• Journal of Korean Society of societal Security
• /
• v.1 no.4
• /
• pp.33-40
• /
• 2008

Personal information security has been as risk ever since the development of information technology increased its internet use. As personal information security is compromised there will be a rise in personal privacy conflicts and this will become an important social issue. The following research is a presentation of the warning map for risk monitoring on personal information security. First, the personal information security process is identified then defined. Second, in order to achieve the personal information security's objective, a survey was taken and the data was collected. Third, factor in the Fishbone Diagram's analysis and figure out the key indicators that include metric and threshold. Last, develop the warning map which has the matrix table composed of the process and the risk. It displays the warning based on the threshold and the value of key indicators related to risks.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2007.05a
• /
• pp.190-197
• /
• 2007

외환위기 이후 우리나라 금융기관은 상대적으로 위험성이 높은 기업대출보다, 높은 수익성을 가지는 가계 대출에 관심을 기울이게 되었다. 가계대출이 증가함에 따라 개인신용평가의 중요성이 부각되고, 이에 많은 신용평가시스템이 개발되어 왔다. 하지만 기존의 신용평가시스템은 대출 신청 당시의 데이터 및 과거의 데이터를 가지고 개인의 신용을 평가하기 때문에, 미래 상황에 대한 예측은 고려하지 못한다. 시스템 다이나믹스는 시간의 흐름에 따른 각 요인의 변화를 살펴봄으로써 미래 상황에 대한 예측이 가능한 분석 방법이다. 이에 본 연구에서는 시스템 다이나믹스 방법론을 활용하여 개인 신용 상태에 대한 미래의 동태적인 변화를 예측하여, 그 결과를 반영한 신용평가모델을 개발하고자 한다. 이를 위하여, 먼저 신용평점 영향을 주는 변수들을 선정하고, 이 변수들 간의 인과관계를 밝혀낸 후, 인과관계를 토대로 분석 모델을 구축한 뒤, 컴퓨터 시뮬레이션을 실행함으로써, 대출 희망자의 미래의 신용상태 변화 모양을 예측해 본다. 이러한 시뮬레이션 결과를 신용평가에 반영하게 되면, 금융기관의 신용 대출의 위험을 줄이는 데 기여할 것으로 기대된다.

• Journal of the Korean Society for information Management
• /
• v.38 no.2
• /
• pp.113-127
• /
• 2021

The purpose of this study is to propose a personalized book recommendation system to promote the use of university libraries. In particular, unlike many recommended services that are based on existing users' preferences, this study proposes a method that derive evaluation metrics using individual users' book rental history and tendencies, which can be an effective alternative when users' preferences are not available. This study suggests models using two matrix decomposition methods: Singular Value Decomposition(SVD) and Stochastic Gradient Descent(SGD) that recommend books to users in a way that yields an expected preference score for books that have not yet been read by them. In addition, the model was implemented using a user-based collaborative filtering algorithm by referring to book rental history of other users that have high similarities with the target user. Finally, user evaluation was conducted for the three models using the derived evaluation metrics. Each of the three models recommended five books to users who can either accept or reject the recommendations as the way to evaluate the models.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.259-273
• /
• 2016

After realizing through the three large-scale data leakage incidents that intentional or accidental insider jobs are more serious than external intrusions, financial companies in Korea have been taking measures to prevent data leakage from occuring again. But, the IT system architecture reflecting the domestic financial environment is highly complicated and thereby difficult to grasp. It is obvious that despite administrative, physical, and technical controls, insider threats are likely to cause personal data leakage. In this paper, we present a process that based on metadata defines and manages personally identifiable attribute data, and that through inter-table integration identifies personal information broadly and controls access. This process is to decrease the likelihood of violating compliance outlined by the financial supervisory authority, and to reinforce internal controls. We derive and verify a decision-making model that reflects the proposed process.

• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.66-74
• /
• 2021

With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10a
• /
• pp.619-621
• /
• 2003

유비쿼터스 컴퓨팅은 그 발전배경에 있어서 이동성을 강조하고 있다. 개인의 휴대 단말은 점차 작고 잘 보이지 않게 되면서 주변의 컴퓨팅 자원을 활용하는 위탁컴퓨팅 모델이 부각되고 있다. 하지만 개인의 휴대 단말이 악의적인 네트워크 환경이나 위탁컴퓨터에 대해서는 무기력한 것이 사실이다. 이를 보완하기 위해서는 휴대 단말이 신뢰할 수 있는 신뢰 그룹에게 원하는 작업을 위탁할 수 있어야 하고 서버 그룹과 클라이언트 그룹 사이의 서로 다른 기능을 제공해야 한다. 논문은 유비쿼터스 컴퓨팅 환경에서 휴대 단말인 클라이언트들이 신뢰할 수 있는 신뢰 서버들을 효율적으로 관리할 수 있는 비대칭형 그룹 관리 시스템을 설계하고 제안한다.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.119-127
• /
• 2019

This paper proposes a new authentication model to solve the problem of personal information takeover and personal information theft by service providers using centralized servers for user authentication and management of personal information. The centralization issue is resolved by providing user authentication and information storage space through a decentralize platform, blockchain, and ensuring confidentiality of information through user-specific symmetric key encryption. The proposed model was implemented using the public-blockchain Ethereum and the web-based wallet extension MetaMask, and users access the Ethereum main network through the MetaMask on their browser and store their encrypted personal information in the Smart Contract. In the future, users will provide their personal information to the service provider through their Ethereum Account for the use of the new service, which will provide user authentication and personal information without subscription or a new authentication process. Service providers can reduce the costs of storing personal information and separate authentication methods, and prevent problems caused by personal information leakage.

• Informatization Policy
• /
• v.22 no.1
• /
• pp.47-72
• /
• 2015

According to the progress of national informatization throughout the world, infringement and threaten of privacy are happening in a variety of fields, so government is providing information security policy. In particular, South Korea has enhanced personal impact assessment based on the law of personal information protection law(2011). But it is not enough to effect the necessary cost calculation standards and changeable factors to effect PIA. That is, the budgets for PIA was calculated lower than the basic budget suggested by Ministry of Government Administration Home affairs(2011). Therefore, this study reviewed the cost calculation basis based on the literature review, cost basis of similar systems, and reports of PIA and obtained to the standard with Delphi analysis. As a result, the standards of PIA is consisted to the primary labors and is utilized to how the weights by division of target system, construction and operating costs of target system, type of target systems, etc. Thus, the results of this study tried to contribute to ensure the reliability of PIA as well as the transparency of the budget for privacy in public sector.

• Journal of Convergence for Information Technology
• /
• v.9 no.3
• /
• pp.140-145
• /
• 2019

With the development of IT technology, many changes are taking place in the health service environment over the past. However, even if medical technology is converged with IT technology, the problem of medical costs and management of health services are still one of the things that needs to be addressed. In this paper, we propose a model for hospitals that have established the IoT system to efficiently analyze and manage the personal information of users who receive medical services. The proposed model aims to efficiently check and manage users' medical information through an in-house IoT system. The proposed model can be used in a variety of heterogeneous cloud environments, and users' medical information can be managed efficiently and quickly without additional human and physical resources. In particular, because users' medical information collected in the proposed model is stored on servers through the IoT gateway, medical staff can analyze users' medical information accurately regardless of time and place. As a result of performance evaluation, the proposed model achieved 19.6% improvement in the efficiency of health care services for occupational health care staff over traditional medical system models that did not use the IoT system, and 22.1% improvement in post-health care for users who received medical services. In addition, the burden on medical staff was 17.6 percent lower on average than the existing medical system models.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.401-404
• /
• 2002

자기 위임 기법은 사용자의 공인된 하나의 키 쌍을 이용하여 특정 기간이나 목적을 위한 세션키를 생성하여 사용하는 기법이다. 이는 공인키의 사용을 줄임으로서 공인키의 안전성을 향상시킬 수 있을 뿐만 아니라 키의 노출로 인한 손실을 줄일 수 있다. 본 논문에서는 ID 기반 인증 모델에서의 자기 위임 기법을 소개한다. 이 기법을 통한 세션키의 생성 및 사용은 CRL 관리가 없는 ID 기반 인증 모델에서 개인키의 유효기간을 충분히 길게 할 수 있게 한다. 따라서 주기적으로 모든 사용자의 개인키를 갱신하여야 하는 시스템의 부하를 줄일 수 있을 것이다.