• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.127-146
• /
• 2010

This report has continuously improved in Information Security Level of Information Communication Service Companies which are applicable to Information Security Safety Inspection System. Also, it presents a decided methodology after verified propriety and considered the pre-research or expropriation by being developed the way of Information Security Safety Result Measurement. Management territory weighted value was established and it was given according to the point of view and the strategy target and the and outcome index to consider overall to a measurement item. Accordingly, an outome to the Information Security Check Service is analyzed by this paper and measurement model and oucome analysis methodology are shown with this, and gives help to analyze an outcome. Also it make sure the the substantial information security check service will be accomplished, prevent a maintenance accident beforehand and improve an enterprise outcome independently by institutional system performance securement and enterprise.g corporate performance.

• 월간산업보건
• /
• s.270
• /
• pp.70-70
• /
• 2010

산업안전보건법 제43조에 따라 건강진단기관이 작성하여 사업주에게 제공하는 건강진단결과표 중 사후관리소견서(2면)에 기재되는 내용이 근로자의 개인정보에 해당되기 때문에 이를 기재하는 행위는 개인정보보호 관련법령에 위반된다는 일부 주장에 대하여 고용노동부가 개인정보보호관련 법률을 담당하는 행정안전부에 당해 사항의 법령 위반여부에 대한 유권해석을 질의한 바, 산업안전보건법에 의한 사후관리소견서상에 개인정보를 기재하는 것과 이상소견이 있는 지에 대한 검진결과 수치를 기재하는 것 모두 개인정보보호 관련법령에 위반하지 않는다는 내용이 회신되어 이를 안내하오니 업무에 참고하시기 바랍니다.

• The KIPS Transactions:PartC
• /
• v.15C no.3
• /
• pp.173-190
• /
• 2008

The purposes of this study is development of information security evaluation model for governments to analyze domestic and foreign existing models. Recent domestic information security certification systems have several problems, because shortage of organic connectivity each other. Therefore we analysis on domestic and foreign existing models, specify security requirements, evaluation basis and other facts of models, optimize these facts for governments, and develop new model for domestic governments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.379-390
• /
• 2012

This study is to consider political implication of indicators to measure personal information security in public sector studied by Ministry of Public Adminstration and Security from 2008 to 2011. The study analyzed the priority of personal information security policy dividing into personal information security infrastructure, personal information management with life cycle, correspondence of information infringement by scholars, experts, and chargers. As the results, to progress personal information security policy is important to management of personal identification information on web site; specially institutional infrastructure as responsible organization, exclusive manpower, and security budget; personal information security infrastructure. As like the results, it would be reflected in the progress of personal information security policy and tried to provide systematic management program with improving safe information distribution and usefulness.

• 한국IT서비스학회:학술대회논문집
• /
• 2008.05a
• /
• pp.572-577
• /
• 2008

The information protection security diagnosis institution was applied services since 2004, for the leveling up of public information protection and the establishment of the stability and reliability of information communication. And this security diagnosis was however, recognized by the some firms as one of the unnecessary regulations. And there are some difficulties with collecting the subjective and reliable source data for establishing the information protection security diagnosis target. In this research, the enhanced model on the selection of information protection security diagnosis target firms was suggested by the interview with some expert and the analysis for the related actual data. By the model which are introduced from the statistical analysis of the related data and the summary of some expert's suggestions, information protection security diagnosis target can include the information telecommunication service providers taking 5 billion won as sales in a year, and web service providers like as shopping mall site, with the personal records of 2 million subscribers.

• Review of KIISC
• /
• v.23 no.4
• /
• pp.53-58
• /
• 2013

최근 사이버공격은 지능화, 대규모화되고 있는 반면, 경기침체 등으로 인해 기업의 정보보호 투자가 저조하고 인터넷 침해사고 예방활동이 미흡한 실정이다. 정부는 취약한 기업의 정보보호 환경을 개선하기 위해 정보보호 안전진단 제도를 폐지하고 정보보호 관리체계(ISMS) 인증제도로 일원화하였으며, ISMS 인증기업을 대상으로 한 정보보호 관리등급제, 정보보호 사전점검, 임원급 정보보호 최고책임자(CISO) 지정 등 신설하였다. 본 고에서는 개정 정보통신망법에 따라 신설 보완된 기업 정보보호 관련 제도현황과 변경된 정보보호 관리체계 인증기준에 대해 소개하고자 한다.

• Journal of Digital Contents Society
• /
• v.15 no.1
• /
• pp.121-128
• /
• 2014

SSE-CMM for security engineering, engineering, assurance, risk is divided into three elements of the process maturity assessment model and the level of information security presented. Maturity measurement of privacy, vulnerability diagnosis and risk analysis methodologies is used in practical field for present a comprehensive conclusion. The common cyber services are internet banking, mobile banking, telephone banking and the like. Transaction structure, a kind of cyber-banking system, information security maturity of the existing measurement methodologies for research purposes, vulnerability diagnosis and risk analysis methodologies to be used in practical field present a comprehensive conclusion. To ensure safety and convenience for the user, convenient to deal with cyber environment is the key to the activation of cyber trading. Particularly by measuring the maturity of cyber banking system to ensure the safety of the practice field much effects are expected as a result.

• Review of KIISC
• /
• v.15 no.4
• /
• pp.39-43
• /
• 2005

최근 국내의 인터넷 뱅킹에 대한 해킹 사고를 계기로 시스템의 문제점을 진단하고 이에 따른 대응책을 기술한다. 이러한 시도는 특히 근간의 PKI 체계를 보완/강화하는 방향으로 진행하는 것이 바람직하다. 또한 인터넷 뱅킹의 궁극적은 안전성 보장을 위한 별도의 부가적인 보안장치의 특징과 장/단점을 소개함으로써 개인의 정보보호를 위한 대안을 제시한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.55-64
• /
• 1996

인터넷 및 정보통신망의 기술 추세에 편승하여 국ㆍ내외적으로 전산망 해킹과 역기능은 국가 사회적으로 매우 심각한 문제로 인식되고 산다. 국내의 경우 전산망 시스템 관리자 및 사용자의 부주의에 의한 전산망 보안 취약성이 해킹의 많은 원인을 제공하고 있는 실정이다. 또한 국제적으로 많은 보안도구들이 개발되어 있으나 국내의 경우 보급·운영되고 있는 국산주전산기에 대한 보안도구들의 호환성이 검증되지 않아 실무 적용에 어려움이 많다. 따라서 본 논문에서는 빈번하게 발생한 해킹 사례를 중심으로 시스템 관리자가 전산망 시스템 보안 문제점을 점검하고 조치할 수 있도록 하는 전산망 안전진단 소프트웨어 SecuDr를 소개한다. 개발된 SecuDr는 국산 주전산기인 타이컴 및 톨러런트와 UNIX를 운영체제로 하는 SUN, HP, IBM 등에서 동작 가능하다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.691-701
• /
• 2015

Recently, with the growing number of services using personal information, government offices' tasks have become more dependent to personal information. Various policies and systems have been made and managed for the safe use of personal information in the circumstances that inevitably require the use of personal information, but the personal information privacy incidents and their scale are on a constant increase. Thus, Korea has been implementing personal information protection management system since 2008 to examine whether public organizations observe the personal information protection act and to how well they manage the personal information, and to improve what is insufficient in the process. However, despite high scores of the outcomes of the system, questions about the effectiveness of the outcomes and about the actual manage level are being raised. Thus, this study seeks to analyze public organizations' activities to protect personal information and the effectiveness of their foundation efforts for them by using the DEA model, and to propose a new model to enhance the effectiveness of the outcomes of personal information protection management system by reflecting them into the outcomes of system, using the derived effectiveness.