• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.3
• /
• pp.19-26
• /
• 2023

Critical information infrastructure designations for cloud service providers continue to spread around the world as energy, financial services, health, telecommunications, and transportation sectors move to the cloud. In addition, in the case of Ukraine, the removal of restrictions on the use of cloud for national critical facilities and the rapid transition of critical data to the cloud enabled the country to effectively respond to cyberattacks targeting Russian infrastructure. In Korea, the ISMS-P is operated to implement a systematic and comprehensive information protection management system and to improve the level of information protection and personal information protection management in organizations. Control items considering the cloud environment have been modified and added to the audit of companies. However, due to the different technical levels of clouds between domestic and global, it is not easy to obtain information on the findings of cloud providers such as Microsoft for the training of domestic certification auditors on hyperscale scale. Therefore, this paper analyzes findings in hyperscale clouds and suggests ways to improve cloud-specific control items by considering the compatibility of hyperscale environments with ISO/IEC 27001 and SOC(System and Organization Control) security international standards.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.558-560
• /
• 2013

통신기술의 발전이 가져온 스마트 시대로의 진입은 다양한 스마트 디바이스와 콘텐츠 및 문화를 보급, 창출해내며 우리 사회 전반적인 라이프 스타일의 변화를 선도하고 있다. 특히 국민소득의 증대로 건강에 관한 소비자 욕구가 증대하면서 더 나은 삶의 질을 추구하는 웰니스가 급부상함에 따라, 치료 중심이 아닌 예방과 케어, 힐링을 위한 다양한 서비스를 위한 디바이스와 플랫폼, 분석기술의 개발 및 적용이 요구되고 있다. 또한 단순히 서비스를 제공받던 수동적인 과거 소비자 형태가 스마트 디바이스를 적극적으로 활용해내는 능동적 소비자의 모습으로 변화함에 따라 이러한 움직임은 앞으로 단순히 서비스 제공의 측면이 아닌, 웰니스 증진을 위해 특화된 스마트 디바이스와 컴퓨터, 소비자와의 상호작용에 기반한 기술로 발전되어갈 전망이다. 본 논문에서는 건강은 물론 개인의 라이프 스타일을 포함한 라이프로그 기반의 다차원적인 정보 수집과 체계적 분석, 그를 통한 모니터링과 맞춤형 서비스를 실현하는 개인화웰니스기록을 활용한 개인맞춤형웰니스 관리 시스템을 설계하고자 한다.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.6
• /
• pp.61-67
• /
• 2024

In this paper, we presented a strengthening plan to prevent personal information leakage incidents by securing legal compliance for personal information impact assessment and suggesting measures to strengthen privacy during personal information impact assessment. Recently, as various services based on big data have been created, efforts are being made to protect personal information, focusing on the EU's GDPR and Korea's Personal Information Protection Act. In this society, companies entrust processing of personal information to provide customized services based on the latest technology, but at this time, the problem of personal information leakage through consignees is seriously occurring. Therefore, the use of personal information by trustees.

• Journal of Digital Convergence
• /
• v.10 no.8
• /
• pp.149-157
• /
• 2012

Recently, many corporations and public institutions are busy preparing and providing measures in dealing with new privacy information law. This study reviews privacy impact assessments in order to perform preventing and diagnosis against potential threats focus on the K-hospital case. The quality of protection in K-hospital shows that the corporations itself is 79.0, the system is 97.0, the life cycle of the privacy is 67.4 and CCTV is 90.0. The lowest levels are saving and keeping 50.0, usage and offer 64.1 and destruction 66.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are controlling for privacy 11.0, saving and keeping 12.5 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

• Informatization Policy
• /
• v.21 no.1
• /
• pp.3-16
• /
• 2014

The personal information is now considered more valuable and important topic in this highly improved knowledge information society. In this research, 50 research papers and government reports between 2000 and 2013 are analysed to understand a trend of academic research of the personal information. To summarize of the result of the analysis, firstly, there are many discussions and emphases to governmental protections of the personal information, mainly in the qualitative and legal system level. Secondly, there are insufficient researches of the personal information, particularly in the academic field rather than government and national research institutes. Thirdly, there are not sufficient investigations to approach influential reasons and relations of cause and effect, though there are much enough researches on the actual and present conditions of the protection of the personal information. To develop the investigation of the personal information, it needs to be considered to research more about systematic approach to the issue of personal information, expansion of research area considering the changeable IT environment, diverse methodological experiment like a metrical way, reformation of investigation system, and improved information management in the private sector.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.1
• /
• pp.634-640
• /
• 2020

The information security management system (ISMS) and the personal information management system (PIMS) have been integrated into a personal information & information security management system (ISMS-P) certification scheme in response to requests to reduce the time and cost to prepare certification schemes. Integration of the certification system has made it possible for the system operator to gain the advantage of easy management of the ISMS-P certification system, and the certification target organization can enjoy the advantage of easy acquisition and maintenance of certification. However, ambiguity in the application criteria of the target organization, and ambiguity in the certification criteria control items require the target organization to operate an excessive management system, and the legal basis to be applied to the certification target organization is ambiguous. In order to improve these problems, this paper uses case studies to identify the types of certification bodies that apply the certification criteria, and to change the control items applied during certification audits based on the types of certification bodies. Institutions that wish to obtain only ISMS certification have proposed three solutions, excluding controls covered by the ISMS-P. This paper suggests ways to operate an efficient certification system, and can be used as a basis for improving problems in the ISMS-P certification system.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.164-174
• /
• 2014

The purpose of this study is to explore ways to resolve the conflicting issues that are currently applied in medical Act and medical privacy Act through the comparative Analysis of the Privacy Act and the Medical Information Protection Act foreign. the results run to establish the Public Health Act coming for the protection of health information is a characteristic of many countries, France in Europe, the United States and Canada had been running an independent medical information laws are enacted. Prescribes penalties of up to a fairly systematic method from the case records of patients would not have occurred in the management and implementation of the law and the protection of the author of the book focuses on the subject of medical records and physician records between patient confidentiality and privacy it can be seen that the method defined in. This indicates the need for the establishment of an independent medical information laws to protect all records relating to the patient systematically Korea also.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.1171-1174
• /
• 2008

의료정보화는 환자의 개인정보를 침해할 수 있다. 우리나라의 상당수 의료기관은 환자개인정보보호에 소극적이다. 의료정보의 유출을 방지하기 위한 법령과 표준안 및 체계적인 지침이 개발되어 있지 않다. 환자 개인정보 침해유형을 사례를 통해 살펴보고, 법제도적 측면 기술적 측면 관리적 측면에서 환자 개인정보를 보호 할 수 있는 방안을 모색해 보고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.329-339
• /
• 2022

Recently, as personal information has been used as data, various new industries have been discovered, but cases of personal information leakage and misuse have occurred one after another due to insufficient systematic management system establishment. In addition, services that use personal information anonymously and anonymously have emerged since the enforcement of the Data 3 Act in August 2020, but personal information issues have arisen due to insufficient alias processing, safety measures for alias information processing, and insufficient hate expression. Therefore, this study proposed a new PbD principle that can be applied to the pseudonym information life cycle based on the Privacy by Design (PbD) principle proposed by Ann Cavoukian [1] of Canada to safely utilize personal information. In addition, the significance of the proposed method was confirmed through a survey of 30 experts related to personal information protection.

• Journal of the Korea Convergence Society
• /
• v.6 no.6
• /
• pp.81-86
• /
• 2015

The threats to privacy and security have received increasing attention as ubiquitous healthcare applications over the Internet become more prevalent, mobile and universal. In particular, we address the communication security issues of access sharing of health information resources in the ubiquitous healthcare environment. The proposed scheme resolves the sender and data authentication problem in information systems and group communications. We propose a novel key management scheme for generating and distributing cryptographic keys to constituent users to provide form of data encryption method for certain types of data concerning resource constraints for secure communications in the ubiquitous healthcare domains.