• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.117-130
• /
• 2011

In a situation where worldwide free trade between countries has expanded recently, our country is being rapidly pushed FTA agreements with the financial developed countries such as United States, EU. According to the agreement, the user information of foreign financial companies in Korea is expected to be transfered overseas. In this paper, we need to define the scope and the definition about the transfer of information and analyze the relating domestic and foreign laws preparing for Cross Border Financial Information Transfer. Also, we review the expected issues about the transfer of information divided into institutional and technical sectors and arc presented the policy implication such as differentiation of regulatory information, enactment and amendment of Personal Information Protection Law(Draft) and related regulations, ensuring the safety of financial companies, raise the standard guidelines of the transfer of information. We refers to the needs for policy formulation to differentiate our privacy information from financial information to protect the privacy of users. The proposed countermeasures in this paper is expected to be helpful the measures to prepare for other institutions such as banks and supervisory authorities prepare for the future Cross Border Financial Information Transfer according to PTA.

• Journal of Convergence for Information Technology
• /
• v.12 no.5
• /
• pp.1-14
• /
• 2022

This study tried to suggest crisis management compliance to prevent personal information infringement accidents that may occur in the process because the data including personal information is being processed in the artificial intelligence (AI) service process. To this end, first, the AI service provision process is divided into 3 processes such as service planning/data design and collection process, data pre-processing and purification process, and algorithm development and utilization process. And 3 processes are subdivided into 9 stages following to personal information processing stages to infringe personal information. All processes were investigated with literature and experts' Delphi. Second, the investigated personal information infringement factors were selected through FGI, Delphi, etc. for experts. Third, a survey was conducted with experts on the severity and possibility of each personal information infringement factor, and the validity and adequacy of the 94 responses were verified. Fourth, to present appropriate risk management compliance for personal information infringement factors in AI services, a method for calculating the risk level of personal information infringement is prepared by utilizing the asset value of personal information, personal information infringement factors, and the possibility of infringement accidents. Through this, the countermeasures for personal information infringement incidents were suggested according to the scored risk level.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.17-26
• /
• 2003

Recently, as the internet is widespread rapidly among the public, people can use a variety of useful information services through the internet. Accordingly, the protection of information supplied by computer networks 5 has become a matter of primary concern on the whole world. To accede to the realistic demands, it has been worked out some countermeasures to cultivate the experts in information security by the government and many educational facilities. Already the government authority has carried out the each kinds of concerning projects under the framed a policy, Five-Year Development Plan for Information Security Technology. Also, many domestic universities perceives such an international trend, and so they frame their plans to train for the experts in this field, including to found a department with respect to the information security. They are ready to execute their tangible works, such as establishment of educational goal, development of teaching materials, planning curriculum, construction of laboratories and ensuring instructors. Moreover, such universities lead to their students who want to be information security experts to get the fundamental knowledge to lay the foundation for acquiring the information security technology in their bachelor course. In this note, we survey and analyze the curricula of newly-established or member-extended departments with respect to information security fields of some leading universities in the inside and outside of the country, and in conclusion, we propose the effective model of curriculum and educational goal to train the students for the information security experts.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.105-117
• /
• 2019

Bitcoin, which can be classified as a cryptocurrency, has attracted attention from various industries because it is an innovative digital currency and the beginning of a Blockchain system. However, as the research on Bitcoin progressed, several security vulnerabilities and possible attacks were analyzed. Among them, the security problem caused by the transparency of the Blockchain database prevents the Blockchain system from being applied to various fields. This vulnerability is further classified as the weak anonymity of participating nodes and privacy problem due to disclosure of transaction details. In recent years, several countermeasures have been developed against these vulnerabilities. In this paper, we first describe the main features of the public and private Blockchain, and explain privacy, unlinkability and anonymity. And, three public Blockchain platforms, Dash, Zcash and Monero which are derived from Bitcoin, and Hyperledger Fabric which is a private Blockchain platform, are examined. And we analyze the operating principles of the protocols applied on each platform. In addition, we classify the applied technologies into anonymity and privacy protection in detail, analyze the advantages and disadvantages, and compare the features and relative performance of the platforms based on the computational speed of the applied cryptographic mechanisms.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.54 no.1
• /
• pp.46-52
• /
• 2017

Social attention to information security field is inspired, and manpower demand forecast of this area is getting high. This study surveyed information security knowledge of practitioners who work in a field of information security such as computer and network system. We analyzed a connection between survey data, information protection job system that was suggested by NICE, IT skills that NCS and KISA classified and security field classification system. Base on data that analyzed, this study suggests a curriculum that trains professional manpower who perform duties in the field of information security. Suggested curriculum can be applied to 2 year college, 3 year college and 4 year college. Suggested curriculum provides courses that students who want to work in a field of information security must learn during the college. Suggested courses are closely connected to a related field and detailed guideline is indicated to each course to educate. Suggested curriculum is required, and it combines a theoretical education that become basis and a practical education so that it is not weighted to learn theory and is not only focusing on learning simple commands. This curriculum is established to educate students countermeasures of hacking and security defend that based on scenario that connected to executive ability. This curriculum helps to achieve certificates related to a field more than paper qualification. Also, we expect this curriculum helps to train convergent information security manpower for next generation.

• Journal of Wetlands Research
• /
• v.18 no.1
• /
• pp.100-112
• /
• 2016

In recent, the direction of water resources policy is changing from the typical plan for water use and flood control to the sustainable water resources management to improve the quality of life. This change makes the information related to water resources such as data collection, management, and supply is becoming an important concern for decision making of water resources policy. We had analyzed the structured data according to the purpose of providing information on water resources. However, the recent trend is big data and cloud computing which can create new values by linking unstructured data with structured data. Therefore, the trend for the management of water resources information is also changing. According to the paradigm change of information management, this study tried to suggest an application of big data and cloud computing in water resources field for efficient management and use of water. We examined the current state and direction of policy related to water resources information in Korea and an other country. Then we connected volume, velocity and variety which are the three basic components of big data with veracity and value which are additionally mentioned recently. And we discussed the rapid and flexible countermeasures about changes of consumer and increasing big data related to water resources via cloud computing. In the future, the management of water resources information should go to the direction which can enhance the value(Value) of water resources information by big data and cloud computing based on the amount of data(Volume), the speed of data processing(Velocity), the number of types of data(Variety). Also it should enhance the value(Value) of water resources information by the fusion of water and other areas and by the production of accurate information(Veracity) required for water management and prevention of disaster and for protection of life and property.

• Fire Science and Engineering
• /
• v.34 no.1
• /
• pp.89-102
• /
• 2020

Chemical terrorism using toxic and flammable gases, which could be fatal to the health of the human body, poses a serious threat to the security of most advanced countries, as well as those that are suffering from local disputes, due to the asymmetric information that exists between terrorist actors and victims. The countermeasures against chemical terrorism can be roughly divided into three stages: prevention, response, and probation. The critical factors for each professional response agency, and the personnel that determine the degree and range of chemical terrorism damage, are performing missions successfully in the process of the prevention and the response stage against chemical terrorism. To do this, conducting objective and systematical assessments on facilities that could potentially be the subject of chemical terrorism is more important than anything. In this study, we compared the existing domestic and foreign vulnerable classification systems for chemical terrorism, reviewed the current direction of improvement in domestic classification systems, and suggested more scientific and systematic methodologies through the vulnerability assessment on an actual public facility sample.

• Informatization Policy
• /
• v.17 no.1
• /
• pp.43-62
• /
• 2010

Mandatory use of resident registration number in Korean websites is likely to result in an violation of privacy. The Korea government introduced i-PIN (Internet Personal Identification Number) to solve this problem in Oct of 2006. But the implementation of i-PIN has failed to decrease violation of privacy. Therefore, we must open our eyes to problems of i-PIN and the importance of privacy protection. This study analyzes the policy failures of i-PIN and considers countermeasures for protecting privacy on the Internet, and explores policy alternatives to secure privacy on the Internet by analyzing the implementation process of I-PIN. In conclusion, this study stresses the urgent need for a well-thought-out policy in order to solve the problems of i-PIN on the Internet. It expects that the i-PIN will make a big stride for the realization of secure electronic government.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2013

Cyber attacks threaten the national security in this day and age. The government of the Republic of Korea recently released the National Cyber Security Comprehensive Countermeasures as a new cybersecurity policy. But current legal system cannot provide legal basis for the implementation of such measures. The current legal system related to cybersecurity is applied in each sector, thus the governance system in cybersecurity is separate. So there are many problems in the governance system in cybersecurity. To solve these problems fundamentally, it is righter to make a new cybersecurity law than to revise existing laws. Meanwhile, lawmakers proposed some bills in Congress to strengthen the cybersecurity in Korea in 2013. It will increase possibility of legislation of cybersecurity act to make a law through the analysis of these bills and to derive the essential elements from those. and to reflect these in the new cybersecurity act.

• Journal of Korean Society of Water and Wastewater
• /
• v.35 no.6
• /
• pp.389-403
• /
• 2021

In this study, dual drainage system based runoff model was established for W-drainage area in G-si, and considering the various rainfall characteristics determined using Huff and Mononobe methods, the degree of flooding in the target area was analyzed and the risk was compared and analyzed through the risk matrix method. As a result, the Monobe method compared to the Huff method was analyzed to be suitable analysis for flooding of recent heavy rain, and the validity of the dynamic risk assessment considering the weight of the occurrence probability as the return period was verified through the risk matrix-based analysis. However, since the definition and estimating criteria of the flood risk matrix proposed in this study are based on the return period for extreme rainfall and the depth of flooding according to the results of applying the dual drainage model, there is a limitation in that it is difficult to consider the main factors which are direct impact on inland flooding such as city maintenance and life protection functions. In the future, if various factors affecting inland flood damage are reflected in addition to the amount of flood damage, the flood risk matrix concept proposed in this study can be used as basic information for preparation and prevention of inland flooding, as well as it is judged that it can be considered as a major evaluation item in the selection of the priority management area for sewage maintenance for countermeasures against inland flooding.