a solution to the problem of absolute shortage of staffing and lack of skills. This is because the workforce can improve their job skills, and organizations can build a stable, cost-effective human resource management system. This paper constructed and verified a turnover intention research model focusing on the factors that affect the turnover intention of early-stage workforce who took their first steps in society as an information security workforce after graduating from university or college; it confirmed that self-realization is a crucial factor. Furthermore, with in-depth interviews, the career path information of skilled workers, which is essential information necessary for self-realization, was analyzed, and the direction of HRM for self-realization of the workforce in the early career stage was presented.

• The Journal of Society for e-Business Studies
• /
• v.20 no.1
• /
• pp.201-215
• /
• 2015

Recently advanced security threats have increasingly occurred, and the necessity and importance of Information Security has been growing with the advent of the era of convergence beyond information-oriented age. Most domestic studies in the field of occupational classification of Information Security have only focused on technology-oriented occupations. Relatively little research has been carried out on the occupational classification in the view of convergence environment. Therefore, in this paper we gave a definition of Information Security occupations, classified them and draw required capabilities by occupations in order to design the occupational classification system of Information Security and the required capabilities for future convergence environment by analyzing the previous studies. We also reclassified the occupational classification and required capabilities by occupations, and verified the validity of them based on National Initiative for Cybersecurity Education's the occupational classification system of Information Security considering the future convertgence environment. It is expected that the results of this study will be employed as base data for manpower demand and supply and improvement of working conditions in the future convergence environments. In the future study we will build standardized instruction methods which provide occupational capabilities by using the required capabilities by occupations.

• Journal of Information Technology Applications and Management
• /
• v.26 no.3
• /
• pp.1-18
• /
• 2019

As technology rapidly develops, the demand for manpower by new industries is increasing. In order to respond to the changing demands of the workforce, universities are actively introducing interdisciplinary majors, which is a program formed by two or more departments cooperating to develop new majors. Although the importance of the interdisciplinary major is increasing, universities have difficulties managing them due to non-flexible educational systems. The purpose of this study is to present an effective management direction for interdisciplinary majors based on the results of a survey on student satisfaction with interdisciplinary majors. Also, we analyzed the required level and possessed level of the IS practitioners' competencies, and developed specific educational directions for training IS talents. The results showed that there was a significant difference in satisfaction with the curriculum development and curriculum evaluation of existing subjects provided by existing departments and new subjects established of interdisciplinary majors, specifically the satisfaction of new subjects is higher than existing subjects. In the IS field, there was a high demand for education in the following areas, in order: information security, information technology strategy planning, information technology operation, information technology development, information technology management, information technology sales, and core competencies. Based on the results of the analysis, the satisfaction of students and the cultivation of the talents that the interdisciplinary major aims to develop can be improved.