The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

A Method for Calculating Exposure Risks of Privacy Information based on Website Structures

웹사이트의 구조를 고려한 개인정보 노출 위험도 계산 기법

  • Lee, Sue Kyoung (Department of Industrial and Management Engineering, Incheon National University) ;
  • Son, Jin Sik (Integrated Safety Assessment Department, Kepco Engineering & Construction Company, INC.) ;
  • Kim, Kwanho (Department of Industrial and Management Engineering, Incheon National University)
  • Received : 2015.11.10
  • Accepted : 2016.02.01
  • Published : 2016.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

This research proposes a method that aims to evaluate the risk levels of websites based on exposure risks of privacy information. The proposed method considers two aspects as follows. First, we define the risk levels of each privacy information according to its own inherent risk. Second, we calculate the visiting probability of a webpage to measure the expected of the actual exposure of privacy information on that webpage. In this research, we implemented an system to prove that automatically collects websites and calculates their risk levels. For the experiments, we used a real world dataset consisting of a total of websites for 4 categories such as university, bank, central government agency, and education. The experiment results show that the websites in the bank category are relatively well managed, while the others are needed to cope with the exposure of privacy information. Finally, the proposed method in this research is expected to be further utilized in establishing a priority-based approach to alleviate of the privacy information exposure problems.

본 연구에서는 개인정보가 웹사이트에 노출될 시 위험 정도를 수치화할 수 있는 웹사이트 구조기반의 개인정보 노출 위험도 모델을 정의하기 위해 아래와 같은 두 가지 측면을 고려한다. 첫 번째는 개인정보가 노출되었을 경우 얼마나 민감한 정보인가에 따라 위험수준을 정의한다. 두 번째는 개인정보의 실제 노출 가능성을 측정하기 위해 웹페이지의 예상 방문 확률을 계산하여 어느 웹페이지에 노출된 개인정보가 더 위험한지 판별한다. 이를 바탕으로 대학교, 은행, 중앙 행정 기관, 시 도 교육청 4개의 분류를 선정하여 웹사이트 위험도를 측정하였다. 실험 결과, 은행은 다른 분류에 비해 상대적으로 잘 관리되고 있었으며 시 도 교육청, 중앙행정 기관, 대학교의 경우 웹사이트 위험도가 높게 측정되었다. 마지막으로, 본 연구는 개인정보 노출 문제의 완화를 위한 우선순위 기반 대처방안 수립에 도움을 줄 것으로 기대한다.

Keywords

References

  1. BizSpring Education Consulting Team, "Website Measurement and Analysis," BizSpring, p. 87, 2011.
  2. Brin, S. and Page, L., "The Anatomy of a Large-scale Hypertextual Web Search Engine," Journal of Computer Networks and ISDN Systems, Vol. 30, No. 1-7, pp. 107-117, 1998. https://doi.org/10.1016/S0169-7552(98)00110-X
  3. Cheon, M. H., Choi, J. S., and Shin, Y. T., "Measuring Method of Personal Information Leaking Risk Factor to Prevent Leak of Personal Information in SNS," Journal of the Korean Institute of Information Security and Cryptology, Vol. 23, No. 6, pp. 1199-1206, 2013. https://doi.org/10.13089/JKIISC.2013.23.6.1199
  4. Cho, S. and Jun, M., "Privacy Leakage Monitoring System Design for Privacy Protection," Journal of the Korean Institute of Information Security and Cryptology, Vol. 22, No. 1, pp. 99-106, 2012.
  5. Choi, D. S., Kim, S. H., Jo, J. M., and Jin, S. H., "Big Data Privacy Risk Analysis Technique," Korea Institute of Information Security and Cryptology Review, Vol. 23, No. 3, pp. 56-60, 2013.
  6. Choi, J. Y., Ha, T. G., Lee, G. S., and Won, Y. J., "Privacy Incident Response System," Journal of the Korea Institute of Information Security and Cryptology, Vol. 19, No. 6, pp. 9-14, 2009.
  7. Han, C. H., Chai, S. W., Yoo, B. J., Ahn, D. H., and Park, C. H., "A Quantitative Assessment Model of Private Information Breach," The Journal of Society for e-Business Studies, Vo1. 16, No. 4, pp. 17-31, 2011.
  8. Kim, B. M., Han, S. Y., and Kim, Y. C., "Design of Advanced HITS Algorithm by Suitability for Importance Evaluation of Web-Documents," The Journal of Society for e-Business Studies, Vol. 8, No. 2, pp. 23-31, 2003.
  9. Kim, E., "Privacy Detection and Risk Analysis Model," Master's Theses for Graduate School of Sungshin Woman's University, 2010.
  10. Kim, J. Y., "Analyzing Effects on Firms' Market Value of Personal Information Security Breaches," The Journal of Society for e-Business Studies, Vo1. 18, No. 1, pp. 1-12, 2013.
  11. Kim, M. S., "The Study of Check-list Based on Privacy Law in Korea for Private Company," Proceedings of the Korean Information Science Society 2010 Conference, Vol. 37, No. 2(B), pp. 37-42, 2010.
  12. Kim, M. S., Noh, B. N., and Kim Y. M., "A Privacy Level Check Model Based on New Privacy Law in Korea," Proceedings of the Korean Information Science Society 2011 Conference, Vol. 35, No. 1(D), pp. 118-121, 2011.
  13. Kim, P., Lee, Y. H., and Khudaybergenov, T., "A Method for Quantitative Measuring the Degree of Damage by Personal Information Leakage," Journal of the Korean Institute of Information Security and Cryptology, Vol. 25, No. 2, pp. 395-410, 2015. https://doi.org/10.13089/JKIISC.2015.25.2.395
  14. Kleinderg, J., "Authoritative Sources in a Hyperlinked Environment," Journal of the ACM, Vol. 46, No. 5, pp. 604-632, 1999. https://doi.org/10.1145/324133.324140
  15. Lee, G. H. and Young, J. D., "A Study of Measurement Methods and Practical Cases on Leakage Risk of Privacy Information in Private Sector," Journal of the Korean Institute of Information Security and Cryptology, Vol. 18, No. 3, pp. 92-100, 2008.
  16. Lee, K. S., Ahn, H. B., and Lee, S. Y., "A Study on a Prevention Method for Personal Information Exposure," Journal of Information and Security, Vol. 12, No. 1, pp. 71-77, 2012.
  17. Lee, S. J. and Lee, Y. J., "Development of a New Instrument to Measuring Concerns for Corporate Information Privacy Management," Journal of Information Technology Applications and Management, Vol. 16, No. 4, pp. 79-92, 2009.
  18. Ministry of Government Administration and Home Affairs, "Homepage Personal Information Exposure Guidelines," p. 35, 2014.
  19. Ministry of Public Administration and Security (MOSPA)-Korea Internet and Security Agency (KISA), "Perform Manual of Privacy Impact Assessment in Public Authorities," pp. 78-81, 2015.
  20. Nevermind, "Principal of Long tail, Pareto and Short tail," [URL] http://nevermind.tistory.com/2.
  21. Park, S. J. and Lim, J. I., "A Study on the Development of SRI(Security Risk Indicator)-Based Monitoring System to Prevent the Leakage of Personally Identifiable Information," Journal of The Korea Institute of Information Security and Cryptology, Vol. 22, No. 3, pp. 637-644, 2012.
  22. Ranky.com, "Professional Website Analysis/Evaluation Organization-Webpage View During Oct. 01-07, 2014," [URL] http://www.rankey.com/.
  23. Shin, Y. J., Jeong, H. C., and Kang, W. Y., "A Study of Priority for Policy Implement of Personal Information Security in Public Sector: Focused on Personal Information Security Index," Journal of the Korean Institute of Information Security and Cryptology, Vol. 22, No. 2, pp. 379-390, 2012.