DOI QR코드

DOI QR Code

Technical Protection Measures for Personal Information in Each Processing Phase in the Korean Public Sector

  • Shim, Min-A (Graduate School of Information Management and Security, Korea University) ;
  • Baek, Seung-Jo (Graduate School of Information Management and Security, Korea University) ;
  • Park, Tae-Hyoung (Graduate School of Information Management and Security, Korea University) ;
  • Seol, Jeong-Seon (Korea Telecommunications Operators Association) ;
  • Lim, Jong-In (Graduate School of Information Management and Security, Korea University)
  • Published : 2009.10.30

Abstract

Personal information (hereinafter referred to as "PI") infringement has recently emerged as a serious social problem in Korea. PI infringement in the public and private sector is common. There were 182,666 cases of PI in 2,624 public organizations during the last three years. Online infringement cases have increased. PI leakage causes moral and economic damage and is an impediment to public confidence in public organizations seeking to manage e-government and maintain open and aboveboard administration. Thus, it is an important matter. Most cases of PI leakage result from unsatisfactory management of security, errors in home page design and insufficient system protection management. Protection management, such as encryption or management of access logs should be reinforced urgently. However, it is difficult to comprehend the scope of practical technology management satisfied legislation and regulations. Substantial protective countermeasures, such as access control, certification, log management and encryption need to be established. It is hard to deal with the massive leakage of PI and its security management. Therefore, in this study, we analyzed the conditions for the technical protection measures during the processing phase of PI. In addition, we classified the standard control items of protective measures suited to public circumstances. Therefore, this study provides a standard and checklist by which staff in public organizations can protect PI via technical management activities appropriate to laws and ordinances. In addition, this can lead to more detailed and clearer instructions on how to carry out technical protection measures and to evaluate the current status.

Keywords

References

  1. 2008 National Audit Videoconferencing Report, MOPAS Korea, KISA, Oct. 2008.
  2. “2009 National Information Protection White Paper,” NIS of Korea, Title 2, pp. 64, Apr. 2009.
  3. http://www.moleg.go.kr/english/korLawEng, http://elaw.klri.re.kr
  4. Andelmounaam, Internet PET, IEEE Security & Privacy, 2003.
  5. Kihyo Nam et al., “Recent Trend of personal information Protecting Technology and Vision in the Future,” KIISC Journal, Vol.18, No.6, pp.11-19, Dec. 2008.
  6. Report of personal information Managing Model for Safe Collection, Preservation, Management, Service and Expiration of personal information, KISA, Dec. 2006.
  7. Carlisle Adams, “A Classification for Privacy Techniques,” univ. of ottawa law & technology journal, 2006.
  8. Klaus Finkenzeller et al., “RFID HANDBOOK,” 2nd Ed. in Korea, ISBN 89-314-2769-7, 2004.
  9. L. Sweeney, “Privacy-Enhanced Linking,” ACM SIGKDD Explorations, vol. 7, no. 2, Dec. 2005.
  10. Yeonjung Kang et al., “Classification of PET on Life-cycle of Information,” International Conf. on Emerging Security Information, Systems and Technologies, IEEE C&S, 2007.
  11. Privacy-Enhancing Technologies: White Paper Privacy-Enhancing Technologies, Ministry of the Interior and Kingdom Relations, the Netherlands, Dec. 2004.
  12. Wan S. Yi et al, “Government Information Security System with ITS Product Pre-qualification,” JWIS2009, Aug. 2009.

Cited by

  1. 온라인상에서 부정적 편향에 따른 평판 확산 차이에 관한 연구 : 선거 사례를 중심으로 vol.14, pp.1, 2015, https://doi.org/10.9716/kits.2015.14.1.263