• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.23-37
• /
• 2012

Illegal game players' hacking and propagation of malignant code in online game exposes privacy of online game customers. So, online game companies have to support the standardized systems and operations of customers' privacies. Since online game companies implement authentication of information protection, which focuses on assets or physical, systemic security, they need a more professional system that is related to protection of individual privacy. We analyzed the individual information protection system, which includes ISO27001, ISMS of KISA, GMITS, ePrivacy, online game privacy protection guide, and BS10012. Using the suggested systems, we proposed the systemic tools that measure the level of individual information protection, which includes process and check items of each phase.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.39 no.4
• /
• pp.97-105
• /
• 2016

As information system is getting higher and amount of information assets is increasing, skills of threatening subjects are more advanced, so that it threatens precious information assets of ours. The purpose of this study is to present a strategic direction for the types of companies seeking access to information security. The framework classifies companies into eight types so company can receive help in making decisions for the development of information security strategy depending on the type of company it belongs to. Paired comparison method survey conducted by a group of information security experts to determine the priority and the relative importance of information security management elements. The factors used in the security response strategy are the combination of the information security international certification standard ISO 27001, domestic information protection management system certification K-ISMS, and personal information security management system certification PIMS. Paired comparison method was then used to determine strategy alternative priorities for each type. Paired comparisons were conducted to select the most applicable factors among the 12 strategic factors. Paired comparison method questionnaire was conducted through e-mail and direct questionnaire survey of 18 experts who were engaged in security related tasks such as security control, architect, security consulting. This study is based on the idea that it is important not to use a consistent approach for effective implementation of information security but to change security strategy alternatives according to the type of company. The results of this study are expected to help the decision makers to produce results that will serve as the basis for companies seeking access to information security first or companies seeking to establish new information security strategies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.5
• /
• pp.548-574
• /
• 2009

Personal information (hereinafter referred to as "PI") infringement has recently emerged as a serious social problem in Korea. PI infringement in the public and private sector is common. There were 182,666 cases of PI in 2,624 public organizations during the last three years. Online infringement cases have increased. PI leakage causes moral and economic damage and is an impediment to public confidence in public organizations seeking to manage e-government and maintain open and aboveboard administration. Thus, it is an important matter. Most cases of PI leakage result from unsatisfactory management of security, errors in home page design and insufficient system protection management. Protection management, such as encryption or management of access logs should be reinforced urgently. However, it is difficult to comprehend the scope of practical technology management satisfied legislation and regulations. Substantial protective countermeasures, such as access control, certification, log management and encryption need to be established. It is hard to deal with the massive leakage of PI and its security management. Therefore, in this study, we analyzed the conditions for the technical protection measures during the processing phase of PI. In addition, we classified the standard control items of protective measures suited to public circumstances. Therefore, this study provides a standard and checklist by which staff in public organizations can protect PI via technical management activities appropriate to laws and ordinances. In addition, this can lead to more detailed and clearer instructions on how to carry out technical protection measures and to evaluate the current status.

• Journal of the Korea Safety Management & Science
• /
• v.16 no.3
• /
• pp.433-441
• /
• 2014

Increasing the outsourcing of personal information treatment, the safe management and director for fiduciary is very important. In this paper, under the personal information protection management systems the current situation of fiduciary management and direction was reviewed and the certification system was analysed in terms of availability of the controled items. Under the basis of legal compliance at the time of the Privacy Act, the characteristics of outsourcing type was also analyzed and derived new controled items. As a result of the proposed research, new controled items for fiduciary could be used as a standard for the managing Director.

• Korean Security Journal
• /
• no.61
• /
• pp.203-234
• /
• 2019

The damages from security accidents continue to increase as technology leaks from suppliers cause risks to the management of large companies, which are their customers, and their image and reliability to fall. However, the current industrial structure is practically impossible for large companies to form their own businesses and strategic alliances with business partners are essential, but it is changing into an industrial structure where the exchange of information is increased and the dependence of the information system is maximized, as well as legal demands and demands from stakeholders are increasing due to the complexity of the work process and the strengthening of security-related laws. The status of technology protection of small and medium-sized enterprises shows that they are not equipped with a security system due to relatively poor environment and financial difficulties compared to large enterprises, whereas the industrial structure between large and small business partners is indispensable for sharing the IT system, and the security system of large business, which is a customer company, should be improved by considering the fact that it is impossible to maintain security system between large businesses. Thus, the government intends to examine the system for shared growth of small businesses and the model for evaluating the capabilities of various agencies for information protection, and propose measures to introduce the certification system for small business partners.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.1001-1011
• /
• 2014

Smart Grid Devices could have security vulnerabilities that have legacy communication networks because of the fact that Smart Grid employs bi-directional communications and adopted a variety of communication interface. Consequently, it is required to build concrete response processes and to minimize the damage of the cyber attacks including security evaluation and certification methods. DCU is designed to collect meter data from numerous smart meter and send to utility's server so DCU installed between smart meter and utility's server. For this reason, If DCU compromised by attacker then attacker could use DCU to launching point for and attack on other devices. However, DCU's security evaluation and certification techniques do not suffice to be deployed in smart grid infrastructure. This work development DCU protection profile based on CC, it is expected that provide some assistance to DCU manufacturer for development of DCU security target and to DCU operator for help safety management of DCU.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1267-1276
• /
• 2013

Cloud consumers who use cloud computing services are obliged to review and monitor the legal compliance of cloud providers who are consigned the processes of the PII (personally identifiable information) from them. This paper presented possible scenarios for cloud PII outsourcing and suggested PIMS (personal information management system) controls for outsourcing management between cloud consumers and cloud providers by analyzing both international standards and domestic certification schemes related to cloud computing and/or privacy management based on the legal obligations for PII outsourcing from Korean "Personal Information Protection Act (PIPA)". The controls suggested can be applicable for developing the guidance of complying with privacy laws in organizations or the checklist of PII outsourcing management in PIMS certification.

• Journal of the Society of Disaster Information
• /
• v.17 no.3
• /
• pp.487-499
• /
• 2021

Purpose:The purpose of the paper is to review the problems of performance enhancement of safety certification standards and to suggest directions for improvement in order to rationalize safety certification standards for future industrial development and environmental changes. Method: The problems and limitations of the safety certification system are summarized through literature review and interview with manager, and the status of safety certification standards is classified into design standards, performance standards, and detailed standards, and the status analysis is performed. In addition, by synthesizing the results of the investigation and analysis, improvements are suggested to improve the performance of the safety certification standards. Result: Through the survey, the problems and limitations of safety certification could be grouped into six categories: government-led certification system operation, standardized certification standards, long time required to improve certification, poor certification standards preparation system, and lack of reflection of industry opinions. And, as a result of analyzing the certification standards by dividing them into performance and design standards, in the case of machinery, equipment, and protection devices, the design standards were high at 69.7% and 64.9%, whereas in the case of protective equipment, the performance standards were high at 61.1%. In order to improve the performance of safety certification standards centered on design standards, it is necessary to determine the possibility of performance enhancement of the certification standards and determine the feasibility of the inspection test method. In order to improve performance, it was reviewed that it was necessary to establish a systemic foundation and infrastructure, such as strengthening the Product Liability Act, systematizing market monitoring, etc., distributing certification test tasks, and participating in the preparation of certification standards by the private sector. Conclusion: Through this study, the problems and limitations of Korea's safety certification system were summarized and the necessity for performance improvement was reviewed. Performance improvement of safety certification standards is a matter that requires preparatory work, such as legislative revision and infrastructure construction, and requires mid-to-long-term promotion. In addition, rather than improving the overall safety certification standards, the performance requirements for each item subject to certification should be reviewed and promoted, and details should be specified through additional research.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.599-603
• /
• 2006

Korea Information Security Agency has executed the certification system for the information security management since 2002 and examines the conformance of the IDCs'total management system including the technical and the physical protection measure. However, this certification system has the standard only for the IDC in the wire/wireless segregated and the evaluation method for the wire/wireless integrated has not been suggested yet. This paper is on the basis of "Accumulation Information Communication Facility Secure Principle", guidelines of Wireless LAN security operation, the existing principles and recommendations of the information security and the data on IDC environment. And the paper suggests the IDC network model in the wire/wireless integrated and the IDC evaluation method.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.7
• /
• pp.123-131
• /
• 2019

In this paper, related studies were investigated by dividing them into cost-benefit analysis, security continuity services, and SW-centric calculations. The case analysis was conducted on A institutions in the United States, Japan and South Korea. Based on this, an improvement model was prepared through comparison with the current system. The SCS(Security Continuity Service) performance evaluation system-based information protection service cost calculation model is proposed. This method applies a service level agreement(SLA) and NIST Cybersecurity framework that are highly effective through cost-effectiveness analysis and calculates consideration based on characteristics, performance criteria, and weights by information protection service. This model can be used as a tool to objectively calculate the cost of information protection services at public institutions. It is also expected that this system can be established by strengthening the current recommended statutory level to the enforceability level, improving the evaluation system of state agencies and public institutions, introducing a verification system of information protection services by national certification bodies, and expanding its scope to all systems.