• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.2
• /
• pp.492-497
• /
• 2019

This study analysed the legal concept of personal information(PI), which was not differentiated from behavioral information, and established it clearly for invigorating online targeted advertising(OTA), which draw attention in big data era; by selecting Guidelines of Assessment of Data Breach Incident Factors and Guidelines of Measures for No-Identifying Personal Information based on Personal Information Protection Act(PIPA) and Enforcement Decree of the PIPA. As a result, PI was defined as any kind of information relating to (1)a living individual(not group, corporate body or things etc.); (2)makes possibly identify the individual by his or her identifiers such as name, resident registration number, image, etc. (not included if not identify the individual); and (3)including information like attribute values which makes possibly identify any specific individual, if not by itself, but combined with other information which can be actually collected and combined). Specifically, PI includes basic, proper distinguishable, sensitive and other PI. It is suggested that PI concept should be researched continually with digital technology development; the effectiveness of the Guidelines of PI Protection in OTA, the legal principles of PI protection from not only users' but business operators' perspectives and the differentiation between PI and behavioral information in OTA should be researched.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.97-107
• /
• 2013

The recent increase in smartphone usage has ignited the development of new applications which have changed the way of living in this internet era in the world. Almost all users which have smartphone have used many kinds of applications for lots of part. Especially, Social Network Service is the most popular part for smartphone users. The greater part of smartphone users take messenger service for smartphone. This kinds of applications provide to manage as deactivation of user or change of device. When users take to manage their information, their information would be deleted securely. If secure deletion didn't work correctly and released, their personal information can be easily abused to by others through various means such as internet phishing. In this paper, we analysis that the messenger application's management function keeps on the Personal Information Protection Act and suggest to prevent legally and technically for user's personal information and privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.595-596
• /
• 2009

정보화의 발전에 비례하여 정보보호의 중요성도 높아지고 있다. 최근까지 정보보호에 대한 관심과 주요 연구의 흐름은 기술적인 보호조치(예: 암호화, 접근제어, 방화벽 등)와 관리적 관점의 행동연구였다. 최근에 들어서야 국내외적으로 정보보호 투자효과에 대한 연구가 활성화되기 시작했다. 정보보호 투자효과에 대한 계량적 산정이 필요한 이유는 정보보호의 중요성을 정확하게 인식할 수 있어 적정규모의 예산을 책정하고 효율적으로 예산을 투입할 수 있는 기초를 마련할 수 있기 때문이다. 정보보호 투자효과를 측정하기 위한 선행연구로 보안사고의 피해규모를 산정하는 연구가 필수적이다. 보안사고의 피해규모는 가시적 손실(피해복구, 생산성 저하, 손해배상 등)과, 비가시적 손실(고객 충성도 저하, 회사의 브랜드 이미지 하락 등) 규모의 합으로 구성된다. 그 동안 가시적 손실규모 측정에 관한 연구는 상대적으로 많았으나, 비가시적 손실규모 측정에 관한 연구는 상대적으로 미흡하였던 것이 사실이다. 이는 현실적으로 비가시적 손실규모를 측정할 수 있는 접근방법을 고안해내는 것이 어려웠기 때문이다. 이로 인해 막연히 비가시적 손실규모가 가시적 손실규모에 비해 대단히 클 것이라고 짐작해 올 수 밖에 없었다. 본 논문에서는 보안사고의 비가시적 손실규모를 측정하기 위해 대규모 개인정보 보안 사고가 발생한 기업의 매출액 증가율을 경쟁기업과 분석하는 연구방법을 제안한다. 매출액은 영업이익 및 순이익과는 달리 회사 내부적인 회계방침에 의해 규모의 조절이 불가능한 재무요소이면서 회사가 고객 충성도 저하와 회사의 브랜드 이미지 하락으로 인해 받게 되는 영향을 가장 정확하게 반영하는 재무요소이기도 하다. 연구방법에 따라 2008년 대규모 개인정보 보안사고가 발생한 국내기업을 선정하고 그 경쟁사와 매출액 변화추이를 비교 분석하였다. 분석결과 보안사고가 발생한 기업의 평균 매출액 증가율이 경쟁사 평균 매출액 증가율 보다 0.0225% 높다는 사실을 발견했다. 이 결과는 국내의 보안 사고가 기업 가치에 미치는 비가시적 영향이 거의 없거나 또는 발생하더라도 그 영향력이 미미하여 가격정책 및 광고 홍보를 통해 충분히 극복할 수 있다는 점을 대변한다. 본 논문의 결과는 역설적으로 국내 보안사고의 피해규모를 측정하는데 있어 가시적 손실규모의 정확한 측정이 무엇보다 중요함을 의미한다.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.6
• /
• pp.103-110
• /
• 2016

The recent frequent cases of damage due to leakage of medical data and the privacy of medical patients is increasing day by day. The government says the Privacy Rule regulations established for these victims, such as prevention. Medical data guidelines can be seen 'national medical privacy guidelines' is only released. When replacing the image data between the institutions it has been included in the image file (JPG, JPEG, TIFF) there is exchange of data in common formats such as being made when the file is leaked to an external file there is a risk that the exposure key identification information of the patient. This medial image file has no protection such as encryption, This this paper, introduces a masking technique using a mosaic technique encrypting the image file contains the application to optical character recognition techniques. We propose pseudonymization technique of personal information in the image data.

• The Journal of the Korea Contents Association
• /
• v.11 no.2
• /
• pp.61-68
• /
• 2011

Due to the rapid development of the Internet, many companies in a variety of applications to users open an unspecified number of the current business environment, security of personal information about recent issues are often mentioned in terms of its importance may be the company's top priority. The government recently on personal information strengthening measures on information communications network law enacted into law which is applicable to various industries. Companies to protect the personal information of various measures to comply with these regulations, and arrange your personal information for internal management to enhance security fast security solution has been introduced. The number of used data is stored in the DBMS in terms of compliance with these regulations at the same time effectively to ensure data security and encryption measures, access control, audit, each separated by an implementation of the solution and how it compares with the best Database security plan allows you to explore as a this paper's security checklist.

• Journal of the Korean Society for information Management
• /
• v.37 no.4
• /
• pp.81-107
• /
• 2020

At a time when Korea and the rest of the world recently faced the unprecedented situation of "COVID-19," the view of actively "disclosure" of information to prevent the spread of infectious diseases is at odds with the view of "protecting" personal information as these social measures are coupled with the infringement of individuals' basic rights. In order to see the nation's response to the infectious disease crisis, we examined the current status and characteristics of public records according to crisis alert levels based on the manual for responding to infectious disease. Especially we analyzed the types and disclosure status of records containing personal information. For detecting personal information-related issues on news media, we collected online news articles and performed text anlaysis. Through this, we reviewed the problems of record management including personal information and suggested improvement points from the perspective of the life cycle of records: collect, manage, and dispose of them.

• Journal of Platform Technology
• /
• v.9 no.4
• /
• pp.32-41
• /
• 2021

The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.4
• /
• pp.28-34
• /
• 2010

In this paper, we proposes a emergency medical information system for predicting emergency situation by using the body's vital signs. Main research of existing emergency system has focused on body sensor networks. The problem of these studies have a delay of the emergency first aid since occurring of an emergency situation send a message of emergency situation to user. In the serious situation, patients of these problem can lead to death. To solve this problem, it need to the prediction of emergency situation for doing quickly the First Aid with identify signs of a pre-emergency situations until an emergency occurs. In this paper, the sensor network technology, the security technology, the internet information retrieval techniques, data mining technology, and medical information are studied for the convergence of medical information systems of the prediction of emergency situations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1057-1071
• /
• 2016

Privacy-right infringement using unmanned aerial vehicle (UAV) usually occurs due to the unregistered small UAV with the image data processing equipment. In this paper we propose that privacy protection acts, Personal Information Protection Act, Information and Communications Network Act, are complemented to consider the mobility of image data processing equipment installed on UAV. Furthermore, we suggest the regulations for classification of small UAVs causing the biggest concern of privacy-right infringement are included in aviation legislations. In addition, technological countermeasures such as recognition of UAV photographing and masking of identifying information photographed by UAV are proposed.