• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.2
• /
• pp.15-20
• /
• 2023

Recently, digitalization is accelerating in all industries, and the use of information and personal information produced and used in the process of it is very important for the success or failure of a company. However, malicious attempts to steal or leak major information and personal information of a company as an adverse effect continue to increase, and appropriate defense and response are absolutely necessary. However, in the case of small and medium-sized enterprises, the priority of information protection and the possession of professional manpower are very insufficient compared to large enterprises. This paper studies the certification and audit implemented in Korea, and suggests ways to expand the certification of the information protection system suitable for SMEs and improve the effectiveness of the support system through the expansion of the privacy law notification standard and operation of support system.

• Journal of the Society of Disaster Information
• /
• v.19 no.4
• /
• pp.815-825
• /
• 2023

Purpose: This paper aims to explore approaches for obtaining KOLAS certification for masks developed as protective equipment for use during evacuation processes in the event of a radiation disaster involving residents within a radiation emergency planning zone. Method: Various reports, papers, and data from the KOLAS accreditation bodies' websites were examined for this study. Result: Although domestic radiation disaster preparedness measures have been established to enhance resident protection, the distribution of protective equipment is limited to thyroid protection drugs. Supplementary support items like masks are necessary to prepare for radiation disasters. Currently, there is no KOLAS-accredited certification body for radiation protection masks. Conclusion: For masks that have established performance certification criteria, a dual process is required for KOLAS certification. This involves obtaining an official test report as an industrial respirator mask, receiving certification, and then obtaining a general test report based on internal standards.

• Journal of Information Technology Services
• /
• v.18 no.2
• /
• pp.55-73
• /
• 2019

The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.25-32
• /
• 2018

Cyber hackings are increasing and becoming more intelligent. The government and private companies conduct various information protection activities by investing lots of money and employing security personnel to protect import ant assets and personal information. It is important to evaluate the efficiency of the information protection activities that cost lots of money and manpower. However, the studies on the efficiency of the information protection activities were mainly conducted for government agencies the information of which is more readily available. This study suggests a model that can evaluate the efficiency of the activities of information protection and information security certification of various private companies. Our model evaluates the efficiency of the information protection activities by applying AHP and DEA on the information that are publicly announced by the private companies. Our model identifies the DMUs that are efficiently operated and suggests the improvement policies for the DMU that are non-efficiently operated.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.657-660
• /
• 2021

A video information processing system (CCTV) requires comprehensive administrative, physical, and technical security management to collect, transmit and store sensitive information. However, there are no regulations related to video information processing, certification methods for the technology used, and application standards suitable for security technology. In this paper, we propose a cryptography, certification, protection, system (CCPS) model that can protect the system by including encryption technology for application to the video information processing system and authentication measures for the technology used in the system configuration.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.578-579
• /
• 2021

According to a survey on the infringement of SMEs, the level of technology protection capability is improving every year, but technology leaks and damage continue to occur. This shows that there is a need for a security management and supervision system that can strengthen the security awareness of SME executives and employees and maintain the security level continuously. The Personal Information & Information Security Management System(ISMS-P) authentication systems is the latest related standard, which has the problem of applying the same certification criteria without considering the types of certification target organizations such as ISPs, IDC, hospitals and schools, and SMEs.. In this paper, 73 evaluation items that can be specialized and applied to SMEs were derived by referring to ISMS-P certification and Personal Information Protection Management System (PIMS) certification. The results of the study show that the number of evaluation items decreased by 28.4% compared to the existing ISMS-P certification.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.107-113
• /
• 2019

Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

• Management & Information Systems Review
• /
• v.12
• /
• pp.1-15
• /
• 2003

As a rapid development of electronic commerce transactions in these days, the security and private protection problems became more important matters under the electronic transaction base. Because electronic transaction using electronic documents be carried without direct person to person meeting, there can be the possibility to use other's identity illegally without notice, and very hard to verify authenticity of transaction as well. In addition, it is very hard to find out that the electronic documents on the process of submitting is forged documents or not, and also have much difficulty in maintaining transmitting secret. Therefore, to solve such problems on electronic commerce transactions and electronic documents, the digital signature and certification system with cryptography skill is inevitably necessary. As the wide use of digital signature together with beginning of digital government and financial transaction, not only the issuance of electronic certification, but certification market came to gradually expand. In Korea, after enacting digital signature act in 1999, the act contents were expanded to the wide range of contents complying with global standards from the end of 2001 to April, 2002, including the new clause of certification problems. And the act was put into operation now. Therefore, in this paper, we'd like to suggest development scheme through the investigation on electronic certification related problems, such as, concepts, procedures, service conditions here and abroad.

• Information Systems Review
• /
• v.19 no.4
• /
• pp.27-42
• /
• 2017

With the rapid development in network, graphic technology, and digital technology, content industry is emerging as an important industry for new cultural development and economic development. The development in digital content technology has remarkably expanded the generation and distribution of contents, thereby creating new value and extending into a large distribution market. However, the ease of distribution and duplication, which characterizes digital technology, has increased the circulation of illegal contents due to illegal copying, theft, and alteration. The damage caused by this illegal content is severe. Currently, a copyright protection system targeting online sites is available. By contrast, no system has been established for offline companies that sell offline genuine content, which compete with online companies. The demand for content of overseas tourists is increasing due to the Korean wave craze. Nevertheless, many offline content providers have lost competitiveness due to illegal content distribution with online companies. In this study, we analyzed the case and status of similar copyright certification systems in Korea and overseas through previous research and studied a system to certify the offline genuine contents business. In addition to the case analysis, we focused on interviews obtained through in-depth interviews with the copyright stakeholders. We also developed a certification framework by establishing the certification domain, certification direction, and incentive of the certification system for offline businesses with genuine content. Selected certification direction is ethical, open, inward, store, and rigid (post evaluation). This study aimed to increase awareness among consumers about the use of genuine content and establish a transparent trading order in a healthy content market.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.107-114
• /
• 2015

Since 2002, information security management system has been implemented (ISMS) certification scheme whilst providing telecommunications services to enhance the level of enterprise information security was ongoing and Prevent accidents and avoid spread of infringement, such as rapid response and there is a lot of it came true. However, this system is the protection of the country or the investment company, as part of the actual information on how management affects the performance came from or how measures are still lacking for. In this study, the companies have their own privacy ISMS certification measures the level of activity continued to improve information security performance measures and methodology are presented. The government is also based on the validity of the certification system to ensure the overall implementation of the ISMS itself is this a step increase effective information security system is to be certified in advance to prevent security incidents and to improve business performance to help.