• Journal of KIISE:Information Networking
• /
• v.30 no.2
• /
• pp.189-198
• /
• 2003

As people are damaged increasingly by personal information leakage, awareness about user privacy infringement is increasing. However, the existing DRM system does not support the protection of user's personal information because it is not necessary for the protection of copyrights. This paper is suggesting a license administration protocol which is more powerful to protect personal information in DRM. To protect the exposure of users identifier, this protocol uses temporary ID and token to guarantee anonymity and it uses a session key by ECDH to cryptography and Public-Key Cryptosystem for a message so that it can protect the exposure of personal information and user's privacy.

• Review of KIISC
• /
• v.6 no.3
• /
• pp.95-114
• /
• 1996

본 논문에서는 OSI에서 규정하는 네트워크 관리 기능별 5개 영역 중 보안 관리 기능의 정의, 보안관리 작업의 이점, 보안 관리 수행 절차, 공중 데이터 망에 연결시 유용한 보안 유지 사항, 보안 관리 도구으 예, 보안 사건의 보고와 OSI에서 수행하고 있는 표준화 작업 내용으로서 네트워크 프레임워크, JTC1/SC21의 관리 내용 개요를 소개한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.107-115
• /
• 2012

The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

• Proceedings of the Korean Information Science Society Conference
• /
• 2007.06d
• /
• pp.7-10
• /
• 2007

최근 정보화 수준이 고도화 되고 대외 기술 교류가 활발해짐에 따라 기업 정보 유출에 의한 피해 사례가 급증하고 있고, 자료 유출 사례 중 전 현직 종사원인 내부자에 의해 발생되는 건이 80%이상을 차지하고 있어 내부정보 유출 방지체계에 대한 구축이 절실히 요구되고 있다. 내부 정보 유출 방지체계는 침입탐지시스템이나 방화벽 같은 외부 공격자에 대한 방어 대책으로는 한계가 있어 새로운 정보보호 체계가 필요하다. 본 논문은 내부정보 유통 구조에 내재되어 있는 내부정보 유출 취약점을 분석하고 이에 대한 대책으로서 정보보호 모델을 제안하며, 제안된 정보보호 모델을 구현하는 한 방법으로서 DRM 기술을 적용한 정보보호 기술구조를 제안하고 구현 시 고려사항을 기술한다. 제안된 기술구조는 조직에서 운용하고 있는 정보체계와 정보기기들을 관리영역으로 식별하는 방법을 제공하며 관리영역에서 비 관리영역으로의 자료 유통을 근본적으로 통제하는 장점을 갖고 있다.

• The KIPS Transactions:PartD
• /
• v.17D no.3
• /
• pp.223-232
• /
• 2010

This study was carried out for the purpose of inquiring into the effect of composition and security activities for information security architecture on information asset protection and organizational performance in terms of general information security. This study made a survey on 300 workers in the government, public institutions and private companies, which it showed that management factors of risk identification and risk analysis, in general, have an usefulness to composition and security activities for information security architecture to prevent inside information leakage. And the understanding and training factors of IT architecture and its component were rejected, requiring the limited composition and security activities for information security architecture. In other words, from the reality, which most institutions and organizations are introducing and operating the information security architecture, and restrictively carrying out the training in this, the training for a new understanding of architecture and its component as an independent variable made so much importance, or it did not greatly contribute to the control or management activities for information security as the generalized process, but strict security activities through the generalization of risk identification and risk analysis management had a so much big effect on the significant organizational performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.541-550
• /
• 2016

Considering the results of the 3.20 Cyber Attack, leaks of personal information by card companies, and so on, convenience and efficiency cannot be guaranteed without security as a prerequisite. In addition, it is more likely that customers' interests seem to be interfered with in financial institutions than in any other industry. Therefore, when a security accident occurs, users may suffer mental damage and monetary loss, leading to class action, customer defection, loss of reputation, and falloff in international credibility, which all may have a significant effect on the business continuity of corporations. This study integrates the representative information security certification systems in order to improve the efficiency of information security management and demonstrate the necessity of information security management system certification for the financial sector. If the certification is needed, we would like to recommend the desirable development direction.

• Journal of the Korean Society for information Management
• /
• v.38 no.1
• /
• pp.191-219
• /
• 2021

The development of IT technology that has come to symbolize the fourth industrial revolution, the introduction of online government, and the change in environment has caused radical changes in record management. Most public institutions under the government make use of information systems that are objects of information protection such as electronic document system, document management system, and Onnara system. Further, protection and access control of record information through physical environment and electronic system in a user-centered record management environment is an essential component. Hence, this study studies how professional records management professionals in public institutions recognize safe protection and access management of record information, deriving areas that require improvement and providing a discussion and suggestions to bring about such improvement. This study starts by examining laws and policies on information protection in Korea, analyzing items on access control to compare them with laws and policies, as well as the current situation on records management and derive implications. This study is meaningful in that it aims to substantialize records management by suggesting areas of improvement necessary for the protection and management of record information in public institutions and providing professionals with tangible authority and control.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.13-14
• /
• 2024

최근 의약품 복용량의 급증으로, 효과적인 복약 관리가 중요해졌다. 의약품 복약이 제 시간에 이루지지않거나 꾸준히 이루어지지 않는 경우 효과적인 약효를 기대하기 어렵고 부작용 발생 가능성이 증가할 수 있기 때문이다. 따라서 본 연구는 AI 를 활용한 알약 인식 서비스를 통해 사용자의 편의성을 높이고, 자동 복용 알림을 제공하여 올바른 복용 습관을 장려할 수 있는 모바일 스케줄러를 개발하였다.

• Journal of KIISE:Information Networking
• /
• v.36 no.4
• /
• pp.297-308
• /
• 2009

In 2008, ETRI developed a new mobile digital ID wallet, in which anyone can store personal information and PKI credential. When the wallet is used, privacy protection is one of the most important problems and personal information should be protected under various usage scenarios such as exchanging sensitive information in on/off-line environments, joining as a new member in the web site, etc. In this paper, we propose a triangular trust management scheme that can effectively manage trustness and also protect sensitive personal information. This scheme relies on three techniques: PKI, reputation and condition (situation context). We implemented prototype of our scheme, and tested it under various scenarios, which showed that the proposed scheme can effectively be used for diverse cases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.251-265
• /
• 2013

Cloud computing provided as a service type by sharing IT resources cannot be activated unless the issue of information security is solved. The enterprise attempts to maximize the efficiency of information and communication resources by introducing cloud computing services. In comparison to the United States and Japan, however, cloud computing service in korea has not been activated because of a lack of confidence in the security. This paper suggests core evaluation criteria and added evaluation criteria which is removed the redundancy of the security controls from existing ISMS for Korean cloud computing through a comparative analysis between domestic and foreign security controls of cloud certification scheme and guidelines and information security management system. A cloud service provider certified ISMS can minimize redundant and unnecessary certification assessment work by considering added evaluation criteria.