• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.781-797
• /
• 2013

Nowadays, it is increasing that corporates consign tasks related to the personal information processing to the consignees for efficiency and quality improvements and cost reductions. As the consignments are increased, there are increases on types and amounts of personal information. Therefore, the needs on the information managements and the security threats are increased. This report will analyze the laws that consignors and consignees should follow. Moreover, it identifies issues and analyzes the current levels on consignees in terms of the personal information protection so that the consignors can come up with the best and efficient way to monitor the consignees when they consign the personal information processing tasks.

• Review of KIISC
• /
• v.23 no.6
• /
• pp.54-66
• /
• 2013

컴퓨터와 네트워크 기술이 발전하면서 물리적으로 분산되어 있던 시설들이 논리적으로 통합 관리되고 있다. 이 시대에 맞춰 국방부 또한 "국방정보화" 라는 단어를 통해 국방체계를 IT 중심의 군 체계로 전환하고 있는 가운데 네트워크 전체를 마비시키는 사이버 위협은 날이 갈수록 늘어나는 상황이며 사이버 안보에 있어 외부로부터의 침입을 막고 내부로부터의 유출을 막기 위한 실시간 보안관리는 점점 더 중요해지고 있는 상황이다. 또한 군사기반시설에 대한 관리적 및 기술적 환경측면에서 발생할 수 있는 보안 사고에 대응하기 위하여 실시간 보안관리 체계는 수립단계부터 세부적인 평가가 반드시 수행되어야 한다. 이에 본 논문은 국외 관리체계 및 국내기업 우수사례 분석을 통해 보호체계 수립단계에서 세부적인 평가단계까지 실질적으로 보안에서 중요시하는 관리적, 기술적, 개인정보에 근거한 실시간 보안관리 체계를 통하여 군에 효과적으로 적용할 수 있는 국방망의 지속적인 실시간 보안관리 체계를 제안한다.

• Information and Communications Magazine
• /
• v.29 no.10
• /
• pp.55-65
• /
• 2012

u-헬스케어 서비스는 개인 의료 정보를 다루는 분야로서 단순한 건강 검진 및 치료의 수준을 넘어 생명과도 밀접한 관계가 있다. 개인 의료 정보 속성은 매우 민감하기 때문에 만약 개인 의료 정보가 불법적으로 노출되거나 악용될 경우 단순한 개인 프라이버시 침해뿐만 아니라 생명까지도 위협받을 수 있다. 이러한 이유로 안전한 개인 의료 정보 공유 및 인증방법이 가장 우선시 되어야 하며 보안성을 고려하여 u-헬스케어 시스템을 구축해야 한다. 또한 개인의 건강 정보에 대한 관리를 체계적으로 수행하여 의료 서비스기관에 의한 개인 의료 정보 남용을 방지하기 위해 보안 감사 시스템이 강화되어야 한다. 따라서 본고에서는 u-헬스케어 서비스와 관련된 다양한 보안 취약점 및 최신 정보보호 기술 동향에 관해 알아본다.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.2
• /
• pp.1-11
• /
• 2018

Recently ICT, new technologies such as IoT, Cloud, and Artificial Intelligence are changing the information society explosively. But personal information leakage incidents of consignee's company are increasing more and more because of the expansion of consignment business and the latest threats such as Ransomware and APT. Therefore, in order to strengthen the security of consignee's company, this study derived the checklists through the analysis of the status such as the feature of consignment and the security standard management system and precedent research. It also analyzed laws related to consignment. Finally we found out the relative importance of checklists after it was applied to proposed AHP(Analytic Hierarchy Process) Model. Relative importance was ranked as establishment of an internal administration plan, privacy cryptography, life cycle, access authority management and so on. The purpose of this study is to reduce the risk of leakage of customer information and improve the level of personal information protection management of the consignee by deriving the check items required in handling personal information of consignee and demonstrating the model. If the inspection activities are performed considering the relative importance of the checklist items, the effectiveness of the input time and cost will be enhanced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.705-717
• /
• 2020

Cities in the world are rushing to develop smart cities to create a sustainable and happy city by solving many problems in cities using information and communication technologies such as big data and IoT. However, in Korea's smart cities and smart city certification systems, the focus is on platform-oriented hardware infrastructure, and the information security aspect is first considered to build and authenticate. It is a situation in which a response system for the risk of leakage of big data containing personal information is needed through policy research on the aspect of personal information protection for smart city operation. This paper analyzes the types of personal information in smart cities, problems associated with the construction and operation of smart cities, and the limitations of the current smart city law and personal information protection management system. As a solution, I would like to present a model of a personal information protection management system in the smart city field and propose a plan to strengthen personal information protection through this. Since the management system model of this paper is applied and operated in the national smart city pilot cities, demonstration cities, and CCTV integrated control centers, it is expected that citizens' personal information can be safely managed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.578-579
• /
• 2021

According to a survey on the infringement of SMEs, the level of technology protection capability is improving every year, but technology leaks and damage continue to occur. This shows that there is a need for a security management and supervision system that can strengthen the security awareness of SME executives and employees and maintain the security level continuously. The Personal Information & Information Security Management System(ISMS-P) authentication systems is the latest related standard, which has the problem of applying the same certification criteria without considering the types of certification target organizations such as ISPs, IDC, hospitals and schools, and SMEs.. In this paper, 73 evaluation items that can be specialized and applied to SMEs were derived by referring to ISMS-P certification and Personal Information Protection Management System (PIMS) certification. The results of the study show that the number of evaluation items decreased by 28.4% compared to the existing ISMS-P certification.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.9-20
• /
• 2018

Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have not been treated importantly in financial industry. In addition, this study presented that ISMS can be an effective management system applicable for financial service industry.

• Review of KIISC
• /
• v.20 no.1
• /
• pp.74-87
• /
• 2010

우리나라에서 국민식별번호로 사용되고 있는 주민등록번호는 국민을 유일하게 식별할 수 있는 유일식별성과 그로 인한 국민정보 관리편리성으로 인해 오랜 기간 공공 및 민간부문에서 사용되어 왔다. 특히 정보시스템의 일반화되면서 행정기관이나 민간기업들이 서비스 제공에 필요한 국민 또는 고객의 정보를 관리하면서 식별정보로써 그리고 정보들을 연결하는 연결자로써 널리 사용해 왔다. 비록 지금까지 오랜 기간 주민등록번호가 공공 및 민간분야에서 개인식별번호로 널리 사용되어 왔지만, 최근 발생횟수가 증가되고 사회적, 경제적 피해가 심각해지고 있는 주민등록번호 도용과 그에 따른 프라이버시 침해 문제의 심각성을 고려할 때 새로운 체계의 국민식별번호 및 관련 인프라에 대해 연구가 필요한 시점이다. 따라서 본 고에서는 현재 우리나라의 온라인, 오프라인 환경에서 개인식별번호로서 널리 사용 중인 주민등록번호의 보안 및 프라이버시 관점에서의 문제점을 살펴보고 이를 보완할 수 있는 새로운 국민식별번호체계를 제안한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2017.05a
• /
• pp.503-504
• /
• 2017

현대 사회는 정보화에 따른 혜택과 더불어 부작용 현상으로 개인정보의 유출 사고로 사회적 불안감 및 관심을 증가시키고 있다. 우리나라 "개인정보보호법"은 공공, 민간 부문의 모든 개인정보 처리자에게 공통으로 적용되고 전자문서와 수기문서에도 적용된다. 그러나 업무특성에 따라 여러 곳에 다양한 형태로 산재되어 있는 개인정보 관리는 쉽지 않으며 정보 유출에 대한 우려 또한 크다고 볼 수 있다. 따라서 본 연구에서는 체계적인 개인정보 보호 관리를 통해 사전에 정보 유출을 방지할 수 있는 개인정보 유출방지 프레임워크를 제안하였다.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.164-174
• /
• 2014

The purpose of this study is to explore ways to resolve the conflicting issues that are currently applied in medical Act and medical privacy Act through the comparative Analysis of the Privacy Act and the Medical Information Protection Act foreign. the results run to establish the Public Health Act coming for the protection of health information is a characteristic of many countries, France in Europe, the United States and Canada had been running an independent medical information laws are enacted. Prescribes penalties of up to a fairly systematic method from the case records of patients would not have occurred in the management and implementation of the law and the protection of the author of the book focuses on the subject of medical records and physician records between patient confidentiality and privacy it can be seen that the method defined in. This indicates the need for the establishment of an independent medical information laws to protect all records relating to the patient systematically Korea also.