• Journal of the Korea Society of Computer and Information
• /
• v.23 no.11
• /
• pp.75-84
• /
• 2018

Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

• Journal of Information Technology Services
• /
• v.23 no.2
• /
• pp.13-29
• /
• 2024

Recently, with the rapid spread of mobile terminals such as smartphones and tablet PCs, social demand for mobile information security is increasing as new security issues that are difficult to predict as well as service evolution and lifestyle changes are raised. Smart terminals include smartphones, smart pads, chromebooks, laptops, etc. that provide various functions such as phone calls, text messages, Internet browsing, social media apps, games, and education. Along with the explosive spread of these smart terminals, they are naturally being used in our daily life and educational environment. In the mobile environment, behind the convenience of portability, there are more various security threats and vulnerabilities than in the general PC environment, and threats such as device loss, information leakage, and malicious codes exist, so it is necessary to take fundamental security measures at a higher level. In this study, we suggest ways to improve security by identifying trends in mobile smart information security and effectively responding to security threats to the mobile environment. In addition, it presents implications for various measures for effective class utilization along with correct security management methods and security measures related to the supply of smart devices that the Office of Education is promoting for schools at each level.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.10a
• /
• pp.112-113
• /
• 2007

• Knowledge Management Research
• /
• v.16 no.4
• /
• pp.35-45
• /
• 2015

Fintech, which means the convergence of finance and information technology, becomes a hot topic in the financial sector. Through innovative activities on financial services, ICT(Information and Communication Technology) is integrated into the overall financial industry, and a new form of financial services could be expected to improve the existing financial system. On the other hand, fintech services are relatively vulnerable to security issues. Due to the process simplication and the channel fusion, the leakage of personal and financial informations, authentication bypass, phishing, and pharming are getting more concerned. In this study we investigated the security risk of fintech services in the viewpoints of service provider, technology adoption, and security policy. The possible countermeasures to reduce those risks are suggested because security is an important criterion for selecting financial services. This study basically offers quantification of the potential security risks and step-by-step control measures about business processes in the fintech services. The suggested security model includes user authentication, terminal security, payment information protection, API(Application Programming Interface) security, and abnormal transaction monitoring. This study might contribute to an understanding of the security risks and some possible measures for mitigating those risks on the practical perspective.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.9-17
• /
• 2005

Recently It's difficult to deal with about variety of attack. And Simple Security management have a problem. It is that they don't develop system measuring their system envoirment and have efficient attack detector, countermeasure organization about large network. Therefore, need model about enterprise management of various security system and intrusion detection of each systems and response. In this paper, improve PBNM structure that manage wide network resources and presented suitable model in intrusion detection and response of security system. Also, designed policy-based enterprise security management system for effective intrusion detection and response by applying presented model to enterprise security management system.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.47-53
• /
• 2015

Recently, the Internet of Things is an important technology with a Cloud computing services and a Big data in the IT fields. and The Internet of Things is widely used in various industries. This trend may be referred to as the emergence of significant based technologies for realizing a ubiquitous times. But the security problems of Internet of things are expected to increase with being realized in a variety of industries. and it will be have to provide a corresponding technology to the security threat for this. Therefore, this paper will be analyzed to the security threats of the Internet of Things by the cases. Thereby this is expected to be utilized as a basis for the countermeasure of Internet of Things in a future.

• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.37-43
• /
• 2016

Due to the remarkable improvement of ICT, with the popularization of mobile devices and every sector of society connected by networks, an era, in which peer to peer, peer to thing, thing to thing can be connected to one another everywhere, has begun. As all the electronic devices are connected to Internet, they have become more intellectualized and automated, making convergence and process of information through the connection of the devices possible to provide a lot better services. However, those devices communicate mutually to send information and they are exposed to various security threats. Therefore, this study analyzes ZigBee, CoAP, MQTT, XMPP, which are communication-related technology of IoT, draws security threats they have, and suggests requirements that components of IoT should have. Plus, it examines real cases about security threats in IoT, and suggests a countermeasure so as to contribute to establishment of a basis for IoT to be used much more safely in the future.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.169-176
• /
• 2020

Recently, the era in which various services using smart devices are used is sometimes referred to as the so-called "smart era". Among these, Smart Home Service' have not only brought about significant changes in the residential environment and culture, but are evolving very rapidly. and The 'Smart Home Service' provides more convenient services to users through communication between various electronic products in general homes, and has a bright future in the future. In particular,'Smart Home Service' provides various services combined based on IoT(Internet of Things) technology and wired/wireless communication in connection between various devices. However, such a "smart home service" inherits the security vulnerabilities of the underlying technologies such as the Internet of Things and wired and wireless communication technologies, and accidents that lead to the leakage of personal information and invasion of privacy continue to occur. So, it is necessary to prepare a countermeasure and prevention against the weak factors of the underlying technologies. Therefore, this paper is expected to be used as basic data for future application technology development and countermeasure technology by examining various security vulnerability factors of 'Smart Home Service'.

• Journal of Advanced Navigation Technology
• /
• v.15 no.3
• /
• pp.378-385
• /
• 2011

This paper introduces technical aspects of the privacy exposure problem of the video and the audio information on the personal computer and proposes a countermeasure to them. According to the increased number of peripherals for computers, especially including the cameras and the mikes, it is required to be careful on the privacy exposure. Currently, some incorporated or standalone cameras have a pilot lamp to indicate their usage. However, many other cameras and all mikes have not equipped with the pilot lamp or other dedicated indicator. Even though this problem doesn't obstruct their assigned functionalities, it should make the devices susceptible to be exposed with the information they are gathering without any notice to the owners. As a countermeasure to the problem, this paper proposes a reasonable solution that alarms the access trials to the devices and implements programs for the practical sniffing and its counterpart.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.125-134
• /
• 2004

When cryptosystem designers implement devices that computing power or memory is limited such as smart cards, PDAs and so on, not only he/she has to be careful side channel attacks(SCA) but also the cryptographic algorithms within the device has to be efficient using small memory. For this purpose, countermeasures such as Moiler's method, Okeya-Takagi's one and overlapping window method, based on window method to prevent SCA were proposed. However, Moiler's method and Okeya-Talngi's one require additional cost to prevent other SCA such as DPA, Second-Order DPA, Address-DPA, and so on since they are immune to only SPA. Also, overlapping window method has a drawback that requires big memory. In this paper, we analyze existing countermeasures and propose an efficient and secure countermeasure that is immune to all existing SCA using advantages of each countermeasure. Moreover, the proposed countermeasure can enhance the efficiency using mixed coordinate systems.