Security Accidents Research Articles

금융기업의 보안대책이 금융 IT 보안책임과 위험감소 그리고 기업성과에 미치는 영향:변혁적 리더십의 조절효과

Information system (IS) security continues to present a challenge for firms. Especially, IT security accident is recently taking place successively in the financial sector. Thus, a comprehensive measure on this is demanded. A large part of a research on security relies upon technical design in nature and is restrictive in a consideration of person and organizational issue. To achieve a goal of firm security, it is possible with an effort of organizational management and supervision for maintaining the technical and procedural status. Based on a theory of accountability, we propose that the security countermeasures of organization lead to an increase in accountability and reduction in risk of IT security in a financial firm and further to firm performance like promotion in firm reliability. In addition, we investigate which difference a theoretical model shows by comparison between South Korean and American financial firms. As a result of analysis, it found that South Korea and America have significant difference, but that a measure on the financing IT security is important for both countries. We aim to enhance interpretability of a research on security by comparatively analysis between countries and conducting a study focus on specific firm called financial business. Our study suggest new theoretical framework to a research of security and provide guideline on design of security to financial firm.

The relationship between social security and work accident: how is our reality?

The relationship between social security and work accident: how is our reality?

Application of High-Formwork Technology in Wusong Road Passenger Station

Combining with the construction of Wusong Road Passenger Station, the paper explores the calculation method and construction technology of high-formwork support system, proposes the construction measure requirements of formwork, introduces the technical process, accumulates the experience of high-formwork design and construction, and popularizes the application of high-formwork technology in projects, which decreases the security accidents of high formwork and provides reference for the construction of similar projects in future.

모바일 애플리케이션을 위한 보안약점 구조화 기법에 대한 연구

In recent years, security accidents which are becoming the socially hot issue not only cause financial damages but also raise outflow of private information. Most of the accidents have been immediately caused by the software weakness. Moreover, it is difficult for software today to assure reliability because they exchange data across the internet. In order to solve the software weakness, developing the secure software is the most effective way than to strengthen the security system for external environments. Therefore, suggests that the coding guide has emerged as a major security issue to eliminate vulnerabilities in the coding stage for the prevention of security accidents. Developers or administrators effectively in order to use secure coding coding secure full set of security weaknesses organized structurally and must be managed. And the constant need to update new information, but the existing Secure Coding and Security weakness is organized structurally do not. In this paper, we will define and introduce the structured weakness for mobile applications by the surveys of existing secure coding and coding rules for code analysis tools in Java.

정보보호관리체계[ISMS] 인증이 조직성과에 미치는 영향에 관한 연구

본 논문은 최근 기업이나 조직에서는 산발적인 보안 관리에서 종합적이고 체계적인 정보보호관리체계가 요구되고 있으며 국내에서도 2001년 7월부터 정보보호관리체계(ISMS) 인증제도가 시행되어, 2012년 7월 현재 130개 업체가 인증을 받았으며. 이와 같이 ISMS 인증제도가 국내에 도입된 이래 인증수요는 꾸준히 증가하여 기업경쟁력의 중요한 수단으로 인식되어 가고 있는 추세인 반면 ISMS 인증의 실수요자가 인식하는 인증의 효과성 등의 질적인 측면이 미흡하다는 문제는 끊임없이 제기되어 오고 있다. 이에 따라 본 연구는 국내 ISMS 인증 취득기업 정보보호 담당자에 대한 설문조사를 통해 ISMS 인증이 기업의 경영성과에 얼마나 긍정적으로 영향을 미친다는 사실을 실증적으로 분석하여, 조직성과에 영향이 있다는 것을 입증하였으며 기업들로 하여금 ISMS 인증 취득의 효과를 인식하여 궁극적으로 ISMS 구축을 통해 보안 사고를 사전에 예방하고 기업성과를 향상시키는데 도움을 주고자 하였다. As Internet usage is rapidly spreading, tasks that were only possible offline are now available in cyber space but at the same time, new security threats such as hacking and viruses have also increased. For that reason, Comprehensive and methodical information security systems are therefore required in enterprises and organizations. Consequently, the Information Security Management System certification system has been in effect in Korea since July 2001. As of December 2012, 130 enterprises have been certified, and more than 120 ISO27001 certifications have been issued. As such, since the introduction of the ISMS certification system in Korea, the demand for the certification has been steadily increasing, and it is now recognized as an integral part of maintaining the competitiveness in an enterprise. However, the qualitative aspects of certification regarding the effectiveness of ISMS have been continuously questioned by actual customers. In order to clarify the situation and remove such doubts, this study will substantiate the fact that development and certification of ISMS positively affect the business performance of enterprises so that they will recognize the effect of obtaining ISMS certification and eventually prevent security accidents and improve their business performance by developing ISMS.

Analysis of Construction Safety Features and Assurance Measures for the Runway Expansion Project in Qingyang Airport

In order to ensure the safety of the runway expansion project in Qingyang airport, the paper conduct an in-depth analysis of construction safety features from the aspects of construction machinery and equipment, intercrossed construction, the construction team, the surrounding environment, and the construction time limit. First of all, measures are taken in terms of the safety regulatory agencies, the responsibility realization, related management systems, safety publicity, and three-level education. Then further measures are taken from the aspects of safety investment, safety facilities, hazardous source identification, and on-site safety management. These measures work together to make the whole project construction process without any security accidents and realize the intended goal.

Software Behavior Based Trustworthiness Attestation For Computing Platform

With a prevalence of pervasive computing, especially cloud computing , the software is at the core and play a vital role. This advance the security problem, so software trust is drawing increasing attention. Therefore, we need a unified trust relationship model between entities, which captures both the needs of the traditional computing world and the world of pervasive computing where the continuum of trust is based on identity, physical context or a combination of both. Here, we presents a software behavior based attestation model which try to determine the trust state of attesting platform from its system trust related behaviors. The new attestation model has advantages of privacy protection and high feasibility. In addition, it can also help to control and limit the impacts of security accidents such as malicious code in system. This paper also proposes a trust framework for service oriented application and displays its formalization model. It is useful for designing trust and reliable system and helpful for software developer’s analysis and validation of the application.

Design of Tire Pressure Sensor Based on High Integrated Wireless Sensor

This paper focus on how to improve wireless transmission efficiency, reduce the quality and volume of TPMS to reduce impact of tire balance in a moving vehicle. A tire pressure monitoring transmitter based on high integrated wireless sensor MPXY8300 is described in this paper and the hardware structure is being put forward. Introduced the way to reduce energy consumption, and wireless circuit design. This system can monitor the inner practical pressure and temperature of each tire and the security accidents can be avoided effectively.

Empirical Analysis of Behavior on Information Security

In this article, we raise some prohibited matters within the organizations from the viewpoint of information security measures, and investigate factors such as organizational attributes and individual attributes which impact the decision-making on complying with the rule. For the purpose, we designed the survey and conducted the survey entitled “Survey on Japanese workers’ awareness and behavior to information security measures” in March 2010. Then, by using the collected data and stepwise logit model as a statistical tool, we analyze the relationships. As a result, we found the features of respondents who took problematic behavior. For example, the individuals who had experience of some information security accidents, or who had low degrees of workplace satisfaction, tend to take problematic behavior. Next, as motivation behind the behaviors, individuals who assess to doing right moralistically low tend to take problematic behavior, too. Third, as psychological factor, degree of risk aversion (on insurance) and degree of risk perception influenced the problematic behavior. In addition, with regard to the organizational attributes, introducing power shift from ruling body to lower organization as incentive system for employee’s working would make individuals tend to take problematic behavior.

UC Berkeley Doctoral Dissertation: The Stewardship Claim at Los Alamos National Laboratory: Managing Hazardous Legal and Regulatory Environments

After a series of safety accidents in the mid-1990s, the Department of Energy via Los Alamos National Laboratory (LANL) claimed publicly that it could be the nation’s stockpile (the Stewardship Claim). The Laboratory did not define stewardship or what being a steward would require. This project begins by using knowledge from political and organization theory to help define what stewardship in the context of managing long-lived and highly hazardous materials would mean to a well-informed public, if it knew what to ask. Institutional Stewardship requires that such an organization be highly reliable (High Reliability), now and for the foreseeable future (Constancy), and inspire public trust and confidence. Institutional stewardship, by this definition, requires tremendous resources and an equivalent devotion to safety and security as to productivity.This study shows that legal and organizational structural problems at the higher levels of the DOE and LANL hierarchies produced the root causes of many safety and security accidents at LANL during the 1990s. These accidents produced tremendous unwanted public attention. The organization responded with the Stewardship Claim, which included massive changes to its legal and organizational structures designed to prevent accidents. However, though the research in this study showed that the top of the hierarchy was the largest single location of accident root causes, most of the changes to the legal and organizational structures focused on the lowest operator level of the hierarchy. Thus, safety and security accidents persisted even after LANL attempted to become the nation’s nuclear stockpile steward.Systemic causes of accidents can be understood by examining patterns shared between failures, something LANL did not do until it had been blaming nearly a decade of systems accidents on human operators. While, accidents of some sort are often normal in complex sociotechnical systems, properly designed legal regimes and organizational structures, can make it more likely that an organization will meet the demands required by institutional stewardship.

A design for secure and survivable wireless sensor networks

In this article, we present a study of the design of secure and survivable wireless sensor networks (WSN) that has yet to be addressed in the literature. Our goal is to develop a framework that provides the security and survivability features that are crucial to applications in a WSN, because WSNs are vulnerable to physical and network-based security attacks, accidents, and failures. To achieve such a goal, we first examine the security and survivability requirements. We then propose a security and survivability architecture in a WSN with heterogeneous sensor nodes. To understand the interactions between survivability and security, we also design and analyze a key management scheme. The results of the experiment show that a good design can improve both security and survivability of a WSN; however, in some situations, there is a trade off between security and survivability.

고성능 침입탐지 및 대응 시스템의 구현 및 성능 평가

최근 정보통신기반이 급속히 발달하고 사용자가 늘어남에 여러가지 사이버 공격이 늘어나고 있다. 침해사고를 예방하고 효과적인 대응방법이 마련된 침입탐지시스템들은 저속 환경에서의 실시간 분석에 적합하도록 설계되고 구현되었기 때문에, 증가하는 트래픽 양을 처리하는데 어려움이 있다. 또한, 기가비트 이더넷(Gigabit Ethernet) 환경과 같은 고속 네트워크 환경이 현실화되므로 대용량의 데이터를 처리할 수 있는 효과적인 보안 분석 기법들이 필요하다. 본 논문에서는 고속 네트워크 환경에 필요한 침입탐지 및 그 대응 방법에 위한 고속 침입탐지 메커니즘 적용 시스템을 제안한다 이는 패킷 헤더 기반의 패턴 매칭 기능과 시스템 커널 영역에서 수행되는 패킷 데이터 기반의 패턴 매칭 기능을 통해서, 고속 네트워크 환경에 적합한 침입탐지 메커니즘을 제안하며, 시스템의 성능을 기존 운용 시스템과 비교 분석함으로써, 제안한 침입탐지 메커니즘이 트래픽 처리성능면에서 최대 20배까지 우수했다. Recently, the growth of information infrastructure is getting fatter and faster. At the same time, the security accidents are increasing together. We have problem that do not handle traffic because we have the Intrusion Detection Systems in low speed environment. In order to overcome this, we need effective security analysis techniques that ran Processed data of high-capacity because high speed network environment. In this paper we proposed the Gigabit Intrusion Detection System for coordinated security function such as intrusion detection, response on the high speed network. We suggested the detection mechanism in high speed network environment that have pattern matching function based packet header and based packet data that is proceeded in system kernel area, we are shown that this mechanism was excellent until maximum 20 times than existing system in traffic processing performance.

침입탐지 시스템을 이용한 웹 스테고데이터 검출 시스템 설계 및 분석

인터넷의 보편화로 인해 일반 정보뿐만 아니라 중요 정보의 전송도 인터넷을 통하여 이루어지고 있다. 그렇기 때문에, 비밀리에 중요 데이터의 전송이나 비밀문서 등의 유출도 증가되고 있다. 그러나 그에 따는 보안 방안은 매우 취약한 실정이다. 따라서 본 논문에서는 네트워크 기반의 침입탐지시스템 모듈을 사용하여 네트워크를 통한 중요 정보의 유출을 탐지하는 것을 목적으로 한다. 그리고 중요 데이터의 유출과 테러에 대한 비밀문서의 방지 및 검출하기 위한 은닉정보검출방법을 제안하고 설계한다. 이는 기존의 은닉정보검출방법을 분석하고 그 중 스테고데이터에 대한 검출 방법을 이용하여, JPG, WAVE 등의 웹 데이터나 이메일의 첨부 파일에 스테고데이터 검출 방법에 초점을 맞추어 제안하고 설계한다. 또한, 본 논문에서 제안한 스테고데이터 검출 시스템을 실험을 통하여 분석한다. It has been happening to transfer not only the general information but also the valuable information through the universal Internet. So security accidents as the expose of secret data and document increase. But we don't have stable structure for transmitting important data. Accordingly, in this paper we intend to use network based Intrusion Detection System modules and detect the extrusion of important data through the network, and propose and design the method for investigating concealment data to protect important data and investigate the secret document against the terrorism. We analyze the method for investigating concealment data, especially we use existing steganalysis techniques, so we propose and design the module emphasizing on the method for investigating stego-data in E-mail of attach files or Web-data of JPG, WAVE etc. Besides, we analyze the outcome through the experiment of the proposed stego-data detection system.

Risk analysis for electronic commerce using case-based reasoning

Electronic commerce (EC) appears to be essential for an organization’s survival and growth. Then the security of the EC systems, which ensures authorized and correct transaction processing, becomes one of the most critical issues in implementing the systems. The analysis of risk that a system faces is the core part of security management since risk analysis can identify the principal assets, the threats and the vulnerabilities of those assets, and the risks confronting the assets. This study intends to develop a risk analysis system in an EC environment using the case-based reasoning (CBR) technique. The process of the proposed system is composed of four steps: initial data collection, asset evaluation, threat and vulnerability evaluation, and result generation of risk analysis. This process follows the traditional risk analysis process. This system employs the casebase of past analyses and security accidents. Although some studies introduced several case-based systems for risk analysis of traditional information system, none of them is under an EC environment. The proposed system is the first to apply the CBR technique for risk analysis of an EC system. Copyright © 1999 John Wiley & Sons, Ltd.