• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.379-390
• /
• 2012

This study is to consider political implication of indicators to measure personal information security in public sector studied by Ministry of Public Adminstration and Security from 2008 to 2011. The study analyzed the priority of personal information security policy dividing into personal information security infrastructure, personal information management with life cycle, correspondence of information infringement by scholars, experts, and chargers. As the results, to progress personal information security policy is important to management of personal identification information on web site; specially institutional infrastructure as responsible organization, exclusive manpower, and security budget; personal information security infrastructure. As like the results, it would be reflected in the progress of personal information security policy and tried to provide systematic management program with improving safe information distribution and usefulness.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.4
• /
• pp.97-107
• /
• 2014

The development of ICT has led positive aspects such as popularization of Internet. It, on the other hand, is causing a negative aspect, Cyber Terror. Although the causes for recent and continuous increase of cyber security incidents are various such as lack of technical and institutional security measure, the main cause which threatens the cyber security is the users' lack of awareness and attitude. The purpose of this study is the positive analysis of how the personal and job characteristics influence the cyber security training participation rate and the response ability to cyber terror response training with a sample case of K-corporation employees. In this paper, the relationship among career, gender, department, whether he/she is a cyber security specialist, whether he/she is a regular employee), "ratio of cyber security training courses during recent three years", "ratio that he/she has opened the malicious email in cyber terror response training during recent three years", "response index of virus active-x installation (higher index means poorer response)" is closely examined. Moreover, based on the examination result, the practical and political implications regarding K-corporation's cyber security courses and cyber terror response training are studied.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.87-109
• /
• 2016

This study intends to present an effective and efficient development plan about the information protection of medical institutions, by establishing the improvement plan about Personal Information Management System(PIMS) appropriate to the characteristics of medical information focusing on medical institutions generating and using domestic medical information, and doing an empirical study on medical information protection plan. For this, in view of the medical characteristics of the existing Information Security Management System(ISMS), the study presented a study model appropriated to medical institutions based on Personal Information Management Systems index specialized for personal information, and through this, presented the vulnerability diagnosis and vulnerability improvement plan. Based on ISMS index, it designed an improvement index of personal information protection management about each index. The study conducted a survey for executives and employees about PIMS. Accordingly, it presented vulnerability diagnosis items of the current management system indexes from the viewpoint of the people who establish and mange the personal information protection about patients' medical information targeting executives and employees who serve at hospitals and can access medical information.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.2
• /
• pp.75-81
• /
• 2012

As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2674-2697
• /
• 2019

Identity authentication is a crucial line of defense for network security, and passwords are still the mainstream of identity authentication. So far trawling password attacking has been extensively studied, but the research related with personal information is always sporadic. Probabilistic context-free grammar (PCFG) and Markov chain-based models perform greatly well in trawling guessing. In this paper we propose a systematic targeted attacking model based on structure partition and string reorganization by migrating the above two models to targeted attacking, denoted as TG-SPSR. In structure partition phase, besides dividing passwords to basic structure similar to PCFG, we additionally define a trajectory-based keyboard pattern in the basic grammar and introduce index bits to accurately characterize the position of special characters. Moreover, we also construct a BiLSTM recurrent neural network classifier to characterize the behavior of password reuse and modification after defining nine kinds of modification rules. Extensive experimental results indicate that in online attacking, TG-SPSR outperforms traditional trawling attacking algorithms by average about 275%, and respectively outperforms its foremost counterparts, Personal-PCFG, TarGuess-I, by about 70% and 19%; In offline attacking, TG-SPSR outperforms traditional trawling attacking algorithms by average about 90%, outperforms Personal-PCFG and TarGuess-I by 85% and 30%, respectively.

• Journal of radiological science and technology
• /
• v.31 no.4
• /
• pp.347-353
• /
• 2008

This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.501-522
• /
• 2016

In the digital era, information is a source of value creation. However, the growing importance of knowledge and information also increases risks and threats. When information is leaked, full recovery is difficult, and additional spreading of risk is high because it is easy to accomplish. Especially personal information is the main target due to its availability. Although individuals normally have to consent to the use of their personal information, they often do not know the use of their information. In such a difficult situation, one must exercise self-determination and privacy. Therefore, the goal of this study is to development a privacy literacy level measurement model for the proper exercise of the right to informational self-determination. It will be presented with the concept of privacy literacy index in order to determine the level of knowledge and understanding and practical application skills for individual. Through the index, we going to enhance the selection ability of information subject, and to promote the judgement and the determination capability for the protection and utilization of personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.565-577
• /
• 2019

In recent years, biometric authentication has been used for various applications. Since biometric features are unchangeable and cannot be revoked unlike other personal information, there is increasing concern about leakage of biometric information. Recently, Jin et al. proposed a new cancelable biometric scheme, called "Index-of-Max" (IoM) to protect fingerprint template. The authors presented two realizations, namely, Gaussian random projection-based and uniformly random permutation-based hashing schemes. They also showed that their schemes can provide high accuracy, guarantee the security against recently presented privacy attacks, and satisfy some criteria of cancelable biometrics. However, the authors did not provide experimental results for other biometric features (e.g. finger-vein, iris). In this paper, we present the results of applying Jin et al.'s scheme to iris data. To do this, we propose a new method for processing iris data into a suitable form applicable to the Jin et al.'s scheme. Our experimental results show that it can guarantee favorable accuracy performance compared to the previous schemes. We also show that our scheme satisfies cancelable biometrics criteria and robustness to security and privacy attacks demonstrated in the Jin et al.'s work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.215-227
• /
• 2018

As Korea is rapidly becoming an IT powerhouse in the short term, various side effects such as cyber violence, personal information leakage and cyber terrorism are emerging as new social problems. Especially, the seriousness of leakage of personal information, which is the basis of safe cyber life, has been highlighted all over the world. In this regard, it is necessary to estimate the amount of the damage cost due to the leakage of personal information. In this study, we propose four evaluation methods to calculate the cost of damages due to personal information leakage according to average real transactions value, personally recognized value, compensation amount basis, and comparison to similar countries. We analyzed data from 2007 to 2016 to collect personal information leakage cases for 10 years and estimated the cost of damages. The number of cases used in the estimation is 65, and the total number of personal information leakage is about 430 million. The estimated cost of personal information leakage in 2016 was estimated to be at least KRW 7.4 billion, up to KRW 220 billion, and the 10 year average was estimated at from KRW 10.7 billion to KRW 307 billion per year. Also, we could find out the singularity that the estimated damage due to personal information leakage increases every three years. In the future, this study will be able to provide an index that can measure the damage cost caused by the leakage of personal information more accurately, and it can be used as an index of measures to reduce the damage cost due to personal information leakage.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.190-194
• /
• 2023

By looking the importance of communication, data delivery and access in various sectors including governmental, business and individual for any kind of data, it becomes mandatory to identify faults and flaws during cyber communication. To protect personal, governmental and business data from being misused from numerous advanced attacks, there is the need of cyber security. The information security provides massive protection to both the host machine as well as network. The learning methods are used for analyzing as well as preventing various attacks. Machine learning is one of the branch of Artificial Intelligence that plays a potential learning techniques to detect the cyber-attacks. In the proposed methodology, the Decision Tree (DT) which is also a kind of supervised learning model, is combined with the different cross-validation method to determine the accuracy and the execution time to identify the cyber-attacks from a very recent dataset of different network attack activities of network traffic in the UNSW-NB15 dataset. It is a hybrid method in which different types of attributes including Gini Index and Entropy of DT model has been implemented separately to identify the most accurate procedure to detect intrusion with respect to the execution time. The different DT methodologies including DT using Gini Index, DT using train-split method and DT using information entropy along with their respective subdivision such as using K-Fold validation, using Stratified K-Fold validation are implemented.