• Journal of Information Technology Services
• /
• v.18 no.5
• /
• pp.53-70
• /
• 2019

As information security becomes more important as the fourth industrial revolution gradually emerges, an efficient and effective way to find vulnerabilities in information systems is becoming an essential requirement of information security. As the point of the protection of current information and the protection of the future industry, the Korean government has paid attention to the bug bounty, which has been recognized for its efficiency and effectiveness and has implemented through the Korea Internet Security Agency's S/W vulnerability bug bounty program. However, there are growing problems about the S/W vulnerability bug bounty program of the Korea Internet Security Agency, which has been operating for about 7 years. The purpose of this study is to identify the problems in Korean bug bounty policies through the characteristics of the bug bounty program, and to suggest the direction of the government's policy to activate the bug bounty like changes in the government's approach utilizing the market.

• Safety and Health at Work
• /
• v.12 no.4
• /
• pp.471-478
• /
• 2021

Background: Employment standards (ES) include having a regular payday, regular breaks, the right to paid sick or vacation time, and paid wages. Inadequate ES contribute to the labour market vulnerability of workers; however, they are not typically considered to be risk factors for workplace injury. In a sample of Canadian workers, we examine the risk of injury associated with inadequate ES, independent of, and combined with inadequate workplace protections from workplace hazards. Methods: Data from 2,803 adults working 15 hours or more/week in workplaces with at least five employees were analysed. We explored associations between exposure to workplace hazards with inadequate protections [termed occupational health and safety (OHS) vulnerability] and inadequate ES on workplace injury (physical or mental injury; injury requiring time off). Additive interaction models were used to examine the independent and combined effects of these exposures. Results: Occupational health and safety vulnerability and inadequate ES were independently associated with increased injury outcomes. Adjusted models showed an additive relationship for all injury outcomes between OHS vulnerability and inadequate ES. Statistically significant superadditive relationships were observed for physical injury risk with policy and procedure vulnerability plus inadequate ES [synergy index (S) 1.50, 95% CI: 1.13-2.00] and for overall OHS vulnerability plus inadequate ES (S 1.53, 95% CI: 1.16-2.02), suggesting a combined effect greater than independent effects. Conclusion: Occupational health and safety vulnerability and inadequate ES are independently associated with workplace injury. For certain injury outcomes, the combined effect of OHS vulnerability and inadequate ES is greater than the independent effects of each individual exposure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.921-932
• /
• 2015

We proposed a new scoring system on software vulnerabilities, which calculates quantitatively the severity of software vulnerabilities. The proposed scoring system consists of metrics for vulnerability severity and scoring equations; the metrics are designed to measure the severity of a software vulnerability considering the prevalence of the vulnerability, the risk level of the vulnerability, the domestic market share of the software and the frequency of the software. We applied the proposed scoring system to domestically reported software vulnerabilities, and discussed the effectiveness of the scoring system, comparing it with CVSS and CWSS. We also suggested the prospective utilization areas of the proposed scoring system.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.59-68
• /
• 2016

Recently, many domestic and foreign industries is increasing gradually in the importance of security such as the emergence of a Convergence Information Technology(internet of things, cloud computing service, big data etc). Among these techniques, the industrial security market is expected to grow gradually and the evolution of security technologies, as well as vulnerabilities are also expected to increase. Therefore, an increase in physical vulnerability factors it is no exaggeration to standards that are determining the security of industrial security. In this paper will be analyzed to the physical security technology and case study, physical vulnerability factor. Thereby this is expected to be utilized as a basis for the countermeasure of physical corresponding infringement and attack in a future.

• Asia Marketing Journal
• /
• v.21 no.3
• /
• pp.47-64
• /
• 2019

We analyze and study competition in differentiated product market using public data source. Understanding competitive market structure is critical for firms to assess how their products compete against other firms in a given market. In this paper, we estimate consumer demand, extend clout and vulnerability framework, and study competition among multi-product manufacturers in differentiated product market. For our empirical analysis, we adopt choice-based aggregate demand model and estimate consumer demand while accounting for unobserved product characteristics. Once we estimate consumer demand, we compute full price elasticity matrix and investigate intra- and inter- manufacturer substitutions among consumers. This research offers a framework for marketers to analyze and understand market structures, leading them to informed decisions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.573-586
• /
• 2021

As the proportion of non-contact work is increasing in the situation of COVID-19 pandemic, the collaboration program market is growing rapidly. As the size of the market grows, vulnerabilities in collaborative programs are constantly being disclosed which increases interest in the security of collaborative tools. In this paper, we introduce the results of vulnerability analysis on Electron-based collaboration programs, noting that a number of collaboration programs are based on the Electron framework, and propose countermeasures to enhance the security of Electron-based applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1523-1537
• /
• 2018

The AI speaker is a simple operation that provides users with useful functions such as music playback, online search, and so the AI speaker market is growing at a very fast pace. However, AI speakers always wait for the user's voice, which can cause serious problems such as eavesdropping and personal information exposure if exposed to security threats. Therefore, in order to provide overall improved security of all AI speakers, it is necessary to identify potential security threats and analyze them systematically. In this paper, security threat modeling is performed by selecting four products with high market share. Data Flow Diagram, STRIDE and LINDDUN Threat modeling was used to derive a systematic and objective checklist for vulnerability checks. Finally, we proposed a method to improve the security of AI speaker by comparing the vulnerability analysis results and the vulnerability of each product.

• Journal of Distribution Science
• /
• v.9 no.4
• /
• pp.43-50
• /
• 2011

Concerning the risk factors of the outbreak of a fire in a traditional market, most of those markets are located in downtown areas or residential areas; thus, although their location may be favorable in terms of marketability, they face a potential risk in that a fire may develop into a large blaze owing to poor environment or the absence of facilities prepared for disaster during a fire. Moreover, as many people are densely poised in the markets, it is very probable that a fire may occur owing to the excessive use of heaters in the winter as well as the reckless use of electric and gas facilities. It seems that traditional markets encounter difficulty being insured against fire, because of their vulnerability and that the vast majority of small-scale sellers are likely to suffer mental anguish and tremendous physical injury in case of a fire. However, most of those sellers in the traditional markets are hand-to-mouth sellers, and they lack awareness of safety concerns and have insufficient experience in safe facility management. As small-scale sellers constitute the majority in the traditional market, the subscription rate of fire insurance in most of the traditional markets is low for the reasons of their needy circumstances and their financial burden. Statistically, the subscription by street vendors is non-existent; therefore, these vendors have a fairly limited access to indemnification after fire damage. Because of these problems, this study's purpose is to identify the current level of insurance subscription by these markets, which are exposed to poor facilities and vulnerability to fire. In order to fix this, it appears that shop owners and consumers will have to band together. For this study, we executed a fire policyholder fact-finding mission at traditional markets with approximately 108 and 981 stores. The research method was executed by an investigation using one-on-one individual interviews using a questionnaire. The contents investigated current insurance subscriptions. The method of analysis looked at the difference of insured amount according to volume size through cross-tabulation of the difference of insured amount by possession form, difference of insured amount by market form, difference of insured amount by category of business, difference of insured amount by market size, etc. Furthermore, the study should be used to propose solutions for problems through theoretical review with the use of a literature research, because the field case study was through interviews with the persons concerned, and the survey of the current insurance subscriptions by traditional market shopkeepers. The traditional market would generally have difficulty affording fire insurance. Fire insurance subscription rates of most of the market proved to be inactive, because of the economic burden of payment. Lack of funds is thought to be the main factor that causes a lack of realization about the necessity of fire insurance. In addition to expensive insurance premiums, sometimes, the companies' valuation of the businesses is lower than their actual valuations, and they do not pay out enough during a claim. The research presents an improvement plan that, when presented at the traditional markets, may strengthen their ability to procure fire insurance through the help of the central government. Researchers connected with the traditional market mainly accomplish the initial research. However, although this research has its limitations, it offers considerable benefits. For future researchers, I would suggest looking at several regions for comparison.

• East Asian Economic Review
• /
• v.24 no.1
• /
• pp.89-124
• /
• 2020

Even with the sizable Foreign Exchange (FX) holdings and good credit ratings of its top assets, Asia remains vulnerable to various shocks. This paper highlights the limited cross-border asset pledgeability as a significant factor for the lingering vulnerability in Asia. The dichotomy in asset holdings between pledgeable FX and non-pledgeable domestic assets in major economies in Asia has been the source of increasing stabilization costs as well as weakened market momentum in the region. Specifically, the peculiar feature of asset holdings in Asia reflects seriously deficient cross-border asset pledgeability that is left unaddressed. Asset pledgeability contributes toward financial stability via three channels: 1) capital market development by recognizing the role of collateral, 2) increased shock absorption capacity via collateral management, 3) and the newly activated safe asset provision. Therefore, it is crucial to go beyond the usual market development strategy and expand the overall asset pledgeability in the region that has remained unduly depressed.

• Management & Information Systems Review
• /
• v.27
• /
• pp.149-172
• /
• 2008

Since the 9/11 terror attack, the event which caused supply chain disruption, supply chain security has becomes more important than ever before. Furthermore, such company's logistics strategies conflicting supply chain security as increased global sourcing, JIT manufacturing are increasing supply chain vulnerability. It could burden for global companies to strengthen supply chain security because not only it requires additional investment cost but also changes of companiy's global logistics strategy. However, on the other hand, supply chain visibility and resilience can be improved through supply chain security. In addition, it allows companies to stabilize supply chain structure as well as rapid and flexible response to market demand. The key issue is balancing between efficiency and supply chain security. To do this, identifying risk elements under the supply chain and assessing vulnerability of each supply chain components should be performed before developing efficient supply chain security management system without obstructing supply chain efficiency.