Browse > Article
http://dx.doi.org/10.13089/JKIISC.2016.26.1.259

A Decision-Making Model for Handling Personal Information Using Metadata  

Kim, Yang-Ho (Graduate School of Information Security, Korea University)
Cho, In-Hyun (Graduate School of Information Security, Korea University)
Lee, Kyung-Ho (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.26, no.1, 2016 , pp. 259-273 More about this Journal
Abstract
After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.
Keywords
Personally Identifiable Information; Compliance; Information Security; Risk Management; Metadata;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 Byeong-soo Lee, Ji-sang Hwang, Dong-uk Hwang, Bong-cheol Choe, Yong-jin Hong, "IT compliance in accordance with the financial plan complies with privacy and personal information protection law enforcement Utilization Research," Journal of The Korea Institute of Information Security & Cryptology, 23(1), pp.35-43, 2013.
2 Il-han Yoon, "A Study on the Effect of Information Security Compliance and Crisis Management on Information Security Trust," Information Systems Review, 17(1), pp.141-169, Apr. 2015.
3 Yeong-jin Choi, Jeong-hwan Kim, "A Study on Data Security Control Model of the Test System in Financial Institutions," Journal of The Korea Institute of Information Security & Cryptology, 24(6), pp. 1293-1308 , Dec. 2014.   DOI
4 Seong-Cheol Cho, Cho-Yee Nam, "A Study on Application Structure for IT Operational Risk in Financial Institute," Journal of The Korea Institute of Information Security & Cryptology, 23(6), pp. 705-719, Dec. 2013.
5 Missier, Paolo, Pinar Alper, Oscar Corcho, Ian Dunlop, and Carole Goble, "Requirements and Services for Metadata Management," IEEE Internet Computing Vol. 11, no. 5, pp. 17-25, 2007   DOI
6 O'Neill, Kevin, Ray Cramer, Marta Gutierrez, K. Kleese van Dam, Siva Kondapalli, Susan Latham, Bryan Lawrence, Roy Lowry, and Andrew Woolf, "The Metadata Model of the NERC Data Grid," In Proceedings of the UK e-Science All Hands Meeting, Cox, SJ (Ed.) ISBN, pp. 1-904425, 2003.
7 Fu-cheng Xie, Bei-zhan Wang, Li-yan Chen, Liang Shi, Qing-shan Jiang, "Research & Application of Metadata Management System Based on Data Warehouse for Banks," Proceedings of 2008 3rd International Conference on Intelligent System and Knowledge Engineering, Vol. 1, no. 45, pp. 384-388, 2008.
8 News1, "4 years 100 003 000 million personal data breaches," http://news1.kr/articles/?2419338, Sep.12. 2015.
9 Wikipedia, "Personal definition," https://ko.wikipedia.org/wiki/%EA%B0%9C%EC%9D%B8%EC%A0%95%EB%B3%B4
10 The total estimated damage due to leakage of the credit card company is 100 billion won, http://view.asiae.co.kr/news/view.htm?idxno=201401271103 4390924
11 Sang-Hyuk Cho, "Design and Implementation of a Metadata System for Financial Information Data Modeling," The Korea Society of Computer and Information, 17(1), pp. 81-85, Jan. 2012.
12 Doosan Encyclopedia, "metadata," http://terms.naver.com/entry.nhn?docId=1224192&cid=40942&categoryId =32840
13 Understanding of data modeling, http://www.dbguide.net/db.db?cmd=view&boardUid=12733&boardConfigUid =9&boardIdx=31&boardStep=1
14 Young Man Ko, Tae-Sul Seo, "A Study on Metadata Mapping for Semantic Interoperability," Journal of the Korean Society for Information Management, 24(4), pp. 223-238, 2007.   DOI
15 Mapping ISO 27001 Controls to PCI-DSS V1.2 Requirements, ISO 27001 Implementer's Forum, 2009
16 Basel II : Revised international capital framework http://www.bis.org/ publ/bcbsca.htm
17 The First and Oldest Internet Resource Fully Dedicated to The SAS70 Auditing Standard, http://sas70.com
18 Knowledge Encyclopedia Glossary, "personally identifiable information," http://terms. naver.com/entry.nhn?docId=1914415&cid=50300&categoryId=50300
19 So-yi Kim, "Electronic Financial Accidents types and Responsibility Activity," KFTC, payment and information technology, pp.34-62. 2009.
20 Su-Mi Lee, Jaemo Seung, "Electronic Financial Accidents types and Security Threat Classification," Journal of The Korea Institute of Information Security & Cryptology, 21(7), pp. 53-61, Nov. 2011.
21 Sangjin Lee, "A Study on financial transactions, security enhanced means using the Internet," Journal of The Korea Institute of Information Security & Cryptology, 15(4), pp. 38-42, Aug. 2005.
22 Seong-In Jo, Tae-hyeong Park, Jong-in Im, "Research about the Financial Institution's Preparations for Electronic Financial Accidents under New e-Financial Transaction Act," Korea Information Assurance Society, 8(4), pp. 9-19, Dec. 2008.
23 Wan-jib Kim, "Integrated management and compliance across heterogeneous IT Compliance Logs," Journal of The Korea Institute of Information Security & Cryptology, 20(5), pp. 65-73, Oct. 2010.
24 Tae-Hee Kim, Young-Tae kim, jae-Mo Sung, "A Study on Financial IT Security Compliance Framework," Korea Information Processing Society, 18(1), pp. 893-896, May. 2011.