• 한국컴퓨터정보학회논문지
• /
• 제23권11호
• /
• pp.75-84
• /
• 2018

Social engineering attack means to get information of Social engineering attack means to get information of opponent without technical attack or to induce opponent to provide information directly. In particular, social engineering does not approach opponents through technical attacks, so it is difficult to prevent all attacks with high-tech security equipment. Each company plans employee education and social training as a countermeasure to prevent social engineering. However, it is difficult for a security officer to obtain a practical education(training) effect, and it is also difficult to measure it visually. Therefore, to measure the social engineering threat, we use the results of social engineering training result to calculate the risk by system asset and propose a attack graph based probability. The security officer uses the results of social engineering training to analyze the security threats by asset and suggests a framework for quick security response. Through the framework presented in this paper, we measure the qualitative social engineering threats, collect system asset information, and calculate the asset risk to generate probability based attack graphs. As a result, the security officer can graphically monitor the degree of vulnerability of the asset's authority system, asset information and preferences along with social engineering training results. It aims to make it practical for companies to utilize as a key indicator for establishing a systematic security strategy in the enterprise.

• Journal of applied mathematics & informatics
• /
• 제40권1_2호
• /
• pp.289-303
• /
• 2022

This article examines the multidimensional index extraction method of the disability social security system based on data mining. While creating the data warehouse of the social security system for the disabled, we need to know the elements of the social security indicators for the disabled. In this context, a clustering algorithm was used to extract the indicators of the social security system for the disabled by investigating the historical dimension of social security for the disabled. The simulation results show that the index extraction method has high coverage, sensitivity and reliability. In this paper, a multidimensional extraction method is introduced to extract the indicators of the social security system for the disabled based on data mining. The simulation experiments show that the method presented in this paper is more reliable, and the indicators of social security system for the disabled extracted are more effective in practical application.

• 한국재난정보학회 논문집
• /
• 제1권1호
• /
• pp.27-42
• /
• 2005

Recently the demand for civil security and security guards shows rapid growth. However the supply and training system have some limitations. Educational and training systems for civil body and security guards are in the basic level and private organizations trained the professional work force. So this paper is showing what a social dominant factor and a divice of development of the private security. Capitalism is based on a material desire of the human being. the social control of capital value and the management of capital ability reflects the actual condition of the capitalism well. The unconstrained growing and the expansion of capitalism, it finally lost social meaning and an importance of human being element and the safety of the civilian life, began to threat the security of citizen by forming over the material center structure of society. Improving human life quality and material richness on their life leads positive factor of capitalism whereas is causing several crimes through the society which is being threatened around a human being life for a negative factor of the capitalism. Therefore capitalistic social system has offered both a positive factor 'growing' and 'richness' and that of a negative 'structural poverty' and 'lack of security' and they have been remaining the assignment of capitalism 'poverty' and 'security' by settlement in the society for a extremely phenomenon of both sides. In Korea because their recognition of the study approach and the social safety for social security control function is still staying first step and our daily life is annoying from various threat of the society. many studies and the realistic necessity of experience related with social security is being studied. In addition. The development possibility of the civil guard and defense at the civil field which will be keep the social security has a wide position but its study approach and realistic comprehension is still in insufficient condition.

• 정보보호학회논문지
• /
• 제22권6호
• /
• pp.1337-1344
• /
• 2012

현재 큰 성장세를 나타내고 있는 소셜커머스 서비스의 전자결제 시스템을 분석한 결과 대부분 결제금액을 변조할 수 있음을 발견하였다. 본 논문은 이러한 카드결제 시스템 상에서 발생하는 금액변조의 문제점을 해결하기 위한 방안을 제안한다. 제안된 방안은 소셜커머스 업체의 서버와 전자결제대행업체 서버간의 검증 체계를 추가하여 구매자가 결제흐름에 관여할 수 없도록 함으로써 결제금액 변조를 원천적으로 막는 방법이다.

• 한국정보시스템학회지:정보시스템연구
• /
• 제28권4호
• /
• pp.105-129
• /
• 2019

Purpose Issues related to information security have been a crucial topic of interest to researchers and practitioners in the IT/IS field. This study develops a research model based on a Structure-Conduct-Outcome (SCO) framework for the social exchange relationship between employees and organizations regarding information security. Design/methodology/approach In applying an SCO framework to information security, structure and conduct are activities imposed on employees within an organizational context; outcomes are activities that protect information security from an employee. Data were collected from 438 employees working in manufacturing and service firms currently implementing an information security policy in South Korea. Structural equation modeling (SEM) with AMOS 22.0 is used to test the validation of the measurement model and the proposed casual relationships in the research model. Findings The results demonstrate support for the relationships between predicting variables in organization structure (security policy and physical security system) and the outcome variables in organization conduct (top management support, security education program, and security visibility). Results confirm that the three variables in organization conduct had a positive effect on individual outcome (security knowledge and compliance intention).

• 산업경영시스템학회지
• /
• 제33권3호
• /
• pp.1-9
• /
• 2010

To protect information resources, many organizations including private corporate and government employ integrated information security systems which provide the functions of intrusion detection, firewall, and virus vaccine. So, in order to develop a reliable integrated information security system during the development life cycle, the managers in charge of the development of the system must effectively distribute the development resources to the quality factors of an integrated information security system. This study suggests a distribution methodology that minimizes the total cost with satisfying the minimum quality level of an integrated information security system by appropriately assigning development resources to quality factors considered. To achieve this goal, we identify quality factors of an integrated information system and then measure the relative weights among the quality factors using analytic hierarchy process (AHP). The suggested distribution methodology makes it possible to search an optimal solution which minimizes the total cost with satisfying the required quality levels of processes by assigning development resources to quality factors during the development life cycle.

• 정보보호학회논문지
• /
• 제23권6호
• /
• pp.1087-1101
• /
• 2013

스마트폰, 태블릿 PC 등 스마트 기기가 보급되면서 SNS(Social Network Services)의 사용자가 증가하고 있다. SNS는 연령이나 직업 등 사용자의 배경과 무관하게 많은 사람들과 인맥 형성을 할 수 있고, 정보를 쉽고 빠르게 전달하는 도구로 사용되고 있다. 최근에는 SNS의 장점을 악용하는 역기능이 이슈화되고 있다. 예를 들면, 계정 생성이 간편하고 인증절차 없이 가입할 수 있는 점을 통해 한 사용자가 다수의 계정을 생성하여 광고성 글 게재, 악성 댓글 등 악성 행위를 하거나, 친구관계를 맺어 사용자의 개인정보를 유출하는 것을 꼽을 수 있다. 본 논문에서는 세계적으로 가장 점유율이 높은 SNS인 페이스북을 연구대상으로 정한다. 따라서 페이스북 사용자들로부터 생성되는 정보를 안전하게 공유하고 서로 간의 신뢰관계를 보장하며, 악성 행위를 하는 사용자나 봇을 판단하기 위해 사용자의 행동을 기반으로 신뢰기준을 선정하여 이에 따른 신뢰점수를 사용자 계정에 적용시키는 방법을 제안한다.

• 시큐리티연구
• /
• 제61호
• /
• pp.59-85
• /
• 2019

4차 산업혁명으로 현실세계와 가상세계의 경계가 사라지는 현실에서 시공간을 초월하여 발생하는 사이버범죄에 대하여 실정법 체계 하에 구축된 정부조직의 경찰 공권력으로만 경찰의 임무를 다 하는데 분명한 한계를 갖고 있다. 본 논문은 문헌적 연구와 보안업무 경험을 토대로 사이버범죄에 대하여 실시간 대응할 수 있도록 각 사회분야의 집단지성이 자발적으로 참여할 수 있는 사회적 시스템을 구축하여 사이버공간에서의 범죄를 예방하고 사회적 공감대를 형성할 수 있는 대책방안을 제시하는 것을 목적으로 연구하였다. 집단지성 네트워크형 사이버폴리스 자원봉사시스템 구축을 위한 방안으로 우선, 집단지성 네트워크형 사이버폴리스 자원봉사시스템 구축이 필요하다. 이 구성은 제반 안전관리 전문가 등으로 구성한다. 그리고 경찰청의 경비업법상 민간조사업무 규정이 신설되어야 한다. 또한 집단지성 사이버폴리스 자원봉사시스템의 안전지킴이 봉사활동을 강화해야 하며, 선진국들의 사이버범죄에 대한 연구교훈 및 법적 대응방안이 도입되어야 한다. 끝으로 개인정보 보호법, 정보통신망 이용촉진 및 정보보호 등에 관한 법률, 신용정보의 이용 및 보호에 관한 법률 등의 과도한 규제 규정을 개정하여야 하며, 경찰관은 사전예방활동을 위한 사이버범죄 위해 인지능력을 배양해야 한다.

• 한국재난정보학회 논문집
• /
• 제2권1호
• /
• pp.3-18
• /
• 2006

Recently the demand for civil bodyguards and security guards shows rapid growth by the social development and improve the quality of life. However the supply and training system have some limitations in spite of the high demand guard-secretary. The main role of secretaries has been to accompany superiors in order to maintain their dignity or trait. But the secretaries are required to play additional roles of safety managers such as a security manager, a protocol manager, an intelligence manager and a protective driver in order to overcome the domestic and the international safety environment and to elevate the quality of service as a competitive work. So, the purpose of this article is to analyse current situation of civil body and security guard training industry and to seek an educational model. For it, the following questions will be examined. First, Do the professional training organizations meet social demand for the body and security guards? Second, What kind of training has to be provide for the body and security guards? and what the qualifications of the trainers? Then, what are the differences in training courses between private organizations and universities? Is there differences in the job placement among the trainers of private organizations and universities? etc.. In summary to meet the social demand common curriculum for the body and security guard will be drawn from the analyses of diverse training organizations with different training courses in contents, training periods, educational value, and social aim.

• 융합보안논문지
• /
• 제12권5호
• /
• pp.87-97
• /
• 2012

최근 개인정보유출 사건이 빈번히 발생함에 따라 개인정보보호의 문제는 우리 사회의 가장 중요하고 민감한 사회적 의제로 급부상하고 있다. 실제로 개인정보는 그 종류나 유형, 경제적 가치와 민감성, 정보의 질 등에 따라 유출 시 심각한 사회적 위협을 야기할 수 있기 때문에 보다 정확하고 체계적인 개인정보보호 및 관리가 이루어지지 않을 경우 정보화 사회에 큰 혼란을 초래할 수 있다. 특히 업무에 있어 고객의 민감한 개인정보를 필요로 하는 중소 경호 경비업체의 경우, 수집한 정보가 유출 될 시 고객 신변이나 업체의 영업 비밀이 외부에 노출 되 심각한 위협이 있을 수 있어 더욱 큰 문제를 야기한다. 그러나 중소 경호 경비업체는 대기업에 비해 자금의 정도, 인력 부족 등의 문제로 인하여 자체 보안 시스템 구축에 많은 어려움이 있다. 따라서 본 연구에서는 경호 경비업체의 실정을 살펴보고, 그 중 중소 경호 경비업체들이 차지하는 규모와 정보보호의 현황, 특징들을 분석하여 정보보호 시스템 마련의 현실적 문제점 해결 방안으로 중소 경호 경비업체의 개인정보유출 방지를 위한 보안체계를 제안한다.