• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06d
• /
• pp.118-121
• /
• 2011

기존 개인정보보호관련 법은 공공과 민간으로 개별화된 체계로 인하여 헌법기관, 오프라인 사업자, 비영리기관등은 관련법이 부재함에 따라 법 적용의 사각지대라는 커다란 허점을 드러냈다. 또한, 개별 법 사이의 보호원칙, 처리기준 및 추진체계가 상이하여 법의 보호를 받는 국민들에게 혼란을 주기도 한다. 본 논문은 신규 제정되어 2011년 9월 발효가 예정되어 있는 개인정보보호법(안)을 기준으로 기업이 개인정보보호 수준을 스스로 측정할 수 있는 지표를 만드는 것에 목표를 두고 있다.

• Proceedings of the Safety Management and Science Conference
• /
• 2013.11a
• /
• pp.569-578
• /
• 2013

This paper which took effect in September 2011 to comply with the Privacy Act were studied in terms of the provisions for penalties. Article 70 to 75 of Privacy Act in was considered with mandatory provisions of items, and for the compliance required actions was developed and item indexing according to collection, use, offer, charge, destroying of life cycle of personal information.

• The Journal of the Korea Contents Association
• /
• v.13 no.12
• /
• pp.455-462
• /
• 2013

As the protection of personal information has been appeared as a main issue in educational institutions, the Ministry of Education, Science and Technology (currently the Ministry of Education) opened InfoSec Training Center to train personnels of educational institutions in 2012. To achieve the purpose of the establishment of the centers, each center needs to identify training target, make training roadmap and design specialized training curriculum. The paper aims to develop criteria to evaluate training and operating levels of InfoSec Training Centers using AHP.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.95-113
• /
• 2016

Personal information processing works, including resident registration number is common to be consigned by IT specialized company due to high level expertise and tremendous cost. The accident related to personal information is increasing and most of accidents are caused by the consignee's leaking information. According to the Inspection of personal information protection and the management level diagnosis of personal information protection, public Institutions need to build the consignee's accident prevention and personal information management system as soon as possible. In this paper, the efficient enhancement ways for the personal information protection is studied. We analyze the law of business consignment and select basic management items related with personal information protection, and propose a analysis scheme for management level of personal information protection and a enhancement scheme for management system of personal information protection. This paper suggests consignee's management system of personal information protection for the enhancement way and the three Strengthening ways in law. To compose the a enhancement scheme for management system of personal information protection, we conduct questionnaire survey to 30 consignees(IT maintenance, notice printing, call center, welfare center) related to typical tasks of public organizations, present reference for this scheme, and execute verification of this scheme by focus group interview of consignor and consignee.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.99-106
• /
• 2012

Numerous private corporations and public institutions are collecting personal information through the diverse methods for the purpose of sales, promotion and civil services, and using personal information for the profits of the organizations and services. However, due to immaturity of the technical, managerial measures and internal control for the collected personal information, the misuse, abuse and the leaks of personal information are emerged as major social issues, and the government also is promoting implementation of the act on the privacy protection by recognizing the importance of the personal information protection. This research describes on the measures to detect the anomaly by analyzing personal information treatment patterns managed by the organizations, and on the measures to coup with the leaks, misuse, and abuse of personal information. Particularly, this research is intended to suggest privacy leakage monitoring system design, which can be managed by making the elements related to personal information leaks to numeric core risk indexes to be measured objectively.

• Journal of Convergence for Information Technology
• /
• v.10 no.7
• /
• pp.20-32
• /
• 2020

This study is to develop and provide a personal information protection framework that enables IoT service providers to safely and systematically operate personal information of IoT service subjects in the overall process of providing IoT devices and services. To this end, a framework for personal information framework was derived through literature survey, and FGI with experts, it was divided into three stages, each of three stages: IoT service provision process and IoT personal information processing process. The study conducted an e-mail survey of related experts using AHP techniques to determine the importance of the components of the selected personal information protection framework. As a result, in the IoT service provision process, the IoT product and service design and development stage (0.5413) is the most important, and in the IoT personal information processing process, personal information protection in the collection and retention of personal information (0.5098) is the most important. Therefore, based on this research, as the IoT service is spreading, it is expected that a safe personal information protection framework will be realized by preventing security threats and personal information infringement accidents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.133-142
• /
• 2009

Although the average amount of spam users receive a day is statistically decreasing in Korea, they still complain of spam and insist there is a gap between the amount of spam users receive in reality and the amount of spam the users feel due to spam. This study analyzes the cause of the gap and suggests the way of complementing the traditional measure of the amount of spam receipt. In addition, we provide the conceptual framework of 'spam management index' that explains the overall spam counteract performances from the users' point of view. Especially, we develop the method of measuring 'spam stress' which can be used as an qualitative output element. Finally we apply the model in Korea to develop spam counteract policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.729-741
• /
• 2018

On June 24, 2015, the Financial Services Commission (Financial Services Commission) completely abolished the security review process, and said that it would substitute self-security review obligations with self-security reviews. Security officials at financial institutions conduct security reviews based on CIA security grade when they conduct security reviews for secure electronic financial transactions. However, the recent security review for Internet and mobile electronic financial transactions has carried out a security review, either by checking separate processes or by referring to new technologies and data related to security. This paper proposes the CIAAP security gradesl with the addition of certification and privacy protection indicators to the CIA based security grades, especially through the security review of electronic financial transactions.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.2
• /
• pp.75-81
• /
• 2012

As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.153-160
• /
• 2009

This study is to develop a human resource (HR) security framework, and related HR security indicators in the context of information security. The HR security framework consists of three constructs, personnel assurance, personnel competence, and personnel security control. Based on the framework, HR security management indicators are derived as 26 indicators in 9 items out of 3 categories. An empirical research has been performed to verify the relevance and consistency between the indicators by conducting a questionnaire-based survey. Also, interrelationships between the proposed indicators and HR related security level were analyzed by the multiple regression analysis. As a result, the proposed hypothesis were mostly accepted, showing the significant relationships between the indicators and security level.