• International Journal of Computer Science & Network Security
• /
• v.22 no.10
• /
• pp.282-290
• /
• 2022

A huge budget is spent on technological solutions to protect Information Systems from cyberattacks by organizations. However, it is not enough to invest alone in technology-based protection and to keep humans out of the cyber loop. Humans are considered the weakest link in cybersecurity chain and most of the time unaware that their actions and behaviors have consequences in cyber space. Therefore, humans' aspects cannot be neglected in cyber security field. In this work we carry out a systematic literature review to identify human factors in cybersecurity. A total of 27 papers were selected to be included in the review, which focuses on the human factors in cyber security. The results show that in total of 14 identified human factors, risk perception, lack of awareness, IT skills and gender are considered critical for organization as for as cyber security is concern. Our results presented a further step in understanding human factors that may cause issues for organizations in cyber space and focusing on the need of a customized and inclusive training and awareness programs.

• Proceedings of the KIEE Conference
• /
• 2008.07a
• /
• pp.205-206
• /
• 2008

Electrical Power System is very important infrastructure in the country. The functions of control, monitoring and so on in the electrical power system are implemented by information technologies(IT) through cyber space. Recently, many activities for enhancing cyber security in the world. In this paper, we introduce the study tendency of cyber security in power IT areas.

• Korean Security Journal
• /
• no.40
• /
• pp.109-145
• /
• 2014

Despite much discussions on cyber-terrorism in South Korea, several missing issues could be addressed. This paper attempts to deal with such missing but important issues. In South Korea, there has been little attentions on cyber-terrorism with the respects of national security strategy development under macro framework responding to future security environment. This article focuses on such issues. In other words, the purpose of this paper evaluates the meaning of national security threats raised from cyber-terrorism as a mode of security threats and proposes the matter of cyber-terrorism within the development of national security strategy in the future security environment. several issues in this discussion pass some important messages for the construction of national security strategic approach framework within the future security environment adding cyber-space. in the future environment, a new space called cyber is added as an important external condition which might determine the security of individuals, societies, and nations. Therefore, the fundamental strategic framework should be prepared. After that, the trend and direction of future technological advancement should be understood and the identity, nature, and types of threat should be analyzed. Also, after that, various responses and countermeasures are together constituted in the aspect of function and system regarding various anticipated threats of the future human society including cyber-terrorism.

• The Journal of Korean Association of Computer Education
• /
• v.8 no.5
• /
• pp.31-41
• /
• 2005

The purpose of this study is to identify the determinants of planned behavior of adolescent, toward information security and cyber crime prevention. A survey methodology was used to investigate a proposed model of influence, and regression analysis was used to analyze the results. The hypothesized model was largely supported by this analysis, and the overall results indicate that the intention to actively participate in information security and cyber crime prevention is mostly influenced by the fear for cyber crime and the perceived usefulness of information security and cyber crime prevention activity. In addition, it was found that the perceived easy of use for information-security related ICT skill, fear for cyber crime, and social norm for information security influence the level of usefulness, but that the prior experience with information leaking was statistically insignificant factor to the level of usefulness and fear for crime. Useful suggestions for promoting information security and cyber crime prevention are also provided.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.3
• /
• pp.37-47
• /
• 2020

The In the 4^th industrial revolution, cyber space will evolve into hyper-connectivity, super-convergence, and super-intelligence due to the development of advanced information and communication technologies, which will connect the nation's core infrastructure into a single network. As applying the 4^th industrial revolution technology to the cyber attack technique, it is evolving in an intelligent and sophisticate method. In order to response intelligent cyber attacks, it is difficult to guarantee self-defense in cyberspace by policy-oriented, preplanned-centric and hierarchical cyber response strategies. Therefore, this research aims to propose a situation-flexible & action-oriented cyber response mechanism that can respond flexibly by selecting the most optimal smart security solution according to changes in the cyber attack steps. The proposed cyber response mechanism operates the smart security solutions according to the action-oriented detailed strategies. In addition, artificial intelligence-based decision-making systems are used to select the smart security technology with the best responsiveness.

• Proceedings of the KIEE Conference
• /
• 2007.11b
• /
• pp.294-295
• /
• 2007

The importance of security is increased in power industry. Recently Power IT networks are attacked in cyber space and demage of attack become increased. For solving the problems, many research studies for network security enhancement are globally carried out in the world. In this paper, we introduce recent cyber attack cases, efforts for enhancing cyber safeness and put into perspective of potential security areas for power IT areas.

• The Journal of the Korea Contents Association
• /
• v.13 no.3
• /
• pp.141-151
• /
• 2013

With the spread of Personal Computers(PC) in the 1980's, many people started to deal businesses with PC. From late 1990's, the Internet age with PC have started and many people have showed keen interest in cyber-space and now they are utilizing it. Since 2000's the use of cyber-space have skyrocketed and it caused significant changes to humans' life. There was a huge prosperity to us but the new kind of crime, cyber-crime, was raised. Unlike past physical type of crimes, those cyber-crimes take place in the cyber-space and they have special features of non-facing, anonymity, specialty, technologic, repetition, continuation. Those cyber-crimes are continually growing since 2003 and in 2010 it almost doubled compared to 2003. General cyber-crimes like phishing-scam pornography circulation was most of them and notably perpetrators of them are younger generation. Recently cyber-crimes are showing the trend of advancing more and more and cyber-bullying, fraud like phishing scam are on the rise. The police are responding by making 'Cyber Terror Response Center', but it does not work effectively with the problems of breakup of prevention and investigation unit, procedure of investigation and the system itself. So, I suggest practical use of private security to remedy our police's weakness and to prevent cyber-crimes. Preventing solutions of cyber-crime with private security are physical defense of large-scale servers and vital computers, building of Back-up system to prevent vital data loss, and building of cyber-crime preventing system combining software and hardware.

• Korean Security Journal
• /
• no.39
• /
• pp.319-353
• /
• 2014

Cyber-based technologies are now ubiquitous around the glob and are emerging as an "instrument of power" in societies, and are becoming more available to a country's opponents, who may use it to attack, degrade, and disrupt communications and the flow of information. The globe-spanning range of cyberspace and no national borders will challenge legal systems and complicate a nation's ability to deter threats and respond to contingencies. Through cyberspace, competitive powers will target industry, academia, government, as well as the military in the air, land, maritime, and space domains of our nations. Enemies in cyberspace will include both states and non-states and will range from the unsophisticated amateur to highly trained professional hackers. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication. Cyberthreats to the infrastructure and other assets are a growing concern to policymakers. In 2013 Cyberwarfare was, for the first time, considered a larger threat than Al Qaeda or terrorism, by many U.S. intelligence officials. The new United States military strategy makes explicit that a cyberattack is casus belli just as a traditional act of war. The Economist describes cyberspace as "the fifth domain of warfare and writes that China, Russia, Israel and North Korea. Iran are boasting of having the world's second-largest cyber-army. Entities posing a significant threat to the cybersecurity of critical infrastructure assets include cyberterrorists, cyberspies, cyberthieves, cyberwarriors, and cyberhacktivists. These malefactors may access cyber-based technologies in order to deny service, steal or manipulate data, or use a device to launch an attack against itself or another piece of equipment. However because the Internet offers near-total anonymity, it is difficult to discern the identity, the motives, and the location of an intruder. The scope and enormity of the threats are not just focused to private industry but also to the country's heavily networked critical infrastructure. There are many ongoing efforts in government and industry that focus on making computers, the Internet, and related technologies more secure. As the national intelligence institution's effort, cyber counter-intelligence is measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions. However one of the hardest issues in cyber counterintelligence is the problem of "Attribution". Unlike conventional warfare, figuring out who is behind an attack can be very difficult, even though the Defense Secretary Leon Panetta has claimed that the United States has the capability to trace attacks back to their sources and hold the attackers "accountable". Considering all these cyber security problems, this paper examines closely cyber security issues through the lessons from that of U.S experience. For that purpose I review the arising cyber security issues considering changing global security environments in the 21st century and their implications to the reshaping the government system. For that purpose this study mainly deals with and emphasis the cyber security issues as one of the growing national security threats. This article also reviews what our intelligence and security Agencies should do among the transforming cyber space. At any rate, despite of all hot debates about the various legality and human rights issues derived from the cyber space and intelligence service activity, the national security should be secured. Therefore, this paper suggests that one of the most important and immediate step is to understanding the legal ideology of national security and national intelligence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.59-74
• /
• 2020

The web space where web applications run is the cyber information warfare of attackers and defenders due to the open HTML. In the cyber attack space, about 84% of worldwide attacks exploit vulnerabilities in web applications and software. It is very difficult to detect web vulnerability attacks with security products such as web firewalls, and high labor costs are required for security verification and assurance of web applications. Therefore, rapid vulnerability detection and response in web space by automated software is a key and effective cyber attack defense strategy. In this paper, we establish a security risk management model by intensively analyzing security threats against web applications and software, and propose a method to effectively diagnose web and application vulnerabilities. The testing results on the commercial service are analyzed to prove that our approach is more effective than the other existing methods.

• Korean Security Journal
• /
• no.51
• /
• pp.173-195
• /
• 2017

Recently, in South Korea, security management has been strengthened, but there have been an increasing number of cases where the main infrastructure of the country is hacked in the cyber space. South Korea is equipped with sophisticated information and communication technologies, such as Internet, but is threatened by cyber terrorism of North Korea and terrorist organizations. Nevertheless, there is a limit to how to develop a policy and strategic plan for the country, which is related to domestic terrorism and lacks legal and regulatory facilities, and therefore, in this study, proposed suggestions for building adaptive and efficient policy formulation. Based on the theoretical analysis framework of the Strategic Plan for achieving the objectives of the research, we compared the UK 's security strategy with the national security policy of the domestic government. As a result, several problems were derived: First, the domestic security strategy did not take into account the external environment. Secondly, lack of coordination with domestic cyber security goals setting and strategy is causing ambiguity and confusion. Third, the detailed plan of implementation of national security in each province is designed to ensure that there is a possibility that a mixed side effect between ministries and agencies will arise. Fourth, it was found that there was a limit to prepare the evaluation standards for the evaluation and return of domestic security policies in the country. Therefore, in order to establish a policy for the response of domestic cyber terrorism, we set up a vision from long-term perspectives and concrete targets based on the strategic approach of the security policy, It is necessary to present an assignment and formulate an efficient execution plan. It is necessary to maintain and improve the domestic safeguards in order to be able to complement the problems through evaluation and feedback.