• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1595-1606
• /
• 2015

Risk analysis is utilized in devising measures to manage information security risk to an acceptable level. In this risk management decision-making, the visualization of risk is important. However, the pre-existing risk visualization method is limited in visualizing risk factors three-dimensionally. In this paper, we propose an improved risk visualization method which can facilitate the identification of risk from the perspective of confidentiality, integrity, and availability respectively or synthetically. The proposed method is applied to an enterprise's risk analysis in order to verify how effective it is. We argue that through the proposed method risk levels can be expressed three-dimensionally, which can be used effectively for information security decision-making process for internal controls.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.889-903
• /
• 2015

As the number of recent information security incident occurrence increases, more and more workload and liability pressure are given to info-security professionals, which results in decrease of morale level of working groups in the field. In order to solve this problem, Korean government is providing various action plans to improve the morale level of info-security professionals, and also requiring financial companies to submit its own action plan of increasing morale of info-security professionals to Financial Service Agency. For this study, based on the previous studies and relevant professionals' interviews, we selected 16 critical morale increase variables, and performed survey for empirical analysis. As a result, 3 features; role, system, and relationship were presented as the main factor of morale increasement of info-security professionals. This study also suggests a decision making method of utilizing the developed morale measurement model for individual organizations.

• Journal of Digital Convergence
• /
• v.16 no.3
• /
• pp.225-236
• /
• 2018

Organizations continue to invest in the security of information technology as a means to be more competitive than others in their industry do. However, there is a relatively lack of interest in the information security compliance of employees who implement information security technologies and policies of organization. This study finds mechanisms for enhancing security compliance by applying theory of planned behavior, justice theory, and motivation theory in information security field. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. The results showed that organizational justice, sanction, and organizational identification affect the factors of the planned behavior theory and affect the employee's compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee's compliance intention on organization's security policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.929-939
• /
• 2018

The mobile office, which was expected to be a key strategy for business operation through business innovation, was slow to spread from the BYOD environment to information security issues. This study analyzes mobile office information security and analyzes countermeasures against mobile information security threats to analyze the influence of information security factors on corporate satisfaction and continuous use of mobile office service. The results of the study were identified through the research model and hypothesis, quantitative empirical analysis based on the questionnaire and qualitative empirical analysis based on the expert interview. Through this study, practical implications and future directions for mobile office service satisfaction and continuous use are suggested.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.215-223
• /
• 2019

The recent trend of cyber attack threat is mainly APT (Advanced Persistent Threat) attack. This attack is a combination of hacking techniques to try to steal important information assets of a corporation or individual, and social engineering hacking techniques aimed at human psychological factors. Spear phishing attacks, one of the most commonly used APT hacking techniques, are known to be easy to use and powerful hacking techniques, with more than 90% of the attacks being a key component of APT hacking attacks. The existing research for cyber security threat defense is mainly focused on the technical and policy aspects. However, in order to preemptively respond to intelligent hacking attacks, it is necessary to study different aspects from the viewpoint of social engineering. In this study, we analyze the correlation between human personality type (DISC) and cyber security threats, focusing on spear phishing attacks, and present countermeasures against security threats from a new perspective breaking existing frameworks.

• The Journal of the Korea Contents Association
• /
• v.19 no.5
• /
• pp.194-204
• /
• 2019

The mobile payment app market has been expanding recently. However, the usage rate of mobile payment apps is not meeting service providers' expectations due to concerns about security and privacy. This study investigated how personal predisposition and how the security signals of the payment app affect users' perceived privacy and security risks, and how these factors ultimately affect the trust of mobile payment apps. The results showed that privacy concerns increase the risk of perceived personal information leaks and reduce perceived mobile system security, while familiarity, perceived reputation, and assurance seal reduce the risk of perceived personal information leaks and increase perceived mobile system security. Finally, it revealed that the reduced risk of perceived personal information leaks and the increased security of mobile systems had a positive impact on the reliability of mobile payment apps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.95-104
• /
• 2010

As the information security industry has developed and its proportion in the national economy has increased, the demand for the information security manpower also has expanded. With the frequent turnovers of the information security professionals within the industry and between other industries, it is essential to investigate the causes of turnovers for the efficient human resource management and furthermore the sustainable growth of the industry. This study aims to analyze the factors affecting the information security professionals' turnover intention. We reviewed related researches to select the turnover causes that affect the turnover intention and tested the relationships between the turnover causes and the turnover intention. Human resource managers can use the results of this study to maximize the performance of the organization through the reasonable turnover management of information security professionals.

• Journal of Korea Port Economic Association
• /
• v.39 no.4
• /
• pp.285-294
• /
• 2023

This study addresses the unique nature of port security services, which encompass a blend of both public and private components, distinguishing it from conventional police services exclusively focused on public welfare. The primary objective of port security is to thwart potential terrorist threats and address criminal activities within the port environment. The services offered include security screening for personnel and vehicles, assistance for port entrants and exit procedures, pass issuance, and guidance for port users arriving by vehicle. Despite the critical role played by port security, there is a notable absence of prior research assessing customer responses to these services. This study aims to fill this gap by defining port security services based on existing research, identifying the factors influencing the quality of port security services, and proposing recommendations for enhancing overall port security operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.1 no.1
• /
• pp.97-101
• /
• 1991

The polynomial factorization problem is important not only number theorly but chyptology with Discrete logarithm. We factorized polynolmials with integer coefficients by means of factori-zing polynomials on a finite field by Hensel's Lifting Lemma and finding factors of pol;ynomial with integer coeffcients.

• Knowledge Management Research
• /
• v.19 no.2
• /
• pp.109-132
• /
• 2018

Recently, new financial services related to FinTech has gained attention more and more. Online P2P financial services transactions such as FinTech require careful examination of the constituents of information systems as an investment is made based on the information presented on the online platform without direct face-to-face contact. The purpose of this study is to find out the success factors of online P2P Lending service among FinTech. To serve the purpose, we build IS (information system) success model, and then use Kano model and fuzzy analytic hierarchy process (Fuzzy-AHP) to find out factors for the success of online P2P Lending service. In particular, this study uses Kano model to classify information system satisfaction factors and to calculate the satisfaction coefficient. The Kano model, however, has a drawback of evaluating single criterion. Therefore, we use multi-criteria decision-making technique such as Fuzzy-AHP to derive the relative importance of the factors. The analysis results show different results depending on the analysis technique. In the Kano model, most of the information system factors are a one-dimensional quality attribute. The satisfaction coefficient is highest for personalized service, followed by the responsiveness of service, ease of using a system, understanding of information, usefulness of information' reliability. The service reliability is the highest in dissatisfaction coefficient, followed by system security, service responsiveness, system stability, and personalized service. The results of the Fuzzy-AHP analysis shows that the usefulness of information quality, the personalization of service quality, and the security of system quality are the significant factors and the stability of system quality was a secondary factor.