• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.531-533
• /
• 2024

최근 AI 를 비롯한 데이터 기반의 비즈니스 모델 증가에 따라, 데이터 유출 등의 기업 정보보안 사고가 빈번하게 발생하고 있다. 해당 사고들은 종종 법적 분쟁으로 이어지며, 이는 기업의 막대한 경제적 손실을 초래하며 정보보안 사고를 선제적으로 대비하기 위한 기술적, 관리적 조치 마련을 위한 기업의 관심이 증가하고 있다. 이에 본 연구에서는 최근 들어 급증한 기업의 정보보안 관련 판례를 대상으로 BERTopic, Top2Vec, LDA 를 활용하여 토픽 모델링을 수행하여 산출된 토픽 기반의 기업 정보보안 사고를 유형화하고자 한다. 전통적으로 각각 다른 법적 요소와 판결을 담고 있어, 유사 사건 간의 비교 및 분석이 어려운 판례 데이터의 특징을 반영하여 본 연구에서는 앞서 제시된 3가지의 모델을 각각 적용한다. 이를 통하여 각 모델 수행 결과의 성능 비교를 통하여 기업의 정보보안 사건의 유형화 및 동향을 파악하는 동시에 판례 데이터를 분석하기 위한 최적의 모델을 확인한다.

• The Korean Journal of Air & Space Law and Policy
• /
• v.27 no.1
• /
• pp.3-27
• /
• 2012

Although aviation safety and security have been improving, which has made air transportation more reliable, the international aviation community has witnessed a steady increase in the number of unruly passenger incidents. Under international law, the Tokyo Convention (The Convention on Offences and Certain Other Acts Committed on Board Aircraft of 1963) is applicable to unruly passenger issues. While the Tokyo Convention has been a successful convention which 185 member states have ratified, it has its shortcomings. Three major shortcomings are related to definition, jurisdiction, and enforcement. Firstly, the Tokyo Convention does not provide for a definition of unruly passengers, thereby resulting in a situation where conduct that may be considered to be a criminal offence in the country of embarkation may not be a criminal offence in the country where the aircraft lands. Having different definitions may lead to ineffective action on the part of air carriers. Secondly, the fact that the state of landing does not bear jurisdiction produces circumstances in which it is impossible to punish an unruly passenger who clearly committed an offence on board. Thirdly, the Tokyo Convention only recognizes the competence of the state of registry to exercise criminal jurisdiction but does not impose the duty to actually use that competence in any specific case. Along with ratifying the Tokyo Convention, Korea enacted the Aviation Navigation Safety Act in 1974 as a domestic legal approach to dealing with the problem of unruly passengers. Partially reflecting the ICAO's model legislation, Circular 288, the Aviation Safety and Security Act was enacted in 2002. Although the Korean Aviation Safety and Security Act is a comprehensive act which has been constantly updated, there is no provision with respect to jurisdiction and only the Korean criminal code is applicable to jurisdiction. The Korean criminal code establishes its jurisdiction in connection with territoriality, nationality and registration, which is essentially the same as the jurisdictional principles of the Tokyo Convention. Thus, the domestic legal regime cannot close the jurisdictional gap either. Similarly, Korean case law would not take an active posture to jurisdiction unless the offence in question is a serious one, such as hijacking. A Special Sub Committee of the ICAO Legal Committee (LCSC) was established to examine the feasibility of introducing amendments to the Convention on Offences and Certain Other Acts Committed on Board Aircraft of 1963 with particular reference to the issue of unruly passengers. The result of the ICAO's findings should lead to the modernization of the Tokyo Convention, thereby reducing the number of incidents caused by unruly passengers and enabling all parties concerned to respond to unruly passengers more effectively.

• Korean Security Journal
• /
• no.61
• /
• pp.285-305
• /
• 2019

In the bill of [Act on Certified Detective and Certified Detective Business] (hereinafter referred to as the Certified Detective Act) proposed and represented by the member of National Assembly, Lee Wan-Yong in 2017, the legislative point of view showed that various incidents and accidents, including new crimes, are frequently increasing as society develops and becomes more complex, however, it is not possible to solve all the incidents and accidents with the investigation force of the state alone due to manpower and budget, and therefore, a certified detective or private investigator are required. According to the decision of the Constitutional Court in June 2018, Article 40 (4) of the Act on the Use and Protection of Credit Information is concerned with 'finding the location and contact information of a specific person or investigating privacy other than commerce relations such as financial transactions' are prohibited. It is for the purpose of preventing illegal acts in the process of investigation such as the location, contact information, and the privacy of a specific person and protecting the privacy and tranquility of personal privacy from misuse and abuse of the personal information etc. Such 'privacy investigation business' currently operates in the form of self-employment business, which becomes a social issue as some companies illegally collect and provide such privacy information by using illegal cameras or vehicle location trackers and also comes to be the objects of clampdown of the investigative agency. Considering this reality, because it is difficult to find a resolution to materialize the legislative purpose of the Act on the use and protection of credit information other than prohibiting 'investigation business including privacy etc' and it is possible to run a similar type of business as a detective business in the scope that the laws of credit research business, security service business, the position of the Constitutional Court is that 'the ban on the investigations of privacy etc' does not infringe the claimant's freedom to choose a job. In addition to this decision, the precedent positions of the Constitutional Court have been that, in principle, the legislative regulation of a particular occupation was a matter of legislative policy determined by the legislator's political, economic and social considerations, unless otherwise there were any special circumstances, and. the Constitutional Court also widely recognized the legislative formation rights of legislators in the qualifications system related to the freedom of a job. In this regard, this study examines the problems and improvement plans of the certified detective system, focusing on the certified detective bill recently under discussion, and tries to establish a legal basis for the certified detective and certified detective business, in order to cultivate and institutionalize the certified detective business, and to suggest methodologies to seek for the development of the businesses and protect the rights of the people.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• Korean Security Journal
• /
• no.13
• /
• pp.207-234
• /
• 2007

This study examines the roles of government and reasons of defeat on 9.11 terror, iraq war between 2001 and 2003. The administration functions critical role of national security. And punctual, accurate information supply capability helps policymaker's decision-making. Hence, information of punctuality and accuracy should be given to policymakers. And without two above written factors, it will result in failing. Information concoction on policymaker's pressure, biased informant, inaccurate information and lack of assembly means under the extensive organization and technologized spying means, Fail to keep information objectivity, leads to information failure. In the context of a series of facts, we shall cover the position of government and reasons of calamities. Two incidents deem as information failure by national security service, but concoction of Iraqi mass destruction weaponry is believed as bush administration's deception on account of political gains. For fully functional government role, governing body should reinforce all aspects of gathering, analyzing, and making use of information more objectively in the first place. In particular, information concoction involving policymakers post massive stumbling block to organized outcome. The thesis presents a prospective view of government position under the U.S. secret agent over 9.11 terror and Iraq war.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.10
• /
• pp.602-608
• /
• 2020

Development of Internet technology and the spread of various smart devices provide a convenient computing environment for people, which is becoming common thanks to the Internet of Things (IoT). However, attacks by hackers have caused various problems, such as leaking personal information or violating privacy. In the IoT environment, various smart devices are connected, and network attacks that are used in the PC environment are occurring frequently in the IoT. In fact, security incidents such as conducting DDoS attacks by hacking IP cameras, leaking personal information, and monitoring unspecified numbers of personal files without consent are occurring. Although attacks in the existing Internet environment are PC-oriented, we can now confirm that smart devices such as IP cameras and tablets can be targets of network attacks. Through performance evaluation, the proposed protocol shows 11% more energy efficiency on servers than RSA, eight times greater energy efficiency on clients than Kerberos, and increased efficiency as the number of devices increases. In addition, it is possible to respond to a variety of security threats that might occur against the network. It is expected that efficient operations will be possible if the proposed protocol is applied to the IoT environment.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.26 no.1
• /
• pp.39-46
• /
• 2020

Accident prevention is more important than follow-up, which is based on Heinrich's law. The marine incident system is a very meaningful system that can prevent similar accidents, and was introduced in 2010 in Korea in accordance with the enforcement of the Code for the Investigation of Marine Casualties and Incidents (CI Code). Based on the CI Code, ship owners or ship operators are required to notify the Central Chief Inspector using the designated notification form in the event of a marine incident, but the number of voluntary notifications is still small. In this regard, this study intends to provide a direction for improvement by conducting an in-depth analysis focusing on the lack of notification procedures and forms of the marine incident system. To this end, we analyzed related regulations, cases of excellent overseas shipping countries such as the United Kingdom and Singapore, cases of similar domestic transportation systems such as aviation and railways, and marine incident notification procedures and forms of leading shipping companies. Major improvements in the notification process include the transition of the marine incidents to voluntary reporting, the expansion of the reporting subjects, and the identification of the security of the informer's identity. The main contents of the notification form revision include the use of the term "reporting" instead of "notification," the content of the identity guarantee in the notification form, and the increase in statistical value through the expansion of optional entries.

• Korean Security Journal
• /
• no.34
• /
• pp.139-160
• /
• 2013

Growth of minors learning space that the school is a place where many students live. Students, but in the living space of these minors values of change and chaos that occurs in addition to school safety incidents typically occur many accidents and potential for accidents to occur. Tinking of these potential events. Indifferent about the safety of schools and teachers with the much more conscious of the safety of the students lean due to being generated. Body and life, and damage to property due to these events. Accidents due to wear and sometimes liability and indemnity issues surrounding tarnished with the image of the school and teachers look forward to hearing from parents about the school deterioration, resulting in an unfavorable impact. Therefor in this essay, we are presenting case analysis may occur or re-occur. Prevent accidents that can identify and Countermeasures against accidents that occur within the school.

• Korean Security Journal
• /
• no.51
• /
• pp.153-170
• /
• 2017

The purpose of this study is to rediscover the operation of anti-terrorism system focusing on the system approach and crisis management approach for counter terrorism in Korea. According to the results of this study, it is required to establish a link between open systems and integrative system focusing on functional linkage of counter-terrorism systems, and cooperative measures with private sectors in the dimension of governance activation. Further, it is necessary to prepare legal foundations for the cooperation with private sectors and then promote open consciousness transformation through the partnership with private security for anti-terrorism activities. In addition, in its preventive stage, it is required to prepare legal systems related to biochemical terrorism for stronger regulations through crisis-managerial approach. Next, in its preparatory stage, it is necessary to prepare education and enact named Terror Prevention Day for increasing terror safety consciousness, and then extend citizen reporting reward systems to enable citizens to participate and become interested voluntarily in terror prevention. Also, it is essential to establish the substantial training system for preparing for terror occurrence. Moreover, in its response stage, it is urgent to construct networks between related institutions to manage field and spot responses with integrative management systems through information sharing. Furthermore, in its restoration stage, it is indispensible to prepare long-term management systems for injured persons and families of the deceased from terror incidents.