• Journal of the Korean Home Economics Association
• /
• v.45 no.8
• /
• pp.127-142
• /
• 2007

The objective of this study was to discuss child privacy issues at Web sites targeting children, Specifically, the study examined l)types of information required for join the membership, 2)whether privacy policies at Web sites for children abide by privacy guideline, and 3)specific examples of recommendable privacy policy and problematic privacy policy from Web sites, Total of 305 Web sites targeting children were used for content analysis, Selected Web sites included recommended sites by Korea Council of Children's Organizations and food business Web sites, The results showed that more than 70% of Web sites required private information when children join the membership. Most of these Web sites provided mailing service for children. Generally, Web sites showed problems in parents' approval procedures. Also, privacy policies at Web sites frequently omitted purpose specification principle and the security safeguard principle. Regulating online service provides and marketers targeting children would be necessary for protecting child privacy. Further, education program targeting parents and children could help them make right choices to protect children's online privacy.

• Korea Trade Review
• /
• v.44 no.1
• /
• pp.285-299
• /
• 2019

The 'One Belt One Road (OBOR)' initiative, which was promulgated as part of the enlargement policy along with the advent of Xi Jinping in 2013, is a policy to expand China's political and economic power externally through linkages with neighboring countries. China's overseas port investment plays an important role in the promotion of the 'OBOR' policy from the coast of China through maritime transportation routes from S.E Asia to Mediterranean and Europe. Since China's overseas port investment has been made from several factors such as political, economic, and military motives, it differs in purpose and character from investments made by private companies, such as Global Port Operators(GTO) which consider profitability first. This study aims to address future prospects and implications by analyzing the geopolitics of China's overseas port investment under the 'One Belt One Road' initiative. According to the results, China's overseas port investment is dominated by state-owned enterprises and political and security factors are more important than profitability. China's overseas port investment has been on a large scale in a short period of time, and China has faced with various problems both domestically and internationally. such as debt default, environmental problems, subordination problems from recipient countries and political and military confrontation with great countries such as United States, Japan and India etc.

• Spatial Information Research
• /
• v.21 no.4
• /
• pp.15-24
• /
• 2013

Recently, as the spatial information and various multimedia are fused together, the demand for the high value-added spatial information contents and the necessity of technology for spatial information security are increasing. However, since the current security policy is being managed independently by each system, there is a problem with unreliable or costly to modify or revise the security policy. Such problems occur frequently in the process of coordination or integration of the spatial information management systems that are used in public institutions and private companies. Therefore, in this paper, the access control system that could provide an integrated security policy for many spatial platforms and systems with expandable grammar and semantics was designed and implemented based on GeoXACML proposed by OGC. As the GeoXACML-based access control system designed and implemented in this paper follows the international standard specifications, it provides high portability and interoperability. Finally, in this paper, the efficiency of the system was proved by applying it to a virtual scenario on the military area requiring the access control.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.631-646
• /
• 2020

The government is pursuing a policy to remove plug-ins for public and private websites to create a convenient Internet environment for users. In general, financial institution websites that provide financial services, such as banks and credit card companies, operate fraud detection system(FDS) to enhance the stability of electronic financial transactions. At this time, the installation software is used to collect and analyze the user's information. Therefore, there is a need for an alternative technology and policy that can collect user's information without installing software according to the no-plug-in policy. This paper introduces the device fingerprinting that can be used in the standard web environment and suggests a guideline to select from various techniques. We also propose a user authentication model using device fingerprints based on machine learning. In addition, we actually collected device fingerprints from Chrome and Explorer users to create a machine learning algorithm based Multi-class authentication model. As a result, the Chrome-based Authentication model showed about 85%~89% perfotmance, the Explorer-based Authentication model showed about 93%~97% performance.

• Journal of the Korea Society for Simulation
• /
• v.32 no.4
• /
• pp.59-67
• /
• 2023

Private blockchains can apply enhanced security policies that allow only authorized users to participate in the blockchain network. In addition, when used in a career management system where the validity of an individual's career is important, it has the suitable characteristics in terms of information integrity. However, due to the excessive performance requirements of blockchain technology, identifying performance characteristics through simulation can be helpful in stable operation of the system. This paper presents research results that utilized performance evaluation results while constructing a career management system based on the Ethereum blockchain. The service not only serves as a portfolio that records personal career development activities, certification acquisition, and award results, but also provides a community function for career planning to strengthen employment competitiveness. In addition, we present how a compensation policy can be executed to encourage users to participate in career development through community activities. In particular, an appropriate compensation policy was derived by reviewing changes in performance characteristics in accordance with the transaction volume on Geth nodes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.89-96
• /
• 2013

Recent DDoS attacks and private informations leaked show that everyday life is interwoven with cyberspace and we are becoming more vulnerable to cyber attacks. Therefore, a systematic understanding of cyber damage structure is very important and damage loss estimation method should be developed to establish solid cyber security protection system. In this study, economic loss caused by cyber attacks are surveyed based on the analysis of existing studies and try to develop a reasonable methods to estimate economic effects of cyber security protection in Korea. Potential economic loss of Korea by cyber attacks may be situated between 10 billion and 40 billion dollars. But more sophisticated system should be established to estimate economic effects of cyber protection for proper policy decision making.

• Journal of Digital Convergence
• /
• v.14 no.6
• /
• pp.253-261
• /
• 2016

As many people use internet through the various programs of PC and mobile devices, the possibility of private data leak is increasing. A program should be used after checking security of information flow. Security analysis of information flow is a method that analyzes security of information flow in program. If the information flow is secure, there is no leakage of personal information. If the information flow not secure, there may be a leakage of personal information. This paper proposes a method of analyzing information flow that facilitates SAT solver. The method translates a program that includes variables where security level is set into propositional formula representing control and information flow. The satisfiability of the formula translated is determined by using SAT solver. The security of program is represented through the result. Counter-example is generated if the program is not secure.

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.99-121
• /
• 2017

Standard makers in both private and public sectors have been increasingly mandating security standards upon organizations to protect organizational digital assets. A major issue in security standardization is that standards often cannot regulate all possible security efforts by the standard maker because some efforts are unverifiable by nature. This paper studies from an analytical perspective how a standard maker should design the standard using a verifiable security control in the presence of another related unverifiable one. We compare it with two benchmark standards; $na{\ddot{i}}ve$-standard which refers to the standard maker who ignores the existence of the unverifiable control, and complete-information standard which refers to the maker sets standards on both controls. Optimal standard and benchmark standard depend critically on how the two controls are configured. Under parallel configuration, the existence of the unverifiable control induces the policy maker to set a higher standard (the complete-information standard is optimal); under serial configuration, a lower standard is applied (neither benchmark works). Under best-shot configuration and if the verifiable control is more cost-efficient, the existence of the unverifiable control has no impact on the optimal standard (the $na{\ddot{i}}ve$ standard is optimal).

• The Journal of the Korea Contents Association
• /
• v.12 no.12
• /
• pp.683-693
• /
• 2012

In this study we investigated the factors determining people's decision on whether to subscribe to private health insurance, on how many private health insurances they subscribe to and the average amount of monthly payment from subscribers of private health insurances. For analysis, logistic regression analysis and multiple linear regression analysis were conducted on the sample of 8,167 people using 2008 Korean Longitudinal Study of Ageing(KLoSA) data. From the analysis, whether to enroll in private health insurance is found to be greatly influenced by population and socioeconomic factors as well as regular exercise, smoking, cognitive function scores, subjective health status, hospitalization, the number of outpatient services, free primary health screenings benefits. We also found that number of private health insurances purchased is affected by age, household income, subjective health status, drinking, free primary health screenings benefits and that the average amount of monthly payment for private health insurances purchased is influenced by age, marriage status, economic activities status, subjective sense of hierarchy, household income, drinking, hospitalization. This study is expected to contribute to show the healthy role of private health insurance so that the desirable direction in expansion of health security policy in Korea can be explored further.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.781-799
• /
• 2024

Recently, the US and EU have been institutionally introducing and promoting Coordinated Vulnerability Disclosure(CVD) to strengthen the response to security vulnerabilities in ICT products and services, based on collaboration with white-hat hackers. In response to these changes in cybersecurity, we propose a three-step approach to introduce CVD through the Information and Communications Network Act(ICNA). In the first step, to comprehend the necessity and requirements for legislating CVD, we survey the current situation in Korea and the trends of CVD in the US, EU, and OECD. In the second step, we analyze the necessity for legislating CVD and derive the requirements for its legislation. In this paper, we analyze the necessity for legislating CVD from three perspectives: the need for introducing CVD, the need for institutionalization based on law, and the suitability of the ICNA as the legislation. The derived requirements for CVD legislation include the establishment and publication of Vulnerability Disclosure Policy(VDP), legal protection for white-hat hackers, and designation and role assignments of coordinator. In the third step, we introduce approaches to apply the requirements for CVD legislation to the ICNA, which is the law governing prevention and response to cybersecurity incidents in private sector.