• Journal of Multimedia Information System
• /
• v.7 no.3
• /
• pp.215-220
• /
• 2020

Many state agencies and companies collect personal data for the purpose of providing public services and marketing activities and use it for the benefit and results of the organization. In order to prevent the spread of COVID-19 recently, personal data is being collected to understand the movements of individuals. However, due to the lack of technical and administrative measures and internal controls on collected personal information, errors and leakage of personal data have become a major social issue, and the government is aware of the importance of personal data and is promoting the protection of personal information. However, theory-based training and document-based intrusion prevention training are not effective in improving the capabilities of the privacy officer. This study analyzes the processing steps and types of accidents of personal data managed by the organization and describes measures against personal data leakage and misuse in advance. In particular, using Capture the Flag (CTF) scenarios, an evaluation platform design is proposed to respond to personal data breaches. This design was proposed as a troubleshooting method to apply ISMS-P and ISO29151 indicators to reflect the factors and solutions to personal data operational defects and to make objective measurements.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.195-197
• /
• 2022

In this paper, we intend to study the fundamental blocking methodology for the use of external commercial mail systems in the corporate internal Internet network, which is a common concern of public and administrative agencies. By checking the limitations of the blacklist-based blocking method used in the past, and by analyzing packet of the mail sending web page, the delimiter used for mail transmission is extracted, and the purpose is to monitor and block the leakage of intenal information of the company using whitelist technology.

• Korean Security Journal
• /
• no.29
• /
• pp.7-34
• /
• 2011

Achieving high-level technology in fields such as IT-related industry, semiconductors, mobile phones, LCD, automobile, shipbuilding, etc., Korea has become an international market leader in those fields. In results, there are the increasing numbers of technology leakage attempts in various manners. Recently, technology leakages are not limited to illegal industrial espionage, but also occur during usual corporate proceedings such as technology transfer, joint research and M&A. In fact, there was a technology leakage issue in the M&A between Ssangyong Motors of Korea and Shanghai Motors of China. Current M&A regulations of Korea are not independent laws, but are spread over various laws, such as commercial law, Capital Markets and the Financial Investment Services Act, Foreign Trade Act, etc. This paper focuses on whether the current Korean regulations regarding M&A are able to effectively restrict the leakage of major information of corporate during M&A and seeks the complements.

• Journal of Korea Multimedia Society
• /
• v.14 no.2
• /
• pp.228-237
• /
• 2011

The risk of leakage or theft of critical data which is stored in database is increasing in accordance with evolution of information security paradigm. At the same time, needs for database security have been on the rapid increase due to endless leakage of massive personal information. The existing technology for prevention of internal information leakage possesses the technical limitation to achieve security goal completely, because the passive control method including a certain security policy, which allows the only authorized person to access to DBMS, may have a limitation. Hence in this study, we propose Query Signature System which signatures the queries accessing to the critical information by interrupting and passing them. Furthermore this system can apply a constant security policy to organization and protect database system aggressively by restricting critical query of database.

• The Journal of Society for e-Business Studies
• /
• v.20 no.3
• /
• pp.1-10
• /
• 2015

The main objective of this study was to identify the factors that can maximize the effect of preventing technology leakage by government support. Therefore we used the 2013 small business technology protection capabilities and level of research which is conducted by the Small and Medium Business Administration, and have analyzed the presence of small business technological assets leakage protection eand skills. Multiple logistic regression analysis was performed to identify 1,518 small companies (43 big companies are excluded) which are divided into 155 technological assets leaked small business and non-leaked 1363 small business. The most important factors associated with technology leakage were entrant control system, security audit, employee absence of security activities and important data protection measures. This result shows that if the government can support more for these details, technological asset leakage prevention effect is expected to be maximized.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.759-761
• /
• 2016

Recent changes in the information security environment have led to persistent attacks on intelligent assets such as cyber security breaches, leakage of confidential information, and global security threats. Since existing information security systems are not adequate for Advanced Persistent Threat; APT attacks, bypassing attacks, and attacks on encryption packets, therefore, continuous monitoring is required to detect and protect against such attacks. Accordingly, this paper suggests an operation plan for managing an information security system to block the attack routes of advanced persistent threats. This is achieved with identifying the valuable assets for prevention control by establishing information control policies through analyzing the vulnerability and risks to remove potential hazard, as well as constructing detection control through controlling access to servers and conducting surveillance on encrypted communication, and enabling intelligent violation of response by having corrective control through packet tagging, platform security, system backups, and recovery.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.139-146
• /
• 2008

Despite of information security installation, leakage of personal information in web services has not decreased. This is because traffics to web applications are still vulnerable by permitting external sources to access services in port HTTF 80 and HTTPS 443, even with firewall systems in place. This thesis analyzes various attack patterns resulted from web service environment and vulnerable traffic and categorizes the traffics into normal and abnormal traffics. Also this proposes ways to analyze web application attack patterns from those abnormal traffics based on weak points warned in OWASF(Open Web Application Security Project), design a system capable of detect and isolate attacks in real time, and increase efficiency of preventing attacks.

• International Journal of Internet, Broadcasting and Communication
• /
• v.10 no.4
• /
• pp.25-30
• /
• 2018

When producing a business card, there is always a risk for exposing personal information as the information from the business card application is saved in the computer of the printing agency. The information that goes into the business card application file, such as name, mobile phone number, and e-mail address is not encrypted, which makes it easy to access. This study was conducted in order to find a way to automatize the business card application process by encrypting the information entered into the business card application file, simplifying the business card application process, minimizing the workload and by directly linking to the print shop to remove the print file after completing the printing of the business card.

• Journal of the Korean Society of Safety
• /
• v.27 no.6
• /
• pp.43-47
• /
• 2012

The unbalance currents flow the High Temperature Superconducting (HTS) power cable caused by asymmetrical fault, harmonic distortion and unbalanced load. That problem causes additional loss and leakage field in the HTS power cable, and deteriorates the electric power quality and stability. In addition, large amounts of unbalanced current can cause negative sequence and ground relays to operate. This paper presents an analysis unbalanced three-phase current distribution in HTS power cable caused by unbalanced load condition and grounding methods using PSCAD/EMTDC. The results obtained through the analysis would provide important data for the design of HTS power cables and valid information for their installation in power system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1435-1447
• /
• 2015

Finance Companies are operating a security solution such as E-DRM(Enterprise-Digital Right Management), Personal information search, DLP(Data Loss Prevention), Security of printed paper, Internet network separation system, Privacy monitoring system for privacy leakage prevention by insiders. However, privacy leakages are occurring continuously and it is difficult to the association analysis about relating to the company's internal and external distribution of private document. Because log system operated in the separate and independent security solutions. This paper propose a systematic chains that can correlatively analyze business systems and log among heterogeneous security solutions organically and consistently based on security documents. Also, we suggest methods of efficient detection for Life-Cycle management plan about security documents that are created in the personal computer or by individual through the business system and distribution channel tracking about security documents contained privacy.