• Title/Summary/Keyword: 개인정보보호 지표

Search Result 44, Processing Time 0.04 seconds

Development of S-SLA based on the Analyses of Security Functions for Anti-virus System (안티바이러스 시스템 보안기능 분석을 통한 보안SLA 등급화 지표 개발)

  • Yi, Wan-Suck;Lee, Dong-Bum;Won, Dong-Ho;Kwak, Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.6
    • /
    • pp.237-249
    • /
    • 2010
  • If one analyzes recent cyber incidents including personal information infringement cases, it seems like actual attack is targeting Internet service providers but actually they are targeting Internet service users. For many users, all the services were not provided to them as they have signed for in the contract or personal informations, which users have provided to service providers when signing contracts, were disclosed to public without users' consent causing aftereffect. As a result, importance of S-SLA indexes, which is to be included in the SLA to be signed between a user and a service provider, is ever more increasing. Especially, if there is a S-SLA indexes for anti-virus services, service providers have to provide a high quality of service as they have signed in the SLA. However, there wasn't any researches in the S-SLA area domestically and there are only limited SLA indexes related to system or service maintenances at the moment. Therefore, this paper analyses security functions in anti-virus services and proposes S-SLA indexes for different security level.

Information Security Management in Healthcare Area (보건의료정보 보호관리 모델 개발)

  • Jeong, Hey-Jeong;Kim, Nam-Hyun
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2005.11a
    • /
    • pp.953-956
    • /
    • 2005
  • 보건의료정보는 개인의 가장 민감한 정보로 최상의 보호가 이뤄져야하는 한편, 국민 건강과 복지 향상을 위한 공익의 성격도 강하여 관리와 책임에 대한 명확한 지침이 반드시 필요하다. 본 연구에서는 보건의료 부문의 특성과 정보화 현황을 반영하고 선행연구의 한계점을 보완하여 국내 보건의료 환경에 적합한 정보보호관리 모델을 개발하였다. BS7799, HIPAA Security Rule, HL7 EHR SIG 기능명세 등을 참고하여 필요성, 정보보호 목적/전략 수립, 위험분석/평가, 정보보호관리 정책수립, 정보보호관리 프레임워크 설계, 관리적 보안, 물리적 보안, 기술적 보안, 정보보호관리 평가,운영관리의 총 10개 세부 프로세스와 111개의 이행지표로 구성된 본 모델은 보건의료정보 취급자에게 실행 지침을 제공하여 보건의료정보시스템의 안정성 향상과 국민 보건복지 수준 향상에 이바지할 수 있을 것으로 기대된다.

  • PDF

A Study on the Damage Cost Estimation Model for Personal Information Leakage in Korea (개인정보유출 피해 비용 산출 모델에 관한 연구)

  • Lim, Gyoo Gun;Liu, Mei Na;Lee, Jung Mi
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.1
    • /
    • pp.215-227
    • /
    • 2018
  • As Korea is rapidly becoming an IT powerhouse in the short term, various side effects such as cyber violence, personal information leakage and cyber terrorism are emerging as new social problems. Especially, the seriousness of leakage of personal information, which is the basis of safe cyber life, has been highlighted all over the world. In this regard, it is necessary to estimate the amount of the damage cost due to the leakage of personal information. In this study, we propose four evaluation methods to calculate the cost of damages due to personal information leakage according to average real transactions value, personally recognized value, compensation amount basis, and comparison to similar countries. We analyzed data from 2007 to 2016 to collect personal information leakage cases for 10 years and estimated the cost of damages. The number of cases used in the estimation is 65, and the total number of personal information leakage is about 430 million. The estimated cost of personal information leakage in 2016 was estimated to be at least KRW 7.4 billion, up to KRW 220 billion, and the 10 year average was estimated at from KRW 10.7 billion to KRW 307 billion per year. Also, we could find out the singularity that the estimated damage due to personal information leakage increases every three years. In the future, this study will be able to provide an index that can measure the damage cost caused by the leakage of personal information more accurately, and it can be used as an index of measures to reduce the damage cost due to personal information leakage.

Research on a Valuation Standard and the Actual Condition About Security Management in PACS (PACS에서 보안관리 평가기준 연구와 실태조사)

  • Jeong, Jae-Ho;Dong, Kyung-Rae;Kweon, Dae-Cheol;Son, Gi-Gyeong;Kim, Hyun-Soo;Kang, Hee-Doo
    • Journal of radiological science and technology
    • /
    • v.31 no.4
    • /
    • pp.347-353
    • /
    • 2008
  • This study is to prepare an evaluation standard about personal information protection and security management of a medical institution and to build up a grade standard of evaluation in PACS environment. We built up evaluation index based on 10 detailed items in four big categories (political security, technical security, data management security and physical security) by referring to ISO17799 (BS 7799), HIPPA (Health Insurance and Portability and Accountability Act of 1996) and domestic medical law. We have investigated at the thirty places where medical facility with the extracted security criteria and security evaluation index. Average score of physical security list, one of the big categories, was 18.5/20 (93%) at all medical institutions. Political security score was 18.5/30 (62%), data management security score was 12/20 (60%) and technical security score was 17.5/30 (58%). Therefore, security evaluation score was average 67 in 30 general hospitals, which was 4th level. The results showed that it is necessary to establish evaluation and management standard about personal information protection and security consciousness which are weak in PACS environment.

  • PDF

A Study on the Performance Model and Measurement Method of the SMEs Information Security Support Policy (중소기업 정보보호 지원 사업 성과모델 및 측정 방법에 관한 연구)

  • Bae, Young-Sik;Jang, Sang-Soo
    • The Journal of Society for e-Business Studies
    • /
    • v.26 no.4
    • /
    • pp.37-52
    • /
    • 2021
  • Due to the spread of COVID-19, it is rapidly changing from face-to-face to non-face-to-face work environments and is changing to a digital work environment that can be accessed anytime, anywhere, providing convenience to all lives. However, the number of breaches, personal information leakage, and technology leakage targeting SMEs that are vulnerable to security continues to increase. Accordingly, the government has been continuously promoting the information security consulting support project for SMEs every year since 2014. Therefore, this study intends to develop a performance model and measurement methodology for continuous and more systematic support and efficient management of information protection support projects in consideration of the importance of information security for SMEs. It is intended to be used as basic data when setting future operational directions and goals. The main method of this study is to derive performance models and indicators for SME information security support projects based on domestic literature, case studies, and survey results, utilize expert advice to verify the developed performance measurement indicators, and use pilot-test questionnaires. Conduct evaluation through surveys. Based on the verified indicators, we would like to present a performance model and measurement index for the information security support project for SMEs.

A study on frame transition of personal information leakage, 1984-2014: social network analysis approach (사회연결망 분석을 활용한 개인정보 유출 프레임 변화에 관한 연구: 1984년-2014년을 중심으로)

  • Jeong, Seo Hwa;Cho, Hyun Suk
    • Journal of Digital Convergence
    • /
    • v.12 no.5
    • /
    • pp.57-68
    • /
    • 2014
  • This article analyses frame transition of personal information leakage in Korea from 1984 to 2014. In order to investigate the transition, we have collected newspaper article's titles. This study adopts classification, text network analysis(by co-occurrence symmetric matrix), and clustering techniques as part of social network analysis. Moreover, we apply definition of centrality in network in order to reveal the main frame formed in each of four periods. As a result, accessibility of personal information is extended from public sector to private sector. The boundary of personal information leakage is expanded to overseas. Therefore it is urgent to institutionalize the protection of personal information from a global perspective.

The Framework of Research Network and Performance Evaluation on Personal Information Security: Social Network Analysis Perspective (개인정보보호 분야의 연구자 네트워크와 성과 평가 프레임워크: 소셜 네트워크 분석을 중심으로)

  • Kim, Minsu;Choi, Jaewon;Kim, Hyun Jin
    • Journal of Intelligence and Information Systems
    • /
    • v.20 no.1
    • /
    • pp.177-193
    • /
    • 2014
  • Over the past decade, there has been a rapid diffusion of electronic commerce and a rising number of interconnected networks, resulting in an escalation of security threats and privacy concerns. Electronic commerce has a built-in trade-off between the necessity of providing at least some personal information to consummate an online transaction, and the risk of negative consequences from providing such information. More recently, the frequent disclosure of private information has raised concerns about privacy and its impacts. This has motivated researchers in various fields to explore information privacy issues to address these concerns. Accordingly, the necessity for information privacy policies and technologies for collecting and storing data, and information privacy research in various fields such as medicine, computer science, business, and statistics has increased. The occurrence of various information security accidents have made finding experts in the information security field an important issue. Objective measures for finding such experts are required, as it is currently rather subjective. Based on social network analysis, this paper focused on a framework to evaluate the process of finding experts in the information security field. We collected data from the National Discovery for Science Leaders (NDSL) database, initially collecting about 2000 papers covering the period between 2005 and 2013. Outliers and the data of irrelevant papers were dropped, leaving 784 papers to test the suggested hypotheses. The co-authorship network data for co-author relationship, publisher, affiliation, and so on were analyzed using social network measures including centrality and structural hole. The results of our model estimation are as follows. With the exception of Hypothesis 3, which deals with the relationship between eigenvector centrality and performance, all of our hypotheses were supported. In line with our hypothesis, degree centrality (H1) was supported with its positive influence on the researchers' publishing performance (p<0.001). This finding indicates that as the degree of cooperation increased, the more the publishing performance of researchers increased. In addition, closeness centrality (H2) was also positively associated with researchers' publishing performance (p<0.001), suggesting that, as the efficiency of information acquisition increased, the more the researchers' publishing performance increased. This paper identified the difference in publishing performance among researchers. The analysis can be used to identify core experts and evaluate their performance in the information privacy research field. The co-authorship network for information privacy can aid in understanding the deep relationships among researchers. In addition, extracting characteristics of publishers and affiliations, this paper suggested an understanding of the social network measures and their potential for finding experts in the information privacy field. Social concerns about securing the objectivity of experts have increased, because experts in the information privacy field frequently participate in political consultation, and business education support and evaluation. In terms of practical implications, this research suggests an objective framework for experts in the information privacy field, and is useful for people who are in charge of managing research human resources. This study has some limitations, providing opportunities and suggestions for future research. Presenting the difference in information diffusion according to media and proximity presents difficulties for the generalization of the theory due to the small sample size. Therefore, further studies could consider an increased sample size and media diversity, the difference in information diffusion according to the media type, and information proximity could be explored in more detail. Moreover, previous network research has commonly observed a causal relationship between the independent and dependent variable (Kadushin, 2012). In this study, degree centrality as an independent variable might have causal relationship with performance as a dependent variable. However, in the case of network analysis research, network indices could be computed after the network relationship is created. An annual analysis could help mitigate this limitation.

Quantitative Analysis Method for Encrypted Video (암호화된 동영상 비식별화율의 정량적 분석 방법)

  • Deok-Han Kim;Young-Gab Kim
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2023.11a
    • /
    • pp.193-195
    • /
    • 2023
  • 최근 다양한 동영상 미디어 콘텐츠가 늘어나면서 민감한 개인정보 유출의 위험성 또한 높아졌다. 이에 따라 다양한 동영상 비식별화 기법이 연구되었고, 그중에서 동영상 암호화 기술은 별도로 원본 동영상을 보관하지 않아도 복호화를 통해 원본 동영상을 얻을 수 있다는 장점 때문에 계속해서 연구가 진행되고 있다. 많은 동영상 암호화 연구에서는 암호화된 동영상의 비식별성을 입증하기 위해 기존의 이미지 암호화 연구에서 사용되던 평가 지표를 사용한다. 그러나 이러한 지표들은 암호화된 동영상의 비식별성을 입증하기에는 적합하지 않다. 따라서 본 논문에서는 암호화된 동영상이 전체 구간에서 비식별화되었는지 확인하는 방법을 제안한다. 본 논문에서는 기존의 지표들을 가중 합산하여 동영상의 모든 프레임에 대해 측정하고 이를 그래프로 표현하여 분석한다. 이 방법을 통해 암호화된 동영상에서 비식별화가 정상적으로 적용되지 않은 부분을 쉽게 파악할 수 있다.

An Impact Assessment Index for the RFID Privacy (RFID 개인정보 영향평가지수 개발)

  • Han, Pil-Koo;Kang, Byung-Goo
    • Journal of Information Management
    • /
    • v.40 no.1
    • /
    • pp.69-86
    • /
    • 2009
  • The biggest paradigm of the latest telecommunications is ubiquitous computing. It is a technology basis to realize ubiquitous society that would affect social, economical and cultural industries with positive influence. However, there is a simultaneous concern that the approach to ubiquitous society may violate one's privacy. Therefore, the existence of legal and technological regulation would be the biggest obstacle in further RFID technology and industry dissemination. Also, in business side, they must invest with enormous expense and technology if technological method is only approached for the solution. As in the research, 8 RFID applications, application process and inspection items and 85 appraisal list of "An impact assessment for the privacy protection in RFID applications" developed by P. K. Han(2006), will be used as an indicator to measure RFID privacy impact assessment. In addition, it is to develop RFID privacy impact assessment index by applying objective data with survey of applied specialists. This would provide a data with feasibility and reliability to RFID related companies and able to utilize policy making on RFID private data. In addition, it is expected to contribute as an efficiency tool for individual data to build basis of ubiquitous society.

A Study on Face Masks Distribution System based on the Blockchain Decentralized Identity (블록체인 분산신원증명에 기반한 공적마스크 중복구매 확인 시스템에 대한 연구)

  • Noh, Siwan;Jang, Seolah;Rhee, Kyune-Hyune
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2020.05a
    • /
    • pp.214-217
    • /
    • 2020
  • 2020년 1월 국내에 신종 코로나 바이러스의 확산으로 인해 보건 마스크의 수요가 급증하고 이에 따라 마스크의 가격이 폭등하자 정부가 건강보험정보를 기반으로 보건용 마스크 판매에 관여하는 공적 마스크 5부제를 시행해 왔다. 하지만 건강보험 가입정보에 의존적인 신원 인증 시스템으로 인해 유학생 등 건강보험 미가입자의 경우 마스크의 구입이 어렵고 개인정보 접근 문제 등으로 판매채널의 확장이 어려운 문제가 있었다. 본 논문에서는 건강보험과 같은 특정 신원정보 시스템에 의존하지 않고 중앙기관이 발행하는 신뢰할 수 있는 모든 신원정보(여권, 외국인등록증 등)에 기반하여 사용자가 스스로 자신의 신원정보 속성을 블록체인을 통해 관리하는 방법을 제안한다. 또한 제안 방법에 대해 디지털신원 기법을 평가할 수 있는 지표를 기반으로 자체 평가를 수행한다.