• Journal of Navigation and Port Research
• /
• v.31 no.2
• /
• pp.151-157
• /
• 2007

After World Trade Center's Terror in 2001 and promulgating Maritime Transportation Security Act (MTSA, 2002) and Security and Accountability For Every Port Act (SAFE Port Act, 2006) in the United States, most of the attention on security of international transportation including marine carrier and facility has focused increasingly. Inspection stations in foreign seaport terminal including Busan, South Korea, have been installed by Container Security Initiative (CSI) and Customs Trade Partnership against Terrorism (C-TPAT). The inspection station, however, may directly and indirectly affect delay of truck turnaround time in the seaport, especially high and severe level of security. This paper was analysed a risk for the additional average delay of truck turnaround time incurring by the inspection station under the all level of security, C-TPAT and CSI. As a result of this risk analysis, the higher weighted inspection time based on raising security level, the less number of trucks to be inspected, which will derive high delay in the inspection station.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.933-940
• /
• 2015

IT environments such as IoT, SNS, BigData, Cloud computing are changing rapidly. These technologies add new technologies to some of existing technologies and increase the complexity of Information System. Accordingly, they require enhancing the security function for new IT services. Information Security Pre-inspection aims to assure stability and reliability for user and supplier of new IT services by proposing development stage which considers security from design phase. Existing 'Information Security Pre-inspection' (22 domains, 74 control items, 129 detail items) consist of 6 stage (Requirements Definition, Design, Training, Implementation, Test, Sustain). Pilot tests were executed for one of IT development companies to verify its effectiveness. Consequently, for some inspection items, some improvement requirements and reconstitution needs appeared. This paper conducts a study on activation of 'Information Security Pre-inspection' which aims to construct prevention system for new information system. As a result, an improved 'Information Security Pre-inspection' is suggested. This has 16 domains, 54 inspection items, 76 detail items which include some improvement requirements and reconstitution needs.

• Fire Science and Engineering
• /
• v.20 no.4 s.64
• /
• pp.42-57
• /
• 2006

This study suggests improvement plans : safety check system security through combination in stages, unification of fire inspection, enterprising security of prevention work, enforcement of certificate of qualification for safety, activation of civil partner-ship of fire disaster prevention through contrast prevention work of administrative service with civil mind and an in-depth analysis : dispersed and duplicated management current safety check service, improper commission collection, immorality diffusion of involved, potential irregularities causes, deficit of professionalism security.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.13 no.1 s.28
• /
• pp.47-54
• /
• 2007

After September 11, 2001, the United State's Customs and Border Protection (CBP) has set up inspection stations in seaport terminals. The inspection station, however, may directly and indirectly affect delay time in the seaports, increasing by especially high and severe level of security. This paper studies for a methodology to analyze container delays versus security incurring by the various layouts of the inspection station in the United States.

• Journal of Software Engineering Society
• /
• v.28 no.1
• /
• pp.13-22
• /
• 2019

To enhance effective and efficient applications of automated security vulnerability checkers in highly competitive and fast-evolving IT industry, this paper studies a comprehensive set of security bug checkers in open-source static analysis frameworks and how they can be utilized for source code inspections according to the security vulnerability inspection guidelines by MOIS. This paper clarifies the relationship be tween all 42 inspection criteria in the MOIS guideline and total 323 security bug checkers in 4 popular open-source static analysis frameworks for Java web applications. Based on the result, this paper also discuss the current challenges and issues in the MOIS guideline, the comparison among the four security bug checker frameworks, and also the ideas to improve the security inspection methodologies using the MOIS guideline and open-source static security bug checkers.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.5
• /
• pp.725-730
• /
• 2017

The use of general IT resources in the Instrumentation and Control system(I&C) for the safety of Nuclear Power Plants(NPPs) is increasing. As a result, potential security vulnerabilities of existing IT resources may cause cyber attack to NPPs, which may cause serious consequences not only to shutdown of NPPs but also to national disasters. In order to respond to this, domestic nuclear regulatory agencies are developing guidelines for regulating nuclear cyber security regulations and expanding the range of regulatory targets. However, it is necessary to take measures to cope with not only general security problems of NPPs but also attacks specific to NPPs. In this paper, we select 42 items related to the vulnerability inspection in the contents defined in R.G.5.71 and classify it into 5 types. If the vulnerability inspection tool is developed based on the proposed analysis, it will be possible to improve the inspection efficiency of the cyber security vulnerability of the NPPs.

• Journal of the Society of Disaster Information
• /
• v.9 no.1
• /
• pp.113-122
• /
• 2013

As the patronage of railroad increased, the government tried to introduce several the railroad safety program. The introduction of security inspection system in railroad is also considered with this background. In this paper, we examined the foreign cases in U.S., Spain, and China. Also, we surveyed the railroad users' opinion with the security inspection system and analyzed the results of survey for the sufficient preparation for it. Consequently, we suggested the introduction of high-speed rail station by way of showing an example.

• Journal of Information Technology Services
• /
• v.21 no.4
• /
• pp.63-74
• /
• 2022

Globally researchers at medical institutions are actively sharing COHORT data of patients to develop vaccines and treatments to overcome the COVID-19 crisis. OMOP-CDM, a common data model that efficiently shares medical data research independently operated by individual medical institutions has patient personal information (e.g. PII, PHI). Although PII and PHI are managed and shared indistinguishably through de-identification or anonymization in medical institutions they could not be guaranteed at 100% by complete de-identification and anonymization. For this reason the security of the OMOP-CDM database is important but there is no detailed and specific OMOP-CDM security inspection tool so risk mitigation measures are being taken with a general security inspection tool. This study intends to study and present a model for implementing a tool to check the security vulnerability of OMOP-CDM by analyzing the security guidelines for the US database and security controls of the personal information protection of the NIST. Additionally it intends to verify the implementation feasibility by real field demonstration in an actual 3 hospitals environment. As a result of checking the security status of the test server and the CDM database of the three hospitals in operation, most of the database audit and encryption functions were found to be insufficient. Based on these inspection results it was applied to the optimization study of the complex and time-consuming CDM CSF developed in the "Development of Security Framework Required for CDM-based Distributed Research" task of the Korea Health Industry Promotion Agency. According to several recent newspaper articles, Ramsomware attacks on financially large hospitals are intensifying. Organizations that are currently operating or will operate CDM databases need to install database audits(proofing) and encryption (data protection) that are not provided by the OMOP-CDM database template to prevent attackers from compromising.

• Korean Security Journal
• /
• no.2
• /
• pp.61-81
• /
• 1999

While the progress of preparation for the 2002 World Cup games goes on the environment is changing by industrializations development of science and specialization of technology, because of that recently the crime has also became intellectual so the importance on countermeasure of safety has raised. The countermeasure for safety The stadium is a limited space where amount of population could be concentrated, so that in a moment there could be a great casualties by terrorism, specially there should be efficient countermeasures for bomb terrorism. So to be prepared for the problems that had been appeared on bomb terrorism activities of North Korea around the world, we should know about the inspection environment and special inspection environment, and for the prevention first of all I've studied on suitable way to inspect the stadiums secondly to plan on specialized training of the necessary personnel on inspection and finally efficiency of use on inspection equipment. With there following plans we could make perfect safety countermeasures focused on prevention for the successful World Cup games.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.1
• /
• pp.109-122
• /
• 2022

The purpose of information security activities is to reduce large-scale material and human accidents that are concerned about hacking damage to important systems, such as control systems, through periodic preventive activities in addition to finding the cause and taking follow-up measures after damage caused by hacking. For this reason, although each institution is using a security work audit model in accordance with the relevant regulations, it is not easy to conduct company-wide inspection activities due to the constraints of manpower and time. Therefore, in this paper, we will analyze the major vulnerabilities of public institutions over the past 10 years and present a security audit model that can perform efficient security activities compared to the models for domestic and foreign security audits.