Kyong-Ho Choi

A study on strengthening security awareness programs based on an RFID access control system for inside information leakage prevention

Systematic security policies and plans of many organizations or enterprises can be degraded due to user’s inattention and unconcern. Therefore, it is very important to guide establishing security policies through the education for users. However, existing security awareness program has problems that is not reflect for different user’s security level and not evaluation of the security policy that is established and implemented, because it use educating for users in the form of a cluster education on uniform contents. Thus in this study, we proposed a strengthening security awareness program using an intensive training method for users based on detecting violations of the established security policy. For detecting violation of established security policy, we use a physical access control method by RFID that protects data from an information system accessed by unauthorized persons through physical ways for visual checking. The strengthening security awareness program proposed in this study increases security levels for the users who have low security awareness levels and can intercept potential leakage paths of important information through improving minimum security levels in organizations or enterprises.

End-to-End Network Performance Management Framework Based on Case-Based Reasoning

In the high-throughput scientific applications or researches, the end-to-end high performance data transferring is a critical issue in network and end-systems. If the performance of data transfer were not guaranteed, their researches couldnt achieve successful results and even more the researches couldnt start to do. In order to cope with the complex fault of the end-to-end transmission performance, we proposed the end-to-end network performance management framework based on case-based reasoning with the case library and multi-agent integrated with perfSONAR. We validated the case retrieving process with similarity measure and the real case that results from the performance degradation in the campus backbone segment.

A Study About Security Awareness Program Based on RFID Access Control System

In this study, a security method that protects data from an information system accessed by unauthorized persons through physical ways like eye contacts is proposed. In addition, it is applied to security awareness programs for improving security recognition and to contribute to the protection of important information. The security awareness program proposed in this study is able to detect the violation in physical security policies and to implement additional training related to warning messages or such violated security policies and that leads to present positive effects of changing user security awareness and corresponding works. It is expected that these effects are to be spreaded to the whole organization and influence for all members.

Standardization Model and Implementation of Event Type in Real Time Cyber Threats

The method which research a standardization from real time cyber threat is finding the suspicious indication above the attack against cyber space include internet worm, virus and hacking using analysis the event of each security system through correlation with the critical point, and draft a general standardization plan through statistical analysis of this evaluation result. It means that becomes the basis which constructs the effective cyber attack response system. Especially at the time of security accident occurrence, It overcomes the problem of existing security system through a definition of the event of security system and traffic volume and a concretize of database input method, and propose the standardization plan which is the cornerstone real time response and early warning system. A general standardization plan of this paper summarizes that put out of threat index, threat rating through adding this index and the package of early warning process, output a basis of cyber threat index calculation.

Editorial: Smart Devices & Smart Spaces in Wireless Internet of Everything (Wireless-IoE)

Internet of Everything (IoE) is based on Internet of things (IoT), but in addition to IoT, it also includes other technical innovations such as cloud, big data, and IPv6. Cisco defines the age of IoE as ‘‘an era in which unprecedented value is created by real-time interaction with people, processes, data, things, and the rest of the unconnected world, all connected to the Internet.’’ In other words, if IoT is technology, IoE can be called ‘‘future lifestyle’’ or ‘‘lifestyle innovation’’, which will be different from current one through real-time connectivity rather than simply a collection of technologies or technologies. The Wireless Internet of Everything (Wireless-IoE) is a novel paradigm that is shaping the evolution of the future ubiquitous networks. According to the vision underlying the IoE, the next step in increasing the ubiquity of the Internet is to connect smart devices for smart spaces. By providing a highly distributed and ubiquitous network of seamlessly connected heterogeneous smart devices, new services for smart space will be designed to serve anytime, anywhere, and by anyone and anything. ‘‘Smart Devices & Smart Spaces in Wireless Internet of Everything (Wireless-IoE)’’ is an important multidisciplinary area with high social and business impact fall under the IoE, including personal healthcare, smart cloud, smart city, smart home, and smart transportation, and it is strongly expected that new applications will emerge once the enabling technologies reach a stable state. However, various studies have been conducted on Wireless-IoE, but there are still many problems to be solved.

Secret Outflow Cause Symptom Analysis Through Scenario Assessment

Recently, the most problematic issue in Security studies is leakage of industrial secret amongst small business. There are hundreds of ways to spill the secret while there is a trend of increasing the leakage. It is well known that small business cannot afford to adopt leakage prevention system. This paper analyzed on potential signs of leakage and past cases until it draws evaluation sheet on leakage scenario and leakage itself in small business.

Design and Implementation of Linked Network Security System Based on Virtualization in the Separate Network Environment

In this study a Linked Network Security system based on Virtualization (LNSV) is proposed to effectively perform data transmissions in a network separated environment under the aspects of management, operation, and cost. The LNSV proposed in this study represents an open architecture in accessing its system through network connectors for all users in individual networks and can be used as a general purposed system for storing all data to be transmitted. It is possible to prevent the access of unauthorized users because the stored data files include source IP/PORT, destination IP/PORT and Hash Values. Also, it can guarantee the security of communication through transmitting and receiving data using encryption/decryption functions. Thus, the LNSV can provide safe connection services between separated networks.

Consideration of the Major Factor for Measuring Values of Enterprises on Industrial Secret Leakages in Globalized Stock Market

In this study factors to be considered for measuring changes in enterprise values according to leakages in industrial secrets are determined as stock market characteristics, enterprise scales, types of security accidents, and security levels in different countries. Here, the security levels include specific enterprises and other partner enterprises in addition to own security level. If changes in enterprise values according to accidents in leaking industrial secrets are estimated based on these factors, the economic profits and damages can be quantitatively calculated. Then, it allows to make a decision for selecting and implementing a proper level of security investments.

A Study of ESMTC(Enterprise Security Management System Based on Threshold Classification)

Most of organizations operate an Enterprise Security Management system (ESM) for managing and analyzing security events. However, it is difficult to instantly analyze and respond for each event by a security manager because the amount of security events collected, stored, analyzed, and displayed by the Enterprise Security Management system is significantly increased according to time and expansions in systems and networks. In addition, as the trends of threats have been changed as a type of Advanced Persistent Threat (APT) that attacks specific individuals and organizations for a long term period, an integrated analysis is required for all security events. Thus, in this study, an Enterprise Security Management system based on Threshold Classification (ESMTC) is proposed to detect and intercept cyber threats occurred for a long term period. It shows an advantage that it does not failure to notice even a single attack through structuralizing and listing detailed attack detection packets and performs related analyses to other attacks.