• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.07a
• /
• pp.195-197
• /
• 2020

현행 우리나라는 공익침해행위와 관련하여 2011년 3월 공익신고자 보호법이 제정되어 민간부문에서의 공익신고자를 보호하고 있다. 대부분의 공익침해행위는 조직 내부에서 은밀하게 이루어지고 있어 조직 내부의 문제점을 잘 알고 있는 조직 구성원들의 신고로 인하여 외부에 알려지게 된다. 그러나 신고로 인하여 공익신고자가 받게 되는 불이익에 대한 실질적인 보호조치가 미흡하여 신고자를 효과적으로 보호하기 위한 제도를 강화하는 방안이 필요하다. 이에 본 연구에서는 현행 우리나라 공익신고자 보호제도에 대한 주요 내용을 검토하고, 공익신고자의 보호 등을 위한 합리적인 개선방안을 제시하고자 한다.

• Review of KIISC
• /
• v.29 no.4
• /
• pp.13-18
• /
• 2019

우리나라 정부는 2016년, 현행 개인정보보호 법령의 틀 내에서 데이터가 안전하게 활용될 수 있도록 관계부처 합동 <개인정보 비식별 조치 가이드라인>을 마련하여, 비식별 조치를 위해 사업자 등이 준수해야 할 비식별 조치 기준을 제시하였다. 그 후 국내에서는 조화로운 방향으로 개인정보보호와 활용을 이루기 위해 다양한 노력이 있었고 이와 관련하여, 본고에서는 국내 비식별 조치 추진현황 및 2016년 이후 한국 주도로 개발 중인 국제표준 2건 등 비식별 처리 분야의 국제표준화 동향을 살펴본다.

• Journal of Radiation Protection and Research
• /
• v.39 no.2
• /
• pp.109-117
• /
• 2014

Nuclear emergency planning is to plan sheltering, evacuation and iodine prophylaxis for the residents living in the area where the emergency plan is needed, the area is confirmed based on the dose assessment using the source-term through an accident analysis and the data measured from meteorological tower. In this study, the does change before and after protective measures was assessed stochastically based on the one year meteorological data in the condition of the maximum hypothetical accident which can be considered at the research reactor 'HANARO', and the optimized protective measures were derived based on the reference levels defined as a residual dose by ICRP 2007 recommendation which can be applied in a emergency exposure situation. The optimized protective measures for the HANARO in the maximum hypothetical accident were the evacuation to radius 300 m, the sheltering from 300 m to 800 m, the iodine prophylaxis only for the emergency workers under the protective measures for non emergency workers.

• Proceedings of the Korean Radioactive Waste Society Conference
• /
• 2005.06a
• /
• pp.496-512
• /
• 2005

It is internationally proposed that generic intervention levels (GILs) and generic action levels, determined based on cost-benefit analyses, be used as the decision criteria for public protective actions in a nuclear emergency. Operational intervention levels (OILs) are directly or easily measurable quantities corresponding to these generic levels. To assess the necessity of protective actions in a nuclear emergency, it is important that the environmental monitoring data required for applying and revising OILs should be promptly produced. It is discussed what and how to do for this task in the course of emergency response and preparedness.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.107-115
• /
• 2012

The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.11
• /
• pp.195-200
• /
• 2020

Korea enacted the Protection of Public Interest Reporters Act in March 2011 to protect whistleblowers from acts of infringement of public interest in the private sector. Most acts of infringement of the public interest are carried out secretly within the organization, which is known to the outside world by reports from members of the organization who are well aware of the problems within the organization. However, whistleblowers are at a disadvantage due to reporting and are reluctant to report. In addition, measures are needed to strengthen institutional mechanisms such as confidentiality, protection of personal information, responsibility, and prohibition of disadvantageous measures to effectively protect reporters due to lack of practical protective measures. Therefore, practical protection measures for whistleblowers are needed in line with the purpose of protecting whistleblowers, and measures to expand the corresponding compensation system will also be needed. Therefore, in this study, we would like to review the main contents of the current system for protecting whistleblowers in Korea and suggest reasonable improvement measures for protecting whistleblowers.

• Review of KIISC
• /
• v.27 no.2
• /
• pp.57-68
• /
• 2017

원자력시설에 대한 사이버보안 위협이 증가됨에 따라 "원자력시설 등의 방호 및 방사능 방재 대책법"에 의거 원자력통제기술원은 사이버보안 이행에 관한 세부 기준을 제시하는 KINAC/RS-015 "원자력시설 등의 컴퓨터 및 정보시스템 보안기술기준"을 마련하고 원자력 사업자로 하여금 사이버보안계획(CSP)을 이행토록 하였다. 따라서 원자력사업자는 사이버공격으로부터 필수디지털자산(CDA)을 보호하기 위해 운영적 관리적 기술적 사이버 보안조치를 적용 및 이행하여야 한다. 본 논문에서는 원자력시설의 최상위 설계요건인 안전성 및 신뢰성 확보를 위해 사이버보안 기술을 적용하는데 많은 어려움이 따르는 기술적 보안조치인 접근통제, 감사 및 책임, 시스템 및 통신의 보호, 식별 및 인증, 시스템 보안강화에 대한 이행방안을 살펴보고자 한다.

• Life and Agrochemicals
• /
• v.29 no.3 s.236
• /
• pp.26-29
• /
• 2008

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.337-346
• /
• 2012

According to cloud computing service is increasing of using the Internet technology, it's increasing privacy security risks and out of control of security threats. However, the current cloud computing service providers does not provide to solutions of the privacy security management. This paper discusses the privacy security management issue of cloud computing service, and propose solutions to privacy information threats in cloud computing environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.