• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.91-105
• /
• 2024

As the number of cases of applying IT systems to the existing isolated ICS (Industrial Control System) network environment continues to increase, security threats in the ICS environment have rapidly increased. Security threat scenarios help to design security strategies in cybersecurity training, including analysis, prediction, and response to cyberattacks. For successful cybersecurity training, research is needed to develop valid and reliable security threat scenarios for meaningful training. Therefore, this paper proposes a case-based security threat scenario development methodology for cybersecurity training in the ICS environment. To this end, we develop a methodology consisting of five steps based on analyzing actual cybersecurity incident cases targeting ICS. Threat techniques are standardized in the same form using objective data based on the MITER ATT&CK framework, and then a list of CVEs and CWEs corresponding to the threat technique is identified. Additionally, it analyzes and identifies vulnerable functions in programming used in CWE and ICS assets. Based on the data generated up to the previous stage, develop security threat scenarios for cybersecurity training for new ICS. As a result of verification through a comparative analysis between the proposed methodology and existing research confirmed that the proposed method was more effective than the existing method regarding scenario validity, appropriateness of evidence, and development of various scenarios.

• Nuclear Engineering and Technology
• /
• v.51 no.6
• /
• pp.1696-1707
• /
• 2019

This paper conducts a qualitative policy analysis of current challenges to safety culture and security culture in Southeast Asia and emerging best practices in Northeast Asia that are aimed at strengthening both cultures. It analyses lessons, including strengths and limitations, that can be derived from Northeast Asian states, given the long history of nuclear energy in South Korea, China and Japan. It identifies and examines best practices from Northeast Asia's Nuclear Security Centres of Excellence in terms of boosting nuclear security culture and their relevance for Southeast Asia. The paper accentuates the important role of the State in adopting policy and regulatory frameworks and in institutionalising nuclear education and training programmes to deepen the safety-security cultures. Best practices in and challenges to developing a nuclear safety culture and a security culture in East Asia are examined using three frameworks of analysis (i) a comprehensive nuclear policy framework; (ii) a proactive and independent regulatory body; and (iii) holistic nuclear education and training programmes. The paper argues that Southeast Asian states interested in harnessing nuclear energy and/or utilising radioactive sources for non-power applications must develop a comprehensive policy framework on developing safety and security cultures, a proactive regulatory body, and holistic nuclear training programmes that cover both technical and human factors. Such measures are crucial in order to mitigate human errors that may lead to radiological accidents and nuclear security crises. Key lessons from Japan, South Korea and China such as best practices and challenges can inform policy recommendations for Southeast Asia in enhancing safety-security cultures.

• International Journal of Computer Science & Network Security
• /
• v.21 no.11
• /
• pp.177-180
• /
• 2021

The theoretical and methodological provisions that allow to systematically and comprehensively study the postgraduate pedagogical education of teachers; the essence and features of postgraduate pedagogical education of teachers of diverse training institutions, providing professional and pedagogical training of this category of pedagogical personnel, have been determined; regularities, principles and conditions for the implementation of promising directions of development of the system of postgraduate pedagogical education for teachers of diverse training have been developed; developed technological support for the development of postgraduate pedagogical education for teachers of multidisciplinary training; identified and substantiated promising directions for the development of postgraduate pedagogical education for teachers of multidisciplinary training in vocational education, due to the modernization.

• Journal of Labour Economics
• /
• v.36 no.1
• /
• pp.63-91
• /
• 2013

This paper analysed the training effects on wage and employment security by the non-standard worker types by using Economically Active Population Additional Survey data. Through propensity score matching method, we found that the regular workers' training effect on wage was 4.2%, that was very higher than 2.7% of fixed-term workers. Logistic regression analysis showed that the training participation itself did not affect on the regular workers' regular position continuance, but training duration affected. Just in fixed-term workers among non-standard workers, both of training participation and training duration affected the transition from non-standard position to regular position. The result that both training effects on wage and on employment were positive just in the fixed-term workers might be interpreted owing to the clear employment contract relation between employer and employees.

• Journal of Information Technology Applications and Management
• /
• v.22 no.2
• /
• pp.171-199
• /
• 2015

This study proposes the practical information security measures that help IT personnel of banks comply the information security policy. The research model of the study is composed of independent variables (clarity and comprehensiveness of policy, penalty, dedicated security organization, audit, training and education program, and top management support), a dependent variable (information security policy compliance intention), and moderating variables (age and gender). Analyses results show that the information security measures except 'clarity of policy' and 'training and education program' are proven to affect the 'information security policy compliance intention.' In case of moderating variables, age moderated the relationship between top management support and compliance intention, but gender does not show any moderating effect at all. This study analyzes information security measures based solely on the perception of the respondents. Future study may introduce more objective measurement methods such as systematically analyzing the contents of the information security measures instead of asking the respondents' perception. In addition, this study analyzes intention of employees rather than the actual behavior. Future research may analyze the relationship between intention and actual behavior and the factors affecting the relationship.

• Convergence Security Journal
• /
• v.13 no.5
• /
• pp.117-127
• /
• 2013

Even though, the Korean private Security Guard's industry is developing, it did not reached at the expected quality services because of the below cost tendering from flooded small security companies, consequently low pays and fragile benefits occur therefore, the skill level and morale decreased. Also, the private security guards field's education, training and development of expert certification system is not enough. One of the plans to solve these problems can be invigorate the certification system. The improving ways are suggested after the research and the analysis of the certification system as below. First, the qualification system to become a security leader will need to add directly related subject, skill examination and continuous refresh training. Moreover, it needs accurate needed the number of the securities and the reduction of the 1st examination exemption object. Second, the qualified system to be become securities will need to strengthen on standard of qualification and focus on skill evaluation, the job education need to state by the law, also exemption for applicant who approached requirements.

• Korean Security Journal
• /
• no.17
• /
• pp.69-89
• /
• 2008

As year passes, terrorism is gradually increasing. Its target has becom various and arbitary, and recently, terrorists are aiming for national major facilities wich include multiplex facilities. Although special security guards took charge of its defence system from 2002, they have failed to establish its system firmly due to some institutional inertia. And 'Professionalism' appeared to be the mattter, according to the spot-probe and interviews. The purpose of this essay is to devise measures to develop sepecial security system including its specialization through investigating current educational training system. In order to attain professionalism, establishment of new proffessional school, division of current education system(into common education and full-course education), and reinforcement of substantial inspection activity should be preceded. Moreover, inspection activity should include standards for engaging instructors, establishment of compilation committee for editorial supervision, and establishment of clear educational policy. I hope the developmental measures in this essay to be speedily actualized with endeavor from police, security association, academic circles.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.39-45
• /
• 2020

Despite the increasing interest in cyber security in recent years, the emergence of new technologies has led to a shortage of professional personnel to efficiently perform the cyber security. Although various methods such as cyber rage are being used to cultivate cyber security experts, there are problems of limitation of virtual training system, scenario-based practice content development and operation, unit content-oriented development, and lack of consideration of learner level. In this paper, we develop a fuzzy rule-based user-customized training scenario automatic generation system for improving user's ability to respond to infringement. The proposed system creates and provides scenarios based on advanced persistent threats according to fuzzy rules. Thus, the proposed system can improve the trainee's ability to respond to the bed through the generated scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.269-281
• /
• 2018

Many organizations are threatened by numerous information security attacks which are resulting in information security incidents. To prevent information security incidents, organizations invest on various information security measures like information security products, monitoring services and security training and educations. However they do not have enough knowledge about measurable utilities of information security investments. Since there is little studies empirically examining the effect of information security investments, this research aims to find out utilities of information security investment. We especially focuse on information security service investments. This study examined the data from the survey on information security for business sector which was conducted by Korean information & security agency. We utilized negative binomial regression model, which is a suitable model for over-dispersed count data. We found out that an investment on information security education and vulnerability testing have direct impact on reducing information security incidents. This research academically contributed to shed light on the utility of information security investments on reducing information security incidents. This research practically contributed to providing information security investment guideline for organizations which want to reduce information security incidents efficiently.

• Management & Information Systems Review
• /
• v.31 no.1
• /
• pp.149-165
• /
• 2012

Nowadays due to the development of IT, hacking has become a major issue and importance of information system security is rapidly increasing. This research focuses on problems of training system security experts within Korea by analysing university's management information system curriculum and proposes an alternative way to solve this problem. The result of this research is the following. First, reformation of university's curriculum for successfully training system security experts is crucial. Second, theories that was learned in university courses need to be coherent to the actual work that the system security experts do in the field. Lastly, advanced IT countries like the US and Japan have already made standards on training system auditors and reinforced it with laws. Therefore Korea should establish a formal standard system like the other IT industry advanced countries.