• Journal of Radiation Protection and Research
• /
• v.44 no.2
• /
• pp.79-88
• /
• 2019

Background: The main goal of experiments is to compare various operational and technical characteristics of D-Shuttle semiconductor personal dosimeters of the Japanese company "Chiyoda Technol Corporation" and Harshaw thermoluminescent dosimeters (TLD) manufactured by "Thermo Fisher Scientific" and DTL-02 of the Russian Research and Production Enterprise (RPE) "Doza" by their occupational and calibration exposure at various dose equivalents from 0.5 to 20 mSv of gamma-radiation. Materials and Methods: Besides dosimeters DTL-02, D-Shuttle and Harshaw TLD, there were also used: (1) the primary reference radionuclide source Hopewell Designs IAEA: G10-1-12 with $^{137}Cs$ isotope (an error is not more than 6% and activity is 20 Ci), and (2) the verification device UPGD-2M of RPE "Doza" and installed in the National Center for Expertise and Certification of the Republic of Kazakhstan (Kapchagai, the National Center for Expertise and Certification). Results and Discussion: The main results of researches are the following: (1) TLDs for Harshaw 6600 and DVG-02TM have an approximately equal measurement accuracy of the individual dose equivalents in the range from 0.5 to 20 mSv of gamma-radiation. (2) Advantages of dosimeters for Harshaw 6600 are due to the high measurement productivity and opportunity to indicate the dose on the skin $H_p$(0.07). Advantages of DVG-02TM consist of operation simplicity and lower cost than of Harshaw 6600. (3) D-Shuttles are convenient for use in the current and the operational monitoring of ionizing radiation. Measurement accuracy and 10% linearity of measurements are ensured when D-Shuttle is irradiated with dose equivalents below 1 mSv at the equivalent dose rate not higher than $3mSv{\cdot}hr^{-1}$. This allows using D-Shuttle at a routine technological activity. Conclusion: The obtained results of experiments demonstrate advantages and disadvantages of D-Shuttle semiconductor dosimeters in comparison with two TLD systems of DVG-02TM and Harshaw 6600.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.123-132
• /
• 2019

Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.3
• /
• pp.53-64
• /
• 2017

Korean Identification card or driver license is usually used to verify one's identity in Korea. These are also used as an adult certification. Since the form of these ID card is an analog and it needs to be checked with naked eyes, it might be used maliciously. Someone who's got someone else's ID card can do other things. Therefore, it must be reported rapidly when ID card is lost or stolen. The most serious problem might be occurred when they do not recognize and report the loss. They might suffer from pecuniary or mental damage such as opening a mobile phone service, providing loan or credit card, opening a personal checking account, etc. Thus, this study suggests and compares the ways of avoiding these problems. First, the most effective way is to send the authorization code via mobile phones in consideration of build-up period and cost. The person in charge of business processing department using ID card sends the authorization code via registered mobile phone. The owners submits it to the person and their identifications are confirmed. Next effective way is that the person in charge of business processing department using ID card sends text messages via registered mobile phone. Lastly, the most ineffective way is to introduce and implement the electronic ID card ultimately even though it is expensive and takes a long time to build up the system.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.39 no.4
• /
• pp.97-105
• /
• 2016

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

• 전자공학회논문지 IE
• /
• v.43 no.1
• /
• pp.46-51
• /
• 2006

Recently, smart card system which is known as easy to portable and also safe from physical, electrical, and software attack is observed to manage information that becomes the target of security in safety. And java card graft upon java technology to smart card platform is having very good advantage with object-oriented techniques and also, java card have the open type OS that can show the same action in different hardware characteristic which allows various application programs. In this paper, we introduced independent execution characteristic of java platform because being set to each smart card was uncomfortable till now and we designed access control member card that allows several administrators in different access privilege by single card using java card. Several administrators can approach to various information of file type that is included on issued card to user by using different PIN. In the proposed method, confirmation of personal information, administration contents update, demand by contents, is possible by single card. At this moment, wish to do safer user certification that improve security limitation which is from PIN, used for user certification, and signature data. In the proposed method, as design and implementation of utilization technology of java card, biometrics, user certification which uses multi PIN, provide that more safety and conveniently.

• Journal of Environmental Health Sciences
• /
• v.45 no.5
• /
• pp.443-456
• /
• 2019

Objectives: Children are exposed to various environmental pollutants through contact with children's products. We investigated the KC mark, certification number, and contained substances labeled on children's products through market research and collected the toxicological data on these substances. Methods: The environmentally hazardous substances labeled on children's products (n=6576), including toys (n=2812), personal care products (n=2212), stationary/books (n=1333), and playground equipment (n=219) were examined. For the components that could be identified by CAS number, toxicological data on oral, inhalation, and dermal routes, cancer slope factor, and reference dose were collected. Results: Among the investigated products, KC marks or certification numbers were found for 4557 products (69.3%). Except for cosmetics and cleansers, the material information was labeled on most of the products. The frequency of labeling substance information in toys and stationary/books was low since this information could be omitted if KC certification was obtained. In the target products, 617 substances were identified by CAS number, and polypropylene, acrylonitrile butadiene styrene, and polyester were the most frequently displayed. Chronic toxicity data was found for only 32.4% of individual components, and information on toxicity through the dermal route was also highly limited. Conclusion: Our study suggested that labeling guidelines should be required to identify the environmentally hazardous substances contained in children's products. In addition, the toxicological data on many ingredients in children's products were insufficient. The data gap for toxicity data should be filled for future risk assessment.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.9-20
• /
• 2018

Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have not been treated importantly in financial industry. In addition, this study presented that ISMS can be an effective management system applicable for financial service industry.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.4
• /
• pp.140-149
• /
• 2021

Most industries have introduced and operate an information security management system (ISMS) or a personal information security management system (PIMS) to suitably protect and maintain customer's information and company trade secrets. This study starts with the premise that it is desirable for every industry considering information security to maintain an ISMS. ISMS can be of different types among various organizations, taking into consideration culture, practical work procedures, and guidelines for information security. This study intends to derive primary control areas of an ISMS for each industry based on organizational size and audit type by analyzing non-conformity trends and control factors according to certification audits for organizations introduced for international ISMS under ISO27001. This study analyzed improvement effects of ISMS through case analyses. It is meaningful as exploratory research, although it was difficult to acquire data for empirical study because few organizations maintain certification in major industrial sectors. The requirements presented the highest frequency of non-conformity for each type from the 2013-initiated ISO27001; the years 2013 to 2020 were extracted as the primary control area. The study found that for primary control areas of ISMS for each of three industries, organizational size and audit type had differences.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.705-717
• /
• 2020

Cities in the world are rushing to develop smart cities to create a sustainable and happy city by solving many problems in cities using information and communication technologies such as big data and IoT. However, in Korea's smart cities and smart city certification systems, the focus is on platform-oriented hardware infrastructure, and the information security aspect is first considered to build and authenticate. It is a situation in which a response system for the risk of leakage of big data containing personal information is needed through policy research on the aspect of personal information protection for smart city operation. This paper analyzes the types of personal information in smart cities, problems associated with the construction and operation of smart cities, and the limitations of the current smart city law and personal information protection management system. As a solution, I would like to present a model of a personal information protection management system in the smart city field and propose a plan to strengthen personal information protection through this. Since the management system model of this paper is applied and operated in the national smart city pilot cities, demonstration cities, and CCTV integrated control centers, it is expected that citizens' personal information can be safely managed.