Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.3.637

A study on the development of SRI(Security Risk Indicator)-based monitoring system to prevent the leakage of personally identifiable information  

Park, Sung-Ju (Korea University, Graduate School of Information Management and Security)
Lim, Jong-In (Korea University, Graduate School of Information Management and Security)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.3, 2012 , pp. 637-644 More about this Journal
Abstract
In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.
Keywords
monitoring system; Security Risk Indicators; SRI;
Citations & Related Records
연도 인용수 순위
  • Reference
1 진승헌, "u-IT 환경에서의 개인화서비스를 위한 개인정보 보호방안 연구," 전자통신동향 분석, 25(2), pp. 3, 2010년 4월.
2 김성언, "개인정보 침해에 관한 조사 연구," 한국형사정책연구원, pp. 36, 2001년.
3 정연수, "민간분야 개인정보관리 현황조사 연구," 한국전산원, pp. 70, 2004년 8월.
4 노민선, "기업연구소 산업기밀 관리실태 및 개선방안," 한국산업기술진흥협회, pp. 23, 2006년 8월.
5 정연수, "개인정보 영향평가 최근 동향 및 활성화 방안," 한국정보보호진흥원, pp. 42-43, 2006년 12월.
6 이명수, "2009 정보시스템 해킹, 바이러스 현황 및 대응," 한국인터넷진흥원, pp. 37, 2009년 12 월.
7 한승원, "개인정보 저장 형태에 따른 유출 탐지 방안," 정보과학회지, pp. 43, 2009년 12월.
8 금융위원회, "금융회사 정보기술(IT)부문 보호업무 모범규준," pp. 10-18, 2011년 10월.
9 이상진, "개인정보 유출 공격 탐지 방안에 관한 연구," 한국인터넷진흥원, pp. 201-202, 2009년 06월.
10 이형효, "개인정보보호를 위한 DB 보안감사로그 표준화 연구," 한국정보보호진흥원, pp. 5, 2008년 10월.
11 Jonathan Davies, "Key Risk Indicators - Their Role in Operational Risk Management and Measurement," RiskBusiness International Limited, pp. 2-4, June. 2006.