• Informatization Policy
• /
• v.28 no.1
• /
• pp.64-76
• /
• 2021

The purposes of this study are to identify factors that affect personal information protection activities from the perspective of personal information managers and explore ways of promoting such activities. The main factors examined by threat and response assessments were selected based on the protection motivation theory, and the effects of each factor were analyzed using a multinomial logit model. The analysis results show that small-scale personal information managers need to be provided with both educational support to enhance their awareness and technical support, such as protection inspection tools, to help them carry out their own personal information protection activities. Personal information managers larger than a certain size also require tax support, including tax cuts, to support their budgets for and investments in personal information protection activities. In addition, they need professional education that emphasizes practice.

• The Journal of the Korea Contents Association
• /
• v.10 no.11
• /
• pp.262-274
• /
• 2010

In Welfare Center for the disabled, under the Government's information acceleration plan, the computer system has been developed starting from work standardization in 2001 but it has been emphasized only on the technical and customer convenience side leaving out preparation for the side effects of them. Therefore this article will seek the necessity of personal information protection, legal basis in the Welfare Center for the disabled. Additionally after analyzing current status for the personal security of Welfare Center for the disabled, establishing an alternative plan for personal security policy's way could be addressed. Increasing education for awareness stress of personal information security, and preparing institutional protection apparatus from applying life cycle of personal information would be an alternative plan for personal information protection for Welfare Center for the disabled. Also frequent monitoring of accessing personal information from the computerized system should be achieved. It is impossible to recover damage caused by leak of personal information although post actions are progressed. From this essay, awareness of personal information protection should be newly revised for both the Social Welfare Organization and the Disabled welfare center, and also technical, institutional strategy's action should be arranged.

• 한국IT서비스학회:학술대회논문집
• /
• 2009.05a
• /
• pp.218-223
• /
• 2009

지난 2008년 6월 13일 개정된 '정보통신망 이용촉진 및 정보보호 등에 관한 법률'은 우리나라 IT 업계의 활성화뿐만 아니라 개인의 정보를 보호하는 제도와 절차를 규정하는 매우 중요한 법이다. 이 법은 우리사회에서 정보프라이버시의 보호와 관련하여 매우 긍정적인 역할을 수행하고 있으나, 일부 규정에서는 여전히 그 영향과 효과를 종합적으로 분석하고 검토하여야 할 여지가 있다. 이 연구에서는 관련 법제도가 IT 관련 산업과 기업에 미치는 영향을 검토하고, 법 제정시 정보보호서비스 산업의 특성(예, 공공성, 가변성, 상대성, 다차원성, 불완벽성)을 보이고, 이를 반영하여야 함을 설명하였다. 또한, 정보관리자의 책임과 과실 처벌에 관한 법규의 실효성과 형평성을 분석하였다. 법의 논리 연구, 관련된 해외 법률과 사례의 분석을 통하여 세가지 정책 대안, i) 관련 법률의 개정과 새로운 정책제도 마련, ii) 선고형에서 작량감경/집행유예 등의 적극적 적용, iii) 개인정보 관련한 기술적 관리적 조치의 합리적이고 구체적인 기준 마련을 제시하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.107-115
• /
• 2012

The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

• Review of KIISC
• /
• v.15 no.6
• /
• pp.46-52
• /
• 2005

신원확인을 위하여 생체정보를 수집하거나, 이용하는 데 있어서 준수하여야 할 생체정보 보호대책에 관한 중요사항을 정함으로써 생체정보의 안전한 이용 환경을 조성하고, 개인의 권리와 이익을 보호하는 것을 목적으로 한다. 본고에서는 유무선 통신환경에서 생체정보가 수집${\cdot}$저장${\cdot}$전송${\cdot}$폐기 전 과정에서 발생 가능한 취약점과 위협을 정의하고, 이에 대한 기술적${\cdot}$관리적 보호대책에 대한 가이드라인을 제시하고자 한다. 한편, ITU-T, ISO 등 국제 표준 및 국내 TTA 단체 규격 등과 호환 가능하도록 보안대책을 제시함으로서 국가 간의 생체정보에 대한 보호조치 방안에 관하여 상호 연동성을 보장한다. 본고는 유비쿼터스 환경에서 생체인식 국가인프라가 구축되는 시점에서 발생할 수 있는 생체정보에 대한 불신감과 인권침해 등의 사회적인 논란을 최소화하고 개인의 생체정보 보호기술의 발전과 관련 응용서비스 활성화에 기여할 것이다. 또한 전자여권${\cdot}$ 선원신분증${\cdot}$ 국제운전면허증${\cdot}$ 전자주민증 등 공항${\cdot}$항만${\cdot}$육로의 출입국관리에 생체정보의 활용이 전 세계적으로 보급 확산되는 시점에서 생체정보 활용 및 생체인식시스템에 대한 신뢰성을 제공함으로서 국내 생체인식산업의 활성화에 기여할 수 있다고 기대한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.135-144
• /
• 2009

This paper discusses an issue of serious security risks at web log which contains private information, and suggests solutions to protect them. These days privacy is core information to produce value-added in information society. Its scope and type is expanded and is more important along with the growth of information society. Web log is a privacy information file enacted as law in South Korea. Web log is not protected properly in spite of that has private information It just is treated as residual product of web services. Many malicious people could gain private information in web log. This problem is occurred by no classified data and improper development of web application. This paper suggests the technical solutions which control data in development phase and minimizes that the private information stored in web log, and applies in operation environment. It is very efficient method to protect private information and to observe the law.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.99-106
• /
• 2012

Numerous private corporations and public institutions are collecting personal information through the diverse methods for the purpose of sales, promotion and civil services, and using personal information for the profits of the organizations and services. However, due to immaturity of the technical, managerial measures and internal control for the collected personal information, the misuse, abuse and the leaks of personal information are emerged as major social issues, and the government also is promoting implementation of the act on the privacy protection by recognizing the importance of the personal information protection. This research describes on the measures to detect the anomaly by analyzing personal information treatment patterns managed by the organizations, and on the measures to coup with the leaks, misuse, and abuse of personal information. Particularly, this research is intended to suggest privacy leakage monitoring system design, which can be managed by making the elements related to personal information leaks to numeric core risk indexes to be measured objectively.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.168-169
• /
• 2023

머신 러닝의 학습을 위한 데이터는 개인정보가 포함된 데이터인 경우가 존재한다. 특히 음성인식 모델을 학습시키기 위해서 사용자의 음성 데이터가 필요하며, 이는 개인의 민감한 정보가 포함될 수 있다. 인공지능 학습을 위해 수집한 음성 데이터에 대한 정보보호 침해 공격이 발생할 수 있고, 해당 데이터에 대한 보호 조치가 필요하다. 본 연구는 음성 데이터를 안전하게 관리하기 위해 분할학습을 이용한 음성 데이터 학습 모델을 제안한다.

• The Journal of the Convergence on Culture Technology
• /
• v.5 no.1
• /
• pp.219-225
• /
• 2019

Today, in the era of the 4th Industrial Revolution, the cloud computing sector has advantages for cost reduction and efficiency of work, but problems related to privacy may arise. Therefore, the law on the development of cloud computing and user protection should be improved to enable providers of cloud computing services to proactively identify whether or not they contain their personal information, or to take steps to protect their privacy. And this same law is desirable to improve the implementation of a national mandatory certification system for privacy protection systems for cloud computing businesses. This same law is also desirable that cloud computing service providers create direct accountability for privacy breaches and appropriate scope for those responsibilities.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.10-17
• /
• 2018

Most of the privacy officers of organizations are hard to think of the corrective action about deficiencies of the PIMS(Personal Information Management Systems) certification. Because, it is difficult to define the priority of the complementary measures due to the unique characteristics and procedures of personal information protection for each organization. The purpose of this study is to evaluate the priority of the complementary measures using the Analytic Hierarchy Process(AHP). According to the results, it is important to comply with the legal requirements in the first tier. The second tier, PIMS experts answered that dedicated organization, password management, and agreement of the subject are important. Above all, agreement of the subject was found the highest priority for complementary measures about PIMS's deficiencies.