Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

Development of Personal Information Protection Framework to be Followed by IoT Service Providers

IoT서비스제공자가 준수해야 할 개인정보보호 프레임워크의 개발 방안

  • Shin, Young-Jin (Industry Academic Cooperation Foundation, PaiChai University)
  • Received : 2020.05.20
  • Accepted : 2020.07.20
  • Published : 2020.07.28
Download PDF
⟨ Previous Next ⟩

Abstract

This study is to develop and provide a personal information protection framework that enables IoT service providers to safely and systematically operate personal information of IoT service subjects in the overall process of providing IoT devices and services. To this end, a framework for personal information framework was derived through literature survey, and FGI with experts, it was divided into three stages, each of three stages: IoT service provision process and IoT personal information processing process. The study conducted an e-mail survey of related experts using AHP techniques to determine the importance of the components of the selected personal information protection framework. As a result, in the IoT service provision process, the IoT product and service design and development stage (0.5413) is the most important, and in the IoT personal information processing process, personal information protection in the collection and retention of personal information (0.5098) is the most important. Therefore, based on this research, as the IoT service is spreading, it is expected that a safe personal information protection framework will be realized by preventing security threats and personal information infringement accidents.

본 연구는 IoT서비스제공자가 IoT 제품 및 서비스를 제공하는 전반적인 과정에서, IoT서비스주체의 개인 정보를 안전하고 체계적으로 운영할 수 있는 개인정보보호프레임워크를 개발하여 제공하고자 한다. 이를 위해서 문헌조사를 통해 개인정보프레임워크에 관한 구성요소틀을 도출하였으며, 전문가심층면접조사를 통해 개인정보보호 프레임워크를 IoT서비스제공과정과 IoT개인정보처리과정으로 각 3개 단계 3개 분야 2개 지표로 선정했다. 이렇게 선정한 개인정보보호프레임워크의 구성요소간 중요도를 AHP기법을 이용한 관련분야 전문가들을 대상으로 전자메일조사를 실시했다. 그 결과, IoT서비스제공과정에서는 IoT제품 및 서비스의 설계·개발단계(0.5413)가 가장 중요하며, IoT개인정보처리과정에서는 개인정보의 수집·보유단계(0.5098)에서의 개인정보보호가 가장 중요하다. 따라서, 본 연구를 바탕으로 IoT서비스가 확산되는 가운데, 보안위협 및 개인정보 침해사고를 예방하여 안전한 개인정보보호 프레임워크가 구현되리라 본다.

Keywords

References

  1. McKinsey. (2015). THE INTERNET OF THINGS: MAPPING THE VALUE BEYOND THE HYPE. www.mckinsey.com/mgi
  2. A. R. Lee. S. M. Son, H. J. Kim & B. S. Kim. (2016. 8). Improving Personal Data Protection in IoT Environments. Journal of the Korea Institute of Information Security & Cryptology, 26(4), 995-1012. DOI : 10.13089/JKIISC.2016.26.4.995
  3. Y. J. Shin. (2018). A Study on Developing Policy Indicators of Personal Information Protection for Expanding Secure Internet of Things Service. Informatization Policy, 25(3), 29-51. DOI : 10.22693/NIAIP.2018.25.3.029
  4. D. J. Choi. (2019. 9. 18). Net generation IoTsecurity in 5G era. Weekly Technology Trend Institute of Information & Communications Technology Planning & Evaluation.
  5. Y. R. Lee & J. S. Kim. (2014). "Persona information protection framework in IoT environment." 2014 SpringSpring Conference Proceeding, The Korea Contents Association 277-278.9
  6. Y. R. Lee, S. M. Kang, S. K. Seo & H. S. Lim. (2016). A study on information security framework according to the introduction of defense IoT. Defense technology, 448, 98-107.
  7. S. H. Park & J. G. Park (2014. 10). A7ctivation plan with analysis on technology and market of IoT, 2014 Fall academic conference, Korea Technology Innovation Society, 85-91.
  8. S. P. Hong, H. M. Jang, K. J. Kim, H. R. Kim & S. M. Park. (2015). Research on personal information protection issues and policy suggestions in IoT environment. KISA.
  9. N. J. Park et al. (2016). A Research on IoT production security certification and security maintenance promotion. KISA.
  10. J. S. Lee. (2009). Public Administration Dictionary. DYM Book.
  11. T. L. Saaty. (1980). The analytic hierarchy process: planning, priorisetting, resource allocation. New York. McGraw-Hill International Book Company.
  12. N. H. Kang. (2015). IoT convergence service security requirements. The Journal of The Korean Institute of Communication Sciences, 32(12), 45-50.
  13. Korea Internet & Security Agency. (2019). Internet of Things (IoT) Security Test and Certification Standards Commentary.. KISA.
  14. Ministry of Science and ICT & Korea Internet & Security Agency. (2018). Information protection pre-inspection guide. Ministry of Science and ICT & KISA.
  15. IoT security alliance. (2016). IoT Common Security Guidelines. IoT security alliance.
  16. Korea Internet & Security Agency. (2007). RFID Personal Information Protection Guidelines. Korea Internet & Security Agency.
  17. H. K. Kong, H. K. Gu, H. W. Cho & J. S. Kang. (2015). Research on based security certification of IoT device. KISA.
  18. S. Li & L. Da Xu. (2017). Securing the internet of things. Acorn publishing Co.
  19. Finance Security Institute. (2016. 12. 12). IoT security threats and accidents. IoT Common Security Guide.
  20. Y. S. Jeong. (2017). Data Storage and Security Model for Mobile Healthcare Service based on IoT. Journal of Digital Convergence, 15(3), 187-193. DOI : 10.14400/JDC2017.15.3.187
  21. Ministry of Science and Technology Information and Communication, Ministry of Public Administration and Security.Korea, Korea Communications Commission, & Korea Internet & Security Agency. (2019). Information protection and personal information protection management system certification system guide.
  22. Ministry of Public Administration and Security & Korea Internet & Security Agency. (2017). Personal information protection level diagnosis manual. MOPAS & KISA.
  23. ISO. (2013). ISO/IEC 27001:2013(en): Information technology - Security techniques - Information security management systems - Requirements. https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en
  24. Ministry of Public Administration and Security & Korea Internet & Security Agency. (2018). Personal Information Impact Assessment Guide..MOPAS & KISA.
  25. Ministry of Public Administration and Security & Korea Internet & Security Agency. (2019). 2019 Personal information protection level diagnosis manual. in public agencies..MOPAS & KISA.
  26. S. H. Choi. DRESS is a software for AHP. http://blog.daum.net/_blog/BlogTypeView.do?blogid=0FE2P&articleno=11045124&_bloghome_menu=recenttext