• Asia pacific journal of information systems
• /
• 제22권1호
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• International Journal of Computer Science & Network Security
• /
• 제22권5호
• /
• pp.215-219
• /
• 2022

Bankruptcy is one of the major areas that have attracted the interest of many researchers in the American system, particularly in terms of the laws that oversee it. It provides a plan of reorganization that enables the debtor or the proprietor to discharge liabilities to the creditors through dividing the assets to settle debts. This activity is carried out under supervision to fairly protect the interests of the creditors. Bankruptcy protection systems are dynamic and complex in nature, in line with the economic sector, ensuring the protection of affected individuals from falling into huge losses. Some bankruptcy procedures give the debtor the opportunity to stay in operation or business activity and benefit from revenues until the debt is settled. This law allows some debtors to be relived from any financial burden after the distribution of assets, even if the debt is not paid in full. In light of the above information, this research paper seeks to explore the nature of the complexity of bankruptcy protection laws, their characteristics, and the justice system that regulate them. It also sheds more light on the decision-making powers on bankruptcy cases. There are specialized courts that cover bankruptcy cases located in district courts in every state.

• 융합보안논문지
• /
• 제13권2호
• /
• pp.75-84
• /
• 2013

일본은 방범설비협회가 중심이 되어 표준화 문제, 설치기준문제, 자격제도 운영 등을 주도하고 있다. 즉, 이 협회는 기계경비업자, 제조업자, 시공업자 등이 가입하여 방범기기, 방범시스템, 정보시큐리티 시스템에 관한 조사, 연구를 하고 있다. 그리고 방범설비에 종사하는 자의 연수, 방범설비 보급 등을 통해 범죄를 방지하고 국민생활의 안전에 공헌하고 있다. 그리고 방범기기에 대한 연구와 표준화로 방범설비협회가 제정한 기술기준과 시공기준을 업무에 적용하고 있는 실정이다. 아울러 방범설비협회를 중심으로 우량방범기기인정제도(RBSS: Recognition of Better Security System) 등을 시행하고 있다. 또 방범설비사와 종합방범설비사 자격제도를 도입하여 방범기기 설치 및 제조자의 능력을 향상시키고 생산기술 향상을 도모하고 있다. 그러나 우리나라의 경우는 경비업법에 따라 한국경비협회가 중심을 이루고 있지만, 경비시장의 중추를 이루고 있는 기계경비업체는 참여가 거의 없는 실정이다. 그렇다고 기계경비업체나 방범기기 제조업체와 설비업체들이 함께 할 수 있는 조직이 있는 것도 아니기 때문에 방범기기에 대한 통합된 노력을 할 수 없는 환경이다. 따라서 본 연구의 목적은 일본의 시큐리티산업과 방범설비산업의 현황 및 방범설비협회의 사업과 운영 등을 살펴보고 한국에 적용할 수 있는 시사점을 제시하는 것이다.

• 한국전자거래학회지
• /
• 제16권4호
• /
• pp.1-16
• /
• 2011

전자서명법에 근간을 두고 있는 공인인증서는 경제활동 인구의 95%이상이 사용함에 따라 일상생활과 밀접한 관계가 되었고 최근 보안강도 256bit 수준의 암호체계 고도화로 인해 안전성과 신뢰성에 큰 향상이 기대된다. 공개키 기반구조(PKI)를 바탕으로 하는 공인인증서는 보안성에서 큰 문제가 없는 것으로 알려져 왔지만 공인인증서 유출 시 비밀번호 검출 공격에 대한 위협이 존재한다. 기존 연구에서 이러한 취약점을 보완하기 위하여 비밀번호 대체수단 제공, 공인인증서 저장 매체 확대, 복수 인증방식 등과 같은 다양한 해결방안을 제시하였다. 이러한 방법은 공인인증서의 사용에 대한 보완적 기능을 수행하지만, 비밀번호의 안정성을 보장해주지는 못하는 한계점을 가진다. 따라서 본 연구에서는 비밀번호의 안전성을 높이기 위한 방법으로 비밀번호의 보안강도를 증가시키는 방안을 제시한다. 이에 따라 공인인증서의 관리 보안성과 사용 편리성의 향상이 가능하다. 이 연구는 공인인증서의 보안성 향상과 활용에 관한 기술 개발 및 향후 연구에 활용될 수 있다.

• 수산경영론집
• /
• 제50권2호
• /
• pp.23-40
• /
• 2019

The main purpose of this study is to analyze and examine the problems of the law systems of the safety and maintenance of nuclear facilities and to propose the improvements with respect to the related problems especialy focused on safety management of aquatic products. Therefore, the results of the paper would be helpful to build an effective management law system of safety and maintenance of nuclear facilities and fisheries products. The research methods are longitudinal and horizontal studies. This study compares domestic policies with foreign policies of nuclear plants and aquatic products. Using the above methods, examining the current system of nuclear-related laws and regulations, we have found that there exist 13 Acts including "Nuclear Safety Act", etc. Safety laws related on nuclear facilities have seven Acts including "Nuclear Safety Act", "the Act on Physical Protection and Radiological Emergency", "Radioactive waste control Act", "Act on Protective Action Guidelines against Radiation in the Natural Environment", "Special Act on Assistance to the locations of facilities for disposal low and intermediate level radioactive waste", "Korea Institute of Nuclear Safety Act". "Act on Establishment and Operation of the Nuclear Safety and Security Commission". The seven laws are composed of 119 legislations. They have 112 lower statute of eight Presidential Decrees, six Primeministrial Decrees and Ministrial Decrees, 92 administrative rules (orders), 6 legislations of local self-government aself-governing body. The concluded proposals of this paper are as follows. Firstly, we propose that the relationship between the special law and general law should be re-established. Secondly, the terms with respect to law system of safety and maintenance of nuclear plants should be redefined and specified. Thirdly, it is advisable to re-examine and re-establish the Law System for Safety and Maintenance of Nuclear Facilities. and environmental rights like the French Nuclear Safety Legislation. Lastly, inadequate legislation on the aquatic pollution damage should be re-established. It is necessary to ensure sufficient transparency as well as environmental considerations in the policy decisions of the Korean government and legislation of the National Assembly. It is necessary to further study the possibilities of accepting the implications of the French legal system as a legal system in Korea. In conclusion, the safety management of nuclear facilities is not only focused on the secondary industry and the tertiary industry centering on power generation and supply, but also on the primary industry, which is the food of the people. It is necessary to prevent damage to be foreseen. Therefore, it is judged that there should be no harm to the people caused by contaminated marine products even if the "Food Safety Law for Prevention of Radiation Pollution Damage" is enacted.

• 한국전자거래학회지
• /
• 제22권4호
• /
• pp.21-38
• /
• 2017

금융회사, 공공기관 등이 보유하고 있는 다양한 정보를 오픈 플랫폼을 통해 적극적으로 핀테크 기업에게 개방하고 있는 추세다. 본 연구에서는 개인정보보호법, 정보통신망 이용 및 촉진에 관한 법률 등 정보보호 관련 법상 개인정보처리의 "제3자 제공"과 "위탁"의 개념 차이를 살펴볼 것이다. 그리고 "위탁"과 달리 핀테크 기업처럼 "제3자 제공", 즉 일반적으로 "제휴" 관계인 경우 제공하는 기업의 법적 의무가 지나치게 완화되어 있는데 반해 정보유출 위험은 상대적으로 높기 때문에 현실에 맞는 정보보호 관련 법제도 정비를 제언하고자 한다. 또한 "제3자 제공"시 제공받는 기업이 스스로 정보보호 수준을 높일 수 있도록 정보보호 자가진단 체크리스트를 제시한다. 이를 통해 금융회사 오픈 플랫폼을 활용하는 31개 핀테크 기업을 진단한 결과, 수탁자보다 정보보호 수준이 상대적으로 미흡하다는 것을 확인하였다. 금융회사와 "제3자 제공" 관계인 핀테크 기업의 정보보호 수준이 높아질 수 있도록 체크 리스트의 적극적인 활용을 제언한다.

• 수산해양교육연구
• /
• 제20권3호
• /
• pp.416-428
• /
• 2008

In the end of 2007, Korea Government promulgated the Rule of 'Basic Act of Logistics Policy' for improving international logistics forwarding business. The goals of these rules are to achieve the development of our nation's economics for providing the security and efficiency of logistics system and enforced competition of logistics enterprises. This is established the basic principles of the legal basis for expanding into the Logistics Hub Center of North-east Asia. However In May 1999 new licensing requirements for ocean freight forwarders and NVOCCs operating in the USA were established by the US Federal Maritime Commission(FMC). Due to these regulations, each ocean transportation service provider in the USA acting as ocean freight forwarder, NVOCCs, or NVOCC agent must obtain a license to operate as Ocean Transportation Intermediary(OTI) before it begins operations. Only licensed OTIs may act as US transportation agents or receiving agents of other NVOCCs, on both US exports and imports. In this context, I think this study will be contributes for the development of korean freight forwarding system by analysis and comparing with between the Rule of the Basic Act of Logistics Policy of Korea and OTI freight forwarder & NVOCCs of USA.

• 디지털산업정보학회논문지
• /
• 제8권3호
• /
• pp.33-39
• /
• 2012

Since the passing of the Personal Information Act in March 2011 and its initial introduction in September, over the one year to date diverse security devices and solutions have been flowing into the market to enable observance of the relevant laws. Beginning with security consulting, corporations and institutions have focused on technology-based business in order to enable observance of those laws competitively in accordance with 6-step key procedures including proposal, materialization, introduction, construction, implementation, and execution. However there has not been any investment in human resources in the field of education such as technology education and policy education relative to the most important human resources field nor investment in professionals in the organization for the protection of personal information or in human resources for operating and managing IT infrastructure for actual entire personal information such as special sub-organizations. In this situation, as one process of attracting change from the nature of the technology-based security market toward a professional human resource-based security infrastructure market, it is necessary to conduct research into standardization modeling concerning special organizational composition and a management system for the protection of personal information.

• International Journal of Computer Science & Network Security
• /
• 제23권12호
• /
• pp.81-90
• /
• 2023

Cloud computing is an emerging business model popularized during the last few years by the IT industry. Providing "Everything as a Service" has shifted many organizations to choose cloud-based services. However, some companies still fear shifting their data to the cloud due to issues related to the security and privacy. The paper suggests a novel Trust based Mutual Authentication Mechanism using Secret P-box based Mutual Authentication Mechanism (TbMAM-SPb) on the criticality of information. It uses a particular passcodes from one of the secret P-box to act as challenge to one party. The response is another passcode from other P-box. The mechanism is designed in a way that the response given by a party to a challenge is itself a new challenge for the other party. Access to data is provided after ensuring certain number of correct challenge-responses. The complexity can be dynamically updated on basis of criticality of the information and trust factor between the two parties. The communication is encrypted and time-stamped to avoid interceptions and reuse. Overall, it is good authentication mechanism without the use of expensive devices and participation of a trusted third party.

• 한국방재안전학회논문집
• /
• 제5권2호
• /
• pp.49-59
• /
• 2012

비상구의 안전관리는 유사시 인명피해와 직결되는 것으로 소방관서의 일방적인 단속위주의 업무처리에는 그 한계가 있고, 시민들의 적극적인 관심과 참여 속에서 그 효과를 기대할 수 있다. 이러한 배경 속에서 비상구 불법행위 신고포상 제도가 2010년부터 전국적으로 시행되고 있으나, 포상금 지급에 따른 전문신고자의 집중적인 활동으로 제도의 목표와 방향에 부적합한 운영상황이 발생하고 있다. 이에 본 연구에서는 2010년~2011년 동안 전국 16개 시도와 서울특별시의 운영결과 분석을 통해 개선방안을 제시하였다. 첫째, 신고대상을 다중이용업소와 일정규모이상의 대형다중이용시설로 조정하고, 경미한 위반사항의 경우 동일인의 신고 건수를 연 5회 이내로 제한하고, 과태료 수입을 비상구관련 재해예방활동에 사용할 수 있도록 한다. 둘째, 신고인의 신고정확도를 높이기 위하여 신고 전에 위법여부의 확인이 가능한 정보를 제공하고, 신고인을 대상으로 안전교육실시와 시기별 취약 업종에 대한 안내로 사전예찰활동이 될 수 있도록 유도한다. 셋째, 피 신고시설에 대한 지원방안을 강구하여 동일 대상에 반복적 신고가 발생하지 않도록 하고, 신고활동을 자원봉사시스템과 연계하여 봉사시간으로 인정하여 신고자가 방재자원봉사자로 활동할 수 있도록 한다.