Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.1.129

FAIR-Based Loss Measurement Caused by Personal Information Breach of a Company  

Kim, Jeong-Gyu (Korea University)
Lee, Kyung-Ho (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.1, 2017 , pp. 129-145 More about this Journal
Abstract
This study proposes a methodology to estimate the financial damages by personal information breach of a company and to analyse risk systematically through a case study of a company which experiences private information breach. Using FAIR(Factor Analysis of Information Risk) model, estimate the loss amount and to analyse risk objectively of a company by personal information breach. This study estimates adequacy and importance of corresponding factors applying AHP(Analytic Hierarchy Process) on each factors for assessing loss amount. By adopting proposed methodology in this study, the person in charge of actual work can assess and prove the loss amount though the latest risk estimation methodology. In addition, the person in charge can select the proper parameters for the corresponding company and can obtain the objective quantitative estimation. Hence it can be reported to the management by accurately assessing loss amount caused by personal information breach.
Keywords
FAIR; Personal Information; Personal Information Breach; AHP; Loss Measurement;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 Chang Hee, Han, "A Quantitative Assessment Model of Private Information Breach," The Jounal of Society for e-Business Studies, v. 16, no. 4, pp.17-31, Nov. 2011
2 Jin ho, Yoo, "Estimating Direct Costs of Enterprises by Personal Information Security Breaches," Journal of the Korea Institute of Information Security & Cryptology, v. 19, no. 4, pp. 63-75, Aug. 2009
3 Jang Ho, Yun, "FAIR-Based Loss Measurement Model for Enterprise Personal Information Breach," Advances in Computer Science and Ubiquitous Computing, Springer Singapore, pp. 825 -833, Feb. 2015
4 Hee Joo, Lee, "A study on establishing a technical safety assessment system for the Korean telemedicine system," Journal of the Korean Medical Association, v. 58, no. 12, pp. 1159-1170, Dec. 2015   DOI
5 Dong Wook, Kim, "A Study on Information Security Policy in the era of Smart Society," Journal of the Korea Institute of Information Security & Cryptology, v. 22, no. 4, pp. 883-899, Aug. 2012
6 Young Hee, Kim, "A study of Priority Rankings of Actions Providing Personal Information Security," Jouranl of Information and Security, v. 14, no. 4, pp. 9-17, Jun. 2014
7 Japan Network Security Association, "Survey Report on Information Security," 12. Aug. 2014
8 Gun Sang, Cha, "A Study on the Criteria to Estimate the Compensation from the Infringement of Personal Information," Soong Sil University, v. 22, Nov. 2011
9 Jeong Yeon, Kim, "Analyzing Effects on Firms' Market Value of Personal Information Security Breaches," The Jounal of Society for e-Business Studies, v. 18, no. 1, pp. 1-12, Feb. 2013
10 Copyright Statistics Korea, "Number of perso nal information infringements", "http://www.index.go.kr/potal/main/EachDtlPageDet ail.do?idx_cd=1366" 11. Aug. 2016
11 Korea Ministry of Government Legislation, "Personal Information Protection Act", "http://www.law.go.kr/lsSc.do?menuId=0&p1=&subMenu=1&nwYn=1§ion=&tabNo=&query=%EA%B0%9C%EC%9D%B8%EC%A0%95%EB%B3%B4%20%EB%B3%B 4%ED%98%B8%EB%B2%95#undefined"
12 Korea Internet Security Agency, "Defintion of Personal Information", "https://www.i-privacy.kr/jsp/user4/intro/define1.jsp"
13 Gordon, Lawrence A., and Martin P. Loeb., "Managing cybersecurity resources: a cost-benefit analysis," Vol. 1. New York: McGraw-Hill, 2006
14 Hae Won, Yoo, "Damages amount model caused by Information protection infringement accident," Spring Conference of Korean Institute of Industrial Engineers, pp.671-677, Jun. 2010
15 Il Yoo, Hong, "The Effect of Official Announcement about Information Security Breach on Corporate Stock Value in the Market," Entrue Journal of Information Technology, v. 14, no. 2, pp. 33-56, Aug. 2015
16 http://www.businessofsecurity.com/docs/FAIR%20-%20ISO_IEC_27005%20Cookbook.pdf
17 Ponemon Institute, "Ponemon Institute Cost of a Data Breach Study," "http://www-903.ibm.com/edm/B1508/0812_csj/2015%20Cost%20of%20Data%20Breach%20Study_Ponemon_Kor.pdf," May. 2015
18 Ponemon Institute, "Ponemon Institute Cost of Data Breach Study: Global Analysis," pp. 26, May. 2015
19 Ponemon Institute, "Fifth Annual US Cost of Data Breach," Jan. 2010
20 J. Freund; J. Jones, " Measuring and Managing Information Risk: A FAIR Approach," book, pp. 17-201, 2015
21 Ponemon Institute, "Ponemon Institute Cost of Cyber Crime Study: Global ," pp. 12, Oct. 2015
22 Yang Seo, Choi, "Hacker and Hacking Method Level Classification for Security Assessment," Journal of the Korea Institute of Information Security & Cryptology, v. 11, no. 5, pp. 63-74, May. 2001
23 Korean Online Privacy Association, "According to Personal Information Value and Breach, Analysis of Social Amount," 28. NOV. 2013
24 Saaty T. L., "The Analytic Hierarchy rocess," McGraw-Hill, New York, 1980.
25 Ponemon Institute, "Ponemon Institute Cost of Data Breach Study: Global Analysis," pp. 18, May. 2015