• Asia pacific journal of information systems
• /
• v.30 no.3
• /
• pp.547-567
• /
• 2020

As the complexity of managing online personal information is increasing and data breach incidents frequently occur, online users feel a loss of control over their privacy. Such a situation leads to their cynical attitudes towards privacy protection, called privacy cynicism. This study aims to examine the role of privacy cynicism in online users' privacy behaviors. Data were gathered from a survey that 281 people participated in and were analyzed with covariance-based structural equation modeling. The findings of this study reveal that privacy cynicism has not only a direct influence on disclosure intention but also moderates an effect of privacy concerns on the intention. The analytical results also indicate that there is a nonlinear effect of privacy cynicism on the outcome variable. This study developed the concept of privacy cynicism—a phenomenon that significantly affects online privacy behavior but has been rarely examined. The study is an initial research into the nature and implications of privacy cynicism and furthermore clarified its role by the nonlinear relationship between privacy cynicism and the willingness to disclose personal information.

• Journal of Korean Society of Archives and Records Management
• /
• v.17 no.1
• /
• pp.193-216
• /
• 2017

The purpose of this study is to understand issues related to the Personal Information Act recently emerging in the field of oral history, and to prepare countermeasures for oral history academics and archives. The Personal Information Act is intended to protect the confidentiality and freedom of the constitutional privacy, and to assure the right to self-determination of information, thereby realizing the dignity and value of the individual. Oral history is intended for living persons; therefore, strict ethical standards are needed to protect the morality of the person behind the sound recordings and appears as the subject of oral history. However, if the uniform application of the Personal Information Act is made, it is a requirement to make the process of consenting and notifying excessively complex and almost impossible to realize, making collection and service of oral history resource improbable. The mechanical and strict application of the Personal Information Act does not come into being because it has the aspect of undermining the inherent intrinsic value of oral history resources and making it difficult to maintain the authenticity of the records. To solve these problems, it is necessary to revise Article 58 (4) of the Personal Information Act of Korea. In addition, it is necessary to establish a guideline for the establishment of independent ethical standards of oral history itself, especially for the protection of the moral rights of third parties.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.3
• /
• pp.19-26
• /
• 2023

Critical information infrastructure designations for cloud service providers continue to spread around the world as energy, financial services, health, telecommunications, and transportation sectors move to the cloud. In addition, in the case of Ukraine, the removal of restrictions on the use of cloud for national critical facilities and the rapid transition of critical data to the cloud enabled the country to effectively respond to cyberattacks targeting Russian infrastructure. In Korea, the ISMS-P is operated to implement a systematic and comprehensive information protection management system and to improve the level of information protection and personal information protection management in organizations. Control items considering the cloud environment have been modified and added to the audit of companies. However, due to the different technical levels of clouds between domestic and global, it is not easy to obtain information on the findings of cloud providers such as Microsoft for the training of domestic certification auditors on hyperscale scale. Therefore, this paper analyzes findings in hyperscale clouds and suggests ways to improve cloud-specific control items by considering the compatibility of hyperscale environments with ISO/IEC 27001 and SOC(System and Organization Control) security international standards.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.461-467
• /
• 2017

Privacy laws are widely enforced throughout the general public and private sector, and the Ministry of Government Administration and Home Affairs is stepping up its annual level of protection and management levels annually. However, in actual field, it has limits to follow the laws that are amended to comply with the privacy laws of the public sector. Therefore, this study should examine the trends of privacy protection and examine items that require adherence to privacy practices in public institutions. In addition, it is hoped to draw implications for the problems arising from the task itself, as well as providing implications for the issues that are closely related to the public in the privacy of the privacy policies.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.334-336
• /
• 2004

국내 전자상거래 제품과의 호환성과 확장성을 위하여 국내 전자서명 표준인 KCDSA(Korean Certificate-based Digital Signature Algorithm) 메커니즘을 PKCS(Public Key Cryptographic Standard) #11 암호 API(Application Programming Interface)에 기능을 추가한다. PKCS #11에서 정의한 키 관리(Hey Management) 함수의 입력 파라미터에 암호화할 키를 바로 입력하면 변조된 키를 전달할 수 있으므로, 본 논문에서는 안전한 키보호(Key Protection) 함수를 새로 정의하여 암호화할 키 대신 사용자 PIN(Personal Identification Number: 패스워드) 입력하여 사용자의 KCDSA 개인키와 공개키를 보다 더 안전하게 보관하고자 한다.

• Convergence Security Journal
• /
• v.12 no.5
• /
• pp.87-97
• /
• 2012

Privacy of personal information disclosure incident occurs frequently as a problem to our society's most important and sensitive social agenda is emerging. Personal information is actually more accurate, depending on the type or types of economic value and sensitivity, the quality of the information, because it can cause a spill a serious social threat and systematic personal information protection and management are not carried out and the information society in a big mess can result. Customers my affairs when small guard security companies, especially the sensitive personal information of customers who need to work, the collected information be leaked or the company's trade secrets, are exposed on the outside, it could be a serious threat to a greater problem cause. Small escort guard companies, however, compared with large companies to build its own security system, due to issues such as the extent of funding, staffing shortages, there are many difficulties. Status of Information Security, scale and analyze the characteristics of small escort guard companies occupied by guard security companies in the present study, sleep, look at him in the solution of the practical issues of information protection system laid small guard. Expenses supplier of propose a security system for preventing the leakage of personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1117-1132
• /
• 2019

Recently, IT technology such as internet, mobile, and IOT has rapidly developed, making it easy to collect data necessary for business, and the collected data is analyzed as a new method of big data analysis and used appropriately for business. In this way, data collection and analysis becomes easy. In such data, personal information including an identifier such as a sensor id, a device number, IP address, or the like may be collected. However, if systematic management is not accompanied by collecting and disposing of large-scale data, violation of relevant laws such as "Personal Data Protection Act". Furthermore, data quality problems can also occur and make incorrect decisions. In this paper, we propose a new data governance maturity model(DGMM) that can identify the personal data contained in the data collected by companies, use it appropriately for the business, protect it, and secure quality. And we also propose a over all implementation process for DG Program.

• Asia pacific journal of information systems
• /
• v.31 no.3
• /
• pp.257-276
• /
• 2021

This study investigates the factors that facilitate or hinder people to use mobile payment, especially drawing upon the theoretical perspectives on individual's privacy protection motivation and perceived market condition. Survey data (n = 200) were collected through a web-based platform and used to test a theoretical model. The results show that one's privacy protection power is formed by various individual and technological factors (i.e., perceived data exposure, self-efficacy, and response efficacy), and in turn it determines his/her intention to use mobile payment. Moreover, the relationship between privacy protection power and mobile payment use is conditional on the perceived market control by the service provider - with a perception of the high level of provider's market control, one uses mobile payment regardless of his/her privacy protection power, while under the low level of provider's market control, the decision depends on the degree of privacy protection power. The findings would help our understanding of why some people are more susceptible to mobile payment and others are not.

• Asia pacific journal of information systems
• /
• v.24 no.1
• /
• pp.93-112
• /
• 2014

As personal data breach reared up as a problem domestically and globally, organizations appointing chief privacy officers (CPOs) are increasing. Related Korean laws, 'Personal Data Protection Act' and 'the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.' require personal data processing organizations to appoint CPOs. Research on the characteristics and role of CPO is called for because of the importance of CPO being emphasized. There are many researches on top management's role and their impact on organizational performance using the Upper Echelon theory. This study investigates what influence the characteristics of CPO gives on the organizational privacy performance. CPO's definition varies depending on industry, organization size, required responsibility and power. This study defines CPO as 'a person who takes responsibility for all the duties on handling the organization's privacy,' This research assumes that CPO characteristics such as role, personality and background knowledge have an influence on the organizational privacy performance. This study applies the part relevant to the upper echelon's characteristics and performance of the executives (CEOs, CIOs etc.) for CPO. First, following Mintzberg and other managerial role classification, information, strategic, and diplomacy roles are defined as the role of CPO. Second, the "Big Five" taxonomy on individual's personality was suggested in 1990. Among these five personalities, extraversion and conscientiousness are drawn as the personality characteristics of CPO. Third, advance study suggests complex knowledge of technology, law and business is necessary for CPO. Technical, legal, and business background knowledge are drawn as the background knowledge of CPO. To test this model empirically, 120 samples of data collected from CPOs of domestic organizations are used. Factor analysis is carried out and convergent validity and discriminant validity were verified using SPSS and Smart PLS, and the causal relationships between the CPO's role, personality, background knowledge and the organizational privacy performance are analyzed as well. The result of the analysis shows that CPO's diplomacy role and strategic role have significant impacts on organizational privacy performance. This reveals that CPO's active communication with other organizations is needed. Differentiated privacy policy or strategy of organizations is also important. Legal background knowledge and technical background knowledge were also found to be significant determinants to organizational privacy performance. In addition, CPOs conscientiousness has a positive impact on organizational privacy performance. The practical implication of this study is as follows: First, the research can be a yardstick for judgment when companies select CPOs and vest authority in them. Second, not only companies but also CPOs can judge what ability they should concentrate on for development of their career relevant to their job through results of this research. Cultural social value, citizen's consensus on the right to privacy, expected CPO's role will change in process of time. In future study, long-term time-series analysis based research can reveal these changes and can also offer practical implications for government and private organization's policy making on information privacy.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.89-97
• /
• 2014

Recently, spread of Smartphones caused activation of mobile services, because of that Big Data such as clouding service able to proceed with large amount of data which are hard to collect, save, search and analyze. Many companies collected variety of private and personal information without users' agreement for their business strategy and marketing. This situation raised social issues. As companies use Big Data, numbers of damage cases are growing. In this Thesis, when Big Data process, methods of analyze and research of data are very important. This thesis will suggest that choices of security levels and algorithms are important for security of private informations. To use Big Data, it has to encrypt the personal data to emphasize the importance of security level and selection of algorithm. Thesis will also suggest that research of utilization of Big Data and protection of private informations and making guidelines for users are require for security of private information and activation of Big Data industries.