• Smart Media Journal
• /
• v.8 no.1
• /
• pp.9-18
• /
• 2019

In the era of the 4th industrial revolution, the big data industry is gathering attention for new business models in the public and private sectors by utilizing various information collected through the internet and mobile. However, although the big data integration and analysis are performed with de-identification techniques, there is still a risk that personal privacy can be exposed. Recently, there are many studies to invent effective methods to maintain the value of data without disclosing personal information. In this paper, a personal information protection system is investigated to boost big data utilization in industrial sectors, such as healthcare and agriculture. The criteria for evaluating the de-identification adequacy of personal information and the protection scope of personal information should be differently applied for each industry. In the field of personal sensitive information-oriented healthcare sector, the minimum value of k-anonymity should be set to 5 or more, which is the average value of other industrial sectors. In agricultural sector, it suggests the inclusion of companion dogs or farmland information as sensitive information. Also, it is desirable to apply the demonstration steps to each region-specific industry.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.33-38
• /
• 2019

In this paper, we propose a new blockchain technology that could comply with GDPR. The proposed model can prevent illegal access by controlling access to the personal information according to a access policy. For example, it can control access to the information on a role-basis and information validation period. The core mechanism of the proposed model is to encrypt the personal information with public key which is associated with users attributes policy, and then decrypt it with a private key and users attributes based on a Attribute-based Encryption scheme. It can reduce a trusted third-part risk by replacing it with a number of nodes selected from the blockchain. And also the private key is generated in the form of one-time token to improve key management efficiency. We proved the feasibility by simulating the proposed model using the chaincode of the Hyperledger Fabric and evaluate the security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.77-87
• /
• 2011

As information services have been widely used in various environments, the knowledge information security sector plays a significant role in development and management of products and services, information privacy management, risk management and safety, etc. Thus, the process of acquiring knowledge information security professionals is getting more attention for promoting the stable and long-term development of the knowledge information security sector. This study identifies and analyzes the promising fields for the KISA Employment-Contract Master Program and suggests promotion strategies for knowledge information security professionals. By surveying participants and would-be participants, and interviewing experts, it is analyzed that 'mobile security' and 'convergence security' are the two most important fields to be included in the program.

• Journal of Platform Technology
• /
• v.8 no.1
• /
• pp.10-15
• /
• 2020

Recently, various industrial sectors have introduced cloud service actively in their business because cloud computing technology enables storage·management and analysis·utilization of data easily in anytime, anywhere. Especially in financial sector, the business provocatively adopted the service and creates various innovative cases; furthermore, already in abroad, the sector has been accelerating digitization of analysis in cases of credit risk, financial fraud data, stock trading etc. On the contrary, in the domestic financial industry, not only the cloud service introduction and innovation cases are underperformed, but most of them are focused on the back-office service. Most Korean financial corporations are burdened with the adoption of cloud service due to various conservative regulatory requirements, such as regulations on data storage and management, regulations on privacy, and other tasks such as developing decision models and establishing responsibility standard for security incidents and service failures. In this study, it would be aimed to contribute to promote the introduction of the cloud in the domestic financial sector by drawing up preemptive challenges and inspecting priorities.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.53-63
• /
• 2020

In accordance with the revision of the Data 3 Act, such as the Personal Information Protection Act, it is possible to process pseudonym information without the consent of the information subject for statistical creation, scientific research, and preservation of public records, and unlike personal information, it is legal for personal information leakage notification and personal information destruction There are exceptions. It is necessary to revise the pseudonym information in that the standard for the pseudonym processing differs by country and the identification guidelines and anonymization are identified in the guidelines for non-identification of personal information in Korea. In this paper, we focus on the use of personal information in accordance with the 4th Industrial Revolution, examine the concept of pseudonym information for safe use of newly introduced pseudonym information, and generate / use / provide / destroy domestic and foreign non-identification measures standards and pseudonym information. At this stage, through the review of the main contents of the law or the enforcement ordinance (draft), I would like to make suggestions on future management / technical protection measures.

• Smart Media Journal
• /
• v.11 no.10
• /
• pp.76-88
• /
• 2022

Personal information leakage is very harmful as it can lead to additional attacks using leaked information as well as privacy invasion, and it is primarily caused by hacking server databases of institutions that collect and store personal information. We propose a scheme that allows a service-requesting user to authorize a secure delegated transfer of his personal information to the service provider via a reliable authority and enables only the two parties of the service to retrieve the provided information stored on a blockchain ensuring data confidentiality. It thus eliminates the necessity of storing customer information in the service provider's own database. As a result, the service provider can serve customers without requiring membership registration or storing personal information in the database, so that information leakage through the server database can be completely blocked. In addition, the scheme is free from the risk of information leakage and subsequent attacks through smartphones because it does not require a user's smartphone to store any authentication credential or personal information of its owner.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.627-628
• /
• 2022

There is no internationally accepted codified definition of digital trade because of the wide variety and scope of related industries and transactions(product + service + data) in general. Recently, innovative changes are taking place in digital trade due to the development of technologies such as IT due to the 4th industrial revolution, and advanced countries such as the US, EU, and Japan are including digital trade issues such as data movement liberalization in the negotiation agenda of the digital trade agreement. The issue with the liberalization of cross-border data movement is that freedom of data movement is necessary to vitalize digital trade, but it also increases the risk of information security and privacy violations. Looking at the directions of advanced countries, the US favors minimization of regulations, Europe favors regional single marketization, but passively opens up to the outside world, and China promotes independent markets through regulations. Therefore, measures to strengthen restrictions on cross-border data movement are an issue that has recently been implemented by each country or an international aggrement is scheduled to be reached soon, and Korea also needs a close response.

• Asia pacific journal of information systems
• /
• v.30 no.3
• /
• pp.614-635
• /
• 2020

This study aims at understanding gender difference in trust and the related factors affecting the intention to purchase voice speakers VS. VS are one of the innovations that are emerging at a fast pace in the market. Although it seems to be widely embraced by both genders, people do not intend to use them in some cases due to a lack of trust and the rumors circling these types of technologies. Nevertheless, there are particular barriers to the acceptance of VS technology between females and males due to unfamiliarity with the effective components of such technologies. Therefore, assuming that increasing the knowledge-based familiarity with an effective technique is essential for accepting it. So far, only little is known about VS and its concepts to increase the familiarity and, as a consequence, the acceptance of effective technology. Technology adoption in gender has been studied for many years, and there are many general models in the literature describing it. However, having more customized models for emerging technologies upon their features seems necessary. This study is based on Theory of Reasoned Action and trust-based acceptance which provides a background for understanding the relationships between beliefs, attitude, intentions, and subject norms and how it's affecting gender trust in VS. The statistical analysis results indicate that perceived system quality and perceived interaction quality have stronger influences on trust for males, while privacy concern and emotional trust have stronger influences on trust for females with the intention of purchase for both genders. Our study can be beneficial for future research in the areas of Perceived risk and Perceived utility and behavioral intention to use and human-technology interaction and psychology.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.103-126
• /
• 2015

Compared to other countries, cloud computing in Korea is not popular especially in the government sector. One of the reasons for the current not-fully-blossomed situation is partly by early investment in huge government datacenters under Korea's e-government initiative; let alone, there was no strong control tower as well as no enforcing law and ordinances for driving such cloud computing initiative. However, in 2015 March 'Cloud Computing and Privacy Security Act' (hereinafter, Cloud Act) had been passed in the Parliament and from September 2015 Cloud Act was deployed in Korea. In U.S., FedRAMP (Federal Risk Assessment and Management Program) along with Obama Adminstration's 'Cloud First' strategy for U.S. federal institutions is the key momentum for federal cloud computing adoption. In 2015 January, U.S. Congressional Research Service (CRS) has published an extensive monitoring report for cloud computing in U.S. federal institutions. The CRS report which monitored U.S. government cloud computing implementation is indeed a good guideline for Korean government cloud computing services. For this reason, the purpose of the study is to (1) identify important aspects of the enacted Korean Cloud Act, (2) describe recent U.S. federal government cloud computing status, (3) suggest strategy and key strategy factors for facilitating cloud adoption in public organizations reflecting SDLC strategy, wherein.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.133-145
• /
• 2014

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.