• International Journal of Computer Science & Network Security
• /
• v.23 no.2
• /
• pp.65-78
• /
• 2023

Investigations on information security factors re- main elusive at small and medium enterprises (SMEs), es- specially for custom-made software solutions. This article aims to investigate, classify, adopt factors from recent literature addressing information security resources. SMEs al- ready have information security in place, but they are not easy to adopt through the negotiation processes between the in-house software development companies and custom-made software clients at SMEs. This article proposes a strategic framework for implementing the process of adoption of the information security factors at SMEs after conducting a systematic snapshot approach for investigating and classifying the resources. The systematic snapshot was conducted using a search strategy with inclusion and exclusion criteria to retain 128 final reviewed papers from a large number of papers within the period of 2001-2022. These papers were analyzed based on a classification schema including management, organizational, development, and environmental categories in software development lifecycle (SDLC) phases in order to define new security factors. The reviewed articles addressed research gaps, trends, and common covered evidence-based decisions based on the findings of the systematic mapping. Hence, this paper boosts the broader cooperation between in-house software development companies and their clients to elicit, customize, and adopt the factors based on clients' demands.

• Journal of the Society of Disaster Information
• /
• v.2 no.1
• /
• pp.19-38
• /
• 2006

With rapid social change, security industries were diversified and universities related total security service were founded for training of specialist with a theory and practical affairs. Today, universities must provide an education which fits to job characteristics in rapidly changing society. Also students through this education must find their job properly. The purposes of this study, therefore, are to search a career selection of students majoring in total security service related departments and to study a role of universities for development of specialist related security industries. Revitalization plan of human resources for departments related security services are as follows ; roles of universities: a specialization of curriculum and a diversification of training method. 'academic-industrial cooperation', role of government: 'a legal and institutional policy on academic-industrial cooperation';. Universities, cooperations, government must cooperate mutually for development of specialist related security service field.

• Korean Security Journal
• /
• no.55
• /
• pp.75-95
• /
• 2018

The purpose of this study is to find the development of the examination security business plan based on the problem that guards are now aware of examination security service. To achieve the purpose of this study, the interview was conducted by interviewing interviews with five field related graduates and seven field specialists who are currently engaged in the examination for more than six years. The guard who perform national examination security service proposed a development plan of national examination security services as follows. First, the security guards at the national examination must complete an education program suitable for the nature of the workplace. Second, disaster and emergency response training should be added. Third, national examination security guards should be provided with mental training, search equipment and advanced equipment. Fourth, The National Examination Security Service should be specified in the Security Law so that laws and regulations can actively respond. Fifth, the related organization (contracting party) must raise the cost of service according to reality after realizing the property. Sixth, The national security service should ensure that security guards who have completed the security guards' training will be recruited.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.3-9
• /
• 2015

A web application that allows a web service created by a internal developer who has security awareness show certain level of security. However, in the case of development by outsourcing, it is inevitable to implement the development centered on requested function rather than the issue of security. Thus in this paper, we improve the software testing process focusing on security for exclusion the leakage of important information and using an unauthorized service that results from the use of the vulnerable web application. The proposed model is able to consider security in the initial stage of development even when outsourced web application, especially, It can prevent the development schedule delay caused by the occurrence of modification for program created by programer who has low security awareness. This result shows that this model can be applied to the national defense area for increasing demand web application centered resource management system to be able to prevent service of web application with security vulnerability based on high test.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.117-124
• /
• 2014

Software Development Security is defined as a sequential procedure such as deleting potential security vulnerability for secure software development, designing or implementing various functions with considering security, and so on. In this paper, we research on domestic or international hacking cases that could damage us mentally or financially. Seventy five percent of Web-site attacks abuses weak points of application programs, or software. We also research on major issues related to software development security with these demerits. And then, we propose public and private laws, regulations, or systems and give some examples with detailed descriptions.

• International Journal of Advanced Culture Technology
• /
• v.5 no.1
• /
• pp.32-39
• /
• 2017

The ideology of space development can be classified into three types: national security, scientific inquiry, and commercialism. Korea and Japan have influenced the space development innovation system by different proportions. In the rhetoric analysis of Kim Young Sam, Kim Dae Jung, Roh Moo Hyun, and President Lee Myung Bak, the periods when Korea's space development began in earnest, the pragmatism (commercialism) of strengthening industrial competitiveness through space development has been consistently emphasized. But it also maintains national security and scientific inquiry as ancillary.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.71-75
• /
• 2004

The Common Criteria (CC) philosophy is to provide assurance based upon an evaluation of the IT product or system that is to be trusted. Evaluation has been the traditional means of providing assurance. It is essential that not only the customer' srequirements for software functionality should be satisfied but also the security requirements imposed on the software development should be effectively analyzed and implemented in contributing to the security objectives of customer's requirements. Unless suitable requirements are established at the start of the software development process, the re suiting end product, however well engineered, may not meet the objectives of its anticipated consumers. By the security evaluation, customer can sure about the quality of the products or sys tems they will buy and operate. In this paper, we propose a selection guide for If products by show ing relationship between security engineering and security evaluation and make help user and customer select appropriate products or system.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.387-402
• /
• 2020

Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.

• International Journal of Computer Science & Network Security
• /
• v.22 no.7
• /
• pp.283-293
• /
• 2022

One of the important areas of state policy in the socio-economic and cultural development of the country is cultural diplomacy. It contributes to the information dissemination about the country, strengthens interstate relations, and forms a positive image. Through cultural diplomacy, we achieve a positive perception of the world community of the country, determined by its place in the modern system of international relations. The aim of the study is a comparative analysis of cultural diplomacy opportunities for sustainable development at different levels of public relations, as well as the impact of cultural diplomacy opportunities on the indicators of the Global Sustainable Competitiveness Index and the Global Sustainable Development Index. Regarding the results of the research on the impact of cultural diplomacy opportunities on the indicators of the Global Index of Sustainable Competitiveness and the Global Index of Sustainable Development, four groups are identified among the countries of the European Union: countries with a very high level of sustainable competitiveness and sustainable development; countries with a high level of sustainable competitiveness and sustainable development; countries with low levels of sustainable competitiveness and sustainable development.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.11
• /
• pp.79-83
• /
• 2016

In this paper, we define four levels of analysis, design, implementation, and testing of the configuration of the development phase by S/W development life cycle. In particular, it dealt with the stage of the analysis phase to prepare an information system developed intensively. Details of the derivation of the information security requirements, it can be seen that comes from the perspective of confidentiality, integrity, availability and accountability, etc. It dealt with from the first manifestations of the projects planning to final planning to establish information security in activities of the Information Security requirements. As an example exhibited by assessing the information security analysis phase activities of S corporations, it can be seen that the improved sales rise in information security activities.