• Journal of the Korea Safety Management & Science
• /
• 제12권4호
• /
• pp.107-116
• /
• 2010

To give a solution to solve personal information problems issued in this study, the domestic and overseas cases about information security management system including an authentication technique are analyzed. To preserve the outflow of personal information, which is such a major issue all over the world, a new security audit check list is also proposed. We hope this study to help information system developers construct and operate confidential information systems through the three steps: Analysis of risk factors that expose personal information, Proposal to solve the problem, Verification of audit checking items.

• Convergence Security Journal
• /
• 제12권2호
• /
• pp.13-21
• /
• 2012

The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection/use of privacy data, processing of sensitive information/personal ID information, and encryption of privacy information); restrictions on installation/operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제23권4호
• /
• pp.781-797
• /
• 2013

Nowadays, it is increasing that corporates consign tasks related to the personal information processing to the consignees for efficiency and quality improvements and cost reductions. As the consignments are increased, there are increases on types and amounts of personal information. Therefore, the needs on the information managements and the security threats are increased. This report will analyze the laws that consignors and consignees should follow. Moreover, it identifies issues and analyzes the current levels on consignees in terms of the personal information protection so that the consignors can come up with the best and efficient way to monitor the consignees when they consign the personal information processing tasks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제25권6호
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제24권6호
• /
• pp.1319-1328
• /
• 2014

While the recent advance in network system has made it easier to collect and process personal information, the loss of customers, financial companies and even nations is getting bigger due to the leakage of personal information. Therefore, it is required to take a measure to prevent additional damage from the illegal use of leakaged personal information. Currently, financial companies use access control in accordance with job title or position on general documents as well as important documents including personal information. Therefore, even if a documents is confidential, it is possible for a person of the same job title or position to access the document properly. This paper propose setting up security grade of documents to improve current access control system. It will help preventing the leakage of personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제25권2호
• /
• pp.383-393
• /
• 2015

Recently, the number of companies consigning their personal information management work has been increasing; they consign the work for various reasons and purposes, for example, in order to reduce costs related to personal information managers, improve efficiency through professional performance and to improve service quality. As such, since the cases where an consigning agency - not the personal information manager - handles personal information are increasing due to the increase of consigning of the personal information management work, we need to concerned with and pay attention to how much such agency makes efforts for personal information protection. In this regard, this study suggests a plan for efficient management of the agency during the course of consigning work as well as a list of requirements for personal information protection to be considered in each phase of the following; establishment of personal information protection framework for all consigning work processes, selection of consigning agency, execution of consigning contract, operation and management of consigning work, and termination of contract.

• Convergence Security Journal
• /
• 제12권5호
• /
• pp.87-97
• /
• 2012

Privacy of personal information disclosure incident occurs frequently as a problem to our society's most important and sensitive social agenda is emerging. Personal information is actually more accurate, depending on the type or types of economic value and sensitivity, the quality of the information, because it can cause a spill a serious social threat and systematic personal information protection and management are not carried out and the information society in a big mess can result. Customers my affairs when small guard security companies, especially the sensitive personal information of customers who need to work, the collected information be leaked or the company's trade secrets, are exposed on the outside, it could be a serious threat to a greater problem cause. Small escort guard companies, however, compared with large companies to build its own security system, due to issues such as the extent of funding, staffing shortages, there are many difficulties. Status of Information Security, scale and analyze the characteristics of small escort guard companies occupied by guard security companies in the present study, sleep, look at him in the solution of the practical issues of information protection system laid small guard. Expenses supplier of propose a security system for preventing the leakage of personal information.

• Journal of Korea Society of Digital Industry and Information Management
• /
• 제13권1호
• /
• pp.159-171
• /
• 2017

The purpose of this study is to investigate the effects of e - commerce technology characteristics and personal values on purchasing behavior by information security importance. The results of the empirical study that examined the university students in 2006 and 2016 are as follows. First, personal value is centered on personal values, such as self - esteem and self - esteem in 2006. In 2016, however, personal values such as self - fulfillment and personal relationship with others are important. Transactional ease and product service serve as the main value of the fun and pleasure of life, but the sense of accomplishment as the core value of information protection. Second, the technical characteristics of e-commerce are as follows. In terms of ease of transaction and product service, technology characteristics are simplified and directly effected over time. On the other hand, information protection works very closely with individual value, There was a strong tendency to enjoy benefits. Especially in 2006, if you want to enjoy transactional convenience through transaction information security or benefit from product service, it has been changed to recognize the importance of information security through payment in 2016.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제25권2호
• /
• pp.395-410
• /
• 2015

This research defines the degree of the threat caused by the leakage of personal information in a quantitative way. The proposed definition classifies the individual items in a personal data, then assigns a risk value to each item. The proposed method considers the increase of the risk by the composition of the multiple items. We also deals with various attack scenarios, where the attackers seek different types of personal information. The concept of entropy applies to associate the degree of the personal information exposed with the total risk value. In our experiment, we measured the risk value of the Facebook users with their public profiles. The result of the experiment demonstrates that they are most vulnerable against stalker attacks among four possible attacks with the personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제26권2호
• /
• pp.463-474
• /
• 2016

As IT environment has changed, paths of information security in financial environment which is based on IT have become more diverse and damage caused by information leakage has been more serious. Among security incidents, personal information leakage incident is liable to give the greatest damage. Personal information leakage incident is more serious than any other types of information leakage incidents in that it may lead to secondary damage. The purpose of this study is to find how much personal information leakage incident influences corporate value by analyzing 21 cases of personal information leakage incident for the last 15 years 1,899 listing firm through case research method and inferring investors' response of to personal information leakage incident surveying a change in transaction before and after personal information leakage incident. This study made a quantitative analysis of what influence personal information leakage incident has on outcome of investment by types of investors by classifying types of investors into foreign investors, private investors and institutional investors. This study is significant in that it helps improve awareness of importance of personal information security by providing data that personal information leakage incident can have a significant influence on outcome of investment as well as corporate value in Korea stock market.