Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.885

Protection Plan of Trustee Personal Credit Information for Credit Card Company Using Cloud Computing  

Kim, Shi-in (Graduate School of Information Security, Korea University)
Kim, In-suk (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 885-895 More about this Journal
Abstract
As seen in recent cases of hacking in financial services, attackers are attempting to hacking trustee with poor security management, rather than directly hacking a financial company. As a result, the consignor is strengthening the security check and control of the trustee, but small trustee has difficulties to invest in information security with the lack of computer facilities and the excessive cost of security equipment. In this paper I investigate the vulnerability of personal information processing life cycle standards in order to enhance the security of small consignee that receive personal information form the credit card company. To solve the vulnerability the company should use litigation management system constructed on cloud computing service and install VPN to secure confidentiality and intergrity in data transfer section. Also, to enhance the security of users, it is suggested to protect personal credit information by installing PC firewall and output security on user PC.
Keywords
Trustee security; Consignor security; Cloud;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 Ignacio Sanchez, Apostolos Malatras, Iwen Coisel, "A security analysis of email communications," JRC TECHNICAL REPORT, pp. 33-38, Dec. 2015
2 Hang Hu and Gang Wang, "Revisiting Email Spoofing Attacks," arXiv: 1801.00853v1 [cs.CR] 2, pp. 2, Jan. 2018
3 Korea Internet Security Agency, "In-depth analysis of new vulnerability of convergence industry," pp. 26-27, Dec. 2017
4 Tripti Sharma and Rahul Yadav, "Security in Virtual private network Computer," International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347-8616, Vol. 4, special issue, pp. 669-675, Mar. 2015
5 Ritika kajal and Deepshikha Saini and Kusum Grewal, "Virtual Private Network," International Journal of Advanced Research in Computer Science and Software Engineering Vol. 2, no. 10, pp. 428-432, Oct. 2012
6 Baljot Kaur Chawla and O.P. Gupta, B. K. Sawhney, "A Review on IPsec and SSL VPN," International Journal of Scientific & Engineering Research, Vol. 5, no. 11, pp. 21-24, Nov. 2014
7 Jemal Mohammed Tahir, "Testing Virtual Private Network (VPN) Interoperability," Metropolia university of applied sciences, pp. 35, May. 2015
8 S. Kent, "IP Authentication Header," https://tools.ietf.org/html/rfc4302, Dec. 2005
9 S. Kent, "IP Encapsulating Security Payload (ESP)," https://tools.ietf.org/html/rfc4303, Dec. 2005
10 Munhui Kang and Taemung Jung, "VPN technology overview," Conference Proceedings of the Korea Institute of Information Security and Cryptology, 9(4), pp. 6, 1999
11 Korea Internet Security Agency, "Client Service Security," pp. 18, 2017
12 Microsofte Azure, "Azure Security documentation," https://docs.microsoft.com/ko-kr/azure/security/, May. 2019
13 Seung Ik Baek and Ji Yeon Shin and Jong Woo Kim, "Exploring the Korean Government Policies for Cloud Computing Service," The Journal of Society for e-Business Studies, 18(3), pp. 2, Aug. 2013
14 Hye-Ji Do, "A Study on Cloud Computing for Financial Sector limited to Processing System of Non-Critical Information: Policy Suggestion based on US and UK's approach," The Journal of Society for e-Business Studies, 22(4), pp. 40, Nov. 2017
15 Bosung Lee and Beomsoo Kim, "Protection of Personal Information on Cloud Service Models," Journal of The Korea Institute of Information Security & Cryptology 25(5), pp. 1245-1255, Oct. 2015   DOI
16 O-shik Kwon, "A study on consignee/consigned party management system enhancement for information technology outsourcing," Conference on Information and Communication Equipment, pp. 1-3, Sep. 2016
17 Taehyun Son and Jungsun Park, "A Study on Improving Information Security Implementation of IT Brokerage Company," Korea Safety Management Science Conference Fall Conference, pp. 357-365, Sep. 2014
18 Youngdai-dai Ko and Sang-jin Lee, "A Proposal of Enhanced Personal Information Security management Framework of Consigning of Personal Information," Journal of The Korea Institute of Information Security & Cryptology, 25(2), pp. 383-393, Apr. 2015   DOI
19 Jun Hyun Park and Jae Sung Park, "Enterprise Hybrid Cloud Technology and Security Trends," Journal of The Korea Institute of Information Security & Cryptology, 26(1), pp. 81-91, Feb. 2016   DOI
20 "Report on site inspection results of consignors in the first half of 2018," Jun. 2018.
21 AWS, "Identity and Access Management for AWS Security Hub," https://docs.aws.amazon.com/securityhub/latest/userguide/security-iam.html, May. 2019
22 "60% of companies hacked through business partners...Launched BitSite service to confirm security to partner companies," TECH M, Jun. 2019