Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.6.1267

A Study on PIMS Controls for PII Outsourcing Management under the Cloud Service Environment  

Park, Dae-Ha (The Cyber University of Korea)
Han, Keun-Hee (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.6, 2013 , pp. 1267-1276 More about this Journal
Abstract
Cloud consumers who use cloud computing services are obliged to review and monitor the legal compliance of cloud providers who are consigned the processes of the PII (personally identifiable information) from them. This paper presented possible scenarios for cloud PII outsourcing and suggested PIMS (personal information management system) controls for outsourcing management between cloud consumers and cloud providers by analyzing both international standards and domestic certification schemes related to cloud computing and/or privacy management based on the legal obligations for PII outsourcing from Korean "Personal Information Protection Act (PIPA)". The controls suggested can be applicable for developing the guidance of complying with privacy laws in organizations or the checklist of PII outsourcing management in PIMS certification.
Keywords
Cloud Service; Privacy; PII Protection; ISMS; PIMS; PIPL; Outsourcing Control;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Gartner, "Cloud computing ranks as the top concern of CIO's agendas for 2011," pp.4-9, Jan. 2011.
2 ISO/IEC 5th WD 27017, "Code of practice for information security controls for cloud computing services based on ISO/IEC 27002," Jun. 2013.
3 Christopher Barnatt, "A brief guide to cloud computing," Constable & Robinson, pp. 22-28, Apr. 2010.
4 Sang-Dong Lee, "The strategic steps of cloud services in Korea," Journal of KIISE, 28(12), pp. 34-38, Dec. 2010.
5 Nakao Koji, "The art of information security technology for introducing cloud," Network Security Forum 2011, Tokyo, Jan. 2011.
6 Suk Gwon Chang, "Development strategies and policy challenges for cloud service," Telecommunications Policy Review, 24(9), pp.1-22, May 2012.
7 Dae-Ha Park, "Trends of information security and privacy international standardization," Review of KIISC, 23(4), pp.47-52, Aug. 2013.
8 NIA, "Comparison of Personal Information Protection Act (PIPA), its enforcement ordinance, regulations and guideline," Nov. 2012.
9 MOSPA, "Standard privacy protection guideline," Nov. 2011.
10 MOSPA, "Criteria and manual for assuring security of personal information," Nov. 2011.
11 ISO/IEC 29100, "Privacy framework," Dec. 2011.
12 Park, Young Gyu, "An analysis of legal issues in cloud computing," Journal of Bubjo, 61(8), pp.185-222, Aug. 2012.
13 ISO/IEC 1st CD 27018, "Code of practice for data protection controls for public cloud computing services," Jun. 2013.
14 ISO/IEC 1st WD 29151, "Code of practice for PII protection," Jun. 2013.
15 KISA, "Introduction to Personal Information Management System (PIMS) certification," Dec. 2010.
16 Dae-Ha Park, Tae-Suk Baik, "Research trends and challenges for privacy protection in cloud computing," Review of KIISC, 21(5), pp.47-54, Aug. 2011.
17 Korea Communications Commission, "Notification of PIMS certification," Sep. 2013.
18 NIA, "Textbook for training PIPL auditors," Oct. 2013.
19 MOSPA, "Regulations for operating PIPL," Oct. 2013.
20 NIST SP 500-292, "NIST cloud computing reference architecture," Sep. 2011.